Trojan-Spy.win32@mx |
||
---|---|---|
#0
| ||
22.05.2008, 00:26
Member
Beiträge: 29 |
||
|
||
22.05.2008, 01:24
Ehrenmitglied
Beiträge: 29434 |
#2
naruto
1. wende cleaner an + lösche die temp-Dateien http://www.ccleaner.de/?protecus.de 2. mit dem HijackThis löschen ("fixen") Klicke: "Do a system scan only" Setze ein Häckchen in das Kästchen vor die genannten Einträge und wähle fix checked. + starte den Rechner neu. Zitat R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.comPC neustarten 3. http://virus-protect.org/artikel/tools/otmoveIt.html öffne: OTMoveIt.exe OTMoveIt Kopiere rein: im linken Fenster ,wo steht: Paste List of Files/Folders to Move Zitat C:\WINDOWS\system32\566828Klicke auf den Roten MoveIt! ---------------------------------------------------------- 4. wende smitfraudfix an (option 2) + poste den report http://virus-protect.org/artikel/tools/combofix.html 5. wende combofix an +klicke die Warnmeldung weg + poste den report http://virus-protect.org/artikel/tools/combofix.html __________ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
22.05.2008, 15:40
Member
Themenstarter Beiträge: 29 |
#3
SmitFraudFix v2.320
Scan done at 15:14:10,98, 22.05.2008 Run from C:\Dokumente und Einstellungen\Kakashi Hatake\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\DOKUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted C:\DOKUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted C:\DOKUME~1\KAKASH~1\FAVORI~1\Online Security Test.url Deleted C:\Programme\VirusHeat 4.4\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: VIA Rhine II Fast Ethernet Adapter - Paketplaner-Miniport DNS Server Search Order: 192.168.178.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{9D13D916-53BF-4E9E-82A9-8D43F16D7874}: DhcpNameServer=192.168.178.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{9D13D916-53BF-4E9E-82A9-8D43F16D7874}: DhcpNameServer=192.168.178.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{9D13D916-53BF-4E9E-82A9-8D43F16D7874}: DhcpNameServer=192.168.178.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.178.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.178.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.178.1 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End ComboFix 08-05-21.2 - Kakashi Hatake 2008-05-22 15:27:57.7 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.542 [GMT 2:00] ausgeführt von:: C:\Dokumente und Einstellungen\Kakashi Hatake\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt [color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color] . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr0.dat C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr1.dat ----- BITS: Possible infected sites ----- cache.googlevideo. . ((((((((((((((((((((((( Dateien erstellt von 2008-04-22 bis 2008-05-22 )))))))))))))))))))))))))))))) . 2008-05-22 15:14 . 2008-05-22 15:14 3,698 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-22 14:26 . 2008-05-22 14:26 <DIR> d-------- C:\_OTMoveIt 2008-05-22 13:07 . 2008-05-22 13:07 <DIR> d-------- C:\Programme\CCleaner 2008-05-18 07:01 . 2008-05-18 07:01 <DIR> d-------- C:\Programme\Real 2008-05-18 07:01 . 2008-05-18 07:01 <DIR> d-------- C:\Programme\Gemeinsame Dateien\xing shared 2008-05-18 07:01 . 2008-05-18 07:01 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Real 2008-05-18 06:59 . 2008-05-22 00:08 <DIR> d-------- C:\Programme\Google 2008-05-18 06:35 . 2008-05-18 06:37 <DIR> d-------- C:\Dokumente und Einstellungen\Kakashi Hatake\Anwendungsdaten\vlc 2008-05-18 04:30 . 2008-05-18 04:30 <DIR> d-------- C:\Programme\K-Lite Codec Pack 2008-05-18 04:30 . 2006-11-01 14:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-05-18 04:30 . 2004-01-25 18:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2008-05-18 04:30 . 2006-11-01 14:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2008-05-18 04:30 . 2006-05-13 23:16 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm 2008-05-18 04:30 . 2007-02-21 21:00 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2008-05-18 04:30 . 2005-02-24 18:56 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest 2008-05-10 23:26 . 2008-05-10 23:26 <DIR> d-------- C:\Programme\VirtuallTek 2008-04-25 20:38 . 2008-04-25 20:38 <DIR> d-------- C:\Programme\sabbu 2008-04-25 20:38 . 2008-04-25 20:38 <DIR> d-------- C:\Programme\Gemeinsame Dateien\GTK 2008-04-23 11:37 . 2008-05-19 16:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-23 11:37 . 2008-04-23 11:37 1,409 --a------ C:\WINDOWS\QTFont.for . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-22 13:21 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon 2008-05-21 22:02 --------- d---a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP 2008-05-20 19:16 --------- d-----w C:\Programme\mIRC 2008-05-15 03:48 --------- d-----w C:\Programme\ABBYY FineReader 9.0 2008-04-25 20:58 --------- d-----w C:\Dokumente und Einstellungen\Kakashi Hatake\Anwendungsdaten\Babylon 2008-04-19 08:24 --------- d-----w C:\Programme\FXhome EffectsLab Pro 2008-04-18 19:06 --------- d-----w C:\Dokumente und Einstellungen\Kakashi Hatake\Anwendungsdaten\Publish Providers 2008-04-18 18:43 --------- d-----w C:\Dokumente und Einstellungen\Kakashi Hatake\Anwendungsdaten\Sony 2008-04-15 06:37 --------- d-----w C:\Programme\Malwarebytes' Anti-Malware 2008-04-15 06:37 --------- d-----w C:\Dokumente und Einstellungen\Kakashi Hatake\Anwendungsdaten\Malwarebytes 2008-04-15 06:37 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2008-04-15 06:31 --------- d-----w C:\Programme\Microsoft IntelliType Pro 2008-04-15 06:16 --------- d-----w C:\Dokumente und Einstellungen\Kakashi Hatake\Anwendungsdaten\Premium Security Suite 2008-04-15 05:53 --------- d-----w C:\Programme\Avira 2008-04-15 05:53 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira 2008-04-15 04:45 --------- d-----w C:\Dokumente und Einstellungen\Kakashi Hatake\Anwendungsdaten\TmpRecentIcons 2008-04-14 16:52 --------- d-----w C:\Programme\QuickTime 2008-04-14 13:38 --------- d-----w C:\Programme\Java 2008-04-09 22:56 --------- d-----w C:\Programme\Shoryuken Productions 2008-04-07 01:20 --------- d-----w C:\Programme\ICQToolbar 2008-04-06 22:31 --------- d-----w C:\Programme\GpotatoEu 2008-04-05 23:21 --------- d--h--w C:\Programme\InstallShield Installation Information 2008-04-05 23:21 --------- d-----w C:\Programme\gPotato.eu 2008-04-05 23:19 --------- d-----w C:\Programme\e frontier 2008-04-05 21:56 --------- d-----w C:\Programme\myGamersCam 2008-04-03 22:51 --------- d-----w C:\Programme\Obscure 2008-04-03 20:38 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-04-03 20:08 --------- d-----w C:\Programme\Rockstar Games 2008-04-03 01:56 --------- d-----w C:\Programme\LucasArts 2008-03-28 21:41 --------- d-----w C:\Programme\Veoh Networks 2008-03-28 01:50 --------- d-----w C:\Programme\KeyHoleTV 2008-03-25 23:21 --------- d-----w C:\Dokumente und Einstellungen\Kakashi Hatake\Anwendungsdaten\MAGIX 2008-03-25 23:20 --------- d-----w C:\Programme\MAGIX 2008-03-25 23:20 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX 2008-03-25 23:19 --------- d-----w C:\Programme\Gemeinsame Dateien\MAGIX Shared 2008-03-24 19:31 --------- d-----w C:\Programme\Comparisonics 2008-03-24 19:04 --------- d-----w C:\Programme\Arial Sound Recorder 2008-03-22 02:32 --------- d-----w C:\Dokumente und Einstellungen\Kakashi Hatake\Anwendungsdaten\e frontier 2008-03-22 02:31 3,120 ----a-w C:\WINDOWS\system32\6ffdbcaf-f6c1-42d3-a4a9-c7957224a70b.dll 2008-03-22 02:21 --------- d-----w C:\Dokumente und Einstellungen\Kakashi Hatake\Anwendungsdaten\Lost Marble 2008-03-20 20:08 550,418 ----a-w C:\WINDOWS\system32\x264vfw.dll 2008-03-14 00:39 257,340 ----a-w C:\Programme\setuplog.txt . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Programme\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe" [2007-09-20 16:35 202024] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:57 15360] "ICQ"="C:\Programme\ICQ6\ICQ.exe" [2007-11-21 02:47 172280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dit"="Dit.exe" [2002-08-28 13:43 73728 C:\WINDOWS\Dit.exe] "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 14:02 61440] "UpdateManager"="C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01 110592] "Cmaudio"="cmicnfg.cpl" [2003-12-11 16:44 2453504 C:\WINDOWS\CMICNFG.CPL] "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 10:57 81920] "iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2004-01-16 12:16 229376] "PCMService"="C:\Programme\Home Cinema\PowerCinema\PCMService.exe" [2003-06-24 15:23 61440] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-06-07 13:11 3809280] "nwiz"="nwiz.exe" [2004-06-07 13:11 831488 C:\WINDOWS\system32\nwiz.exe] "NBKeyScan"="C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 10:51 1836328] "Babylon Client"="C:\Programme\Babylon\Babylon-Pro\Babylon.exe" [2007-11-27 05:46 2841824] "Ulead Quick-Drop"="C:\Programme\Ulead Systems\Ulead DVD MovieFactory 5\Ulead DVD MovieFactory 5\Quick-Drop.exe" [2006-03-08 14:39 118784] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "type32"="C:\Programme\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51 172032] "IntelliPoint"="C:\Programme\Microsoft IntelliPoint\point32.exe" [2004-06-03 10:50 204800] "NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136] "SSBkgdUpdate"="C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 14:16 185896] "OpwareSE4"="C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 13:45 75304] "StartCCC"="C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112] "ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112] "TrayServer"="C:\Programme\MAGIX\Video_deluxe_2008_PLUS_e-version\TrayServer.exe" [2007-03-29 12:05 90112] "QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2008-04-14 18:52 98304] "avgnt"="C:\Programme\Avira\Avira Premium Security Suite\avgnt.exe" [2007-08-31 12:25 249896] "TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2008-05-18 07:01 185632] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:57 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll "vidc.X264"= x264vfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Programme\\mIRC\\mirc.exe"= "C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programme\\Bonjour\\mDNSResponder.exe"= "C:\\Programme\\ICQ6\\ICQ.exe"= "C:\\Programme\\Mozilla Firefox\\firefox.exe"= "D:\\star wars jedi knight 2\\GameData\\jk2mp.exe"= "D:\\Splinter Cell Pandora Tomorrow\\pandora.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programme\\Internet Explorer\\iexplore.exe"= "C:\\Programme\\KeyHoleTV\\KeyHoleTV.exe"= "C:\\Programme\\LucasArts\\KotF Jedi Academy Expansion Pack\\GameData\\jampDed.exe"= "C:\\Programme\\LucasArts\\KotF Jedi Academy Expansion Pack\\GameData\\jamp.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10352:TCP"= 10352:TCP:AresChatServer "5000:TCP"= 5000:TCP:AresChatServer R1 avfwot;avfwot;C:\WINDOWS\system32\DRIVERS\avfwot.sys [2007-08-30 13:12] R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;"C:\Programme\Avira\Avira Premium Security Suite\avfwsvc.exe" [2007-08-16 13:08] R2 AntiVirMailService;Avira Premium Security Suite MailGuard;"C:\Programme\Avira\Avira Premium Security Suite\avmailc.exe" [2007-08-28 13:08] R2 antivirwebservice;Avira Premium Security Suite WebGuard;"C:\Programme\Avira\Avira Premium Security Suite\AVWEBGRD.EXE" [2007-08-14 13:22] R2 AVEService;Avira Premium Security Suite MailGuard helper service;"C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe" [2007-07-18 08:09] R2 AWISp50;AWISp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\AWISp50.sys [2006-03-15 10:35] R3 avfwim;AvFw Packet Filter Miniport;C:\WINDOWS\system32\DRIVERS\avfwim.sys [2007-08-30 13:12] R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 09:04] R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 09:47] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Programme\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18] S3 MBAMCatchMe;MBAMCatchMe;C:\Programme\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17] S3 wlags48d;Agere Wireless PCCard Service;C:\WINDOWS\system32\DRIVERS\wlags48d.sys [2003-07-09 13:18] . Inhalt des "geplante Tasks" Ordners "2008-05-22 13:00:00 C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job" - C:\Programme\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-22 15:31:39 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... Scanne versteckte Dateien... ************************************************************************** . Zeit der Fertigstellung: 2008-05-22 15:34:32 ComboFix-quarantined-files.txt 2008-05-22 13:33:30 15 Verzeichnis(se), 7,092,867,072 Bytes frei 17 Verzeichnis(se), 7,380,418,560 Bytes frei 169 --- E O F --- 2007-12-21 18:46:17 |
|
|
||
22.05.2008, 16:00
Ehrenmitglied
Beiträge: 29434 |
#4
naruto
« poste ein neues log vom HijackThis « scanne mit Malwarebytes, lasse alles entfernen, was noch gefunden wird http://virus-protect.org/artikel/tools/malwarebytes.html dann sollte wieder alles i.o. sein ...oder kommen noch popups ? __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
22.05.2008, 19:51
Member
Themenstarter Beiträge: 29 |
#5
wieder normal danke für deine Hilfe
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:47:27, on 22.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\Avira Premium Security Suite\avguard.exe C:\WINDOWS\Dit.exe C:\HP\KBD\KBD.EXE C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Home Cinema\PowerCinema\PCMService.exe C:\Programme\Babylon\Babylon-Pro\Babylon.exe C:\WINDOWS\DitExp.exe C:\Programme\Java\jre1.6.0_05\bin\jusched.exe C:\Programme\Microsoft IntelliType Pro\type32.exe C:\Programme\Microsoft IntelliPoint\point32.exe C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Windows Live\Messenger\MsnMsgr.Exe C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\ICQ6\ICQ.exe C:\Programme\Avira\Avira Premium Security Suite\avfwsvc.exe C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe C:\WINDOWS\System32\gearsec.exe C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe C:\Programme\Avira\Avira Premium Security Suite\avmailc.exe C:\Programme\Avira\Avira Premium Security Suite\AVWEBGRD.EXE C:\Programme\iPod\bin\iPodService.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\svchost.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\explorer.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Kakashi Hatake\Eigene Dateien\HJT\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [Babylon Client] C:\Programme\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Programme\Ulead Systems\Ulead DVD MovieFactory 5\Ulead DVD MovieFactory 5\Quick-Drop.exe" WINDOWCALL O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_2008_PLUS_e-version\TrayServer.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\Avira Premium Security Suite\avgnt.exe" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Translate with &Babylon - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://de8.hpwis.com O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avfwsvc.exe O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avmailc.exe O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\sched.exe O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avguard.exe O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\AVWEBGRD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 10298 bytes |
|
|
||
22.05.2008, 21:25
Ehrenmitglied
Beiträge: 29434 |
#6
so einen feinen sauberen rechner hätte ich auch gern
wenn es noch probs gibt..melde dich. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
hier die Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:25:18, on 22.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\Avira Premium Security Suite\avguard.exe
C:\Programme\NetProject\scit.exe
C:\Programme\NetProject\sbmntr.exe
C:\WINDOWS\Dit.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\NetProject\scm.exe
C:\Programme\Babylon\Babylon-Pro\Babylon.exe
C:\Programme\NetProject\sbsm.exe
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\DitExp.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Windows Live\Messenger\MsnMsgr.Exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ICQ6\ICQ.exe
C:\Programme\Avira\Avira Premium Security Suite\avfwsvc.exe
C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programme\Avira\Avira Premium Security Suite\avmailc.exe
C:\Programme\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Kakashi Hatake\Eigene Dateien\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: 566828 helper - {220A105A-16EE-44C1-A4C8-AD76C709FC1D} - C:\WINDOWS\system32\566828\566828.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Programme\NetProject\sbmdl.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Programme\NetProject\wamdl.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Programme\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Programme\Ulead Systems\Ulead DVD MovieFactory 5\Ulead DVD MovieFactory 5\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_2008_PLUS_e-version\TrayServer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Programme\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Programme\NetProject\sbmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Translate with &Babylon - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.dwnldietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.dwnldietool.com/redirect.php (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://de8.hpwis.com
O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - C:\WINDOWS\system32\rtmipr.dll
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 12382 bytes