Trojan-Spy.win32@mx

#0
22.05.2008, 00:26
Member

Beiträge: 29
#1 ich glaube ich habe einen Trojaner ich hoffe ihr könnt mir helfen
hier die Log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:25:18, on 22.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\Avira Premium Security Suite\avguard.exe
C:\Programme\NetProject\scit.exe
C:\Programme\NetProject\sbmntr.exe
C:\WINDOWS\Dit.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\NetProject\scm.exe
C:\Programme\Babylon\Babylon-Pro\Babylon.exe
C:\Programme\NetProject\sbsm.exe
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\DitExp.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Windows Live\Messenger\MsnMsgr.Exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ICQ6\ICQ.exe
C:\Programme\Avira\Avira Premium Security Suite\avfwsvc.exe
C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programme\Avira\Avira Premium Security Suite\avmailc.exe
C:\Programme\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Kakashi Hatake\Eigene Dateien\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: 566828 helper - {220A105A-16EE-44C1-A4C8-AD76C709FC1D} - C:\WINDOWS\system32\566828\566828.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Programme\NetProject\sbmdl.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Programme\NetProject\wamdl.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Programme\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Programme\Ulead Systems\Ulead DVD MovieFactory 5\Ulead DVD MovieFactory 5\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_2008_PLUS_e-version\TrayServer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Programme\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Programme\NetProject\sbmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Translate with &Babylon - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.dwnldietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.dwnldietool.com/redirect.php (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://de8.hpwis.com
O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - C:\WINDOWS\system32\rtmipr.dll
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 12382 bytes
Seitenanfang Seitenende
22.05.2008, 01:24
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 naruto

1.
wende cleaner an + lösche die temp-Dateien
http://www.ccleaner.de/?protecus.de

2.
mit dem HijackThis löschen ("fixen")
Klicke: "Do a system scan only"
Setze ein Häckchen in das Kästchen vor die genannten Einträge
und wähle fix checked. + starte den Rechner neu.

Zitat

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

O2 - BHO: 566828 helper - {220A105A-16EE-44C1-A4C8-AD76C709FC1D} - C:\WINDOWS\system32\566828\566828.dll

O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Programme\NetProject\sbmdl.dll

O3 - Tolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Programme\NetProject\wamdl.dll

O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Programme\NetProject\scit.exe

O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Programme\NetProject\sbmntr.exe

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.dwnldietool.com/redirect.php (file missing)

O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.dwnldietool.com/redirect.php (file missing)

O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - C:\WINDOWS\system32\rtmipr.dll

PC neustarten

3.
http://virus-protect.org/artikel/tools/otmoveIt.html
öffne: OTMoveIt.exe

OTMoveIt Kopiere rein: im linken Fenster ,wo steht: Paste List of Files/Folders to Move

Zitat

C:\WINDOWS\system32\566828
C:\Programme\NetProject
C:\WINDOWS\system32\rtmipr.dll
Klicke auf den Roten MoveIt!

----------------------------------------------------------

4.
wende smitfraudfix an (option 2) + poste den report
http://virus-protect.org/artikel/tools/combofix.html

5.
wende combofix an +klicke die Warnmeldung weg + poste den report
http://virus-protect.org/artikel/tools/combofix.html
__________
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
22.05.2008, 15:40
Member

Themenstarter

Beiträge: 29
#3 SmitFraudFix v2.320

Scan done at 15:14:10,98, 22.05.2008
Run from C:\Dokumente und Einstellungen\Kakashi Hatake\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOKUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOKUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\DOKUME~1\KAKASH~1\FAVORI~1\Online Security Test.url Deleted
C:\Programme\VirusHeat 4.4\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: VIA Rhine II Fast Ethernet Adapter - Paketplaner-Miniport
DNS Server Search Order: 192.168.178.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9D13D916-53BF-4E9E-82A9-8D43F16D7874}: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9D13D916-53BF-4E9E-82A9-8D43F16D7874}: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9D13D916-53BF-4E9E-82A9-8D43F16D7874}: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.178.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.178.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End




ComboFix 08-05-21.2 - Kakashi Hatake 2008-05-22 15:27:57.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.542 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Kakashi Hatake\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr0.dat
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

cache.googlevideo.
.
((((((((((((((((((((((( Dateien erstellt von 2008-04-22 bis 2008-05-22 ))))))))))))))))))))))))))))))
.

2008-05-22 15:14 . 2008-05-22 15:14 3,698 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-22 14:26 . 2008-05-22 14:26 <DIR> d-------- C:\_OTMoveIt
2008-05-22 13:07 . 2008-05-22 13:07 <DIR> d-------- C:\Programme\CCleaner
2008-05-18 07:01 . 2008-05-18 07:01 <DIR> d-------- C:\Programme\Real
2008-05-18 07:01 . 2008-05-18 07:01 <DIR> d-------- C:\Programme\Gemeinsame Dateien\xing shared
2008-05-18 07:01 . 2008-05-18 07:01 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Real
2008-05-18 06:59 . 2008-05-22 00:08 <DIR> d-------- C:\Programme\Google
2008-05-18 06:35 . 2008-05-18 06:37 <DIR> d-------- C:\Dokumente und Einstellungen\Kakashi Hatake\Anwendungsdaten\vlc
2008-05-18 04:30 . 2008-05-18 04:30 <DIR> d-------- C:\Programme\K-Lite Codec Pack
2008-05-18 04:30 . 2006-11-01 14:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-18 04:30 . 2004-01-25 18:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-05-18 04:30 . 2006-11-01 14:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-05-18 04:30 . 2006-05-13 23:16 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-05-18 04:30 . 2007-02-21 21:00 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-18 04:30 . 2005-02-24 18:56 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-10 23:26 . 2008-05-10 23:26 <DIR> d-------- C:\Programme\VirtuallTek
2008-04-25 20:38 . 2008-04-25 20:38 <DIR> d-------- C:\Programme\sabbu
2008-04-25 20:38 . 2008-04-25 20:38 <DIR> d-------- C:\Programme\Gemeinsame Dateien\GTK
2008-04-23 11:37 . 2008-05-19 16:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-23 11:37 . 2008-04-23 11:37 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 13:21 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
2008-05-21 22:02 --------- d---a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-05-20 19:16 --------- d-----w C:\Programme\mIRC
2008-05-15 03:48 --------- d-----w C:\Programme\ABBYY FineReader 9.0
2008-04-25 20:58 --------- d-----w C:\Dokumente und Einstellungen\Kakashi Hatake\Anwendungsdaten\Babylon
2008-04-19 08:24 --------- d-----w C:\Programme\FXhome EffectsLab Pro
2008-04-18 19:06 --------- d-----w C:\Dokumente und Einstellungen\Kakashi Hatake\Anwendungsdaten\Publish Providers
2008-04-18 18:43 --------- d-----w C:\Dokumente und Einstellungen\Kakashi Hatake\Anwendungsdaten\Sony
2008-04-15 06:37 --------- d-----w C:\Programme\Malwarebytes' Anti-Malware
2008-04-15 06:37 --------- d-----w C:\Dokumente und Einstellungen\Kakashi Hatake\Anwendungsdaten\Malwarebytes
2008-04-15 06:37 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-04-15 06:31 --------- d-----w C:\Programme\Microsoft IntelliType Pro
2008-04-15 06:16 --------- d-----w C:\Dokumente und Einstellungen\Kakashi Hatake\Anwendungsdaten\Premium Security Suite
2008-04-15 05:53 --------- d-----w C:\Programme\Avira
2008-04-15 05:53 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2008-04-15 04:45 --------- d-----w C:\Dokumente und Einstellungen\Kakashi Hatake\Anwendungsdaten\TmpRecentIcons
2008-04-14 16:52 --------- d-----w C:\Programme\QuickTime
2008-04-14 13:38 --------- d-----w C:\Programme\Java
2008-04-09 22:56 --------- d-----w C:\Programme\Shoryuken Productions
2008-04-07 01:20 --------- d-----w C:\Programme\ICQToolbar
2008-04-06 22:31 --------- d-----w C:\Programme\GpotatoEu
2008-04-05 23:21 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-04-05 23:21 --------- d-----w C:\Programme\gPotato.eu
2008-04-05 23:19 --------- d-----w C:\Programme\e frontier
2008-04-05 21:56 --------- d-----w C:\Programme\myGamersCam
2008-04-03 22:51 --------- d-----w C:\Programme\Obscure
2008-04-03 20:38 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-03 20:08 --------- d-----w C:\Programme\Rockstar Games
2008-04-03 01:56 --------- d-----w C:\Programme\LucasArts
2008-03-28 21:41 --------- d-----w C:\Programme\Veoh Networks
2008-03-28 01:50 --------- d-----w C:\Programme\KeyHoleTV
2008-03-25 23:21 --------- d-----w C:\Dokumente und Einstellungen\Kakashi Hatake\Anwendungsdaten\MAGIX
2008-03-25 23:20 --------- d-----w C:\Programme\MAGIX
2008-03-25 23:20 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
2008-03-25 23:19 --------- d-----w C:\Programme\Gemeinsame Dateien\MAGIX Shared
2008-03-24 19:31 --------- d-----w C:\Programme\Comparisonics
2008-03-24 19:04 --------- d-----w C:\Programme\Arial Sound Recorder
2008-03-22 02:32 --------- d-----w C:\Dokumente und Einstellungen\Kakashi Hatake\Anwendungsdaten\e frontier
2008-03-22 02:31 3,120 ----a-w C:\WINDOWS\system32\6ffdbcaf-f6c1-42d3-a4a9-c7957224a70b.dll
2008-03-22 02:21 --------- d-----w C:\Dokumente und Einstellungen\Kakashi Hatake\Anwendungsdaten\Lost Marble
2008-03-20 20:08 550,418 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-03-14 00:39 257,340 ----a-w C:\Programme\setuplog.txt
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programme\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe" [2007-09-20 16:35 202024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:57 15360]
"ICQ"="C:\Programme\ICQ6\ICQ.exe" [2007-11-21 02:47 172280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dit"="Dit.exe" [2002-08-28 13:43 73728 C:\WINDOWS\Dit.exe]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 14:02 61440]
"UpdateManager"="C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01 110592]
"Cmaudio"="cmicnfg.cpl" [2003-12-11 16:44 2453504 C:\WINDOWS\CMICNFG.CPL]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 10:57 81920]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2004-01-16 12:16 229376]
"PCMService"="C:\Programme\Home Cinema\PowerCinema\PCMService.exe" [2003-06-24 15:23 61440]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-06-07 13:11 3809280]
"nwiz"="nwiz.exe" [2004-06-07 13:11 831488 C:\WINDOWS\system32\nwiz.exe]
"NBKeyScan"="C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 10:51 1836328]
"Babylon Client"="C:\Programme\Babylon\Babylon-Pro\Babylon.exe" [2007-11-27 05:46 2841824]
"Ulead Quick-Drop"="C:\Programme\Ulead Systems\Ulead DVD MovieFactory 5\Ulead DVD MovieFactory 5\Quick-Drop.exe" [2006-03-08 14:39 118784]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"type32"="C:\Programme\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51 172032]
"IntelliPoint"="C:\Programme\Microsoft IntelliPoint\point32.exe" [2004-06-03 10:50 204800]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"SSBkgdUpdate"="C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 14:16 185896]
"OpwareSE4"="C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 13:45 75304]
"StartCCC"="C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112]
"TrayServer"="C:\Programme\MAGIX\Video_deluxe_2008_PLUS_e-version\TrayServer.exe" [2007-03-29 12:05 90112]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2008-04-14 18:52 98304]
"avgnt"="C:\Programme\Avira\Avira Premium Security Suite\avgnt.exe" [2007-08-31 12:25 249896]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2008-05-18 07:01 185632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:57 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"vidc.X264"= x264vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programme\\mIRC\\mirc.exe"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\Bonjour\\mDNSResponder.exe"=
"C:\\Programme\\ICQ6\\ICQ.exe"=
"C:\\Programme\\Mozilla Firefox\\firefox.exe"=
"D:\\star wars jedi knight 2\\GameData\\jk2mp.exe"=
"D:\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\Internet Explorer\\iexplore.exe"=
"C:\\Programme\\KeyHoleTV\\KeyHoleTV.exe"=
"C:\\Programme\\LucasArts\\KotF Jedi Academy Expansion Pack\\GameData\\jampDed.exe"=
"C:\\Programme\\LucasArts\\KotF Jedi Academy Expansion Pack\\GameData\\jamp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10352:TCP"= 10352:TCP:AresChatServer
"5000:TCP"= 5000:TCP:AresChatServer

R1 avfwot;avfwot;C:\WINDOWS\system32\DRIVERS\avfwot.sys [2007-08-30 13:12]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;"C:\Programme\Avira\Avira Premium Security Suite\avfwsvc.exe" [2007-08-16 13:08]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;"C:\Programme\Avira\Avira Premium Security Suite\avmailc.exe" [2007-08-28 13:08]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;"C:\Programme\Avira\Avira Premium Security Suite\AVWEBGRD.EXE" [2007-08-14 13:22]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;"C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe" [2007-07-18 08:09]
R2 AWISp50;AWISp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\AWISp50.sys [2006-03-15 10:35]
R3 avfwim;AvFw Packet Filter Miniport;C:\WINDOWS\system32\DRIVERS\avfwim.sys [2007-08-30 13:12]
R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 09:04]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 09:47]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Programme\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]
S3 MBAMCatchMe;MBAMCatchMe;C:\Programme\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
S3 wlags48d;Agere Wireless PCCard Service;C:\WINDOWS\system32\DRIVERS\wlags48d.sys [2003-07-09 13:18]

.
Inhalt des "geplante Tasks" Ordners
"2008-05-22 13:00:00 C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job"
- C:\Programme\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 15:31:39
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...


**************************************************************************
.
Zeit der Fertigstellung: 2008-05-22 15:34:32
ComboFix-quarantined-files.txt 2008-05-22 13:33:30

15 Verzeichnis(se), 7,092,867,072 Bytes frei
17 Verzeichnis(se), 7,380,418,560 Bytes frei

169 --- E O F --- 2007-12-21 18:46:17
Seitenanfang Seitenende
22.05.2008, 16:00
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 naruto

«
poste ein neues log vom HijackThis

«
scanne mit Malwarebytes, lasse alles entfernen, was noch gefunden wird
http://virus-protect.org/artikel/tools/malwarebytes.html


dann sollte wieder alles i.o. sein ...oder kommen noch popups ?
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
22.05.2008, 19:51
Member

Themenstarter

Beiträge: 29
#5 wieder normal danke für deine Hilfe

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:47:27, on 22.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\Avira Premium Security Suite\avguard.exe
C:\WINDOWS\Dit.exe
C:\HP\KBD\KBD.EXE
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\Babylon\Babylon-Pro\Babylon.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Windows Live\Messenger\MsnMsgr.Exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ICQ6\ICQ.exe
C:\Programme\Avira\Avira Premium Security Suite\avfwsvc.exe
C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programme\Avira\Avira Premium Security Suite\avmailc.exe
C:\Programme\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\Programme\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Kakashi Hatake\Eigene Dateien\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Programme\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Programme\Ulead Systems\Ulead DVD MovieFactory 5\Ulead DVD MovieFactory 5\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programme\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_2008_PLUS_e-version\TrayServer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Translate with &Babylon - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://de8.hpwis.com
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 10298 bytes
Seitenanfang Seitenende
22.05.2008, 21:25
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 so einen feinen sauberen rechner hätte ich auch gern ;) ;)
wenn es noch probs gibt..melde dich.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: