Virus Alert - WinCtrl32.dll |
||
|---|---|---|
| #0
| ||
|
05.06.2008, 09:52
...neu hier
Beiträge: 8 |
||
 
|
|
|
|
05.06.2008, 10:14
Ehrenmitglied
 Beiträge: 29434 |
#2
Hallo Tobi78
1. http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) Microsoft security update service in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. in: "Enter search strings" (reinschreiben oder reinkopieren) msupdate in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. in: "Enter search strings" (reinschreiben oder reinkopieren) WinCtrl32 in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. ---------------------------------------------------------------- 2. mit dem HijackThis löschen ("fixen") Klicke: "Do a system scan only" Setze ein Häckchen in das Kästchen vor den genannten Eintrag und wähle fix checked. Zitat R3 - Default URLSearchHook is missing3. wende rvaxo im abgesicherten Modus an + poste dann den report, wenn du wieder in Normalmodus bist http://virus-protect.org/artikel/tools/rvaxo.html 4. lade sdfix - musst du auch im abgesicherten Modus anwenden - poste dann ebenfalls den report http://virus-protect.org/artikel/tools/sdfix.html 5. lade combofix, klicke die warnmeldung weg, + poste den report http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
05.06.2008, 11:07
...neu hier
Themenstarter Beiträge: 8 |
#3
Hey. Meine Logs von schritt 1:
Microsoft security update service Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.5.0 ; Results at 05.06.2008 10:53:52 for strings: ; 'microsoft security update service' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSUPDATE\0000] "DeviceDesc"="Microsoft security update service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MSUPDATE\0000] "DeviceDesc"="Microsoft security update service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msupdate] "DisplayName"="Microsoft security update service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MSUPDATE\0000] "DeviceDesc"="Microsoft security update service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msupdate] "DisplayName"="Microsoft security update service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSUPDATE\0000] "DeviceDesc"="Microsoft security update service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msupdate] "DisplayName"="Microsoft security update service" ; End Of The Log... msupdate Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.5.0 ; Results at 05.06.2008 10:55:46 for strings: ; 'msupdate' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSUPDATE] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSUPDATE\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSUPDATE\0000] "Service"="msupdate" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MSUPDATE] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MSUPDATE\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MSUPDATE\0000] "Service"="msupdate" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msupdate] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msupdate\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msupdate\Enum] "0"="Root\\LEGACY_MSUPDATE\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MSUPDATE] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MSUPDATE\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MSUPDATE\0000] "Service"="msupdate" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msupdate] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSUPDATE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSUPDATE\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSUPDATE\0000] "Service"="msupdate" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msupdate] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msupdate\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msupdate\Enum] "0"="Root\\LEGACY_MSUPDATE\\0000" ; End Of The Log... winctrl32 Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.5.0 ; Results at 05.06.2008 10:57:14 for strings: ; 'winctrl32' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32] "DLLName"="WinCtrl32.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager] ; Contents of value: ; \??\C:\WINDOWS\System32\WinCtrl32.dl_ ; !\??\C:\WINDOWS\System32\WinCtrl32.dll ; "PendingFileRenameOperations"=hex(7):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,\ 57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,53,00,79,00,73,00,74,00,65,\ 00,6d,00,33,00,32,00,5c,00,57,00,69,00,6e,00,43,00,74,00,72,00,6c,00,33,00,\ 32,00,2e,00,64,00,6c,00,5f,00,00,00,21,00,5c,00,3f,00,3f,00,5c,00,43,00,3a,\ 00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,53,00,79,00,73,00,\ 74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,69,00,6e,00,43,00,74,00,72,00,6c,\ 00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,00,00,00 ; End Of The Log... So das wären die 3 logs. Kann ich nun mit schritt 2 fortfahren? |
|
|
|
|
|
|
05.06.2008, 11:16
Ehrenmitglied
Beiträge: 29434 |
#4
«
fixe nun, wie oben angegeben mit HijackThis, dann: wende rvaxo im abgesicherten Modus an + poste dann den report, wenn du wieder in Normalmodus bist http://virus-protect.org/artikel/tools/rvaxo.html «« danach sdfix anwenden (im abges.Modus) + den report posten «« dann Combofix  __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
05.06.2008, 12:10
...neu hier
Themenstarter Beiträge: 8 |
#5
Hier sind meine Logs
---RVAXO.exe Updated: 2008-05-29---first run--- Uninstallers: Files found: C:\WINDOWS\system32\WinMDB32.dll C:\WINDOWS\system32\WinCtrl32.dll Folders Found: C:\WINDOWS\privacy_danger Hosts-file was reset, If you use a custom hosts file please replace it... --------------RVAXO.exe last run--------------- Not deleted items: --------------RVAXO.exe finished---------------- und SDFix: Version 1.187 Run by Administrator on 05.06.2008 at 11:54 Microsoft Windows XP [Version 5.1.2600] Running From: C:\DOKUME~1\ADMINI~1\Desktop\SDFix Checking Services : Name : RYF51 Path : \SystemRoot\System32\Drivers\ryF51.sys RYF51 - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Restored Windows ProductId registry value Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\WinCtrl32.dll - Deleted C:\WINDOWS\system32\drivers\RYF51.sys - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-05 12:01:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System] "OODEFRAG10.00.00.01WORKSTATION"="004AD986CCB04467D47AA8471C38B4AF8F6BEB580243E 6ACD2178B7AD56D006985BEEF7723D38074CE6977CE2C78FCB0A94076AA010865787D2B4926A6DD668AD148 FAECCBE4CACD0834F21C114600DDAD1AB9016 1DE187058964D1B5313688198F1FCFC23E835D771A1E5EAB9706ACFEC1BEC5CC186E10 2B77A533F4D5CC6B1CFF7DD900E57F90A442A01C81A3E0DB3829A269047AF4F3134AC804989F4641 2324DE867F01DF371FA7E589AAA67DD4A492666451B810D1 2ACB3D8468412472DBC16CC11389922AE547FE494E51A76E960FA8B76E994EC 50C04C4898B7D91A23B22C1E74D1A0A8F554C483C24B75117CAD8D5EF2FEBC9E127BECC74 CFEBC9E127BECC74CFEBC9E127BECC7 4CFEBC9E127BECC74CFEBC9E127 BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2 D97226D213B555FEBC9E127BECC74C9DB7CE019D40AA5C1D8B563CD29ABC5F361DF2A5B C47EFBAF6E016F58B3EE4352F109 236AE255432A39578C45A608CD9147B4DAB19E3779555A25B3C685AADD4F0538804E61A9428 619B42881367172B577476DD9C0C63368D 46A1013DB7BFEF3231630C2B396B1FDD283034 997E12D49662859DC2EA50E6E79 3B7FA0500C0368E7A4C791AC7A5C7233B6287CCA515AEED11B1E0CA613E4134C20F73030D3C26A1F58B8B9541F8A7C04A9DD54E 161C627DC159B039009336BF 82BECA3BF29F958EE0921742517B9AC73 CC70907B809EE692AFBA8571199886075FE71F6F2BEAC F969F2018C5A28CB506CED 9C212D1FA7D7F2BE7C3010FD516FB0AF6EC208CD698E31E246A0F1DF3E75AC40210C4507B375386BEF94AA52FAC93 E50DBF0DC681BF950BEF571E0E548D34092BA7B87CC0DF18B6EDC18C50B474E1D896796D20E676CD105333525601210 5EDBA2652F618380F2D82F137782C7623E23D48BFE1FC69C B55835E6EFDB1BCE3439A205A819B7D8665FEAA1 8D75E46F080BF8EEA86386C46D00C643A7C634BC61E91DDA1A2C22B6545AA22585065BE155D4BEA04D0547A0DF6647 4D6575830879D106A9D6B6 8DDA1CC701BF1439B9A9F235A4C59D11FCF4E89AAB4AF69F03E285F86577EAB9980792C743DA9FF6653C2306BB 477DFBF084D75078C55CDEFE037F8BD6909499B584021FBAA145 8F14911CC5AC53059B40196F5D4B8D4DB39B245AD88C03C51F2B9D27B8CC06 53B2532788952F5A81A9DB82E53C52B2B282CC06F7D4C8A326759423B21E71B94EF5017D853C139173C408 11E70ED08C2890DC693118E4090F2EE06749833737ECD25318A6A2BA728F6FDC1A92131E34028B6 A95D1DD4D0D103CD243853B3FB81B27CF80EED89BB93E1048F7FA342687C4016655990601506BF90192F2BFBEBF7733D343 DB8DBFE81CF08A87A57A672BA865 16F7BD1616B41722D4B392ACFE90D61D8E71D89847C5F8C0392B1017F4" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Programme\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server" "C:\\Programme\\FlashFXP\\FlashFXP.exe"="C:\\Programme\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3" "C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\\Programme\\Yahoo!\\Messenger\\YServer.exe"="C:\\Programme\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\\Programme\\Bonjour\\mDNSResponder.exe"="C:\\Programme\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\FlashFXP\\FlashFXP.exe"="C:\\Programme\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3" "C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\DOKUME~1\ADMINI~1\Desktop\SDFix\backups\backups.zip Files with Hidden Attributes : Wed 7 Mar 2007 1,152 A.SH. --- "C:\2l6jawva.sys" Thu 8 Mar 2007 355 ...H. --- "C:\Boot.BAK" Sat 26 May 2007 4,348 ..SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\DRMv1.bak" Thu 15 Mar 2007 0 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\Cache\Indiv01.tmp" Wed 14 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT8.tmp" Wed 14 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BITB.tmp" Wed 14 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT7.tmp" Wed 14 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2d9afc485ff57441ce14a08241df89e8\BITD.tmp" Wed 12 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT5.tmp" Wed 14 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\52ce26fea0efba79c7052e71b88e981f\BITE.tmp" Wed 14 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad2d37be81d37204b0a12680c06ffd51\BITA.tmp" Wed 14 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT6.tmp" Wed 14 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BITC.tmp" Wed 14 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ed6c7531380802fe7c2504f3909edb19\BIT9.tmp" Finished! Soll ich Combofix auch im Abgesicherten modus ausführen? danke im voraus. Mfg. Tobi |
|
|
|
|
|
|
05.06.2008, 13:33
Ehrenmitglied
Beiträge: 29434 |
||
|
|
|
|
|
05.06.2008, 14:59
...neu hier
Themenstarter Beiträge: 8 |
#7
Nächstes Problem
 Er bringt mir bei der Fertgungs_stufe_4 einen fehler: irgendwas mit written, da ein fhler auf dem speicher liegt. und ob ich mit ok das programm beenden mag oder abbrechen (debuggen) was soll ich machen? Gar nichts? wieviele fertigugsstufen gibts es? danke im voraus |
|
|
|
|
|
|
05.06.2008, 15:42
Ehrenmitglied
Beiträge: 29434 |
#8
«
versuche es noch mal mit combofix « oder: poste statt dessen die 2 logs von comboscan http://virus-protect.org/artikel/tools/comboscan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
05.06.2008, 18:06
...neu hier
Themenstarter Beiträge: 8 |
#9
Hier der log:
Deckard's System Scanner v20071014.68 Run by Administrator on 2008-06-05 17:57:24 Computer is in Safe Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- -- Last 2 Restore Point(s) -- 2: 2008-06-05 15:53:35 UTC - RP2 - Deckard's System Scanner Restore Point 1: 2008-06-05 12:40:30 UTC - RP1 - ComboFix created restore point Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Administrator.exe) --------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:58, on 2008-06-05 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Dokumente und Einstellungen\Administrator\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.info/objects/NpFv415.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{19C2B17B-DEAA-484D-BCE9-CCFDE30D2BED}: NameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{19C2B17B-DEAA-484D-BCE9-CCFDE30D2BED}: NameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{19C2B17B-DEAA-484D-BCE9-CCFDE30D2BED}: NameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{19C2B17B-DEAA-484D-BCE9-CCFDE30D2BED}: NameServer = 192.168.1.1 O18 - Protocol: bw+0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Programme\Silvercrest MTS2118 driver\KMWDSrv.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- End of file - 18088 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080605-111923-270 O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll backup-20080605-111923-365 O3 - Toolbar: nmwegbsf - {4A8A9DF9-71AA-4BDB-8EC7-A643FD0B1420} - C:\WINDOWS\nmwegbsf.dll backup-20080605-111923-418 O21 - SSODL: erpobmsw - {70D30B8C-6244-42EB-9D12-38E03C38FDC6} - C:\WINDOWS\erpobmsw.dll backup-20080605-111923-448 O4 - HKLM\..\Run: [advap32] C:\DOKUME~1\Tobi\LOKALE~1\Temp\rbnpsrv.exe/r backup-20080605-111923-633 O4 - HKLM\..\Run: [lphcrrtj0ev4r] C:\WINDOWS\system32\lphcrrtj0ev4r.exe backup-20080605-111923-835 O2 - BHO: QXK Olive - {3D917E3E-B3E8-4459-964A-84F2554E1E62} - C:\WINDOWS\nogxfvblrkd.dll backup-20080605-111923-908 O21 - SSODL: adgpfoxs - {150184AF-9DCD-4F91-A613-1EE4C634A5A6} - C:\WINDOWS\adgpfoxs.dll backup-20080605-111923-918 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) backup-20080605-111924-419 O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe (file missing) backup-20080605-113444-124 O21 - SSODL: erpobmsw - {70D30B8C-6244-42EB-9D12-38E03C38FDC6} - C:\WINDOWS\erpobmsw.dll backup-20080605-113444-267 O3 - Toolbar: nmwegbsf - {4A8A9DF9-71AA-4BDB-8EC7-A643FD0B1420} - C:\WINDOWS\nmwegbsf.dll backup-20080605-113444-422 O2 - BHO: QXK Olive - {3D917E3E-B3E8-4459-964A-84F2554E1E62} - C:\WINDOWS\nogxfvblrkd.dll (file missing) backup-20080605-113444-442 R3 - Default URLSearchHook is missing backup-20080605-113444-447 O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe (file missing) backup-20080605-113444-476 O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll backup-20080605-113444-662 O4 - HKLM\..\Run: [lphcrrtj0ev4r] C:\WINDOWS\system32\lphcrrtj0ev4r.exe backup-20080605-113444-735 O21 - SSODL: adgpfoxs - {150184AF-9DCD-4F91-A613-1EE4C634A5A6} - C:\WINDOWS\adgpfoxs.dll backup-20080605-113550-286 O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe (file missing) -- File Associations ----------------------------------------------------------- [COLOR=red].js - JSFile - DefaultIcon - C:\Programme\Macromedia\Dreamweaver 4\Dreamweaver.exe,2[/COLOR] [COLOR=red].js - JSFile - shell\open\command - "C:\Programme\Macromedia\Dreamweaver 4\Dreamweaver.exe" "%1"[/COLOR] [COLOR=red].txt - unable to read key[/COLOR] [COLOR=red].txt - unable to read key[/COLOR] -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R3 KMWDFilter - c:\windows\system32\drivers\kmwdfilter.sys <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver> S1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product> S1 ssmdrv - c:\windows\system32\drivers\ssmdrv.sys <Not Verified; AVIRA GmbH; > S2 43159 - c:\windows\system32\43159.sys S3 catchme - c:\combofix\catchme.sys (file missing) S3 SE27bus (Sony Ericsson Device 039 Driver driver (WDM)) - c:\windows\system32\drivers\se27bus.sys <Not Verified; MCCI; Sony Ericsson Device 039 Driver> S3 SE27mdfl (Sony Ericsson Device 039 USB WMC Modem Filter) - c:\windows\system32\drivers\se27mdfl.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC Modem Filter Driver> S3 SE27mdm (Sony Ericsson Device 039 USB WMC Modem Driver) - c:\windows\system32\drivers\se27mdm.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC Data Modem> S3 SE27mgmt (Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\se27mgmt.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC Device Management> S3 se27nd5 (Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)) - c:\windows\system32\drivers\se27nd5.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB Ethernet Emulation> S3 SE27obex (Sony Ericsson Device 039 USB WMC OBEX Interface) - c:\windows\system32\drivers\se27obex.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC OBEX Interface> S3 se27unic (Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)) - c:\windows\system32\drivers\se27unic.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB Ethernet Emulation> S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64> S3 WinDriver6 - c:\windows\system32\drivers\windrvr6.sys <Not Verified; Jungo; WinDriver Device Driver (x86)> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Planer) - "c:\programme\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation> S2 ForceWare Intelligent Application Manager (IAM) - c:\programme\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module> S2 ForcewareWebInterface (Forceware Web Interface) - "c:\programme\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server> S2 KMWDSERVICE (Keyboard And Mouse Communication Service) - c:\programme\silvercrest mts2118 driver\kmwdsrv.exe <Not Verified; UASSOFT.COM; Keyboard And Mouse Communication Service> S2 nSvcLog (ForceWare user log service) - c:\programme\nvidia corporation\networkaccessmanager\bin\nsvclog.exe <Not Verified; NVIDIA; NVIDIA nSvcLog> S3 NMIndexingService - "c:\programme\gemeinsame dateien\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home> S3 ServiceLayer - "c:\programme\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Files created between 2008-05-05 and 2008-06-05 ----------------------------- 2008-06-05 17:55:00 0 d-------- C:\327882R2FWJFW 2008-06-05 17:41:21 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec> 2008-06-05 14:40:04 68096 --a------ C:\WINDOWS\zip.exe 2008-06-05 14:40:04 49152 --a------ C:\WINDOWS\VFind.exe 2008-06-05 14:40:04 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor> 2008-06-05 14:40:04 98816 --a------ C:\WINDOWS\sed.exe 2008-06-05 14:40:04 80412 --a------ C:\WINDOWS\grep.exe 2008-06-05 14:40:04 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-06-05 14:40:03 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists> 2008-06-05 14:40:03 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller> 2008-06-05 11:51:47 0 d-------- C:\WINDOWS\ERUNT 2008-06-05 11:40:22 0 d-------- C:\RVAXO 2008-06-05 11:37:18 828824 --a------ C:\WINDOWS\system32\RVAXO.bat 2008-06-05 11:37:18 69632 --a------ C:\WINDOWS\system32\remove.exe 2008-06-05 09:33:16 0 d-------- C:\Programme\Trend Micro 2008-06-04 18:16:46 0 d-------- C:\Programme\Avira 2008-06-04 17:58:46 81920 --a------ C:\WINDOWS\xbqmfsed.exe 2008-06-04 17:58:46 188416 --a------ C:\WINDOWS\nmwegbsf.dll 2008-06-04 17:58:46 163840 --a------ C:\WINDOWS\ersn.exe 2008-06-04 17:58:46 286720 --a------ C:\WINDOWS\erpobmsw.dll 2008-06-04 17:58:46 258048 --a------ C:\WINDOWS\adgpfoxs.dll 2008-06-04 17:58:41 52736 --a------ C:\WINDOWS\system32\blphcrrtj0ev4r.scr <Not Verified; Peter's Productions; Bugs!> 2008-05-19 13:45:53 0 d-------- C:\Programme\Gemeinsame Dateien\Macromedia 2008-05-19 13:45:42 0 d-------- C:\Programme\Macromedia 2008-05-16 07:52:56 0 d-------- C:\Programme\Microsoft CAPICOM 2.1.0.2 2008-05-14 08:04:44 0 d--hs--c- C:\Programme\Gemeinsame Dateien\WindowsLiveInstaller 2008-05-14 08:03:59 0 d-------- C:\Programme\Windows Live 2008-05-13 16:54:38 0 d-------- C:\Programme\RAR Password Cracker 2008-05-05 18:30:35 17280 --a------ C:\WINDOWS\system32\drivers\KMWDFilter.SYS <Not Verified; Windows (R) Codename Longhorn DDK provider; Windows (R) Codename Longhorn DDK driver> 2008-05-05 18:30:33 0 d-------- C:\Programme\Silvercrest MTS2118 driver -- Find3M Report --------------------------------------------------------------- 2008-06-05 11:45:07 0 d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WinRAR 2008-06-05 09:33:05 0 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2008-05-28 06:23:09 0 d-------- C:\Programme\FlashFXP 2008-05-19 14:18:40 0 d--h----- C:\Programme\InstallShield Installation Information 2008-05-19 13:45:53 0 d-------- C:\Programme\Gemeinsame Dateien 2008-05-19 13:35:47 0 d-------- C:\Programme\Microsoft Works 2008-05-08 12:06:02 0 d-------- C:\Programme\Duolabs 2008-04-16 06:30:59 0 d-------- C:\Programme\INTERCAFE 2008-04-16 06:30:28 3 --a------ C:\WINDOWS\system32\ICPrinterLang.dat 2008-04-16 06:30:28 3 --a------ C:\WINDOWS\ICPrinterLang.dat 2008-04-15 12:23:46 0 d-------- C:\Programme\DKS 2008-04-15 10:38:12 0 d-------- C:\Programme\IrfanView 2008-04-12 19:08:13 0 d-------- C:\Programme\Gemeinsame Dateien\InstallShield 2008-04-11 20:03:32 462780 --a------ C:\WINDOWS\system32\perfh007.dat 2008-04-11 20:03:32 85696 --a------ C:\WINDOWS\system32\perfc007.dat 2008-04-11 08:31:16 0 d-------- C:\Programme\Motherboard Monitor 5 2008-04-11 08:18:53 0 d-------- C:\Programme\Lavalys 2008-04-07 10:56:04 0 d-------- C:\Programme\OBD-DIAG 2008-04-07 10:54:52 0 d-------- C:\Programme\Serials 2005 2008-04-07 10:53:44 0 d-------- C:\Programme\F-Group 2008-04-07 09:46:33 0 d-------- C:\Programme\Serials 2000 7.1 Plus -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41] "nwiz"="nwiz.exe" [2007-12-05 02:41 C:\WINDOWS\system32\nwiz.exe] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25] "OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 03:08] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41] "avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06] "AVP"="C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-03-09 19:50] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "NeroHomeFirstStart"=C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLegacyLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "RunLogonScriptSync"=1 (0x1) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ouB52.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Synchronizer.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^DasTelefonbuch Browserlösung.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DasTelefonbuch Browserlösung.lnk backup=C:\WINDOWS\pss\DasTelefonbuch Browserlösung.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech Desktop Messenger.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^OfficeManager Terminerinnerung.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OfficeManager Terminerinnerung.lnk backup=C:\WINDOWS\pss\OfficeManager Terminerinnerung.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Absolute StartUp monitor] C:\Programme\F-Group\Absolute StartUp\ASMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AODAssist.exe] C:\Programme\AMD\AMD OverDrive\AODAssist.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMCONFIG] C:\Programme\Silvercrest MTS2118 driver\StartAutorun.exe KMConfig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] "C:\Programme\Logitech\QuickCam10\QuickCam10.exe" /hide [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] "C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw] C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet -- End of Deckard's System Scanner: finished at 2008-06-05 17:58:41 ------------ mit combofix bekomm ich lauter fehlermeldungen... ausser im abgesicherten sicherten Modus |
|
|
|
|
|
|
06.06.2008, 01:32
Ehrenmitglied
Beiträge: 29434 |
#10
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten. 43159 in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. -------- in: "Enter search strings" (reinschreiben oder reinkopieren) ouB52 in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. ------ in: "Enter search strings" (reinschreiben oder reinkopieren) RYF51 in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. --------------------------------------------------------------------- Gehe in die Registry Start - Ausführen - regedit oben links : suchen - gib ein : WinCtrl32 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager] ; \??\C:\WINDOWS\System32\WinCtrl32.dl_ - loeschen ; !\??\C:\WINDOWS\System32\WinCtrl32.dll - loeschen ----------------------------------------------------- Avenger http://virus-protect.org/artikel/tools/avenger.html - setze ein Häkchen in: "Automatically disable any rootkits found" - Das Häkchen "Scan for Rootkits" sollte jedoch angehakt sein. kopiere in das weisse Feld: Zitat Drivers to disable:schliesse alle offenen Programme (denn nach Anwendung des Avengers wird der Rechner neustarten) Klicke: Execute bestätige, dass der Rechner neu gestartet wird - klicke "yes" nach dem Neustart erscheint automatisch ein Log vom Avenger - (C:\avenger.txt), kopiere es ab - mit rechtem Mausklick - kopieren - einfügen -------- «« dann wende Combofix im abgesicherten Modus an + poste den report __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
06.06.2008, 23:18
...neu hier
Themenstarter Beiträge: 8 |
#11
Hallo, etwas spät durch die arbeit, aber ich habe alle schritte die du mir gesagt hast ausgeführt.
Hier sind die Logs: 43159: Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.5.0 ; Results at 2008-06-06 07:43:56 for strings: ; '43159 ' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... ouB52: Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.5.0 ; Results at 2008-06-06 07:46:17 for strings: ; 'oub52' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ouB52.sys] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\ouB52.sys] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\ouB52.sys] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Network\ouB52.sys] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\ouB52.sys] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SafeBoot\Network\ouB52.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ouB52.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ouB52.sys] ; End Of The Log... RYF51: Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.5.0 ; Results at 2008-06-06 07:50:59 for strings: ; 'ryf51 ' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... avenger: Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: could not open driver "2l6jawva" Disablement of driver "2l6jawva" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Driver "43159" disabled successfully. Error: could not open driver "ouB52" Disablement of driver "ouB52" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\2l6jawva" not found! Deletion of driver "2l6jawva" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Driver "43159" deleted successfully. Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\ouB52" not found! Deletion of driver "ouB52" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSUPDATE" deleted successfully. Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MSUPDATE" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MSUPDATE" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msupdate" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msupdate" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MSUPDATE" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MSUPDATE" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msupdate" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msupdate" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSUPDATE" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSUPDATE" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msupdate" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msupdate" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ouB52.sys" deleted successfully. Error: file "C:\WINDOWS\system32\lphcrrtj0ev4r.exe" not found! Deletion of file "C:\WINDOWS\system32\lphcrrtj0ev4r.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\System32\WinCtrl32.dl_" not found! Deletion of file "C:\WINDOWS\System32\WinCtrl32.dl_" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\System32\WinCtrl32.dll" not found! Deletion of file "C:\WINDOWS\System32\WinCtrl32.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "c:\windows\system32\43159.sys" deleted successfully. File "C:\2l6jawva.sys" deleted successfully. Error: "C:\327882R2FWJFW" is a folder, not a file! Deletion of file "C:\327882R2FWJFW" failed! Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY) --> use "Folders to delete:" instead of "Files to delete:" to delete a directory Error: file "C:\WINDOWS\nogxfvblrkd.dll" not found! Deletion of file "C:\WINDOWS\nogxfvblrkd.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\WINDOWS\xbqmfsed.exe" deleted successfully. File "C:\WINDOWS\nmwegbsf.dll" deleted successfully. File "C:\WINDOWS\ersn.exe" deleted successfully. File "C:\WINDOWS\erpobmsw.dll" deleted successfully. Error: file "C:\WINDOWS\adgpfoxs.dll" not found! Deletion of file "C:\WINDOWS\adgpfoxs.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\WINDOWS\system32\blphcrrtj0ev4r.scr" deleted successfully. Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32" not found! Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. combofix: ComboFix 08-06-04.3 - Administrator 2008-06-06 23:05:31.9 - NTFSx86 MINIMAL ausgeführt von:: C:\Dokumente und Einstellungen\Administrator\Desktop\ComboFix.exe [color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color] . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\system32\MSINET.oca . ((((((((((((((((((((((( Dateien erstellt von 2008-05-06 bis 2008-06-06 )))))))))))))))))))))))))))))) . 2008-06-06 22:54 . 2008-06-06 22:54 135,168 --a------ C:\zip.exe 2008-06-06 22:54 . 2008-06-06 22:54 19,286 --a------ C:\cleanup.exe 2008-06-06 22:54 . 2008-06-06 22:54 1,817 --a------ C:\backup.reg 2008-06-06 22:54 . 2008-06-06 22:54 574 --a------ C:\cleanup.bat 2008-06-05 18:49 . 2008-06-05 20:18 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2008-06-05 17:53 . 2008-06-05 17:53 <DIR> d-------- C:\Deckard 2008-06-05 11:51 . 2008-06-05 11:51 <DIR> d-------- C:\WINDOWS\ERUNT 2008-06-05 11:40 . 2008-06-05 11:42 <DIR> d-------- C:\RVAXO 2008-06-05 11:37 . 2008-05-29 21:30 828,824 --a------ C:\WINDOWS\system32\RVAXO.bat 2008-06-05 11:37 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe 2008-06-05 09:33 . 2008-06-05 09:33 <DIR> d-------- C:\Programme\Trend Micro 2008-06-04 19:12 . 2008-06-04 19:12 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien 2008-06-04 18:16 . 2008-06-04 18:16 <DIR> d-------- C:\Programme\Avira 2008-06-04 17:59 . 2008-06-04 17:59 <DIR> d-------- C:\Dokumente und Einstellungen\Tobi\Anwendungsdaten\shctrtj0ev4r 2008-06-04 17:58 . 2008-06-05 11:03 90,838 --a------ C:\WINDOWS\system32\phcrrtj0ev4r.bmp 2008-05-31 22:21 . 2008-05-31 22:21 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software 2008-05-29 11:31 . 2008-06-04 18:16 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira 2008-05-19 21:16 . 2008-05-19 21:16 1,579 --a------ C:\WINDOWS\HWORKS16.INI 2008-05-19 14:18 . 1999-11-15 17:29 373,248 --a------ C:\WINDOWS\EyeCand3.INI 2008-05-19 13:45 . 2008-05-19 14:18 <DIR> d-------- C:\Programme\Macromedia 2008-05-19 13:45 . 2008-05-19 14:18 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Macromedia 2008-05-16 07:52 . 2008-05-16 07:52 <DIR> d-------- C:\Programme\Microsoft CAPICOM 2.1.0.2 2008-05-14 08:04 . 2008-05-14 08:04 <DIR> d--hsc--- C:\Programme\Gemeinsame Dateien\WindowsLiveInstaller 2008-05-14 08:04 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-05-14 08:04 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-05-14 08:04 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-05-14 08:03 . 2008-05-14 08:05 <DIR> d-------- C:\Programme\Windows Live 2008-05-14 08:03 . 2008-05-14 08:03 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WLInstaller 2008-05-13 16:54 . 2008-05-13 16:54 <DIR> d-------- C:\Programme\RAR Password Cracker . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-06 21:03 506,888 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-06 21:03 37,221,664 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-06 21:03 162,932 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-06-06 21:03 1,704,224 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-06-06 20:59 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab 2008-06-05 07:33 --------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2008-05-28 19:40 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-05-28 19:40 88,262 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-05-28 04:23 --------- d-----w C:\Programme\FlashFXP 2008-05-19 12:18 --------- d--h--w C:\Programme\InstallShield Installation Information 2008-05-19 11:35 --------- d-----w C:\Programme\Microsoft Works 2008-05-16 05:54 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help 2008-05-08 10:06 --------- d-----w C:\Programme\Duolabs 2008-05-05 16:30 --------- d-----w C:\Programme\Silvercrest MTS2118 driver 2008-04-16 04:30 --------- d-----w C:\Programme\INTERCAFE 2008-04-15 10:23 --------- d-----w C:\Programme\DKS 2008-04-15 08:38 --------- d-----w C:\Programme\IrfanView 2008-04-12 17:08 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield 2008-04-11 06:31 --------- d-----w C:\Programme\Motherboard Monitor 5 2008-04-11 06:18 --------- d-----w C:\Programme\Lavalys 2008-04-07 08:56 --------- d-----w C:\Programme\OBD-DIAG 2008-04-07 08:54 --------- d-----w C:\Programme\Serials 2005 2008-04-07 08:53 --------- d-----w C:\Programme\F-Group 2008-04-07 07:46 --------- d-----w C:\Programme\Serials 2000 7.1 Plus 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 187,168 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:03 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NeroHomeFirstStart"="C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe" [2007-01-15 17:15 11264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Synchronizer.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^DasTelefonbuch Browserlösung.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DasTelefonbuch Browserlösung.lnk backup=C:\WINDOWS\pss\DasTelefonbuch Browserlösung.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech Desktop Messenger.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^OfficeManager Terminerinnerung.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OfficeManager Terminerinnerung.lnk backup=C:\WINDOWS\pss\OfficeManager Terminerinnerung.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Absolute StartUp monitor] C:\Programme\F-Group\Absolute StartUp\ASMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt] --a------ 2006-11-17 16:49 77824 C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AODAssist.exe] --a------ 2007-11-06 14:39 69632 C:\Programme\AMD\AMD OverDrive\AODAssist.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMCONFIG] --a------ 2007-03-06 14:51 212992 C:\Programme\Silvercrest MTS2118 driver\StartAutorun.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] --a------ 2007-11-13 14:55 36864 C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] --a------ 2006-10-31 02:03 284184 C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] --a------ 2006-11-15 22:58 746520 C:\Programme\Logitech\QuickCam10\QuickCam10.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] --a------ 2006-11-15 23:01 244512 C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 18:24 1694208 C:\Programme\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 C:\Programme\Windows Live\Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 16:40 155648 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw] --a------ 2005-12-21 12:52 270336 C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray] --a------ 2007-05-11 03:08 2512392 C:\WINDOWS\system32\oodtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] -ra------ 2005-06-20 22:42 77824 C:\WINDOWS\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programme\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "C:\\Programme\\FlashFXP\\FlashFXP.exe"= "C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programme\\Windows Live\\Messenger\\livecall.exe"= R3 KMWDFilter;KMWDFilter;C:\WINDOWS\System32\Drivers\KMWDFilter.SYS [2007-06-13 11:09] S2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Programme\Silvercrest MTS2118 driver\KMWDSrv.exe [2007-06-16 09:30] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-06 23:08:26 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2008-06-06 23:09:28 ComboFix-quarantined-files.txt 2008-06-06 21:09:25 15 Verzeichnis(se), 101,857,468,416 Bytes frei 20 Verzeichnis(se), 101,867,917,312 Bytes frei 174 --- E O F --- 2008-05-20 17:21:09 So, das sind sie Wie gehts weiter? Soll ich combofix auch noch im normalen Modus ausführen? Danke im voraus du bist spitze
|
|
|
|
|
|
|
06.06.2008, 23:49
Ehrenmitglied
Beiträge: 29434 |
#12
1.
kopiere in den Avenger Zitat Drivers to disable:--------------------- 2. http://virus-protect.org/artikel/tools/sdfix.html nun kommst du ja wieder in den abgesicherten Modus, wende also sdfix dort an gehe in den Ordner C:\SDFix RunThis.bat doppelt klicken poste dann nach neustart den report __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
07.06.2008, 07:31
...neu hier
Themenstarter Beiträge: 8 |
#13
Hallo.
Hab alles gemacht, aber im avenger hab ich das häckchen bei "Automatically disable any rootkits found" nicht gesetzt, weil ich es nicht wusste, war das schlecht? hier der SDFix log. SDFix: Version 1.188 Run by Administrator on 2008-06-07 at 07:20 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-07 07:25:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System] " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Programme\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server" "C:\\Programme\\FlashFXP\\FlashFXP.exe"="C:\\Programme\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3" "C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\FlashFXP\\FlashFXP.exe"="C:\\Programme\\FlashFXP\\FlashFXP.exe:*:Enabled:FlashFXP v3" "C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : Files with Hidden Attributes : Thu 8 Mar 2007 355 ...H. --- "C:\Boot.BAK" Sat 26 May 2007 4,348 ..SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\DRMv1.bak" Thu 15 Mar 2007 0 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\Cache\Indiv01.tmp" Wed 14 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT8.tmp" Wed 14 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BITB.tmp" Wed 14 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT7.tmp" Wed 14 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2d9afc485ff57441ce14a08241df89e8\BITD.tmp" Wed 12 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT5.tmp" Wed 14 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\52ce26fea0efba79c7052e71b88e981f\BITE.tmp" Wed 14 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad2d37be81d37204b0a12680c06ffd51\BITA.tmp" Wed 14 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT6.tmp" Wed 14 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BITC.tmp" Wed 14 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ed6c7531380802fe7c2504f3909edb19\BIT9.tmp" Finished! Wie gehts weiter? danke im voraus |
|
|
|
|
|
|
07.06.2008, 11:20
Ehrenmitglied
Beiträge: 29434 |
#14
Hallo,
1. wende avenger noch mal an, ohne etwas reinzukopieren (ohne script), aber setze ein Häkchen vor "Automatically disable any rootkits found" 2. scanne mit f-secure + poste den report http://virus-protect.org/onlinescan.html 3. stelle die heuristik im Antivirus hoch (Expertenmodus) und scanne im abgesicherten modus + poste den report  __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
08.06.2008, 20:34
...neu hier
Themenstarter Beiträge: 8 |
#15
F-Secure log:
Scanning Report Sunday, June 08, 2008 07:01:22 - 19:53:12 Computer name: AMD Scanning type: Scan system for malware, rootkits Target: C:\ -------------------------------------------------------------------------------- Result: 4 malware found AdTool.Win32.MyWebSearch (spyware) System Suspicious_F.gen (virus) C:\PROGRAMME\SERIALS 2000 7.1 PLUS\ADD-ON\UNSEU2.EXE Tracking Cookie (spyware) System Trojan.Win32.Vapsup.get (virus) C:\PROGRAMME\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20080605-111923-835.DLL (Renamed) Antivir log: Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen. Die Registry wurde durchsucht ( '26' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <Tobias> C:\pagefile.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! Ende des Suchlaufs: 2008-06-08 20:23 Benötigte Zeit: 23:20 min Der Suchlauf wurde vollständig durchgeführt. 5569 Verzeichnisse wurden überprüft 327667 Dateien wurden geprüft 0 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 1 Dateien konnten nicht durchsucht werden 327667 Dateien ohne Befall 3242 Archive wurden durchsucht 1 Warnungen 0 Hinweise « avenger log Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Completed script processing. ******************* Finished! Terminate. Dieser Beitrag wurde am 09.06.2008 um 06:22 Uhr von Tobi78 editiert.
|
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Hier der log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:33:37, on 05.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QXK Olive - {3D917E3E-B3E8-4459-964A-84F2554E1E62} - C:\WINDOWS\nogxfvblrkd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
O3 - Toolbar: nmwegbsf - {4A8A9DF9-71AA-4BDB-8EC7-A643FD0B1420} - C:\WINDOWS\nmwegbsf.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lphcrrtj0ev4r] C:\WINDOWS\system32\lphcrrtj0ev4r.exe
O4 - HKLM\..\Run: [advap32] C:\DOKUME~1\Tobi\LOKALE~1\Temp\rbnpsrv.exe/r
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.info/objects/NpFv415.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{19C2B17B-DEAA-484D-BCE9-CCFDE30D2BED}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{19C2B17B-DEAA-484D-BCE9-CCFDE30D2BED}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{19C2B17B-DEAA-484D-BCE9-CCFDE30D2BED}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{19C2B17B-DEAA-484D-BCE9-CCFDE30D2BED}: NameServer = 192.168.1.1
O18 - Protocol: bw+0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {F3FD4C3E-B566-4A0E-8618-29DC4E3F6E34} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O21 - SSODL: adgpfoxs - {150184AF-9DCD-4F91-A613-1EE4C634A5A6} - C:\WINDOWS\adgpfoxs.dll
O21 - SSODL: erpobmsw - {70D30B8C-6244-42EB-9D12-38E03C38FDC6} - C:\WINDOWS\erpobmsw.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Programme\Silvercrest MTS2118 driver\KMWDSrv.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 18548 bytes
danke im voraus