TR/Dropper.SPI.77 altes Problem |
||
---|---|---|
#0
| ||
22.11.2008, 02:29
...neu hier
Beiträge: 3 |
||
|
||
22.11.2008, 08:27
Moderator
Beiträge: 7805 |
#2
Wo findet/meldet Antivir diesen Trojaner und erstelle und poste bitte ein Combofix Report
http://board.protecus.de/t23188.htm __________ MfG Ralf SEO-Spam Hunter |
|
|
||
24.11.2008, 00:33
...neu hier
Themenstarter Beiträge: 3 |
#3
Combofix report, wie mache ich diesen? die Erstellung habe ich mit Comboscan gemacht und den Trojaner, eigentlich in manchen Temp ordnern und sonstigen Dateien! Die Festplatte kann ich nicht neu draufhauen, weil ich zu viele wichtige Daten drauf habe, wenn ich alle sicher und wieder rüberzieh, ist er denk ich auch wieder mit drauf! Was ist, wnen ich mit Antivir im MS-Dos modus den Trojaner entferne?
|
|
|
||
24.11.2008, 08:16
Moderator
Beiträge: 7805 |
||
|
||
24.11.2008, 21:29
...neu hier
Themenstarter Beiträge: 3 |
#5
Ok,
also Trojaner wird in dieser Datei gefunden mehrmals, also andere Zahlen am Ende 'C:\System Volume Information\_restore{53C4C432-4C83-4FAB-ABF0-92303FF6D88A}\RP30\A0006672.com' C:\WINDOWS\Temp\tmp5.tmp und habe diese mit Antivir erstma in Quarantäne getan, hoffe das ist richtig? Malwarebytes: keine Infizierung gefunden, siehe Anhang So Combo zeigt das an ComboScan v20070226.18 run by Gero on 2008-11-24 at 21:25:49 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Gero.exe) ------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 21:25:50, on 24.11.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\cisvc.exe C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Programme\Softex\OmniPass\Omniserv.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programme\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe C:\Programme\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Fingerprint Sensor\ATSwpNav.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Launch Manager\LaunchAp.exe C:\Programme\Launch Manager\OSD.exe C:\Programme\Launch Manager\Wbutton.exe C:\Programme\Softex\OmniPass\scureapp.exe C:\Programme\Launch Manager\HotkeyApp.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe C:\Programme\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\ICQ6\ICQ.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\MSN Messenger\usnsvc.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\cidaemon.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Malwarebytes' Anti-Malware\mbam.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Gero\Desktop\comboscan\comboscan.exe C:\PROGRA~1\HIJACK~1\Gero.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATSwpNav] "C:\Programme\Fingerprint Sensor\ATSwpNav" -run O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [LaunchAp] "C:\Programme\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Programme\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Programme\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [HotkeyApp] "C:\Programme\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: MedionShop - {DAA3903C-AC88-4D16-B050-F21EB1F79BE6} - http://www.medionshop.de/ (file missing) (HKCU) O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126091180221 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: OPXPGina - C:\Programme\Softex\OmniPass\opxpgina.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Programme\Softex\OmniPass\Omniserv.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing) O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- Files created between 2008-10-24 and 2008-11-24 ------------------------------ 2008-11-24 21:24:20 0 d-------- C:\Programme\HijackThis<HIJACK~1> 2008-11-24 20:33:03 0 d-------- C:\WINDOWS\LastGood 2008-11-22 01:48:53 0 d-------- C:\WINDOWS\Prefetch 2008-11-22 01:47:07 0 d-------- C:\Programme\MSXML 4.0<MSXML4~1.0> 2008-11-22 00:50:31 15504 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-11-22 00:50:29 38496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys<MBAMSW~1.SYS> 2008-11-22 00:50:27 0 d-------- C:\Programme\Malwarebytes' Anti-Malware<MALWAR~1> 2008-11-22 00:07:53 0 d-------- C:\Programme\Trend Micro<TRENDM~1> 2008-11-21 23:29:54 21248 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys 2008-11-21 23:29:54 22336 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys 2008-11-21 23:29:54 45376 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys 2008-11-21 23:29:51 75072 --a------ C:\WINDOWS\system32\drivers\avipbb.sys 2008-11-21 23:29:48 0 d-------- C:\Programme\Avira 2008-11-21 23:17:09 0 d-------- C:\Programme\Autorun Eater<AUTORU~1> 2008-11-21 23:12:13 0 d-------- C:\WINDOWS\pss 2008-10-29 14:16:45 971232 --a------ C:\WINDOWS\system32\drivers\tdrpm147.sys 2008-10-29 14:16:05 134272 --a------ C:\WINDOWS\system32\drivers\snman380.sys -- Find3M Report ---------------------------------------------------------------- 2008-11-24 20:43:28 0 d-------- C:\Programme\Gemeinsame Dateien\Acronis 2008-11-24 20:15:06 0 d-------- C:\Programme\Paint Shop Pro 6<PAINTS~1> 2008-11-24 01:59:35 47824 --a------ C:\Dokumente und Einstellungen\Gero\Anwendungsdaten\wklnhst.dat 2008-11-22 01:55:03 0 d-------- C:\Programme\Mozilla Firefox<MOZILL~1> 2008-11-22 00:50:33 0 d-------- C:\Dokumente und Einstellungen\Gero\Anwendungsdaten\Malwarebytes<MALWAR~1> 2008-11-21 23:42:24 111928 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2008-11-21 23:14:44 0 d-------- C:\Programme\Home Cinema<HOMECI~1> 2008-11-21 23:14:43 0 d--h----- C:\Programme\InstallShield Installation Information<INSTAL~1> 2008-11-21 23:11:29 0 d-------- C:\Programme\s25atonce<S25ATO~1> 2008-11-21 23:10:18 0 d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared<MICROS~1> 2008-11-21 22:56:08 424324 --a------ C:\WINDOWS\system32\perfh007.dat 2008-11-21 22:56:07 78794 --a------ C:\WINDOWS\system32\perfc007.dat 2008-10-29 17:21:59 0 d-------- C:\Dokumente und Einstellungen\Gero\Anwendungsdaten\Acronis 2008-10-16 14:13:40 202776 --a------ C:\WINDOWS\system32\wuweb.dll 2008-10-16 14:13:40 1809944 --a------ C:\WINDOWS\system32\wuaueng.dll 2008-10-16 14:12:22 323608 --a------ C:\WINDOWS\system32\wucltui.dll 2008-10-16 14:12:20 561688 --a------ C:\WINDOWS\system32\wuapi.dll 2008-10-16 14:09:44 43544 --a------ C:\WINDOWS\system32\wups2.dll 2008-10-16 14:09:44 51224 --a------ C:\WINDOWS\system32\wuauclt.exe 2008-10-16 14:09:44 92696 --a------ C:\WINDOWS\system32\cdm.dll 2008-10-16 14:08:58 34328 --a------ C:\WINDOWS\system32\wups.dll 2008-10-12 20:31:51 0 d-------- C:\Dokumente und Einstellungen\Gero\Anwendungsdaten\Skype 2008-10-12 15:21:40 0 d-------- C:\Programme\MSN Messenger<MSNMES~1> 2008-10-12 15:09:18 0 d-------- C:\Programme\Messenger<MESSEN~1> 2008-10-12 15:02:43 0 d-------- C:\Programme\Movie Maker<MOVIEM~1> 2008-10-12 14:57:53 0 d-------- C:\Programme\Windows NT<WINDOW~1> 2008-10-12 14:57:45 0 d-------- C:\Programme\Gemeinsame Dateien\System 2008-10-12 10:46:34 0 d-------- C:\Programme\DivX 2008-10-03 17:58:14 6066176 --a------ C:\WINDOWS\system32\ieframe.dll 2008-09-30 17:26:50 0 d-------- C:\Programme\Wolfenstein - Enemy Territory<WOLFEN~1> 2008-09-30 17:18:30 66872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2008-09-30 16:43:34 1286152 --a------ C:\WINDOWS\system32\msxml4.dll 2008-09-28 22:04:50 0 d-------- C:\Programme\ICQ6 2008-09-16 01:12:54 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2008-09-16 01:12:54 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2008-09-15 16:24:02 1846528 --a------ C:\WINDOWS\system32\win32k.sys 2008-09-10 02:13:38 1307648 -----n--- C:\WINDOWS\system32\msxml6.dll 2008-09-04 18:15:03 1106944 --a------ C:\WINDOWS\system32\msxml3.dll 2008-09-04 11:16:15 65328 --a------ C:\Dokumente und Einstellungen\Gero\Anwendungsdaten\GDIPFONTCACHEV1.DAT<GDIPFO~1.DAT> 2008-08-26 08:57:22 233472 --a------ C:\WINDOWS\system32\webcheck.dll 2008-08-26 08:57:21 105984 --a------ C:\WINDOWS\system32\url.dll 2008-08-26 08:57:21 102912 --a------ C:\WINDOWS\system32\occache.dll 2008-08-26 08:57:19 52224 --a------ C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL> 2008-08-26 08:57:19 459264 --a------ C:\WINDOWS\system32\msfeeds.dll 2008-08-26 08:57:18 267776 --a------ C:\WINDOWS\system32\iertutil.dll 2008-08-26 08:57:18 44544 --a------ C:\WINDOWS\system32\iernonce.dll 2008-08-26 08:57:15 384512 --a------ C:\WINDOWS\system32\iedkcs32.dll 2008-08-26 08:57:15 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll 2008-08-26 08:57:15 230400 --a------ C:\WINDOWS\system32\ieaksie.dll 2008-08-26 08:57:15 153088 --a------ C:\WINDOWS\system32\ieakeng.dll 2008-08-26 08:57:15 63488 --a------ C:\WINDOWS\system32\icardie.dll 2008-08-26 08:57:14 124928 --a------ C:\WINDOWS\system32\advpack.dll 2008-08-25 09:38:00 13824 --a------ C:\WINDOWS\system32\ieudinit.exe 2008-08-25 09:37:31 70656 --a------ C:\WINDOWS\system32\ie4uinit.exe -- Registry Dump ---------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe\"" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "AzMixerSel"="C:\\Programme\\Realtek\\InstallShield\\AzMixerSel.exe" "SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe" "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC" "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC" "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName" "ATSwpNav"="\"C:\\Programme\\Fingerprint Sensor\\ATSwpNav\" -run" "ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime" "LaunchAp"="\"C:\\Programme\\Launch Manager\\LaunchAp.exe\"" "CtrlVol"="\"C:\\Programme\\Launch Manager\\CtrlVol.exe\"" "LMgrOSD"="\"C:\\Programme\\Launch Manager\\OSD.exe\"" "Wbutton"="\"C:\\Programme\\Launch Manager\\Wbutton.exe\"" "OmniPass"="C:\\Programme\\Softex\\OmniPass\\scureapp.exe" "SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui" @="" "SSBkgdUpdate"="\"C:\\Programme\\Gemeinsame Dateien\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot" "HotkeyApp"="\"C:\\Programme\\Launch Manager\\HotkeyApp.exe\"" "High Definition Audio Property Page Shortcut"="HDAShCut.exe" "avgnt"="\"C:\\Programme\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "RemoteControl"="\"C:\\Programme\\Home Cinema\\PowerDVD\\PDVDServ.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "*___MsiRebootRequired___"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" "H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe\"" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "PCMService"="\"C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe\"" "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "Alcmtr"="ALCMTR.EXE" "RTHDCPL"="RTHDCPL.EXE" "BrMfcWnd"="C:\\Programme\\Brother\\Brmfcmon\\BrMfcWnd.exe /AUTORUN" "ControlCenter3"="C:\\Programme\\Brother\\ControlCenter3\\brctrcen.exe /autorun" "SmartSync - ScheduleSync"="C:\\PROGRA~1\\MOBILE~1\\SMARTS~1\\SCHEDU~1.EXE" "TrueImageMonitor.exe"="C:\\Programme\\Acronis\\TrueImageHome\\TrueImageMonitor.exe" "Acronis Scheduler2 Service"="\"C:\\Programme\\Gemeinsame Dateien\\Acronis\\Schedule2\\schedhlp.exe\"" "IndexSearch"="\"C:\\Programme\\ScanSoft\\PaperPort\\IndexSearch.exe\"" "PaperPort PTD"="\"C:\\Programme\\ScanSoft\\PaperPort\\pptd40nt.exe\"" "Autorun Eater"="C:\\Programme\\Autorun Eater\\oldmcdonald.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TimounterMonitor" "hkey"="HKLM" "command"="C:\\Programme\\Acronis\\TrueImageHome\\TimounterMonitor.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TrueImageMonitor" "hkey"="HKLM" "command"="C:\\Programme\\Acronis\\TrueImageHome\\TrueImageMonitor.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=dword:00000000 "DisableRegistryTools"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=dword:00000000 "DisableRegistryTools"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoFolderOptions"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoFolderOptions"=dword:00000000 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 eapsvcs REG_MULTI_SZ eaphost\0\0 dot3svc REG_MULTI_SZ dot3svc\0\0 HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs* UxTuneUp napagent hkmsvc [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06f12370-8469-11da-8d7d-000ae4ae10e3}] Shell\AutoRun\command I:\preinst.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b94bf5e-ef59-11dc-bc5d-000ae4ae10e3}] shell\verb1\command desktop.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71ed4c93-1fad-11da-870b-00038a000015}] Shell\AutoRun\command appsetup.exe *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_MBAMSWISSARMY -- End of ComboScan: finished at 2008-11-24 at 21:26:16 ------------------------- So und hier der LOG von Hijack Logfile of HijackThis v1.99.1 Scan saved at 21:28:12, on 24.11.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\cisvc.exe C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Programme\Softex\OmniPass\Omniserv.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programme\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe C:\Programme\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Fingerprint Sensor\ATSwpNav.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Launch Manager\LaunchAp.exe C:\Programme\Launch Manager\OSD.exe C:\Programme\Launch Manager\Wbutton.exe C:\Programme\Softex\OmniPass\scureapp.exe C:\Programme\Launch Manager\HotkeyApp.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe C:\Programme\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\ICQ6\ICQ.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\MSN Messenger\usnsvc.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\cidaemon.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ATSwpNav] "C:\Programme\Fingerprint Sensor\ATSwpNav" -run O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [LaunchAp] "C:\Programme\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Programme\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Programme\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [HotkeyApp] "C:\Programme\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: MedionShop - {DAA3903C-AC88-4D16-B050-F21EB1F79BE6} - http://www.medionshop.de/ (file missing) (HKCU) O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126091180221 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: OPXPGina - C:\Programme\Softex\OmniPass\opxpgina.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Programme\Softex\OmniPass\Omniserv.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing) O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe Aber da is zeugs drauf, was ich schon lange gelöscht habe, wie TU 2006 Und Hijack Uninstall Manager ACDSee 32 Adobe Flash Player 9 ActiveX Adobe Reader 7.1.0 - Deutsch Arles Image Web Page Creator 4.93 AT Navigation Control ATI - Dienstprogramm zur Deinstallation der Software ATI Catalyst Control Center ATI Display Driver Autorun Eater v2.2 Avira AntiVir Personal - Free Antivirus Battlefield 2(TM) BearShare Brother MFL-Pro Suite DAEMON Tools DivX Player DivX Pro DivX Web Player FaceFilter Studio Brother Edition FLV Player 1.3.3 Free KGB Key Logger Google Earth Grand Theft Auto San Andreas High Definition Audio Driver Package - KB888111 HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs HijackThis 1.99.1 Hotfix für Windows Internet Explorer 7 (KB947864) Hotfix für Windows XP (KB952287) hp LaserJet 1010 Series ICQ Toolbar ICQ6 J2SE Runtime Environment 5.0 Update 4 Launch Manager V1.2.4 Macromedia Shockwave Player Malwarebytes' Anti-Malware Medion GoPal Assistant 4.00.0003 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 German Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft ActiveSync Microsoft AutoRoute 2005 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2000 Premium Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Windows-Journal-Viewer Microsoft Word 2002 Microsoft Works Microsoft Works Suite-Add-Ins für Microsoft Word Mobile Modem Assistant Mobile Phone Manager Mozilla Firefox (2.0.0.12) MSN MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) Nero Suite OmniPass Paint Shop Pro 6.0 Evaluation PaperPort Image Printer PC Connectivity Solution PowerCinema PowerCinema Linux 4.7 PowerDVD QuickTime RealPlayer REALTEK Gigabit and Fast Ethernet NIC Driver Realtek High Definition Audio Driver ScanSoft PaperPort 11 Setup-Start von Microsoft Works 2005 Shockwave Sicherheitsupdate für Step by Step Interactive Training (KB898458) Sicherheitsupdate für Step by Step Interactive Training (KB923723) Sicherheitsupdate für Windows Internet Explorer 7 (KB928090) Sicherheitsupdate für Windows Internet Explorer 7 (KB929969) Sicherheitsupdate für Windows Internet Explorer 7 (KB931768) Sicherheitsupdate für Windows Internet Explorer 7 (KB933566) Sicherheitsupdate für Windows Internet Explorer 7 (KB937143) Sicherheitsupdate für Windows Internet Explorer 7 (KB938127) Sicherheitsupdate für Windows Internet Explorer 7 (KB939653) Sicherheitsupdate für Windows Internet Explorer 7 (KB942615) Sicherheitsupdate für Windows Internet Explorer 7 (KB944533) Sicherheitsupdate für Windows Internet Explorer 7 (KB950759) Sicherheitsupdate für Windows Internet Explorer 7 (KB953838) Sicherheitsupdate für Windows Internet Explorer 7 (KB956390) Sicherheitsupdate für Windows Media Player 10 (KB911565) Sicherheitsupdate für Windows Media Player 10 (KB917734) Sicherheitsupdate für Windows Media Player 10 (KB936782) Sicherheitsupdate für Windows XP (KB938464) Sicherheitsupdate für Windows XP (KB941569) Sicherheitsupdate für Windows XP (KB946648) Sicherheitsupdate für Windows XP (KB950760) Sicherheitsupdate für Windows XP (KB950762) Sicherheitsupdate für Windows XP (KB950974) Sicherheitsupdate für Windows XP (KB951066) Sicherheitsupdate für Windows XP (KB951376) Sicherheitsupdate für Windows XP (KB951376-v2) Sicherheitsupdate für Windows XP (KB951698) Sicherheitsupdate für Windows XP (KB951748) Sicherheitsupdate für Windows XP (KB952954) Sicherheitsupdate für Windows XP (KB953839) Sicherheitsupdate für Windows XP (KB954211) Sicherheitsupdate für Windows XP (KB954459) Sicherheitsupdate für Windows XP (KB955069) Sicherheitsupdate für Windows XP (KB956391) Sicherheitsupdate für Windows XP (KB956803) Sicherheitsupdate für Windows XP (KB956841) Sicherheitsupdate für Windows XP (KB957095) Sicherheitsupdate für Windows XP (KB957097) Sicherheitsupdate für Windows XP (KB958644) Skype 2.0 SmartSync Sygate Personal Firewall Synaptics Pointing Device Driver Texas Instruments PCIxx21/x515 drivers. TuneUp Utilities 2008 Update für Windows XP (KB951072-v2) Update für Windows XP (KB951978) VideoLAN VLC media player 0.8.1 Viewpoint Media Player WIDCOMM Bluetooth Software Windows Genuine Advantage v1.3.0254.0 Windows Live Messenger Windows Live Sign-in Assistant Windows Media Player 10 Hotfix - KB894476 Windows XP Service Pack 3 Windows-Sicherungsprogramm WinRAR Wolfenstein - Enemy Territory X10 Hardware(TM) Also Antivir erkennt den Trojaner aber Malware eben nicht?? Soll ich den mit antivir löschen oder Quarantäne? |
|
|
||
Malware zeigt mir nichts mehr an nur antivir, aber soll ich die Datei löschen oder blockieren oder was soll ich mit denen machen?
Comboscan hat mir das gezeigt
ComboScan v20070226.18 run by Gero on 2008-11-22 at 02:18:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Successfully created restore point.
Performed disk cleanup.
-- HijackThis Clone -------------------------------------------------------------
Emulating logfile of HijackThis v1.99.1
Scan saved at 2008-11-22 02:19:00
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.0.5730.11)
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Sygate\SPF\Smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\Softex\OmniPass\OmniServ.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Common Files\X10\Common\X10nets.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Programme\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Fingerprint Sensor\ATSwpNav.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
C:\Programme\Launch Manager\LaunchAp.exe
C:\Programme\Launch Manager\OSD.exe
C:\Programme\Launch Manager\WButton.exe
C:\Programme\Softex\OmniPass\scureapp.exe
C:\Programme\Launch Manager\HotkeyApp.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\Programme\Microsoft ActiveSync\rapimgr.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programme\ICQ6\ICQ.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Gero\Desktop\comboscan\comboscan.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O1 - Hosts: 127.0.0.1 bin.errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
O1 - Hosts: # 60 more entries remain in hosts file.
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATSwpNav] "C:\Programme\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [LaunchAp] "C:\Programme\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Programme\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Programme\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [HotkeyApp] "C:\Programme\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\NPJPI150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\NPJPI150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: (no name) - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126091180221
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: OPXPGina - C:\Programme\Softex\OmniPass\OPXPGina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe"
O23 - Service: Warndienst (Alerter) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Gatewaydienst auf Anwendungsebene (ALG) - C:\WINDOWS\system32\alg.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - "C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe"
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - "C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe"
O23 - Service: Anwendungsverwaltung (AppMgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: ASP.NET State Service (aspnet_state) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
O23 - Service: Ati HotKey Poller - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Windows Audio (AudioSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Intelligenter Hintergrundübertragungsdienst (BITS) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Computerbrowser (Browser) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Bluetooth Service (btwdins) - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Indexdienst (cisvc) - C:\WINDOWS\system32\cisvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - "C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe"
O23 - Service: Ablagemappe (ClipSrv) - C:\WINDOWS\system32\clipsrv.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - "C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe"
O23 - Service: COM+-Systemanwendung (COMSysApp) - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: Kryptografiedienste (CryptSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: CyberLink Media Library Service - "C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe"
O23 - Service: DCOM-Server-Prozessstart (DcomLaunch) - C:\WINDOWS\system32\svchost -k DcomLaunch
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: DHCP-Client (Dhcp) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: Verwaltung logischer Datenträger (dmserver) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: DNS-Client (Dnscache) - C:\WINDOWS\system32\svchost.exe -k NetworkService
O23 - Service: Automatische Konfiguration (verkabelt) (Dot3svc) - C:\WINDOWS\System32\svchost.exe -k dot3svc
O23 - Service: Extensible Authentication-Protokolldienst (EapHost) - C:\WINDOWS\System32\svchost.exe -k eapsvcs
O23 - Service: Fehlerberichterstattungsdienst (ERSvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Ereignisprotokoll (Eventlog) - C:\WINDOWS\system32\services.exe
O23 - Service: COM+-Ereignissystem (EventSystem) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Kompatibilität für schnelle Benutzerumschaltung (FastUserSwitchingCompatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Fax - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Hilfe und Support (helpsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Eingabegerätezugang (HidServ) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Integritätsschlüssel- und Zertifikatverwaltungsdienst (hkmsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: HTTP-SSL (HTTPFilter) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
O23 - Service: InstallDriver Table Manager (IDriverT) - "C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
O23 - Service: IMAPI-CD-Brenn-COM-Dienste (ImapiService) - C:\WINDOWS\system32\imapi.exe
O23 - Service: Infrarotüberwachung (Irmon) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Server (lanmanserver) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Arbeitsstationsdienst (lanmanworkstation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: TCP/IP-NetBIOS-Hilfsprogramm (LmHosts) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Nachrichtendienst (Messenger) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: NetMeeting-Remotedesktop-Freigabe (mnmsrvc) - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - C:\WINDOWS\system32\msdtc.exe
O23 - Service: Windows Installer (MSIServer) - C:\WINDOWS\system32\msiexec.exe /V
O23 - Service: NAP-Agent (Network Access Protection) (napagent) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Netzwerk-DDE-Dienst (NetDDE) - C:\WINDOWS\system32\netdde.exe
O23 - Service: Netzwerk-DDE-Serverdienst (NetDDEdsdm) - C:\WINDOWS\system32\netdde.exe
O23 - Service: Anmeldedienst (Netlogon) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Netzwerkverbindungen (Netman) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: NLA (Network Location Awareness) (Nla) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: NT-LM-Sicherheitsdienst (NtLmSsp) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Wechselmedien (NtmsSvc) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Softex OmniPass Service (omniserv) - C:\Programme\Softex\OmniPass\OmniServ.exe
O23 - Service: Plug & Play (PlugPlay) - C:\WINDOWS\system32\services.exe
O23 - Service: PnkBstrA - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: IPSEC-Dienste (PolicyAgent) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Geschützter Speicher (ProtectedStorage) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Verwaltung für automatische RAS-Verbindung (RasAuto) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: RAS-Verbindungsverwaltung (RasMan) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Sitzungs-Manager für Remotedesktophilfe (RDSessMgr) - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Routing und RAS (RemoteAccess) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - "C:\Programme\CyberLink\Shared Files\RichVideo.exe"
O23 - Service: RPC-Locator (RpcLocator) - C:\WINDOWS\system32\locator.exe
O23 - Service: Remoteprozeduraufruf (RPC) (RpcSs) - C:\WINDOWS\system32\svchost -k rpcss
O23 - Service: QoS-RSVP (RSVP) - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Sicherheitskontenverwaltung (SamSs) - C:\WINDOWS\system32\lsass.exe
O23 - Service: Smartcard (SCardSvr) - C:\WINDOWS\system32\scardsvr.exe
O23 - Service: Taskplaner (Schedule) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Sekundäre Anmeldung (seclogon) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Systemereignisbenachrichtigung (SENS) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: ServiceLayer - "C:\Programme\PC Connectivity Solution\ServiceLayer.exe"
O23 - Service: Windows-Firewall/Gemeinsame Nutzung der Internetverbindung (SharedAccess) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Shellhardwareerkennung (ShellHWDetection) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Sygate Personal Firewall (SmcService) - C:\Programme\Sygate\SPF\Smc.exe
O23 - Service: Druckwarteschlange (Spooler) - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: Systemwiederherstellungsdienst (srservice) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: SSDP-Suchdienst (SSDPSRV) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Windows-Bilderfassung (WIA) (stisvc) - C:\WINDOWS\system32\svchost.exe -k imgsvc
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - C:\WINDOWS\system32\dllhost.exe /Processid:{6316663A-46CC-4ACB-B8C3-FE126445EB87}
O23 - Service: Leistungsdatenprotokolle und Warnungen (SysmonLog) - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telefonie (TapiSrv) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Terminaldienste (TermService) - C:\WINDOWS\System32\svchost -k DComLaunch
O23 - Service: Designs (Themes) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Überwachung verteilter Verknüpfungen (Client) (TrkWks) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - C:\WINDOWS\system32\TuneUpDefragService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - "C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe"
O23 - Service: Windows User Mode Driver Framework (UMWdf) - C:\WINDOWS\system32\wdfmgr.exe
O23 - Service: Universeller Plug & Play-Gerätehost (upnphost) - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Unterbrechungsfreie Stromversorgung (UPS) - C:\WINDOWS\system32\ups.exe
O23 - Service: Messenger USN Journal Reader-Service für freigegebene Ordner (usnjsvc) - "C:\Programme\MSN Messenger\usnsvc.exe"
O23 - Service: TuneUp Designerweiterung (UxTuneUp) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Volumeschattenkopie (VSS) - C:\WINDOWS\system32\vssvc.exe
O23 - Service: Windows-Zeitgeber (W32Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: WebClient - C:\WINDOWS\system32\svchost.exe -k LocalService
O23 - Service: Windows-Verwaltungsinstrumentation (winmgmt) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: WMI-Leistungsadapter (WmiApSrv) - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Sicherheitscenter (wscsvc) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: Automatische Updates (wuauserv) - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
O23 - Service: Konfigurationsfreie drahtlose Verbindung (WZCSVC) - C:\WINDOWS\System32\svchost.exe -k netsvcs
O23 - Service: X10 Device Network Service (x10nets) - C:\Programme\Common Files\X10\Common\X10nets.exe
O23 - Service: Netzwerkversorgungsdienst (xmlprov) - C:\WINDOWS\System32\svchost.exe -k netsvcs
-- File Associations ------------------------------------------------------------
.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------
3S 3xHybrid (3xHybrid service) - C:\WINDOWS\system32\drivers\3xHybrid.sys
0R a347bus - C:\WINDOWS\system32\drivers\a347bus.sys
0R a347scsi - C:\WINDOWS\system32\drivers\a347scsi.sys
3S actser - C:\WINDOWS\system32\drivers\actser.sys
3R AgereSoftModem (Agere Systems Soft Modem) - C:\WINDOWS\system32\drivers\AGRSM.sys
3R Arp1394 (1394-ARP-Clientprotokoll) - C:\WINDOWS\system32\drivers\arp1394.sys
3R ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys
3R ATSWPDRV (AuthenTec TruePrint USB Driver (AES2500)) - C:\WINDOWS\system32\drivers\ATSwpDrv.sys
1R avgio - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys
3R avgntflt - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
1R avipbb - C:\WINDOWS\system32\drivers\avipbb.sys
3S AVMUNET (AVM FRITZ!Box) - C:\WINDOWS\system32\drivers\avmunet.sys
3S BrScnUsb (Brother USB Still Image driver) - C:\WINDOWS\system32\drivers\BrScnUsb.sys
3S BrSerIf (Brother MFC Serial Port Interface WDM Driver) - C:\WINDOWS\system32\drivers\BrSerIf.sys
3S BrUsbSer (Brother MFC USB Serial WDM Driver) - C:\WINDOWS\system32\drivers\BrUsbSer.sys
3S BTDriver (Virtueller Bluetooth-Kommunikationstreiber) - C:\WINDOWS\system32\drivers\btport.sys
3R BTKRNL (Bluetooth-Bus-Enumerator) - C:\WINDOWS\system32\drivers\btkrnl.sys
2R BTSERIAL (Bluetooth Serial Driver) - C:\WINDOWS\system32\drivers\btserial.sys
2R BTSLBCSP (Bluetooth Port Client Driver) - C:\WINDOWS\system32\drivers\btslbcsp.sys
3S btwmodem (Bluetooth-Modem) - C:\WINDOWS\system32\drivers\btwmodem.sys
3S BTWUSB (WIDCOMM USB Bluetooth Driver) - C:\WINDOWS\system32\drivers\btwusb.sys
3S CCDECODE (Untertiteldecoder) - C:\WINDOWS\system32\drivers\ccdecode.sys
0R d347bus - C:\WINDOWS\system32\drivers\d347bus.sys
0R d347prt - C:\WINDOWS\system32\drivers\d347prt.sys
3S dot4 (MS IEEE-1284.4-Treiber) - C:\WINDOWS\system32\drivers\dot4.sys
3S Dot4Print (Druckerklassentreiber für IEEE-1284.4) - C:\WINDOWS\system32\drivers\Dot4Prt.sys
3S dot4usb (MS Dot4USB Filter Dot4USB Filter) - C:\WINDOWS\system32\drivers\Dot4usb.sys
3S flash - C:\WINDOWS\system32\drivers\flash.sys
3S HdAudAddService (Microsoft UAA Function Driver for High Definition Audio Service) - C:\WINDOWS\system32\drivers\Hdaudio.sys
3R HDAudBus (Microsoft UAA-Bustreiber für High Definition Audio) - C:\WINDOWS\system32\drivers\hdaudbus.sys
3R HidUsb (Microsoft HID Class-Treiber) - C:\WINDOWS\system32\drivers\hidusb.sys
1R Hotkey - C:\WINDOWS\system32\drivers\HOTKEY.sys
0S INO_FLPY - C:\WINDOWS\system32\Drivers\ino_flpy.sys (not found)
2S INO_FLTR - C:\WINDOWS\system32\Drivers\ino_fltr.sys (not found)
3R IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - C:\WINDOWS\system32\drivers\RtkHDAud.sys
1R intelppm (Intel-Prozessortreiber) - C:\WINDOWS\system32\drivers\intelppm.sys
2R irda (IrDA-Protokoll) - C:\WINDOWS\system32\drivers\irda.sys
3R mouhid (Maus-HID-Treiber) - C:\WINDOWS\system32\drivers\mouhid.sys
3S MPE (BDA MPE-Filter) - C:\WINDOWS\system32\drivers\mpe.sys
3S MSIRCOMM (Microsoft IR Communications Driver) - C:\WINDOWS\system32\drivers\msircomm.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink-Konvertierung) - C:\WINDOWS\system32\drivers\mstee.sys
3S NABTSFEC (NABTS/FEC VBI-Codec) - C:\WINDOWS\system32\drivers\nabtsfec.sys
3S NdisIP (Microsoft TV-/Videoverbindung) - C:\WINDOWS\system32\drivers\ndisip.sys
3S NETFWDSL (AVM FRITZ!web DSL PPP) - C:\WINDOWS\system32\DRIVERS\NETFWDSL.SYS (not found)
3R NIC1394 (1394-Netzwerktreiber) - C:\WINDOWS\system32\drivers\nic1394.sys
3R NSCIRDA (NSC-Infrarotgerätetreiber) - C:\WINDOWS\system32\drivers\nscirda.sys
0R ohci1394 (Texas Instruments OHCI-konformer IEEE 1394-Hostcontroller) - C:\WINDOWS\system32\drivers\ohci1394.sys
3R pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys
3R Rasirda (WAN-Miniport (IrDA)) - C:\WINDOWS\system32\drivers\rasirda.sys
3S ROOTMODEM (Microsoft Legacy Modem Driver) - C:\WINDOWS\system32\drivers\rootmdm.sys
3R RTL8023xp (Realtek 10/100/1000 NIC Family all in one NDIS XP Driver) - C:\WINDOWS\system32\drivers\Rtlnicxp.sys
0R sbp2port (Bustreiber für SBP2-Transport/Protokoll) - C:\WINDOWS\system32\drivers\sbp2port.sys
3R sdbus - C:\WINDOWS\system32\drivers\sdbus.sys
3S sffdisk (SFF-Speicherklassentreiber) - C:\WINDOWS\system32\drivers\sffdisk.sys
3S sffp_sd (SFF-Speicherprotokolltreiber für SDBus) - C:\WINDOWS\system32\drivers\sffp_sd.sys
3S siusbmod - C:\WINDOWS\system32\drivers\siusbmod.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys
0R snapman380 (Acronis Snapshots Manager (Build 380)) - C:\WINDOWS\system32\drivers\snman380.sys
1R ssmdrv - C:\WINDOWS\system32\drivers\ssmdrv.sys
3S streamip (BDA-IPSink) - C:\WINDOWS\system32\drivers\streamip.sys
3R SynTP (Synaptics TouchPad Driver) - C:\WINDOWS\system32\drivers\SynTP.sys
0R tdrpman147 (Acronis Try&Decide and Restore Points filter (build 147)) - C:\WINDOWS\system32\drivers\tdrpm147.sys
0R Teefer (Teefer for NT) - C:\WINDOWS\system32\drivers\Teefer.sys
3R tifm21 - C:\WINDOWS\system32\drivers\tifm21.sys
2R tifsfilter (Acronis True Image FS Filter) - C:\WINDOWS\system32\drivers\tifsfilt.sys
0R timounter (Acronis True Image Backup Archive Explorer) - C:\WINDOWS\system32\drivers\timntr.sys
3S usbccgp (Microsoft Standard-USB-Haupttreiber) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller) - C:\WINDOWS\system32\drivers\usbehci.sys
3S usbprint (Microsoft USB-Druckerklasse) - C:\WINDOWS\system32\drivers\usbprint.sys
3S USBSTOR (USB-Massenspeichertreiber) - C:\WINDOWS\system32\drivers\usbstor.sys
3R vsbus (Virtual Serial Bus Enumerator) - C:\WINDOWS\system32\drivers\vsb.sys
3S vserial (ELTIMA Virtual Serial Ports Driver) - C:\WINDOWS\system32\drivers\vserial.sys
3R w29n51 (Intel(R) PRO/Wireless 2200BG Netzwerkverbindungstreiber für Windows XP) - C:\WINDOWS\system32\drivers\w29n51.sys
3S wanatw (WAN Miniport (ATW)) - C:\WINDOWS\system32\DRIVERS\wanatw4.sys (not found)
1S Wbutton - C:\WINDOWS\system32\drivers\Wbutton.sys (not found)
2R wg3n (SyGate for NT, wg3n) - C:\WINDOWS\system32\drivers\wg3n.sys
1R wpsdrvnt - C:\WINDOWS\system32\drivers\wpsdrvnt.sys
1R WS2IFSL (Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
3S WSTCODEC (World Standard Teletext-Codec) - C:\WINDOWS\system32\drivers\wstcodec.sys
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys
3R XUIF (X10 USB Wireless Transceiver) - C:\WINDOWS\system32\drivers\x10ufx2.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
2R AcrSch2Svc (Acronis Scheduler2 Service) - "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe"
2R AntiVirScheduler (Avira AntiVir Personal - Free Antivirus Planer) - "C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe"
2R AntiVirService (Avira AntiVir Personal - Free Antivirus Guard) - "C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe"
3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2R Ati HotKey Poller - C:\WINDOWS\system32\Ati2evxx.exe
2R btwdins (Bluetooth Service) - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
2R CLCapSvc (CyberLink Background Capture Service (CBCS)) - "C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe"
3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
2R CLSched (CyberLink Task Scheduler (CTS)) - "C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe"
2R CyberLink Media Library Service - "C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe"
3S de_serv (AVM FRITZ!web Routing Service) - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
3S Dot3svc (Automatische Konfiguration (verkabelt)) - C:\WINDOWS\System32\svchost.exe -k dot3svc
3S EapHost (Extensible Authentication-Protokolldienst) - C:\WINDOWS\System32\svchost.exe -k eapsvcs
2S Fax - C:\WINDOWS\system32\fxssvc.exe
3S hkmsvc (Integritätsschlüssel- und Zertifikatverwaltungsdienst) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S IDriverT (InstallDriver Table Manager) - "C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
2R Irmon (Infrarotüberwachung) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S napagent (NAP-Agent (Network Access Protection)) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R omniserv (Softex OmniPass Service) - C:\Programme\Softex\OmniPass\Omniserv.exe
2R PnkBstrA - C:\WINDOWS\system32\PnkBstrA.exe
2R RichVideo (Cyberlink RichVideo Service(CRVS)) - "C:\Programme\CyberLink\Shared Files\RichVideo.exe"
3S ServiceLayer - "C:\Programme\PC Connectivity Solution\ServiceLayer.exe"
2R SmcService (Sygate Personal Firewall) - C:\Programme\Sygate\SPF\smc.exe
3S TuneUp.Defrag (TuneUp Drive Defrag-Dienst) - C:\WINDOWS\System32\TuneUpDefragService.exe
2S TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - "C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe"
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
3R usnjsvc (Messenger USN Journal Reader-Service für freigegebene Ordner) - "C:\Programme\MSN Messenger\usnsvc.exe"
2R UxTuneUp (TuneUp Designerweiterung) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R x10nets (X10 Device Network Service) - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
-- Files created between 2008-10-22 and 2008-11-22 ------------------------------
2008-11-22 01:48:53 0 d-------- C:\WINDOWS\Prefetch
2008-11-22 01:47:07 0 d-------- C:\Programme\MSXML 4.0<MSXML4~1.0>
2008-11-22 00:50:31 15504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-11-22 00:50:29 38496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys<MBAMSW~1.SYS>
2008-11-22 00:50:27 0 d-------- C:\Programme\Malwarebytes' Anti-Malware<MALWAR~1>
2008-11-22 00:07:53 0 d-------- C:\Programme\Trend Micro<TRENDM~1>
2008-11-21 23:29:54 21248 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys
2008-11-21 23:29:54 22336 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2008-11-21 23:29:54 45376 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2008-11-21 23:29:51 75072 --a------ C:\WINDOWS\system32\drivers\avipbb.sys
2008-11-21 23:29:48 0 d-------- C:\Programme\Avira
2008-11-21 23:17:09 0 d-------- C:\Programme\Autorun Eater<AUTORU~1>
2008-11-21 23:12:13 0 d-------- C:\WINDOWS\pss
2008-10-29 14:16:45 971232 --a------ C:\WINDOWS\system32\drivers\tdrpm147.sys
2008-10-29 14:16:05 134272 --a------ C:\WINDOWS\system32\drivers\snman380.sys
2008-10-22 06:10:07 185344 --a------ C:\WINDOWS\system32\Thawbrkr.dll
2008-10-22 06:10:03 10752 --a------ C:\WINDOWS\system32\c_iscii.dll
2008-10-22 06:10:00 5632 --a------ C:\WINDOWS\system32\kbdusa.dll
2008-10-22 06:09:51 6144 --a------ C:\WINDOWS\system32\ftlx041e.dll
-- Find3M Report ----------------------------------------------------------------
2008-11-22 01:55:20 47862 --a------ C:\Dokumente und Einstellungen\Gero\Anwendungsdaten\wklnhst.dat
2008-11-22 01:55:03 0 d-------- C:\Programme\Mozilla Firefox<MOZILL~1>
2008-11-22 00:50:33 0 d-------- C:\Dokumente und Einstellungen\Gero\Anwendungsdaten\Malwarebytes<MALWAR~1>
2008-11-21 23:42:24 111928 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-11-21 23:14:44 0 d-------- C:\Programme\Home Cinema<HOMECI~1>
2008-11-21 23:14:43 0 d--h----- C:\Programme\InstallShield Installation Information<INSTAL~1>
2008-11-21 23:11:29 0 d-------- C:\Programme\s25atonce<S25ATO~1>
2008-11-21 23:10:18 0 d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared<MICROS~1>
2008-11-21 22:56:08 424324 --a------ C:\WINDOWS\system32\perfh007.dat
2008-11-21 22:56:07 78794 --a------ C:\WINDOWS\system32\perfc007.dat
2008-10-29 17:21:59 0 d-------- C:\Dokumente und Einstellungen\Gero\Anwendungsdaten\Acronis
2008-10-29 14:18:39 0 d-------- C:\Programme\Gemeinsame Dateien\Acronis
2008-10-27 21:55:30 0 d-------- C:\Programme\Paint Shop Pro 6<PAINTS~1>
2008-10-12 20:31:51 0 d-------- C:\Dokumente und Einstellungen\Gero\Anwendungsdaten\Skype
2008-10-12 15:21:40 0 d-------- C:\Programme\MSN Messenger<MSNMES~1>
2008-10-12 15:09:18 0 d-------- C:\Programme\Messenger<MESSEN~1>
2008-10-12 15:02:43 0 d-------- C:\Programme\Movie Maker<MOVIEM~1>
2008-10-12 14:57:53 0 d-------- C:\Programme\Windows NT<WINDOW~1>
2008-10-12 14:57:45 0 d-------- C:\Programme\Gemeinsame Dateien\System
2008-10-12 10:46:34 0 d-------- C:\Programme\DivX
2008-10-03 17:58:14 6066176 --a------ C:\WINDOWS\system32\ieframe.dll
2008-09-30 17:26:50 0 d-------- C:\Programme\Wolfenstein - Enemy Territory<WOLFEN~1>
2008-09-30 17:18:30 66872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-09-30 16:43:34 1286152 --a------ C:\WINDOWS\system32\msxml4.dll
2008-09-28 22:04:50 0 d-------- C:\Programme\ICQ6
2008-09-16 21:12:58 222488 --a------ C:\WINDOWS\system32\snapapi.dll
2008-09-16 01:12:54 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-09-16 01:12:54 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-09-15 16:24:02 1846528 --a------ C:\WINDOWS\system32\win32k.sys
2008-09-10 02:13:38 1307648 -----n--- C:\WINDOWS\system32\msxml6.dll
2008-09-04 18:15:03 1106944 --a------ C:\WINDOWS\system32\msxml3.dll
2008-09-04 11:16:15 65328 --a------ C:\Dokumente und Einstellungen\Gero\Anwendungsdaten\GDIPFONTCACHEV1.DAT<GDIPFO~1.DAT>
2008-08-26 08:57:22 233472 --a------ C:\WINDOWS\system32\webcheck.dll
2008-08-26 08:57:21 105984 --a------ C:\WINDOWS\system32\url.dll
2008-08-26 08:57:21 102912 --a------ C:\WINDOWS\system32\occache.dll
2008-08-26 08:57:19 52224 --a------ C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2008-08-26 08:57:19 459264 --a------ C:\WINDOWS\system32\msfeeds.dll
2008-08-26 08:57:18 267776 --a------ C:\WINDOWS\system32\iertutil.dll
2008-08-26 08:57:18 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2008-08-26 08:57:15 384512 --a------ C:\WINDOWS\system32\iedkcs32.dll
2008-08-26 08:57:15 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll
2008-08-26 08:57:15 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2008-08-26 08:57:15 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2008-08-26 08:57:15 63488 --a------ C:\WINDOWS\system32\icardie.dll
2008-08-26 08:57:14 124928 --a------ C:\WINDOWS\system32\advpack.dll
2008-08-25 09:38:00 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2008-08-25 09:37:31 70656 --a------ C:\WINDOWS\system32\ie4uinit.exe
2008-08-23 06:54:51 161792 --a------ C:\WINDOWS\system32\ieakui.dll
-- Registry Dump ----------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AzMixerSel"="C:\\Programme\\Realtek\\InstallShield\\AzMixerSel.exe"
"SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"ATSwpNav"="\"C:\\Programme\\Fingerprint Sensor\\ATSwpNav\" -run"
"ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"
"LaunchAp"="\"C:\\Programme\\Launch Manager\\LaunchAp.exe\""
"CtrlVol"="\"C:\\Programme\\Launch Manager\\CtrlVol.exe\""
"LMgrOSD"="\"C:\\Programme\\Launch Manager\\OSD.exe\""
"Wbutton"="\"C:\\Programme\\Launch Manager\\Wbutton.exe\""
"OmniPass"="C:\\Programme\\Softex\\OmniPass\\scureapp.exe"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
@=""
"SSBkgdUpdate"="\"C:\\Programme\\Gemeinsame Dateien\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"HotkeyApp"="\"C:\\Programme\\Launch Manager\\HotkeyApp.exe\""
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"avgnt"="\"C:\\Programme\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"RemoteControl"="\"C:\\Programme\\Home Cinema\\PowerDVD\\PDVDServ.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"PCMService"="\"C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"Alcmtr"="ALCMTR.EXE"
"RTHDCPL"="RTHDCPL.EXE"
"BrMfcWnd"="C:\\Programme\\Brother\\Brmfcmon\\BrMfcWnd.exe /AUTORUN"
"ControlCenter3"="C:\\Programme\\Brother\\ControlCenter3\\brctrcen.exe /autorun"
"SmartSync - ScheduleSync"="C:\\PROGRA~1\\MOBILE~1\\SMARTS~1\\SCHEDU~1.EXE"
"TrueImageMonitor.exe"="C:\\Programme\\Acronis\\TrueImageHome\\TrueImageMonitor.exe"
"Acronis Scheduler2 Service"="\"C:\\Programme\\Gemeinsame Dateien\\Acronis\\Schedule2\\schedhlp.exe\""
"IndexSearch"="\"C:\\Programme\\ScanSoft\\PaperPort\\IndexSearch.exe\""
"PaperPort PTD"="\"C:\\Programme\\ScanSoft\\PaperPort\\pptd40nt.exe\""
"Autorun Eater"="C:\\Programme\\Autorun Eater\\oldmcdonald.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TimounterMonitor"
"hkey"="HKLM"
"command"="C:\\Programme\\Acronis\\TrueImageHome\\TimounterMonitor.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TrueImageMonitor"
"hkey"="HKLM"
"command"="C:\\Programme\\Acronis\\TrueImageHome\\TrueImageMonitor.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"DisableRegistryTools"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=dword:00000000
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
eapsvcs REG_MULTI_SZ eaphost\0\0
dot3svc REG_MULTI_SZ dot3svc\0\0
HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp
napagent
hkmsvc
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06f12370-8469-11da-8d7d-000ae4ae10e3}]
Shell\AutoRun\command I:\preinst.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5b94bf5e-ef59-11dc-bc5d-000ae4ae10e3}]
shell\verb1\command desktop.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71ed4c93-1fad-11da-870b-00038a000015}]
Shell\AutoRun\command appsetup.exe
-- End of ComboScan: finished at 2008-11-22 at 02:19:20 -------------------------
WAS nun?