Home » Spyware & Browser Hijacker Support Forum » IE und FF befallen - wunezozo.dll und nuvutoki.dll » Themenansicht
IE und FF befallen - wunezozo.dll und nuvutoki.dll |
||
|---|---|---|
| #0
| ||
|
02.12.2008, 11:36
...neu hier
Beiträge: 4 |
||
 
|
|
|
|
02.12.2008, 12:15
Moderator
Beiträge: 7805 |
#2
Hallo DocDebil,
arbeite bitte die Punnkte 2-5 aus http://board.protecus.de/t23188.htm ab und poste die Ergebnisse __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
02.12.2008, 12:25
...neu hier
Themenstarter Beiträge: 4 |
#3
Okay, hier dann noch die Logs von MBAM und Combofix.
Malwarebytes' Anti-Malware 1.30 Datenbank Version: 1445 Windows 6.0.6001 Service Pack 1 02.12.2008 11:35:02 mbam-log-2008-12-02 (11-34-58).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 50917 Laufzeit: 4 minute(s), 46 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 2 Infizierte Registrierungsschlüssel: 6 Infizierte Registrierungswerte: 4 Infizierte Dateiobjekte der Registrierung: 2 Infizierte Verzeichnisse: 0 Infizierte Dateien: 5 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: c:\Windows\System32\yigejiyu.dll (Trojan.Vundo) -> No action taken. C:\Windows\System32\wunezozo.dll (Trojan.Vundo) -> No action taken. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb6aaeed-1ffe-4b7c-9548-85275f55d488} (Trojan.BHO.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{eb6aaeed-1ffe-4b7c-9548-85275f55d488} (Trojan.BHO.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb6aaeed-1ffe-4b7c-9548-85275f55d488} (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm35b55a6d (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mohurufuze (Trojan.Agent) -> No action taken. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\yigejiyu.dll -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\yigejiyu.dll -> No action taken. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\System32\poyinada.dll (Trojan.Vundo.H) -> No action taken. C:\Windows\System32\adaniyop.ini (Trojan.Vundo.H) -> No action taken. C:\Windows\System32\wunezozo.dll (Trojan.BHO.H) -> No action taken. c:\Windows\System32\yigejiyu.dll (Trojan.Vundo) -> No action taken. C:\Windows\System32\jiwevoju.dll (Trojan.Vundo) -> No action taken. ComboFix 08-12-01.01 - Robert 2008-12-02 11:54:15.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.2089 [GMT 1:00] ausgeführt von:: c:\users\Robert\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\Microsoft\Network\Downloader\qmgr0.dat c:\programdata\Microsoft\Network\Downloader\qmgr1.dat c:\windows\system32\anekelet.ini c:\windows\system32\AutoRun.inf c:\windows\system32\etevigib.ini c:\windows\system32\ohazamas.ini c:\windows\system32\ozepiveh.ini c:\windows\system32\uvisonen.ini c:\windows\Tasks\acbjqwyg.job ----- BITS: Eventuell infizierte Webseiten ----- hxxp://77.74.48.105 . ((((((((((((((((((((((( Dateien erstellt von 2008-11-02 bis 2008-12-02 )))))))))))))))))))))))))))))) . 2008-12-02 11:27 . 2008-12-02 11:27 <DIR> d-------- c:\users\Robert\AppData\Roaming\Malwarebytes 2008-12-02 11:27 . 2008-12-02 11:27 <DIR> d-------- c:\users\All Users\Malwarebytes 2008-12-02 11:27 . 2008-12-02 11:27 <DIR> d-------- c:\programdata\Malwarebytes 2008-12-02 11:27 . 2008-12-02 11:35 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-02 11:27 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-12-02 11:27 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-12-01 23:23 . 2008-12-01 23:23 <DIR> d-------- c:\program files\Trend Micro 2008-12-01 18:40 . 2008-12-01 22:05 <DIR> d-------- c:\program files\Einfach_Spielen 2008-12-01 00:14 . 2008-12-01 00:14 524,288 --ahs---- C:\ntuser.dat{cdf31924-bf23-11dd-be52-0080bdf6b0b6}.TMContainer00000000000000000002.regtrans-ms 2008-12-01 00:14 . 2008-12-01 00:14 524,288 --ahs---- C:\ntuser.dat{cdf31924-bf23-11dd-be52-0080bdf6b0b6}.TMContainer00000000000000000001.regtrans-ms 2008-12-01 00:14 . 2008-12-01 00:14 262,144 --a------ C:\ntuser.dat 2008-12-01 00:14 . 2008-12-01 00:14 65,536 --ahs---- C:\ntuser.dat{cdf31924-bf23-11dd-be52-0080bdf6b0b6}.TM.blf 2008-12-01 00:14 . 2008-12-01 00:14 5,120 --ah----- C:\ntuser.dat.LOG1 2008-12-01 00:14 . 2008-12-01 00:14 0 --ah----- C:\ntuser.dat.LOG2 2008-11-30 23:24 . 2008-11-30 23:24 <DIR> d-------- c:\users\All Users\Age of Empires 3 2008-11-30 23:24 . 2008-11-30 23:24 <DIR> d-------- c:\programdata\Age of Empires 3 2008-11-30 23:00 . 2008-11-30 23:02 <DIR> d-------- c:\users\All Users\Lavasoft 2008-11-30 23:00 . 2008-11-30 23:02 <DIR> d-------- c:\programdata\Lavasoft 2008-11-30 23:00 . 2008-11-30 23:00 <DIR> d-------- c:\program files\Lavasoft 2008-11-28 15:16 . 2008-11-29 17:18 268 --a------ c:\windows\wininit.ini 2008-11-28 13:51 . 2008-11-28 14:04 3,217,594,692 --a------ c:\windows\MEMORY.DMP 2008-11-28 10:41 . 2008-11-28 10:42 <DIR> d-------- c:\users\Robert\AppData\Roaming\Sports Interactive 2008-11-28 10:36 . 2008-11-28 10:38 <DIR> d-------- c:\users\All Users\Sports Interactive 2008-11-28 10:36 . 2008-11-28 10:38 <DIR> d-------- c:\programdata\Sports Interactive 2008-11-27 16:01 . 2008-11-27 16:03 <DIR> d--h----- c:\program files\Zero G Registry 2008-11-26 21:09 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll 2008-11-26 21:09 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll 2008-11-26 21:09 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll 2008-11-26 21:09 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll 2008-11-26 21:09 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll 2008-11-26 20:29 . 2008-11-26 20:29 <DIR> d--hs---- c:\windows\ftpcache 2008-11-21 20:06 . 2008-11-21 20:08 <DIR> d-------- C:\DVDVideoSoft 2008-11-20 16:26 . 2008-11-20 16:26 <DIR> d-------- c:\users\All Users\Electronic Arts 2008-11-20 16:26 . 2008-11-20 16:26 <DIR> d-------- c:\programdata\Electronic Arts 2008-11-20 16:26 . 2008-11-20 16:26 <DIR> d-------- c:\program files\Electronic Arts 2008-11-20 16:06 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2008-11-20 16:06 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2008-11-20 16:06 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll 2008-11-20 16:06 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2008-11-20 16:06 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll 2008-11-20 16:06 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2008-11-20 16:06 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll 2008-11-20 16:06 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll 2008-11-20 16:06 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2008-11-13 19:29 . 2008-12-01 17:16 <DIR> d-------- c:\program files\jdownloader 2008-11-13 19:27 . 2008-11-13 19:27 410,976 --a------ c:\windows\System32\deploytk.dll 2008-11-13 17:49 . 2008-10-02 10:07 453,152 --a------ c:\windows\System32\NVUNINST.EXE 2008-11-13 17:36 . 2008-11-13 17:36 <DIR> d-------- c:\program files\SystemRequirementsLab 2008-11-13 00:24 . 2008-11-25 19:18 462 --a------ c:\windows\EAGRAPH.INI 2008-11-12 14:51 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll 2008-11-12 14:51 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll 2008-11-12 14:51 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys 2008-11-11 20:45 . 2008-11-11 20:45 <DIR> d-------- c:\users\Robert\AppData\Roaming\Home Sweet Home 2008-11-09 15:01 . 2008-11-09 15:01 120 --a------ C:\drmHeader.bin 2008-11-08 19:46 . 2008-11-08 19:46 <DIR> d-------- c:\users\All Users\WindowsSearch 2008-11-08 19:46 . 2008-11-08 19:46 <DIR> d-------- c:\programdata\WindowsSearch 2008-11-06 19:30 . 2008-11-17 21:43 <DIR> dr------- c:\users\Robert\Videos 2008-11-06 18:27 . 2008-11-06 18:32 <DIR> d-------- c:\program files\FreeUndelete 2008-11-05 20:09 . 2008-11-05 20:35 <DIR> d-------- c:\program files\DivX 2008-11-05 17:18 . 2008-11-05 17:18 <DIR> d-------- c:\program files\ReflexiveArcade 2008-11-05 14:00 . 2008-11-05 14:00 <DIR> d-------- c:\users\Robert\AppData\Roaming\DAEMON Tools Pro 2008-11-05 13:59 . 2008-11-05 13:59 <DIR> d-------- c:\users\All Users\DAEMON Tools Pro 2008-11-05 13:59 . 2008-11-05 13:59 <DIR> d-------- c:\programdata\DAEMON Tools Pro 2008-11-05 13:58 . 2008-11-05 21:31 <DIR> d-------- c:\program files\DAEMON Tools Pro 2008-11-05 11:20 . 2008-11-05 11:20 83,507 --a------ c:\windows\System32\drivers\etc.rar 2008-11-03 16:34 . 2008-11-03 16:34 <DIR> d-------- c:\windows\System32\xlive 2008-11-02 16:12 . 2008-11-02 16:12 <DIR> d-------- c:\users\All Users\Intenium 2008-11-02 16:12 . 2008-11-02 16:12 <DIR> d-------- c:\programdata\Intenium . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-01 22:04 --------- d-----w c:\users\Robert\AppData\Roaming\Azureus 2008-12-01 16:39 --------- d-----w c:\programdata\Google Updater 2008-11-30 21:55 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-30 21:16 --------- d-----w c:\users\Robert\AppData\Roaming\FileZilla 2008-11-30 15:52 --------- d-----w c:\program files\TeamViewer3 2008-11-28 20:41 --------- d-----w c:\programdata\Spybot - Search & Destroy 2008-11-28 13:18 --------- d-----w c:\program files\Opera 2008-11-28 13:12 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-11-28 13:05 --------- d-----w c:\users\Robert\AppData\Roaming\skypePM 2008-11-28 13:05 --------- d-----w c:\users\Robert\AppData\Roaming\Skype 2008-11-26 20:04 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-25 22:04 --------- d-----w c:\program files\FileZilla FTP Client 2008-11-25 15:39 --------- d-----w c:\users\Robert\AppData\Roaming\teamspeak2 2008-11-23 17:50 --------- d-----w c:\program files\Vuze 2008-11-21 17:46 --------- d-----w c:\program files\Windows Live Safety Center 2008-11-20 18:17 --------- d-----w c:\users\Robert\AppData\Roaming\temp 2008-11-20 15:54 --------- d-----w c:\program files\Mozilla Thunderbird 2008-11-20 15:24 2,962 ----a-w c:\windows\System32\ealregsnapshot1.reg 2008-11-14 15:44 --------- d-----w c:\program files\Type Pilot 2008-11-13 18:27 --------- d-----w c:\program files\Java 2008-11-13 16:59 --------- d-----w c:\programdata\NVIDIA 2008-11-13 15:22 --------- d-----w c:\program files\DEUTSCHLAND SPIELT 2008-11-07 20:53 --------- d-----w c:\program files\TweakVI 2008-11-05 21:56 --------- d-----w c:\programdata\Media Center Programs 2008-11-05 19:27 --------- d-----w c:\program files\Zylom Games 2008-11-05 13:16 --------- d-----w c:\program files\Xilisoft 2008-11-05 10:16 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-11-04 20:00 --------- d-----w c:\users\Robert\AppData\Roaming\Shopping Blocks 2008-10-31 21:11 --------- d--h--r c:\users\Robert\AppData\Roaming\SecuROM 2008-10-30 16:23 --------- d-----w c:\users\Robert\AppData\Roaming\Boomzap 2008-10-29 16:30 --------- d-----w c:\program files\Alcohol Soft 2008-10-26 22:05 --------- d---a-w c:\programdata\TEMP 2008-10-26 21:50 --------- d-----w c:\users\Robert\AppData\Roaming\MyPhoneExplorer 2008-10-26 21:32 --------- d-----w c:\program files\ANYCOM 2008-10-26 21:31 --------- d-----w c:\program files\ANYCOM_Update 2008-10-22 13:14 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-20 14:20 --------- dc-h--w c:\programdata\{A6F22B7B-0306-4618-9CE3-02EC7A1F223D} 2008-10-20 14:20 --------- d-----w c:\users\Robert\AppData\Roaming\Stardock 2008-10-20 14:19 --------- d-----w c:\programdata\Stardock 2008-10-20 14:19 --------- d-----w c:\program files\Stardock 2008-10-19 17:15 --------- d-----w c:\users\Robert\AppData\Roaming\AVSMedia 2008-10-19 15:31 --------- d-----w c:\program files\FLV Player 2008-10-19 11:50 --------- d-----w c:\users\Robert\AppData\Roaming\Zylom 2008-10-19 11:50 --------- d-----w c:\programdata\Zylom 2008-10-17 00:10 --------- d-----w c:\program files\Windows Mail 2008-10-16 23:53 --------- d-----w c:\users\Robert\AppData\Roaming\Mount&Blade 2008-10-15 00:28 --------- d-----w c:\program files\Common Files\InstallShield 2008-10-13 20:49 --------- d-----w c:\users\Robert\AppData\Roaming\OpenOffice.org 2008-10-13 20:45 --------- d-----w c:\program files\OpenOffice.org 3 2008-10-13 20:45 --------- d-----w c:\program files\JRE 2008-10-13 08:00 --------- d-----w c:\users\Robert\AppData\Roaming\OpenOffice.org2 2008-10-09 14:45 --------- d-----w c:\users\Robert\AppData\Roaming\hott notes 4 2008-10-09 14:45 --------- d-----w c:\program files\hott notes 4 2008-10-07 23:32 --------- d-----w c:\program files\MozBackup 2008-10-06 00:57 --------- d-----w c:\programdata\WEBREG 2008-10-05 19:42 --------- d-----w c:\users\Robert\AppData\Roaming\HP 2008-10-05 19:38 --------- d-----w c:\users\Robert\AppData\Roaming\HPAppData 2008-10-05 19:38 --------- d-----w c:\program files\HP 2008-10-05 19:36 --------- d-----w c:\programdata\HP 2008-10-05 19:35 --------- d-----w c:\programdata\HP Product Assistant 2008-10-05 19:35 --------- d-----w c:\program files\Common Files\HP 2008-10-05 19:34 --------- d-----w c:\program files\Hewlett-Packard 2008-10-05 19:34 --------- d-----w c:\program files\Common Files\Hewlett-Packard 2008-10-05 19:33 --------- d-----w c:\programdata\Hewlett-Packard 2008-10-05 19:02 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-10-05 17:57 --------- d-----w c:\program files\Berichtsheft 2008-10-04 01:14 --------- d-----w c:\program files\Unlocker 2008-10-04 01:05 --------- d-----w c:\program files\AGEIA Technologies 2008-10-03 18:06 --------- d-----w c:\program files\MSECache 2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll 2008-09-30 22:22 355,584 ----a-w c:\windows\System32\TuneUpDefragService.exe 2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll 2008-09-25 13:32 413,696 ----a-w c:\windows\System32\wrap_oal.dll 2008-09-25 13:32 110,592 ----a-w c:\windows\System32\OpenAL32.dll 2008-09-19 21:55 200,704 ----a-w c:\windows\System32\ssldivx.dll 2008-09-19 21:55 1,044,480 ----a-w c:\windows\System32\libdivx.dll 2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe 2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe 2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll 2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll 2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys 2008-09-07 01:15 304,528 ----a-w c:\windows\System32\appdrvrem01.exe 2008-09-04 07:31 288,024 ----a-w c:\windows\System32\PhysXCplUI.exe 2008-09-03 03:59 468,992 ----a-w c:\windows\System32\newdev.dll 2008-09-03 03:58 74,752 ----a-w c:\windows\System32\newdev.exe 2008-08-19 22:43 174 --sha-w c:\program files\desktop.ini . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-13 136600] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13584928] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 92704] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 c:\windows\RtHDVCpl.exe] c:\users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ hott notes 4.lnk - c:\program files\hott notes 4\hottnotes.exe [2007-05-16 1249280] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\ANYCOM\Blue USB-120-240\BTTray.exe [2004-03-03 512061] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\nuvutoki.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm "vidc.hfyu"= huffyuv.dll "msacm.divxa32"= divxa32.acm [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk backup=c:\windows\pss\BTTray.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2008-02-28 17:07 1828136 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2008-02-18 16:29 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng] --a------ 2008-01-29 16:38 583048 c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher] --a------ 2007-02-20 17:20 28672 c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] --a------ 2007-03-01 15:38 4390912 c:\windows\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{83458CBB-7C68-4997-9490-01EB4424C240}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{C8C73234-960F-454A-B728-78F3B5558486}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{E5ED111E-EF2A-4076-B59C-E1F2232610C4}"= UDP:c:\spiele\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete "{3E1493DE-CEA8-4B25-9E66-73E10E1A124F}"= TCP:c:\spiele\Sid Meier's Civilization 4 Complete\Civilization4.exe:Sid Meier's Civilization 4 Complete "{FB01385E-26D5-40F0-85EA-709E22FF3C4A}"= UDP:c:\spiele\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords "{E50D37BF-EB19-4806-BC24-A83E720260CB}"= TCP:c:\spiele\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4: Warlords "{3CBE675C-E7C1-4A3D-A1D4-8BD60A10957B}"= UDP:c:\spiele\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword "{4DA5481A-AC72-4C61-8058-057888EFDFF5}"= TCP:c:\spiele\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4: Beyond the Sword "{BD35F078-0AD9-4784-A3E0-877F3D1004F7}"= UDP:c:\spiele\Pro Evolution Soccer 2008\PES2008.exe  ro Evolution Soccer 2008"{FD020873-4D79-4D07-AF74-2DC2E8749744}"= TCP:c:\spiele\Pro Evolution Soccer 2008\PES2008.exe ro Evolution Soccer 2008"{101684C0-237B-4485-8381-D2C11781AB02}"= UDP:c:\spiele\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{6A1887DC-DD71-4E40-B939-CD1CCF3F11FC}"= TCP:c:\spiele\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{2CAAC52B-97AE-4164-9A58-359A1F53CEE2}"= UDP:c:\spiele\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{ECA3D6C4-22A9-4D81-8D92-8BE822DF1361}"= TCP:c:\spiele\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{0194AEC3-DA66-4444-A8C4-F0729157A90D}"= UDP:c:\spiele\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "{26B11CC5-2932-4AE0-9EF0-3544FBAEF65D}"= TCP:c:\spiele\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "{DAD00C11-C7C9-440E-9642-F63180E2D7EB}"= c:\program files\Skype\Phone\Skype.exe:Skype "{5FF4837C-B3C1-4277-AAA0-2A1D9FC94A6B}"= UDP:c:\spiele\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties "{C8720103-6C08-4FC4-B56E-6564186526AC}"= TCP:c:\spiele\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties "{6857CACE-311C-4E5C-99D5-D3D877203937}"= UDP:c:\spiele\Sid Meier's Civilization IV Colonization\Colonization.exe:Sid Meier's Civilization IV Colonization "{916F18E6-D4BB-4243-9AD8-D06FFDCCB3E5}"= TCP:c:\spiele\Sid Meier's Civilization IV Colonization\Colonization.exe:Sid Meier's Civilization IV Colonization "{F6FA2E66-7E4F-49D7-B183-620394428899}"= UDP:c:\spiele\Lost Empire - Immortals\LostEmpire.exe:Lost Empire - Immortals "{F6142467-85A0-48C8-9350-D2E4A58CD623}"= TCP:c:\spiele\Lost Empire - Immortals\LostEmpire.exe:Lost Empire - Immortals "{3D6DC0E9-642F-42B2-BF7B-A7BAD1D9B479}"= UDP:c:\program files\Sports Interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo "{C246632C-FBE6-4AEF-A40F-BE2C6869BFF1}"= TCP:c:\program files\Sports Interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo "{1ED201E1-FC43-4D6C-B2D9-FE3E81EEF897}"= UDP:c:\windows\explorer.exe:explorer "{90798DA4-C216-4080-B0D0-C8667D357F41}"= TCP:c:\windows\explorer.exe:explorer "{AEF7E580-A9B8-40DE-BC26-FAA7BC0ED8D1}"= UDP:c:\windows\System32\wininit.exe:wininit "{D9271F16-D219-4E05-922B-AB479F6F0415}"= TCP:c:\windows\System32\wininit.exe:wininit [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [2008-09-07 2915944] R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2008-08-19 269736] R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-06-21 66600] R2 SbPF.Launcher;SbPF.Launcher;"c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe" [2008-07-30 95528] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-08-29 809296] R2 SPF4;Sunbelt Personal Firewall 4;"c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe" [2008-07-30 1361192] R2 TeamViewer;TeamViewer 3;"c:\program files\TeamViewer3\TeamViewer_Service.exe" -service [2008-09-25 185640] R3 AVMWAN;NDIS WAN CAPI Treiber;c:\windows\system32\DRIVERS\avmwan.sys [2002-07-17 37568] R3 FXUSBASE;Teledat USB 2 a/b (WinXP/2000);c:\windows\system32\DRIVERS\fxusbase.sys [2002-07-17 498672] R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\sbfwim.sys [2008-08-19 65576] S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc bthsvcs REG_MULTI_SZ BthServ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20a7df45-6e2b-11dd-900f-000000000000}] \shell\AutoRun\command - J:\FalloutLauncher.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e73392f-0e26-11dd-adae-806e6f6e6963}] \shell\AutoRun\command - H:\StartUp.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdc067a4-ab38-11dd-acd3-0080bd6d7f4e}] \shell\AutoRun\command - K:\HG2Setup.exe . Inhalt des "geplante Tasks" Ordners 2008-12-02 c:\windows\Tasks\1-Klick-Wartung.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-05-17 14:04] 2008-12-02 c:\windows\Tasks\Erweiterte Garantie.job - c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21 17:38] . - - - - Entfernte verwaiste Registrierungseinträge - - - - BHO-{eb6aaeed-1ffe-4b7c-9548-85275f55d488} - (no file) . ------- Zusätzlicher Suchlauf ------- . FireFox -: Profile - c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ohsschhe.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.de FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF -: plugin - c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll FF -: plugin - c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll FF -: plugin - c:\program files\VLC\npvlc.dll FF -: plugin - c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-02 12:05:03 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'Explorer.exe'(1288) c:\windows\system32\btncopy.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\System32\nvvsvc.exe c:\windows\System32\audiodg.exe c:\windows\System32\rundll32.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\ANYCOM\Blue USB-120-240\bin\btwdins.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\System32\IoctlSvc.exe c:\windows\System32\WUDFHost.exe c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe c:\windows\System32\rundll32.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\System32\wbem\WMIADAP.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Zeit der Fertigstellung: 2008-12-02 12:11:22 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2008-12-02 11:11:08 Vor Suchlauf: 19 Verzeichnis(se), 287.306.416.128 Bytes frei Nach Suchlauf: 19 Verzeichnis(se), 287,356,100,608 Bytes frei 369 --- E O F --- 2008-11-26 20:51:31 |
|
|
|
|
|
|
02.12.2008, 12:38
Moderator
Beiträge: 7805 |
#4
Da war einiges mehr, was aber schon beseitigt zu sein scheint. Welche Firewall setzt du ein? Ich sehe da Reste von Norton?
Was befindet sich in der Datei? c:\windows\System32\drivers\etc.rar ERstelle bitte ein neues Hijackthis Report, denke daran Hijackthis mit Admin Rechten zu starten... __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
02.12.2008, 12:47
...neu hier
Themenstarter Beiträge: 4 |
#5
Hallo,
ich setze Avira Antivir in Kombination mit Sunbelt Personal Firewall (vormals Kerio) ein. Sunbelt blockiert ja auch manchmal die "Eindringversuche" und verhindert dadurch das Ausführen der Browser. Nach Ausführen von Ad-Aware, Spybot, Combofix und MBAM scheint erstmal Ruhe. Aber das ändert sich sicherlich wieder beim Neustart, oder hoffentlich nicht. In der ETC.RAR befindet sich ne Sicherungsdatei der HOST-Datei. Wenn ich das richtig überschaue ist das von Spybot. Darin sind ne Menge Adult- und AdAware-Seiten aufgelistet. # Start of entries inserted by Spybot - Search & Destroy 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com Jaaaa, so'n Komplett-PC beinhaltet leider immer viel, viel Software die der Anwender gar nicht haben möchte. Scheinbar reicht eine Deinstallation des Programms nicht aus. Ich sehe da auch noch den Norton Live Updater, krieg ihn aber nicht weg  Neues aktuelles Hijackthis-Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:45:50, on 02.12.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Windows\RtHDVCpl.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\ANYCOM\Blue USB-120-240\BTTray.exe C:\Program Files\hott notes 4\hottnotes.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\Explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Vuze\Azureus.exe C:\Program Files\Notepad++\notepad++.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://chat.lycos.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=DE&range=AD&phase=8&key=IESTART R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: hott notes 4.lnk = C:\Program Files\hott notes 4\hottnotes.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Senden an &Bluetooth - C:\Program Files\ANYCOM\Blue USB-120-240\btsendto_ie_ctx.htm O9 - Extra button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\Windows\system32\nuvutoki.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\ANYCOM\Blue USB-120-240\bin\btwdins.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 8245 bytes |
|
|
|
|
|
|
02.12.2008, 12:56
Moderator
Beiträge: 7805 |
#6
Deaktiviere den Teatimer, starte Hijackthis mit admin rechten, hake folgendes an und druecke fix checked:
O20 - AppInit_DLLs: C:\Windows\system32\nuvutoki.dll kontrolliere, ob der Eintrag nach dem neustart verschwunden ist/bleibt. ob das deine "Malwareprobleme" alle beseitigt, weiss ich nicht, aber wenn der Rechner schon an sich etwas "verkonfiguriert/installiert" ist, sollte man ueber neu aufsetzen nachdenken.... __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
02.12.2008, 13:13
...neu hier
Themenstarter Beiträge: 4 |
#7
Hallo
dieses "Fix checked"-Spielchen hab ich ja jetzt schon 2 Tage hinter mir. Leider wurden nach einem Neustart immer wieder neue DLLs eingetragen. Aber scheinbar hat dein "Als Administrator ausführen" geholfen. Hijackthis findet jetzt nichts mehr. Auch stand die wunezozo.dll und die nuvutoki.dll im Internet Explorer immer als "geladenes Add-On" drin. Ich hatte diese immer nach Neustart sofort als Add-On deaktiviert. Aber jetzt findet sich dazu kein Eintrag mehr. Ich hoffe das war es jetzt Vielen, vielen Dank! Bei all dem Schnee, den beleuchteten Schaufenstern, die süßen Plätzchen usw. könnte man fast an Engel glauben. Und nach deiner Hilfe auch!!!!!!! Nochmals danke! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:08:34, on 02.12.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Windows\RtHDVCpl.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\ANYCOM\Blue USB-120-240\BTTray.exe C:\Program Files\hott notes 4\hottnotes.exe C:\Windows\System32\mobsync.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://chat.lycos.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=DE&range=AD&phase=8&key=IESTART R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: hott notes 4.lnk = C:\Program Files\hott notes 4\hottnotes.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Senden an &Bluetooth - C:\Program Files\ANYCOM\Blue USB-120-240\btsendto_ie_ctx.htm O9 - Extra button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\ANYCOM\Blue USB-120-240\bin\btwdins.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 8152 bytes |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
bisher war ich nur passiver Beobachter, doch leider kann ich heute eure Hilfe gebrauchen. Irgendwie scheine ich mir etwas eingefangen zu haben.
Seit ein paar Tagen öffnen meine Browser Popups zu "kostenlosen Virenscannern" und dergleichen. Oftmals führen diese Links aber ins leere, bzw. können nicht geöffnet werden. Als Firewall benutze ich Sunbelts Personal Firewall, diese meldet dann auch einen "Eindringversuch blockiert" und verhindert dann aber das Ausführen der Browser. Spybot meldet neue Registryeinträge, die ich aber abweise.
Im IE ist als "AddOn" die wunezozo.dll eingetragen, was auch immer das ist. Die von Spybot und Ad-Aware gemeldeten dlls die meinen System32-Ordner befallen finde ich allerdings nicht im System32-Ordner :-/
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:58, on 02.12.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\hott notes 4\hottnotes.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=DE&range=AD&phase=8&key=IESTART
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://chat.lycos.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=DE&range=AD&phase=8&key=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=DE&range=AD&phase=8&key=IESTART
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {eb6aaeed-1ffe-4b7c-9548-85275f55d488} - C:\Windows\system32\wunezozo.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: hott notes 4.lnk = C:\Program Files\hott notes 4\hottnotes.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Senden an &Bluetooth - C:\Program Files\ANYCOM\Blue USB-120-240\btsendto_ie_ctx.htm
O9 - Extra button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\nuvutoki.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\ANYCOM\Blue USB-120-240\bin\btwdins.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
--
End of file - 9523 bytes