Home » Viren, Trojaner & Malware Forum » Glaube habe mir was eingefangen internet sau langsam » Themenansicht
Glaube habe mir was eingefangen internet sau langsam |
||
|---|---|---|
| #0
| ||
|
15.12.2008, 09:05
Member
Beiträge: 123 |
||
 
|
|
|
|
15.12.2008, 15:10
Member
 Beiträge: 4730 |
#2
Ein Thread reicht ja wohl...
verdächtig erscheinen mir folgende Einträge: O4 - HKLM\..\Run: [recinfo381] c:\RecInfo\RecInfo.exe O4 - HKCU\..\Run: [jgcgcxcx] "c:\users\tomtom\appdata\local\jgcgcxcx.exe" jgcgcxcx Bitte mal bei Jotti prüfen lassen. Und außerdem durcharbeiten: http://board.protecus.de/t23188.htm __________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
|
|
|
|
15.12.2008, 15:44
Member
Themenstarter Beiträge: 123 |
#3
Malwarebytes' Anti-Malware 1.31
Datenbank Version: 1456 Windows 6.0.6001 Service Pack 1 15.12.2008 15:44:03 mbam-log-2008-12-15 (15-44-03).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 46432 Laufzeit: 2 minute(s), 11 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
|
|
|
|
|
15.12.2008, 15:54
Member
Beiträge: 4730 |
#4
Hast Du die Dateien bei Jotti prüfen lassen? Bitte Ergebnis posten.
Bitte auch die anderen Tools durcharbeiten. __________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
|
|
|
|
15.12.2008, 17:10
Member
Themenstarter Beiträge: 123 |
#5
So brauche nun eine schritt für schritt erklärung
danke schon mal im vorraus Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:08:32, on 15.12.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Hercules\Deluxe Optical Glass\CamService.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe C:\Windows\System32\rundll32.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\ICQ6\ICQ.exe C:\Users\TomTom\AppData\Local\jgcgcxcx.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\rundll32.exe C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [recinfo381] c:\RecInfo\RecInfo.exe O4 - HKLM\..\Run: [CamserviceDeluxe2] C:\Program Files\Hercules\Deluxe Optical Glass\Camservice.exe /startup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20081126 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WEB.DE_WEB.DE SmartDrive Manager] "C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE" /hide O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Windows Mail] C:\Program Files\Windows Mail\WinMail.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent O4 - HKCU\..\Run: [jgcgcxcx] "c:\users\tomtom\appdata\local\jgcgcxcx.exe" jgcgcxcx O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Global Startup: Ulead Kalendar Checker 4.0 SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 10300 bytes |
|
|
|
|
|
|
15.12.2008, 17:35
Member
Beiträge: 4730 |
#6
hmmm... schreib ich undeutlich?
dort steht Schritt für Schritt beschrieben, was Du tun sollst: http://board.protecus.de/t23188.htm Außerdem wäre es hilfreich, wenn Du die beiden Dateien, die ich oben genannt habe, bei Jotti (<- das ist ein Link auf den Du klicken kannst) prüfen lässt. Du kannst die beiden Dateien, die ich genannt habe, schon mal mit HijackThis "fixen" (Häkchen setzen und dann "Fix checked" anklicken). Ok, Malwarebytes hast Du durchlaufen lassen, aber es fehlt jetzt noch Combofix. __________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
|
|
|
|
15.12.2008, 18:41
Member
Themenstarter Beiträge: 123 |
#7
ComboFix 08-12-14.05 - TomTom 2008-12-15 18:25:51.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.2047.1018 [GMT 1:00] ausgeführt von:: D:\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\TomTom\AppData\Local\jgcgcxcx.dat c:\users\TomTom\AppData\Local\jgcgcxcx.exe c:\users\TomTom\AppData\Local\jgcgcxcx_nav.dat c:\users\TomTom\AppData\Local\jgcgcxcx_navps.dat F:\Autorun.inf . ((((((((((((((((((((((( Dateien erstellt von 2008-11-15 bis 2008-12-15 )))))))))))))))))))))))))))))) . 2008-12-15 15:40 . 2008-12-15 15:40 <DIR> d-------- c:\users\TomTom\AppData\Roaming\Malwarebytes 2008-12-15 15:40 . 2008-12-15 15:40 <DIR> d-------- c:\programdata\Malwarebytes 2008-12-15 09:02 . 2008-12-15 09:02 <DIR> d-------- c:\program files\Trend Micro 2008-12-13 18:00 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll 2008-12-11 13:20 . 2008-12-11 13:20 <DIR> d-------- c:\windows\LooKeys 2008-12-11 13:20 . 2008-12-11 13:20 <DIR> d-------- c:\users\TomTom\AppData\Roaming\LooKeys 2008-12-11 13:20 . 2008-12-11 13:20 <DIR> d-------- c:\programdata\LooKeys 2008-12-11 13:20 . 2008-12-11 13:20 <DIR> d-------- c:\program files\FTK 2008-12-11 13:20 . 2008-12-11 13:20 40 -r-h----- c:\windows\syslk32.fst 2008-12-11 13:20 . 2008-12-11 13:20 0 --a------ c:\windows\LooKeysApp.INI 2008-12-09 21:24 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll 2008-12-09 21:24 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll 2008-12-09 21:24 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll 2008-12-05 20:21 . 2008-12-05 20:21 <DIR> d-------- c:\programdata\wmp 2008-12-05 14:03 . 2008-12-13 21:35 <DIR> d-------- c:\users\TomTom\AppData\Roaming\Smart Panel 2008-12-05 13:54 . 2008-12-05 13:57 <DIR> d-------- c:\program files\Smart Panel 2008-12-05 13:54 . 2004-02-01 03:00 413,696 --a------ c:\windows\System32\PICSDK.dll 2008-12-05 13:54 . 2002-11-15 00:00 114,688 --a------ c:\windows\System32\EpPicPrt.dll 2008-12-05 13:54 . 1999-06-15 11:31 96,768 --a------ c:\windows\SlantAdj.dll 2008-12-05 13:54 . 1999-12-07 02:03 73,216 --a------ c:\windows\ADE.DLL 2008-12-05 13:54 . 2002-11-15 00:00 65,536 --a------ c:\windows\System32\EPPicMgr.dll 2008-12-05 13:54 . 2004-02-01 03:00 38,028 --a------ c:\windows\System32\EPPICPrinterDB.dat 2008-12-05 13:54 . 2004-02-01 03:00 27,030 --a------ c:\windows\System32\EPPICPattern1.dat 2008-12-05 13:54 . 2004-02-01 03:00 6,113 --a------ c:\windows\System32\EPPICLocal_GE.cfg 2008-12-05 13:54 . 1999-04-27 00:17 3,136 --a------ c:\windows\Ade001.bin 2008-12-05 13:54 . 1999-08-09 23:50 72 --------- c:\windows\System32\epDPE.ini 2008-12-05 13:54 . 2004-02-01 03:00 22 --a------ c:\windows\System32\PICSDK.ini 2008-12-05 13:47 . 2004-05-21 06:04 79,622 --a------ c:\windows\System32\E_FLM9BE.DLL 2008-12-05 13:47 . 2003-05-21 03:27 64,000 --a------ c:\windows\System32\E_FBCB9BE.DLL 2008-12-05 13:47 . 2000-06-07 02:01 34,304 --a------ c:\windows\System32\E_FBCH9BE.DLL 2008-12-05 13:47 . 2003-07-16 14:14 31,744 --a------ c:\windows\System32\E_DCINST.DLL 2008-12-05 13:46 . 2008-12-05 13:57 <DIR> d-------- c:\program files\epson 2008-12-05 13:46 . 2003-07-01 00:00 46,080 --a------ c:\windows\System32\escimgd.dll 2008-12-05 13:46 . 2003-08-06 00:00 29,184 --a------ c:\windows\System32\escwiadn.dll 2008-12-05 13:46 . 2003-07-01 00:00 22,528 --a------ c:\windows\System32\esccmd.dll 2008-12-05 13:45 . 2008-12-05 13:45 27 --a------ c:\windows\CDE CX3600FGD.ini 2008-11-29 19:51 . 2008-11-29 19:51 <DIR> d-------- c:\users\TomTom\AppData\Roaming\Apple Computer 2008-11-29 19:50 . 2008-11-29 19:50 <DIR> d----c--- c:\windows\System32\DRVSTORE 2008-11-29 19:50 . 2008-11-29 19:50 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-29 19:50 . 2008-11-29 19:50 <DIR> d-------- c:\program files\iTunes 2008-11-29 19:50 . 2008-11-29 19:50 <DIR> d-------- c:\program files\iPod 2008-11-29 19:50 . 2008-11-29 19:50 <DIR> d-------- c:\program files\Bonjour 2008-11-29 19:50 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll 2008-11-29 19:50 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys 2008-11-29 19:49 . 2008-11-29 19:50 <DIR> d-------- c:\programdata\Apple Computer 2008-11-29 19:49 . 2008-11-29 19:49 <DIR> d-------- c:\program files\QuickTime 2008-11-25 19:28 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll 2008-11-25 19:28 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll 2008-11-25 19:28 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll 2008-11-25 19:28 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll 2008-11-25 19:28 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll 2008-11-24 00:04 . 2008-11-24 00:04 <DIR> d-------- c:\program files\Real 2008-11-24 00:04 . 2008-11-24 00:04 <DIR> d-------- c:\program files\Common Files\xing shared 2008-11-24 00:04 . 2008-11-24 00:04 <DIR> d-------- c:\program files\Common Files\Real 2008-11-22 18:41 . 2008-12-15 16:16 <DIR> d-------- c:\users\TomTom\AppData\Roaming\vlc 2008-11-21 15:24 . 2008-04-01 12:03 90,112 --a------ c:\windows\System32\UIWEBMON.DLL 2008-11-15 12:23 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2008-11-15 12:23 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2008-11-15 12:23 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll 2008-11-15 12:23 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2008-11-15 12:23 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll 2008-11-15 12:23 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2008-11-15 12:23 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll 2008-11-15 12:23 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll 2008-11-15 12:23 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-15 17:30 --------- d-----w c:\users\TomTom\AppData\Roaming\Skype 2008-12-15 15:41 --------- d-----w c:\programdata\Google Updater 2008-12-15 15:21 --------- d-----w c:\users\TomTom\AppData\Roaming\skypePM 2008-12-15 15:16 --------- d-----w c:\users\TomTom\AppData\Roaming\dvdcss 2008-12-13 17:08 --------- d-----w c:\program files\Windows Mail 2008-12-13 17:05 --------- d-----w c:\programdata\Microsoft Help 2008-12-05 12:57 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-29 18:50 --------- d-----w c:\program files\Common Files\Apple 2008-11-21 14:24 --------- d-----w c:\users\TomTom\AppData\Roaming\WEB.DE 2008-11-21 14:24 --------- d-----w c:\programdata\WEB.DE 2008-11-21 14:24 --------- d-----w c:\program files\WEB.DE 2008-11-19 18:30 361,216 ----a-w c:\windows\System32\TuneUpDefragService.exe 2008-11-19 18:30 --------- d-----w c:\program files\TuneUp Utilities 2008 2008-11-16 22:16 --------- d-----w c:\program files\DivX 2008-11-11 10:30 --------- d-----w c:\programdata\WLInstaller 2008-11-08 11:47 --------- d-----w c:\program files\CCleaner 2008-11-05 13:32 --------- d-----w c:\users\TomTom\AppData\Roaming\ICQ 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-10-29 11:25 --------- d-----w c:\users\TomTom\AppData\Roaming\Sony 2008-10-29 10:59 --------- d-----w c:\programdata\Sony 2008-10-29 10:56 --------- d-----w c:\program files\Common Files\Sony Shared 2008-10-29 10:54 --------- d-----w c:\programdata\Apple 2008-10-29 10:54 --------- d-----w c:\program files\Apple Software Update 2008-10-29 10:53 --------- d-----w c:\users\TomTom\AppData\Roaming\Sony Setup 2008-10-29 10:53 --------- d-----w c:\program files\Sony Setup 2008-10-29 10:26 --------- d-----w c:\program files\Common Files\InstallShield 2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe 2008-10-28 22:36 823,296 ----a-w c:\windows\System32\divx_xx0c.dll 2008-10-28 22:36 823,296 ----a-w c:\windows\System32\divx_xx07.dll 2008-10-28 22:35 815,104 ----a-w c:\windows\System32\divx_xx0a.dll 2008-10-28 22:35 802,816 ----a-w c:\windows\System32\divx_xx11.dll 2008-10-28 22:35 684,032 ----a-w c:\windows\System32\DivX.dll 2008-10-27 09:16 --------- d-----w c:\users\TomTom\AppData\Roaming\Acronis 2008-10-26 06:05 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll 2008-09-25 08:03 81,920 ----a-w c:\windows\System32\dpl100.dll 2008-09-25 08:03 593,920 ----a-w c:\windows\System32\dpuGUI11.dll 2008-09-25 08:03 57,344 ----a-w c:\windows\System32\dpv11.dll 2008-09-25 08:03 53,248 ----a-w c:\windows\System32\dpuGUI10.dll 2008-09-25 08:03 524,288 ----a-w c:\windows\System32\DivXsm.exe 2008-09-25 08:03 344,064 ----a-w c:\windows\System32\dpus11.dll 2008-09-25 08:03 294,912 ----a-w c:\windows\System32\dpu11.dll 2008-09-25 08:03 294,912 ----a-w c:\windows\System32\dpu10.dll 2008-09-25 08:03 196,608 ----a-w c:\windows\System32\dtu100.dll 2008-09-25 08:03 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe 2008-09-19 21:57 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll 2008-09-19 21:55 200,704 ----a-w c:\windows\System32\ssldivx.dll 2008-09-19 21:55 1,044,480 ----a-w c:\windows\System32\libdivx.dll 2008-09-19 21:54 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll 2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe 2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe 2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll 2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll 2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys 2008-09-16 19:12 222,488 ----a-w c:\windows\System32\snapapi.dll 2008-08-31 19:37 56 ---ha-w c:\programdata\ezsidmv.dat 2008-07-30 02:15 174 --sha-w c:\program files\desktop.ini 2008-07-11 10:16 0 ----a-w c:\users\TomTom\AppData\Roaming\wklnhst.dat 2008-08-09 04:36 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-11-08 533264] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "WEB.DE_WEB.DE SmartDrive Manager"="c:\program files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE" [2008-07-29 1204224] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864] "Windows Mail"="c:\program files\Windows Mail\WinMail.exe" [2008-01-19 397312] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-10 68856] "ICQ"="c:\program files\ICQ6\ICQ.exe" [2008-09-01 173304] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "recinfo381"="c:\recinfo\RecInfo.exe" [2007-10-23 2764800] "CamserviceDeluxe2"="c:\program files\Hercules\Deluxe Optical Glass\Camservice.exe" [2007-08-10 81920] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-03-24 45056] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-05 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8530464] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-10-03 4378000] "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-10-03 962480] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-10-03 165144] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 c:\windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-11-20 c:\windows\SkyTel.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Ulead Kalendar Checker 4.0 SE.lnk - c:\program files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2008-07-21 69632] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" "ehTray.exe"=c:\windows\ehome\ehTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{AD9C41A3-ACAC-41AB-A1D8-66B32E7098B7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{54B42A56-F814-44B2-9461-9E6FA377FD7C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{08663C63-2AE2-4BBE-A11D-71A7500EAED0}"= UDP:c:\program files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe:FSCLBaseUpdaterService.exe "{D9D838A6-0410-4A15-9C6E-5C49CBE7BDB4}"= TCP:c:\program files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe:FSCLBaseUpdaterService.exe "TCP Query User{B700A660-F93B-4105-8D2D-85D9219FB088}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{2CB0A24D-05D6-4865-A16E-6DB8A353E1F1}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "{AD1A03D1-41A9-4E56-9622-7A930A84965D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{6036EF6B-2ACE-4079-B9E7-9B9B6B89F643}c:\\users\\tomtom\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:c:\users\tomtom\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "UDP Query User{8DB11DDE-28D8-433C-9675-C342559C990E}c:\\users\\tomtom\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:c:\users\tomtom\appdata\local\temp\nero web\setupxu.exe:setupxu.exe "TCP Query User{12E349DD-5326-4847-92A8-394372937C91}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter "UDP Query User{91BD7A11-CE54-4265-A885-B83366096BCF}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter "TCP Query User{6BDBFC9D-8A94-426F-B71D-7A74284B2820}c:\\program files\\hercules\\deluxe optical glass\\station2.exe"= UDP:c:\program files\hercules\deluxe optical glass\station2.exe:Hercules Webcam Station Evolution SE "UDP Query User{488C2F30-F925-42A1-95E7-F17538214FAC}c:\\program files\\hercules\\deluxe optical glass\\station2.exe"= TCP:c:\program files\hercules\deluxe optical glass\station2.exe:Hercules Webcam Station Evolution SE "TCP Query User{50004E28-ABE7-45C2-9228-9F74D880A651}c:\\program files\\zattoo\\zattood.exe"= UDP:c:\program files\zattoo\zattood.exe:zattood "UDP Query User{D225A901-7567-4C4A-8781-7581439D843F}c:\\program files\\zattoo\\zattood.exe"= TCP:c:\program files\zattoo\zattood.exe:zattood "TCP Query User{D87335D7-B270-46D6-8163-3B38EEDD6DAE}c:\\program files\\zattoo\\zattoo.exe"= UDP:c:\program files\zattoo\zattoo.exe: "UDP Query User{56120FA4-C7B4-4A87-AA3F-838F90F47420}c:\\program files\\zattoo\\zattoo.exe"= TCP:c:\program files\zattoo\zattoo.exe: "TCP Query User{B0C70D7E-6988-4FE3-AF16-8AA99C94A274}c:\\program files\\hercules\\deluxe optical glass\\controlui.exe"= UDP:c:\program files\hercules\deluxe optical glass\controlui.exe:Hercules Zoom Controller Main Application "UDP Query User{0B7B0D02-BB75-42AC-978A-84FBF59A5BA5}c:\\program files\\hercules\\deluxe optical glass\\controlui.exe"= TCP:c:\program files\hercules\deluxe optical glass\controlui.exe:Hercules Zoom Controller Main Application "{49B70E2D-EF2B-4D10-84B2-C62E1CDFCEFD}"= c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{7EFF7479-EEC5-43F3-B7D0-57F48458EEA2}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{B757ACF3-FD8C-41EF-BBA5-49F671BC8246}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{1918DA9A-7241-4F04-AE51-8FAE32409E78}c:\\program files\\icq6\\icq.exe"= UDP:c:\program files\icq6\icq.exe:ICQ Library "UDP Query User{CD4865B7-C648-4A51-8962-4A9D5CD579A4}c:\\program files\\icq6\\icq.exe"= TCP:c:\program files\icq6\icq.exe:ICQ Library "{E6054778-8BA7-4562-8340-069E296E4779}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{4EE6A5F0-EAC4-4228-8C11-DD01FB7C9F86}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{CEB58C9B-F683-40B0-9E3E-D9CD429368C2}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{E5D46346-7357-4CDA-BD9F-B1203EB5A3FB}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-08-16 39472] R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\DRIVERS\snman380.sys [2008-10-09 134272] R0 tdrpman140;Acronis Try&Decide and Restore Points filter (build 140);c:\windows\system32\DRIVERS\tdrpm140.sys [2008-10-09 971168] R1 uiwbrdr;uiwbrdr;c:\windows\system32\DRIVERS\uiwbrdr.sys [2008-07-13 272896] R3 camfilt2;camfilt2;c:\windows\system32\DRIVERS\camfilt2.sys [2008-07-11 94720] S3 ce6230;Intel CE6230 Standalone USB Driver;c:\windows\system32\DRIVERS\CE6230StandaloneDriver.sys [2008-07-13 44800] S3 ce6230BDACAP;Realfine CE6230 BDA Driver;c:\windows\system32\DRIVERS\CE6230BDA.sys [2008-07-13 19328] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-28 29744] S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);c:\windows\system32\DRIVERS\SE2Ebus.sys [2008-10-29 61600] S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;c:\windows\system32\DRIVERS\SE2Emdfl.sys [2008-10-29 9360] S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;c:\windows\system32\DRIVERS\SE2Emdm.sys [2008-10-29 97184] S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\SE2Emgmt.sys [2008-10-29 88688] S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);c:\windows\system32\DRIVERS\se2End5.sys [2008-10-29 18704] S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\SE2Eobex.sys [2008-10-29 86560] S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);c:\windows\system32\DRIVERS\se2Eunic.sys [2008-10-29 90800] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba77fdf1-4e9e-11dd-9bda-806e6f6e6963}] \shell\AutoRun\command - e:\0data\cobi.exe . Inhalt des "geplante Tasks" Ordners 2008-12-15 c:\windows\Tasks\1-Klick-Wartung.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-08-01 17:22] 2008-12-15 c:\windows\Tasks\User_Feed_Synchronization-{909C9753-549B-48DF-9136-5E046B2DBD6B}.job - c:\windows\system32\msfeedssync.exe [2008-01-19 08:33] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-15 18:30:20 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'lsass.exe'(1204) c:\windows\system32\relog_ap.dll - - - - - - - > 'Explorer.exe'(5920) c:\program files\WEB.DE\WEB.DE SmartDrive Manager\ExplorerHook.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\System32\audiodg.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe c:\windows\System32\conime.exe c:\windows\System32\rundll32.exe c:\windows\System32\rundll32.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\ehome\ehmsas.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Zeit der Fertigstellung: 2008-12-15 18:38:13 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2008-12-15 17:38:00 Vor Suchlauf: 26 Verzeichnis(se), 169.371.201.536 Bytes frei Nach Suchlauf: 26 Verzeichnis(se), 169,289,441,280 Bytes frei 301 --- E O F --- 2008-12-13 17:05:15 |
|
|
|
|
|
|
15.12.2008, 18:47
Member
Themenstarter Beiträge: 123 |
#8
A-Squared
Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing G DATA Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing |
|
|
|
|
|
|
15.12.2008, 18:54
Member
Themenstarter Beiträge: 123 |
#9
15.12.2008 18:52:28
mbam-log-2008-12-15 (18-52-28).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 46876 Laufzeit: 2 minute(s), 7 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
|
|
|
|
|
15.12.2008, 19:06
Member
Themenstarter Beiträge: 123 |
#10
so hoffe habe alle richtig gemacht
A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing G DATA Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing |
|
|
|
|
|
|
15.12.2008, 19:08
Member
Themenstarter Beiträge: 123 |
#11
so nachdem ich alles abgearbeitet habe noch einmal ein HijackThis
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:08:32, on 15.12.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Hercules\Deluxe Optical Glass\CamService.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe C:\Windows\System32\rundll32.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\ICQ6\ICQ.exe C:\Users\TomTom\AppData\Local\jgcgcxcx.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\rundll32.exe C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [recinfo381] c:\RecInfo\RecInfo.exe O4 - HKLM\..\Run: [CamserviceDeluxe2] C:\Program Files\Hercules\Deluxe Optical Glass\Camservice.exe /startup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20081126 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WEB.DE_WEB.DE SmartDrive Manager] "C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE" /hide O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Windows Mail] C:\Program Files\Windows Mail\WinMail.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent O4 - HKCU\..\Run: [jgcgcxcx] "c:\users\tomtom\appdata\local\jgcgcxcx.exe" jgcgcxcx O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O4 - Global Startup: Ulead Kalendar Checker 4.0 SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe -- End of file - 10300 bytes |
|
|
|
|
|
|
16.12.2008, 15:35
Member
Themenstarter Beiträge: 123 |
||
|
|
|
|
|
16.12.2008, 15:56
Moderator
Beiträge: 5694 |
#13
>>
Combofix entfernen: Windows Taste + R drücken Kopiere rein: Combofix /U - klicke "OK" (oder, wenn es nicht funktioniert: C:\QooBox löschen) >> Schliesse alle Fenster und starte Hijack This Klicke: Do a Systemscan only Setze ein Häckchen in das Kästchen vor den genannten Einträgen bei: (falls diese noch vorhanden sind) Zitat O4 - HKCU\..\Run: [jgcgcxcx] "c:\users\tomtom\appdata\local\jgcgcxcx.exe" jgcgcxcxund wähle fix checked. Starte den Rechner neu. >> Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere in das weisse Feld: Files to delete: c:\users\tomtom\appdata\local\jgcgcxcx.exe - schliesse alle offenen Programme (denn nach Anwendung des Avengers wird der Rechner neustarten) - Klicke: Execute - bestätige, dass der Rechner neu gestartet wird - klicke "yes" - nach dem Neustart erscheint automatisch ein Log vom Avenger - (C:\avenger.txt), kopiere es ab - mit rechtem Mausklick - kopieren - einfügen >> Java updaten: http://board.protecus.de/t32385-1.htm Gruss Swiss |
|
|
|
|
|
|
16.12.2008, 16:08
Member
Beiträge: 4730 |
#14
Und ich habe inzwischen herausgefunden, was RecInfo ist: http://www.forumla.de/f-windows-vista-forum-50/t-recovery-meldung-beim-start-abschalten-50009
__________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
|
|
|
|
16.12.2008, 19:13
Member
Themenstarter Beiträge: 123 |
#15
//////////////////////////////////////////
Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows NT 6.0 (build 6001, Service Pack 1) Tue Dec 16 19:06:13 2008 19:06:13: Error: Invalid script. A valid script must begin with a command directive. Aborting execution! ////////////////////////////////////////// ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows NT 6.0 (build 6001, Service Pack 1) Tue Dec 16 19:06:28 2008 19:06:28: Error: Invalid script. A valid script must begin with a command directive. Aborting execution! ////////////////////////////////////////// Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "c:\users\tomtom\appdata\local\jgcgcxcx.exe" not found! Deletion of file "c:\users\tomtom\appdata\local\jgcgcxcx.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Scan saved at 09:03:21, on 15.12.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hercules\Deluxe Optical Glass\CamService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\TomTom\AppData\Local\jgcgcxcx.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [recinfo381] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [CamserviceDeluxe2] C:\Program Files\Hercules\Deluxe Optical Glass\Camservice.exe /startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20081126
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WEB.DE_WEB.DE SmartDrive Manager] "C:\Program Files\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE" /hide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Windows Mail] C:\Program Files\Windows Mail\WinMail.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [jgcgcxcx] "c:\users\tomtom\appdata\local\jgcgcxcx.exe" jgcgcxcx
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Ulead Kalendar Checker 4.0 SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
--
End of file - 10095 bytes