Habe das Virus Tr/vundo.gen |
||
|---|---|---|
| #0
| ||
|
31.01.2009, 23:22
...neu hier
Beiträge: 6 |
||
 
|
|
|
|
31.01.2009, 23:44
Ehrenmitglied
 Beiträge: 6028 |
||
|
|
|
|
|
01.02.2009, 04:51
...neu hier
Themenstarter Beiträge: 6 |
#3
ok.
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [1] ( 01.02.2009| 4:50 ) [ UAC => 0 ] -----------\\ Suche nach Dateien - Ordnern ... C:\Program Files\AskBarDis C:\Program Files\AskBarDis\bar C:\Program Files\AskBarDis\unins000.dat C:\Program Files\AskBarDis\unins000.exe C:\Program Files\AskBarDis\bar\bin C:\Program Files\AskBarDis\bar\Settings C:\Program Files\AskBarDis\bar\bin\askBar.dll C:\Program Files\AskBarDis\bar\bin\askPopStp.dll C:\Program Files\AskBarDis\bar\bin\psvince.dll C:\Program Files\AskBarDis\bar\Settings\config.dat C:\Program Files\AskBarDis\bar\Settings\config.dat.bak C:\Program Files\AskTBar C:\Program Files\AskTBar\bar C:\Program Files\AskTBar\PopSwatr C:\Program Files\AskTBar\SrchAstt C:\Program Files\AskTBar\bar\1.bin C:\Program Files\AskTBar\bar\Cache C:\Program Files\AskTBar\bar\History C:\Program Files\AskTBar\bar\Settings C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL C:\Program Files\AskTBar\bar\Cache\00661D13 C:\Program Files\AskTBar\bar\Cache\00661F73 C:\Program Files\AskTBar\bar\Cache\006621C4.bin C:\Program Files\AskTBar\bar\Cache\006623E6.bin C:\Program Files\AskTBar\bar\Cache\00662637.bin C:\Program Files\AskTBar\bar\Cache\files.ini C:\Program Files\AskTBar\bar\History\search2 C:\Program Files\AskTBar\bar\Settings\prevcfg2.htm C:\Program Files\AskTBar\PopSwatr\History C:\Program Files\AskTBar\PopSwatr\History\allowed C:\Program Files\AskTBar\PopSwatr\History\notallow C:\Program Files\AskTBar\SrchAstt\1.bin C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://start.icq.com/" "Local Page"="C:\\Windows\\system32\\blank.htm" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "ICQ Search"="http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd" "Url"="http://go.microsoft.com/fwlink/?LinkId=75719" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=desktop" "Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=desktop" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" --------------------\\ Suche nach anderen Infektionen C:\Windows\system32\HjPXyyay.ini C:\Windows\system32\HjPXyyay.ini2 C:\Windows\system32\yayyXPjH.dll ==> VUNDO <== [ UAC => 1 ] 1 - "C:\ToolBar SD\TB_1.txt" - 01.02.2009| 4:51 - Option : [1] -----------\\ Scan beendet um 4:51:23,59 |
|
|
|
|
|
|
01.02.2009, 20:08
Ehrenmitglied
Beiträge: 6028 |
#4
Starte ToolbarSD nochmal
Gib ein D Enter und klicke bei den Pop-Up ok Wähle 2 Enter Am Ende erscheint ein Log (C:\TB.txt) poste dessen inhalt im Thread MalwareBytes' Anti-Malware Download MalwareBytes' Anti-Malware Malwarebytes Anti-Malware fuer Windows NT/2000/XP/2003 Server/Vista/2008 Server Download link 1 MalwareBytes' Anti-Malware Download link 2 MalwareBytes' Anti-Malware Download link 3 MalwareBytes' Anti-Malware Download link 4 MalwareBytes' Anti-Malware Download link 5 MalwareBytes' Anti-Malware Doppelklick mbam-setup und waehle Deutsch ,das Program wird jetzt ge-updatet Wähle bei Reiter: “Update “> klicke “Suche nache Aktualisierungen “ “Einstellungen“ hake an “Beende Inter Explorer während des Löschvorgangs“ “Scanner”> "Quick-scan durchführen". Scan laufen lassen Wenn am Ende infizierungen gefunden werden,anhaken und entfernen lassen Starte dein Rechner neu Unter Scanberichte stet das log (mbam-log-XX-XX-XXXX.txt) Poste dessen inhalt hier ins Forum Note: Wenn MBAM Schwierigkeiten damit hat Daten zu entfernen wird es gemeldet und klicke OK Danach wird gefragt den Rechner neu zu starten,lass es zu Malwarebytes Anti-Malware kann man nachher behalten ! Und wieder ein Log von Hijack This __________ MfG Argus |
|
|
|
|
|
|
03.02.2009, 00:45
...neu hier
Themenstarter Beiträge: 6 |
#5
Halllooo
Sorry für die verspätete antwort. also, hab alles gemacht, hat auch alles so geklappt. Das Virus erscheint nicht mehr. Aber ich poste zunächst mal alles oben genannte bevor ich mich zu früh freu ;-) 1. das Log (C:\TB.txt) von ToolbarSD -----------\\ ToolBar S&D 1.2.8 XP/Vista "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [2] ( 02.02.2009|23:30 ) [ UAC => 1 ] -----------\\ FIX Geloescht ! - C:\Program Files\AskBarDis\bar Geloescht ! - C:\Program Files\AskBarDis\unins000.dat Geloescht ! - C:\Program Files\AskBarDis\unins000.exe Gescheitert! - C:\Program Files\AskTBar\bar Geloescht ! - C:\Program Files\AskTBar\PopSwatr Gescheitert! - C:\Program Files\AskTBar\SrchAstt Gescheitert! - C:\Program Files\AskTBar\bar\1.bin Gescheitert! - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL Gescheitert! - C:\Program Files\AskTBar\SrchAstt\1.bin Gescheitert! - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL Geloescht ! - C:\Program Files\AskBarDis Gescheitert! - C:\Program Files\AskTBar -----------\\ ZWEITER SCHRITT Gescheitert! - C:\Program Files\AskTBar\bar Gescheitert! - C:\Program Files\AskTBar\SrchAstt Gescheitert! - C:\Program Files\AskTBar\bar\1.bin Gescheitert! - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL Gescheitert! - C:\Program Files\AskTBar\SrchAstt\1.bin Gescheitert! - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL Gescheitert! - C:\Program Files\AskTBar -----------\\ Suche nach Dateien - Ordnern ... C:\Program Files\AskTBar C:\Program Files\AskTBar\bar C:\Program Files\AskTBar\SrchAstt C:\Program Files\AskTBar\bar\1.bin C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL C:\Program Files\AskTBar\SrchAstt\1.bin C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Local Page"="C:\\Windows\\system32\\blank.htm" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "ICQ Search"="http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd" "Url"="http://go.microsoft.com/fwlink/?LinkId=75719" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" "Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=desktop" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" --------------------\\ Suche nach anderen Infektionen C:\Windows\system32\HjPXyyay.ini C:\Windows\system32\HjPXyyay.ini2 C:\Windows\system32\yayyXPjH.dll ==> VUNDO <== [ UAC => 1 ] 1 - "C:\ToolBar SD\TB_1.txt" - 01.02.2009| 4:51 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 02.02.2009|23:31 - Option : [2] -----------\\ Scan beendet um 23:31:39,86 2. das log (mbam-log-XX-XX-XXXX.txt) Malwarebytes' Anti-Malware 1.33 Datenbank Version: 1717 Windows 6.0.6000 03.02.2009 00:12:06 mbam-log-2009-02-03 (00-12-06).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 48609 Laufzeit: 3 minute(s), 34 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 17 Infizierte Registrierungswerte: 4 Infizierte Dateiobjekte der Registrierung: 2 Infizierte Verzeichnisse: 0 Infizierte Dateien: 12 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\Windows\System32\yayyXPjH.dll (Trojan.Vundo.H) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b60d595d-88a6-48ad-abc3-ecf4328909d2} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{b60d595d-88a6-48ad-abc3-ecf4328909d2} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7cab59b4-55a3-4737-9fd5-b93c6430bf78} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7cab59b4-55a3-4737-9fd5-b93c6430bf78} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b60d595d-88a6-48ad-abc3-ecf4328909d2} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ba0712db (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ba0712db (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayyxpjh -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayyxpjh -> Delete on reboot. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\System32\yayyXPjH.dll (Trojan.Vundo.H) -> Delete on reboot. C:\Windows\System32\HjPXyyay.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Windows\System32\HjPXyyay.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Windows\System32\annethen.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Windows\System32\asvlniwo.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Windows\System32\bxqiotmv.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Windows\System32\htelaiby.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Windows\System32\sqwltdsb.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Windows\System32\vecaldsx.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Windows\System32\xberaqec.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Windows\System32\xhqaeiaa.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Windows\System32\xxjxdfpb.dll (Trojan.Vundo) -> Quarantined and deleted successfully. 3. das Log von Hijack This Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:30:08, on 03.02.2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\hp\support\hpsysdrv.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\RtHDVCpl.exe C:\Windows\VM_STI.EXE C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Users\mehdi\Desktop\ibo1\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE Philips SPC 200NC PC Camera O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Generic Host] wauclt.exe O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU) O13 - Gopher Prefix: O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{12BC8868-7D93-47E1-A52C-F0CDFD5ADAD1}: NameServer = 195.50.140.178 195.50.140.114 O17 - HKLM\System\CS1\Services\Tcpip\..\{12BC8868-7D93-47E1-A52C-F0CDFD5ADAD1}: NameServer = 195.50.140.178 195.50.140.114 O17 - HKLM\System\CS2\Services\Tcpip\..\{12BC8868-7D93-47E1-A52C-F0CDFD5ADAD1}: NameServer = 195.50.140.178 195.50.140.114 O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 8666 bytes Das sind die Ergebnisse. Bin ich es jetzt los?? ;-) |
|
|
|
|
|
|
03.02.2009, 00:57
Ehrenmitglied
Beiträge: 6028 |
#6
Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU) Klicke Fixed checked ComboFix(by sUBs) Download ComboFix und speichert es auf den Desktop! Download ComboFix1 Download ComboFix2 Note:Wenn wehrend du Combofix runterlaedst oder anwendet ein Meldung deines Virenscanner kommt oder ein anderen Realtime scanner Schalte diese scanner dann aus und download ComboFix erneut Es gibt scanner die bestimmte komponente die durch CF benutzt werden als verdaechtig ansehen und versucht sie zu blokkieren oder zu entfernen Starte combofix.exe Folge den Instruktionen in das Fenster Wenn ComboFix schon vorher benutzt worden ist kann es sein das du eine Meldung bekommst das es ein Update gibt Erlaube diesen Update und klicke OK im "NirCmd“ fenster klicke nach ablauf auf "ja“um den Scan zu starten Während Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner Wenn das Tool fertig ist,oeffnet sich ein logfile (C:\ combofix.txt) nun das KOMPLETTE Log mit rechtem Mausklick ab kopieren und ins Forum mit rechtem Mausklick "einfügen" Befolge diese Anleitung __________ MfG Argus |
|
|
|
|
|
|
03.02.2009, 22:49
...neu hier
Themenstarter Beiträge: 6 |
#7
Hallo,
alles erledigt. Das kam als combofix.txt raus: ComboFix 09-02-02.04 - mehdi 2009-02-03 22:23:01.1 - NTFSx86 ausgeführt von:: c:\users\mehdi\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\abwsqdiw.ini c:\windows\system32\ckosjijd.ini c:\windows\system32\dhykvyxv.ini c:\windows\system32\dwqnnpnb.ini c:\windows\system32\epojodpj.ini c:\windows\system32\gaibeyrq.ini c:\windows\system32\ilcsivxy.ini c:\windows\system32\pxtitfki.ini c:\windows\system32\qgjlkqoq.ini c:\windows\system32\yjfyumxt.ini c:\windows\system32\yyyaghua.ini . ((((((((((((((((((((((( Dateien erstellt von 2009-01-03 bis 2009-02-03 )))))))))))))))))))))))))))))) . 2009-02-03 22:18 . 2009-02-03 22:18 320,000 --a------ c:\windows\System32\CF4445.exe 2009-02-02 23:45 . 2009-02-02 23:45 <DIR> d-------- c:\users\mehdi\AppData\Roaming\Malwarebytes 2009-02-02 23:45 . 2009-02-02 23:45 <DIR> d-------- c:\users\All Users\Malwarebytes 2009-02-02 23:45 . 2009-02-02 23:45 <DIR> d-------- c:\programdata\Malwarebytes 2009-02-02 23:45 . 2009-02-02 23:57 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-02 23:45 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-02-02 23:45 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-02-01 21:33 . 2009-02-01 21:33 <DIR> d----c--- c:\windows\System32\DRVSTORE 2009-02-01 21:33 . 2009-02-01 21:33 <DIR> d-------- c:\program files\Microsoft Silverlight 2009-02-01 21:33 . 2008-12-08 17:01 55,264 --a------ c:\windows\System32\drivers\fssfltr.sys 2009-02-01 21:32 . 2009-02-01 21:32 <DIR> d-------- c:\program files\Microsoft Sync Framework 2009-02-01 04:49 . 2009-02-02 23:31 <DIR> d-------- C:\ToolBar SD 2009-01-31 12:27 . 2009-01-31 12:27 0 --a------ C:\ARKEA5E.tmp 2009-01-27 08:13 . 2009-01-27 08:13 <DIR> d-------- c:\program files\Firaxis Games 2009-01-26 22:19 . 2009-02-03 18:27 <DIR> d-------- c:\users\mehdi\Tracing 2009-01-26 22:17 . 2009-01-26 22:17 <DIR> d-------- c:\users\All Users\Kaspersky Lab Setup Files 2009-01-26 22:17 . 2009-01-26 22:17 <DIR> d-------- c:\programdata\Kaspersky Lab Setup Files 2009-01-26 21:40 . 2009-01-26 21:40 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition 2009-01-26 21:36 . 2009-01-26 21:36 <DIR> d-------- c:\program files\Windows Live SkyDrive 2009-01-26 21:36 . 2009-01-26 21:36 <DIR> d-------- c:\program files\Microsoft 2009-01-26 21:36 . 2009-01-26 21:36 0 --a------ C:\ARKF069.tmp 2009-01-26 21:30 . 2009-01-26 21:30 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-01-18 19:18 . 2009-01-18 19:18 230,454 --a------ c:\windows\System32\normalo.bmp 2009-01-12 01:46 . 2009-01-12 01:46 0 --a------ C:\ARK85CB.tmp 2009-01-12 01:45 . 2009-01-12 01:45 0 --a------ C:\ARKF15A.tmp 2009-01-03 01:11 . 2009-01-03 01:11 0 --a------ C:\ARKDC81.tmp . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-02 22:30 --------- d-----w c:\program files\AskTBar 2009-02-01 20:33 --------- d-----w c:\program files\Windows Live 2009-01-31 20:04 --------- d-----w c:\program files\Nokia 2009-01-31 20:03 --------- d-----w c:\programdata\TuneUp Software 2009-01-31 20:01 --------- d-----w c:\program files\Winamp 2009-01-31 19:53 --------- d-----w c:\program files\Yahoo! 2009-01-27 07:21 --------- d-----w c:\users\mehdi\AppData\Roaming\My Games 2009-01-27 07:13 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-07 21:20 107,520 ----a-w c:\windows\System32\mgfggdhe.dll 2008-12-07 20:28 107,520 ----a-w c:\windows\System32\sqfexkfb.dll 2008-12-04 23:19 308,584 ----a-w c:\windows\WLXPGSS.SCR 2008-12-02 21:37 49,480 ----a-w c:\windows\System32\sirenacm.dll 2008-01-18 19:59 0 ----a-w c:\users\mehdi\AppData\Roaming\wklnhst.dat 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini 2008-12-21 13:41 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-12-21 13:41 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-12-21 13:41 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-12-21 13:41 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-12-21 13:41 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2008-09-21 17:18 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008092120080922\index.dat . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-02-14 486856] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552] "NvSvc"="c:\windows\system32\nvsvc.dll" [2006-11-21 90191] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-21 7753728] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-21 81920] "BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 57344] "PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 c:\windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-24 44136] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "FilterAdministratorToken"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.iv32"= c:\windows\system32\ir32_32.dll "vidc.iv31"= c:\windows\system32\ir32_32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{F2D18B41-6C73-4B14-9F7B-8AA5A33EBCA3}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{1AC1F4EC-5864-4B86-A01D-470BF64C7A10}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{4C4067A1-83BC-490D-938C-A67AD364C407}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server "{33E483CD-EF29-4CEF-AC73-CC05B287828B}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server "{DE8A821A-DD3E-4611-A68D-195DF6A5B9F6}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service "{573777C6-D6DD-4A01-A49C-85CED839F8E1}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service "{0D112381-6787-41D6-AA60-63C8385DF272}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery "{018E0E49-CC3D-4138-A4D4-B638BF134499}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery "{95431AB9-3C5B-4298-9703-5AA4CE045FCC}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{EDDA1D82-3F9E-4939-9621-FF951A22A678}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "TCP Query User{DC38847B-4009-4B40-B357-9C761B29A617}c:\\program files\\anno 1701\\anno1701.exe"= UDP:c:\program files\anno 1701\anno1701.exe:Anno 1701 "UDP Query User{6C32753C-E073-4298-806B-5CD7D8E35915}c:\\program files\\anno 1701\\anno1701.exe"= TCP:c:\program files\anno 1701\anno1701.exe:Anno 1701 "TCP Query User{D6AA73E9-6000-4945-9CA8-A144C00E8A58}c:\\program files\\pando networks\\pando\\pando.exe"= UDP:c:\program files\pando networks\pando\pando.exe  ando"UDP Query User{8C33A67A-4568-44E8-BBBF-C1F735FFA7F6}c:\\program files\\pando networks\\pando\\pando.exe"= TCP:c:\program files\pando networks\pando\pando.exe ando"{3E50C63A-B068-4B62-8A71-B218A8CEDAFA}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) "{BE35F6CE-78EF-48D5-A144-D9627A627CC9}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) "{3E9DA48A-2FD1-48AF-96D4-31582463AFFB}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb "{2E3F2BAA-4921-423D-B482-031DFE28DDC4}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb "{E85BEDE8-E4C3-4C6E-ABB7-8B1DE00E232E}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray "{F29FF3C2-0773-4AB1-8D7A-4FF3E3EEAED6}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray "{E69A9533-1E09-4BA7-8B8F-37392F17F96E}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR "{997A1EE4-9446-4796-B07D-C984509871D1}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR "{65B0B594-EF47-4D8C-B990-33D32E668D4A}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{F67B0722-D63F-4983-A57F-72D68622A28F}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{950A9605-BE07-4654-8B95-9724D3313580}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4 "{F7039F23-28A1-4941-A3A2-A0155CC1E77F}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4 "TCP Query User{FBE46028-6307-457D-A147-D886AAD12EC7}c:\\users\\mehdi\\desktop\\mohaa\\mohaa.exe"= UDP:c:\users\mehdi\desktop\mohaa\mohaa.exe:mohaa.exe "UDP Query User{EA54DF16-C316-45D6-892B-049DB10F8BAC}c:\\users\\mehdi\\desktop\\mohaa\\mohaa.exe"= TCP:c:\users\mehdi\desktop\mohaa\mohaa.exe:mohaa.exe "{B25FC455-E578-4022-A059-25937DFBC90C}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R1 SSHDRV57;SSHDRV57;c:\windows\System32\drivers\SSHDRV57.sys [2008-05-11 32768] R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896] R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640] S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [2006-05-10 29696] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-02-01 55264] S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344] --- Andere Dienste/Treiber im Speicher --- *Deregistered* - sptd . Inhalt des "geplante Tasks" Ordners 2008-02-26 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [] . - - - - Entfernte verwaiste Registrierungseinträge - - - - WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file) HKLM-Run-Generic Host - wauclt.exe . ------- Zusätzlicher Suchlauf ------- . mWindow Title = TCP: {12BC8868-7D93-47E1-A52C-F0CDFD5ADAD1} = 195.50.140.178 195.50.140.114 FF - ProfilePath - c:\users\mehdi\AppData\Roaming\Mozilla\Firefox\Profiles\9dd3paxv.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll ---- FIREFOX Richtlinien ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 200000 FF - user.js: content.notify.interval - 100000 FF - user.js: content.switch.threshold - 650000 FF - user.js: nglayout.initialpaint.delay - 300 c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-03 22:25:30 Windows 6.0.6000 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2009-02-03 22:27:30 ComboFix-quarantined-files.txt 2009-02-03 21:27:27 Vor Suchlauf: 20 Verzeichnis(se), 254.311.833.600 Bytes frei Nach Suchlauf: 20 Verzeichnis(se), 254,285,029,376 Bytes frei 206 --- E O F --- 2008-02-21 21:20:12 |
|
|
|
|
|
|
03.02.2009, 23:14
Ehrenmitglied
Beiträge: 6028 |
#8
Start > Ausführen> Kopiere rein ComboFix /U OK
OTMoveIt.exe Download OTMoveIt3 zum Desktop Oeffne:OTMoveIt.exe (Vista benutzer, rechtsklick auf OTMoveit3.exe und waehle "Run as Administrator") Kopiere (selektiere en klick Ctrl-C) alle unterstehende Code :Processesim linken Fenster,wo steht "Paste List of Files/Folders to be moved" Klicke auf den Roten MoveIt! knopf Wenn das Tool fertig ist wird ein log erstellt (*******_******.log *steht fuer datum und zeit In Datei C:\_OTMoveIt\MovedFiles\ Mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" __________ MfG Argus |
|
|
|
|
|
|
03.02.2009, 23:36
Ehrenmitglied
Beiträge: 6028 |
#9
Virustotal
Verborgene Dateien sichtbar machen Arbeitsplatz öffnen >Extras >Ordneroptionen >den Reiter "Ansicht" >Versteckte Dateien und Ordner >"alle Dateien und Ordner anzeigen" aktivieren und >Extras >Ordneroptionen >den Reiter "Ansicht" >Dateien und Ordner >"Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren VISTA Öffnen Sie den Explorer und gehen in der oberen linken Ecke auf „Organisieren“. Wählen Sie den Punkt Ordner und Suchoptionen. Im Register „Ansicht“ gehen Sie auf „Versteckte Dateien und Ordner“ und wählen hier, alle Dateien und Ordner anzeigen. Bestätigen Sie nun mit O.K. um diese Änderung zu übernehmen. Prüfe mal diese Datei(en) bei Virustotal Zitat c:\windows\System32\wauclt.exeNote: Wenn bei VirusTotal die Meldung kommt ” Die Datei wurde bereits analysiert “wähle „Analysiere die Datei“ Poste die Daten Poste nur die URL am Ende(der link oben in der leiste) __________ MfG Argus |
|
|
|
|
|
|
05.02.2009, 01:40
...neu hier
Themenstarter Beiträge: 6 |
#10
hi,
das kan dabei raus: ========== PROCESSES ========== Process explorer.exe killed successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== DllUnregisterServer procedure not found in c:\windows\System32\mgfggdhe.dll c:\windows\System32\mgfggdhe.dll NOT unregistered. c:\windows\System32\mgfggdhe.dll moved successfully. DllUnregisterServer procedure not found in c:\windows\System32\sqfexkfb.dll c:\windows\System32\sqfexkfb.dll NOT unregistered. c:\windows\System32\sqfexkfb.dll moved successfully. C:\ToolBar SD\Backup-TB\Reg moved successfully. C:\ToolBar SD\Backup-TB\Program Files\AskTBar\SrchAstt\1.bin moved successfully. C:\ToolBar SD\Backup-TB\Program Files\AskTBar\SrchAstt moved successfully. C:\ToolBar SD\Backup-TB\Program Files\AskTBar\bar\1.bin moved successfully. C:\ToolBar SD\Backup-TB\Program Files\AskTBar\bar moved successfully. C:\ToolBar SD\Backup-TB\Program Files\AskTBar moved successfully. C:\ToolBar SD\Backup-TB\Program Files\AskBarDis moved successfully. C:\ToolBar SD\Backup-TB\Program Files moved successfully. C:\ToolBar SD\Backup-TB moved successfully. C:\ToolBar SD moved successfully. c:\program files\AskTBar\SrchAstt\1.bin moved successfully. c:\program files\AskTBar\SrchAstt moved successfully. c:\program files\AskTBar\bar\1.bin moved successfully. c:\program files\AskTBar\bar moved successfully. c:\program files\AskTBar moved successfully. ========== COMMANDS ========== File delete failed. C:\Users\mehdi\AppData\Local\Temp\hsperfdata_mehdi\3116 scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. File delete failed. C:\Windows\temp\MpCmdRun-1A-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock scheduled to be deleted on reboot. File delete failed. C:\Windows\temp\MpCmdRun.log scheduled to be deleted on reboot. File delete failed. C:\Windows\temp\nmsmc_DQLWinService.log scheduled to be deleted on reboot. File delete failed. C:\Windows\temp\TMP0000003F5452A9BB5CE8FDF2 scheduled to be deleted on reboot. Windows Temp folder emptied. File delete failed. C:\Users\mehdi\AppData\Local\Mozilla\Firefox\Profiles\9dd3paxv.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Users\mehdi\AppData\Local\Mozilla\Firefox\Profiles\9dd3paxv.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Users\mehdi\AppData\Local\Mozilla\Firefox\Profiles\9dd3paxv.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Users\mehdi\AppData\Local\Mozilla\Firefox\Profiles\9dd3paxv.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02052009_005938 Files moved on Reboot... File C:\Users\mehdi\AppData\Local\Temp\hsperfdata_mehdi\3116 not found! File C:\Windows\temp\MpCmdRun-1A-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock not found! C:\Windows\temp\MpCmdRun.log moved successfully. File move failed. C:\Windows\temp\nmsmc_DQLWinService.log scheduled to be moved on reboot. File C:\Windows\temp\TMP0000003F5452A9BB5CE8FDF2 not found! C:\Users\mehdi\AppData\Local\Mozilla\Firefox\Profiles\9dd3paxv.default\Cache\_CACHE_001_ moved successfully. C:\Users\mehdi\AppData\Local\Mozilla\Firefox\Profiles\9dd3paxv.default\Cache\_CACHE_002_ moved successfully. C:\Users\mehdi\AppData\Local\Mozilla\Firefox\Profiles\9dd3paxv.default\Cache\_CACHE_003_ moved successfully. C:\Users\mehdi\AppData\Local\Mozilla\Firefox\Profiles\9dd3paxv.default\Cache\_CACHE_MAP_ moved successfully. Die Datei wauclt.exe konnte nicht gefunden werden. ich hab auch noch mal in c:\windows\System32\ nachgeschaut, nix gefunden |
|
|
|
|
|
|
05.02.2009, 13:58
Ehrenmitglied
Beiträge: 6028 |
#11
Starte OTMoveIt nochmal und klicke den Gruenen Cleanup Knopf
Damit werden Reste von benutzten Programme wieder entfernt Und poste nochmal ein Log von Hijack This __________ MfG Argus |
|
|
|
|
|
|
05.02.2009, 19:57
...neu hier
Themenstarter Beiträge: 6 |
#12
Hallo,
Leider kann ich das nicht ausführen. Mein Cpmputer fährt nicht mehr ganz hoch. Beim Hochfahren steht immer: "updates werden konfiguriert 3 von 3 --- 0% abgeschlossen schalten sie den Computer nicht aus". auch nach 3 stunden warten hat sich nichts getan :-) egal in welchem Modus ich es starte (abgesichert,...) ?? Grüße |
|
|
|
|
|
|
05.02.2009, 20:08
Ehrenmitglied
Beiträge: 6028 |
#13
Hier steht eine moegliche lösung
http://www.windows-vista-forum.de/update-auf-windows-vista-f3/konfiguriert-updates-3-von-30-faehrt-herunter-und-startet-t1042.html __________ MfG Argus |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
ich habe ein wie oft schon hier erwähntes Problem mit dem TR/Vundo.Gen.
Exakt die gleichen Anzeichen: es erscheint immer wieder und ich werde es nicht los.
Würde mich sehr freuen wenn ihr mir helfen könnt!
hab die hijackthis.log schon mal kopiert:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:08, on 31.01.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\VM_STI.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hp\kbd\kbd.exe
C:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Users\mehdi\Desktop\highjackvirusprofile\HijackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\Windows\system32\wvUlkHwU.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7CAB59B4-55A3-4737-9FD5-B93C6430BF78} - C:\Windows\system32\jvthtdmp.dll (file missing)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {CB8EEBD7-D942-48D7-BA91-197923BE4A7E} - C:\Windows\system32\yayyXPjH.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Generic Host] wauclt.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\wvUlkHwU.dll,#1
O4 - HKLM\..\Run: [ba0712db] rundll32.exe "C:\Windows\system32\auhgayyy.dll",b
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12BC8868-7D93-47E1-A52C-F0CDFD5ADAD1}: NameServer = 195.50.140.178 195.50.140.114
O17 - HKLM\System\CS1\Services\Tcpip\..\{12BC8868-7D93-47E1-A52C-F0CDFD5ADAD1}: NameServer = 195.50.140.178 195.50.140.114
O17 - HKLM\System\CS2\Services\Tcpip\..\{12BC8868-7D93-47E1-A52C-F0CDFD5ADAD1}: NameServer = 195.50.140.178 195.50.140.114
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe