Rechner ist extrem langsam, Downloads können nicht mehr gespeichert werden |
||
---|---|---|
#0
| ||
28.09.2009, 20:41
Member
Beiträge: 21 |
||
|
||
28.09.2009, 21:36
Ehrenmitglied
Beiträge: 6028 |
||
|
||
28.09.2009, 21:37
Moderator
Beiträge: 5694 |
#3
Da ist einiges drauf.
Nach den Anweisungen von Arnold arbeite folgendes ab: >> Lade bitte SDfix, wende es im abgesicherten Modus an + poste hier den Report, der nach Neustart erscheint http://virus-protect.org/artikel/tools/sdfix.html >> Scanne mit Malwarebytes, lass das gefundene löschen und poste das Log: (Vor der Anwendung Update nicht vergessen) http://virus-protect.org/artikel/tools/malwarebytes.html >> wende bitte RSIT an + poste die zwei Logs http://virus-protect.org/artikel/tools/random.html Gruss Swiss |
|
|
||
29.09.2009, 12:28
Member
Themenstarter Beiträge: 21 |
#4
So, danke erstmal für die Bearbeitung.
Und nun die Logfiles: ToolbarSD: -----------\\ ToolBar S&D 1.2.9 XP/Vista Microsoft (R) Windows Script Host, Version 5.7 Copyright (C) Microsoft Corporation 1996-2001. Alle Rechte vorbehalten. Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.66GHz ) BIOS : Phoenix - AwardBIOS v6.00PG USER : mama ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated) C:\ (Local Disk) - NTFS - Total:71 Go (Free:15 Go) D:\ (Local Disk) - NTFS - Total:67 Go (Free:5 Go) E:\ (CD or DVD) F:\ (CD or DVD) G:\ (CD or DVD) H:\ (CD or DVD) I:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 ) Option : [1] ( 29.09.2009|11:16 ) -----------\\ Suche nach Dateien - Ordnern ... C:\DOKUME~1\mama\STARTM~1\PROGRA~1\PlayMP3z C:\WINDOWS\iun6002.exe -----------\\ Extensions (erkan) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user (gönül.ERKAN-UDFFVSYSH.000) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user (mama) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user (mama) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.explorerstartpage.com/wspage.php?ver=#ver" "Search Page"="http://www.google.com" "ICQ Search"="http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd" "SearchMigratedDefaultURL"="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}" "Default_Page_URL"="http://de.msn.com/" "Search Bar"="http://www.mirarsearch.com/?useie5=1&q=" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "SearchAssistant"="http://www.crawler.com/search/ie.aspx?tb_id=66024" "CustomizeSearch"="http://dnl.crawler.com/support/sa_customize.aspx?TbId=66024" "Search Bar"="http://www.mirarsearch.com/?useie5=1&q=" --------------------\\ Suche nach anderen Infektionen --------------------\\ Cracks & Keygens .. C:\DOKUME~1\mama\Desktop\2009\www.Marvin-Vibez.in hip pop\HipHop_3.01.09_www.Marvin-Vibez.in\Eminem - Crack A Bottle [www.Marvin-Vibez.in].mp3 C:\DOKUME~1\mama\Eigene Dateien\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Crack C:\DOKUME~1\mama\Eigene Dateien\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Crack.rar C:\DOKUME~1\mama\Eigene Dateien\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Crack\disable_activation.cmd 1 - "C:\ToolBar SD\TB_1.txt" - 29.09.2009|11:18 - Option : [1] -----------\\ Scan beendet um 11:18:10,07 [/b] |
|
|
||
29.09.2009, 12:30
Member
Themenstarter Beiträge: 21 |
#5
Logfile von SdFix:
SDFix: Version 1.240 Run by mama on 29.09.2009 at 11:47 Microsoft Windows XP [Version 5.1.2600] Running From: C:\Dokumente und Einstellungen\mama\Desktop\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\TFTP1032 - Deleted C:\WINDOWS\system32\TFTP3556 - Deleted C:\WINDOWS\system32\i - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-29 12:13:36 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... disk error: C:\WINDOWS\system32\config\system, 1381 scanning hidden registry entries ... disk error: C:\WINDOWS\system32\config\software, 1381 disk error: C:\Dokumente und Einstellungen\mama\ntuser.dat, 1381 scanning hidden files ... disk error: C:\WINDOWS\ please note that you need administrator rights to perform deep scan Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Programme\\Avant Browser\\avant.exe"="C:\\Programme\\Avant Browser\\avant.exe:*:Enabled:Avant Browser" "C:\\Programme\\Internet Explorer\\iexplore.exe"="C:\\Programme\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer" "C:\\Programme\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Programme\\Veoh Networks\\Veoh\\VeohClient.exe:*isabled:Veoh Client" "C:\\Programme\\Gameforge4D\\AirRivalsDe\\Launcher.atm"="C:\\Programme\\Gameforge4D\\AirRivalsDe\\Launcher.atm:Enabled:GameExe2" "C:\\Programme\\Gameforge4D\\AirRivalsDe\\Res-Voip\\SCVoIP.exe"="C:\\Programme\\Gameforge4D\\AirRivalsDe\\Res-Voip\\SCVoIP.exe:Enabled:GameVoIP" "C:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\\Programme\\FlashGet\\flashget.exe"="C:\\Programme\\FlashGet\\flashget.exe:*:Enabled:Flashget" "C:\\Programme\\TuneUp Utilities 2009\\Integrator.exe"="C:\\Programme\\TuneUp Utilities 2009\\Integrator.exe:*isabled:TuneUp Utilities 2009" "C:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"="C:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4" "C:\\Programme\\Gameforge4D\\AirRivals_DE\\Launcher.atm"="C:\\Programme\\Gameforge4D\\AirRivals_DE\\Launcher.atm:Enabled:GameExe2" "C:\\Programme\\Gameforge4D\\AirRivals_DE\\Res-Voip\\SCVoIP.exe"="C:\\Programme\\Gameforge4D\\AirRivals_DE\\Res-Voip\\SCVoIP.exe:Enabled:GameVoIP" "C:\\Programme\\Java\\jre1.6.0_05\\bin\\javaw.exe"="C:\\Programme\\Java\\jre1.6.0_05\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary" "C:\\Programme\\Messenger\\msmsgs.exe"="C:\\Programme\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0isabled:ActiveSync Application" "C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0isabled:ActiveSync Connection Manager" "C:\\Programme\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Programme\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0isabled:ActiveSync RAPI Manager" "D:\\ADSDVBT.EXE"="D:\\ADSDVBT.EXE:*isabled:ADSDVBT" "D:\\World of Warcraft\\WoW-3.0.1-to-3.0.2-deDE-Win-Update-downloader.exe"="D:\\World of Warcraft\\WoW-3.0.1-to-3.0.2-deDE-Win-Update-downloader.exe:*isabled:Blizzard Downloader" "D:\\World of Warcraft\\Launcher.exe"="D:\\World of Warcraft\\Launcher.exe:*isabled:Blizzard Launcher" "C:\\WINDOWS\\Temp\\KD_installer.exe"="C:\\WINDOWS\\Temp\\KD_installer.exe:*isabled:Kabel Deutschland Installer" "C:\\Dokumente und Einstellungen\\mama\\Desktop\\Metin2_Germany\\metin2.bin"="C:\\Dokumente und Einstellungen\\mama\\Desktop\\Metin2_Germany\\metin2.bin:*isabled:metin2" "C:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE:*isabled:Microsoft Office Groove" "C:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE:*isabled:Microsoft Office OneNote" "C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE:*isabled:Microsoft Office Outlook" "C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*isabled:@xpsp3res.dll,-20000" "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*isabled:@xpsp2res.dll,-22019" "C:\\Programme\\TeamViewer\\Version4\\TeamViewer.exe"="C:\\Programme\\TeamViewer\\Version4\\TeamViewer.exe:*isabled:TeamViewer Remote Control Application" "C:\\WINDOWS\\system32\\drivers\\svchost.exe"="C:\\WINDOWS\\system32\\drivers\\svchost.exe:*isabled:WinRAR archiver" "C:\\Programme\\Curse\\CurseClient.exe"="C:\\Programme\\Curse\\CurseClient.exe:*:Enabled:Curse Client" "D:\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe"="D:\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe:*:Enabled:Blizzard Downloader" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Programme\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Programme\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" Remaining Files : File Backups: - C:\DOKUME~1\mama\Desktop\SDFix\backups\backups.zip Files with Hidden Attributes : Sun 31 May 2009 446 A.SHR --- "C:\BOOT.BAK" Wed 8 Aug 2007 4,348 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\DRMv1.bak" Wed 9 Jul 2008 0 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\Cache\Indiv01.tmp" Tue 7 Apr 2009 32,768 A..H. --- "C:\Dokumente und Einstellungen\mama\Desktop\G™NšL BEWERBUNG\~WRL0003.tmp" Wed 24 Jun 2009 84 A..H. --- "C:\Programme\Common Files\X10\Common\x10prod.sys" Tue 8 May 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a909c9295e3ef9e397155dbc20504dba\BIT3.tmp" Fri 2 May 2008 3,493,888 A..H. --- "C:\Dokumente und Einstellungen\mama\Anwendungsdaten\U3\temp\Launchpad Removal.exe" Sat 28 Jun 2008 1,763,328 A..H. --- "C:\Dokumente und Einstellungen\mama\Desktop\alles fr meine Arbeit\g”nls mp3 zeugs\G”nl\~WRL2906.tmp" Finished! RSIT Log: (habe nur eine File erhalten) Logfile of random's system information tool 1.06 (written by random/random) Run by mama at 2009-09-29 12:28:42 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 16 GB (22%) free of 73 GB Total RAM: 1023 MB (50% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:28:47, on 29.09.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\vphc700.exe C:\Programme\MioNet\MioNetManager.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\MioNet\jvm\bin\MioNet.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Microsoft ActiveSync\wcescomm.exe C:\Programme\Messenger\msmsgs.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\U3\U3Launcher\LaunchU3.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe C:\Programme\DT\Sinus 1054 data\Wifiusb.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Dokumente und Einstellungen\mama\Desktop\RSIT.exe C:\Dokumente und Einstellungen\mama\Desktop\mama.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q= R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.explorerstartpage.com/wspage.php?ver=#ver R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66024 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66024 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66024 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66024 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: FunPopupAdsForYou - {32D4E117-BC2F-202C-06D6-88426BC7489D} - C:\Programme\FunPopupAdsForYou\FunPopupAdsForYou.dll (file missing) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA61B0BB-5EE3-4E64-98D8-D46BE1BA3111} - C:\WINDOWS\System32\usrcntrb.dll O3 - Toolbar: (no name) - {B9833F22-2CB4-4BFC-BF1B-2AFC51536473} - (no file) O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [phc710] C:\WINDOWS\vphc700.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [GMX SMS-Manager] C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: LaunchU3.exe.lnk = ? O4 - Startup: PowerReg Scheduler.exe O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe O4 - Global Startup: TrayMin710.exe.lnk = ? O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Wecker-Alarm - {7B499570-29C5-4a80-9F57-94A420D140CE} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Nach Wecker für Windows exportieren - {7B499570-29C5-4a80-9F57-94A420D140CE} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O13 - DefaultPrefix: http://www.myhottersearchbox.com/not_found_de/?url= O13 - WWW Prefix: http://www.myhottersearchbox.com/not_found_de/?url= O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl5.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Programme\MioNet\MioNetManager.exe -- End of file - 11278 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\1-Klick-Wartung.job C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\User_Feed_Synchronization-{313A2F4B-9CBF-4A70-B134-EE88F2486120}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}] XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32D4E117-BC2F-202C-06D6-88426BC7489D}] FunPopupAdsForYou - C:\Programme\FunPopupAdsForYou\FunPopupAdsForYou.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA61B0BB-5EE3-4E64-98D8-D46BE1BA3111}] C:\WINDOWS\System32\usrcntrb.dll [2007-05-19 39791] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {B9833F22-2CB4-4BFC-BF1B-2AFC51536473} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avgnt"=C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe [2008-09-21 266497] "StartCCC"=C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112] "phc710"=C:\WINDOWS\vphc700.exe [2005-07-20 339968] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 172544] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "H/PC Connection Agent"=C:\Programme\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000] "MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232] "GMX SMS-Manager"=C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe [2007-07-19 3539968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4 Open] C:\DOKUME~1\mama\ANWEND~1\NOUNSP~1\grey beep.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent] C:\Programme\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTVR Agent] D:\Scheduled.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] C:\PROGRA~1\MI3AA1~1\wcescomm.exe [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] C:\Programme\ICQ6.5\ICQ.exe silent [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer] C:\WINDOWS\CNYHKey.exe [2003-07-21 5577216] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Matchlock Scheduling] C:\Programme\Ulead Systems\Ulead InstaMedia 2.0\Monitor.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Programme\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] C:\Programme\Ahead\Nero BackItUp\NBJ.exe [2005-06-02 1957888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] D:\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 227328] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prism_Utility] C:\WINDOWS\system32\Prismsta.exe [2004-01-14 215552] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Programme\QuickTime\QTTask.exe -atboottime [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\scvhost] mirc.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeaMonkey Quick Launch] C:\Programme\mozilla.org\SeaMonkey\SeaMonkey.exe -turbo [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Remote Control Center] C:\Programme\Ulead Systems\Ulead InstaMedia 2.0\RMC.exe [2005-03-18 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2] C:\Programme\Uniblue\RegistryBooster 2\RegistryBooster.exe /S [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] C:\Programme\Veoh Networks\Veoh\VeohClient.exe /VeohHide [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-17 61952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeObserver] C:\Dokumente und Einstellungen\mama\Anwendungsdaten\mstask.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^DTV Remote Control.lnk] C:\Programme\ADS Tech\DVBT Utilities\ADSRMT.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Sinus 1054 data WLAN Manager.lnk] C:\PROGRA~1\DT\SINUS1~1\Wifiusb.exe [2005-11-23 1024000] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^erkan^Startmenü^Programme^Autostart^PowerReg Scheduler.exe] C:\Dokumente und Einstellungen\erkan\Startmenü\Programme\Autostart\PowerReg Scheduler.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "x10nets"=2 "WMPNetworkSvc"=3 "TuneUp.ProgramStatisticsSvc"=2 "TuneUp.Defrag"=3 "ServiceLayer"=3 "SeaPort"=2 "Poweroff"=2 "PnkBstrA"=2 "ose"=3 "odserv"=3 "NVSvc"=2 "Nero BackItUp Scheduler 4.0"=2 "Microsoft Office Groove Audit Service"=3 "IDriverT"=3 "Apple Mobile Device"=2 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart TrayMin710.exe.lnk - C:\Programme\Philips\Philips SPC710NC Webcam\TrayMin710.exe C:\Dokumente und Einstellungen\mama\Startmenü\Programme\Autostart LaunchU3.exe.lnk - C:\Dokumente und Einstellungen\mama\Anwendungsdaten\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe PowerReg Scheduler.exe RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2007-12-21 122880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=95 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Programme\Avant Browser\avant.exe"="C:\Programme\Avant Browser\avant.exe:*:Enabled:Avant Browser" "C:\Programme\Internet Explorer\iexplore.exe"="C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer" "C:\Programme\Veoh Networks\Veoh\VeohClient.exe"="C:\Programme\Veoh Networks\Veoh\VeohClient.exe:*isabled:Veoh Client" "C:\Programme\Gameforge4D\AirRivalsDe\Launcher.atm"="C:\Programme\Gameforge4D\AirRivalsDe\Launcher.atm:Enabled:GameExe2" "C:\Programme\Gameforge4D\AirRivalsDe\Res-Voip\SCVoIP.exe"="C:\Programme\Gameforge4D\AirRivalsDe\Res-Voip\SCVoIP.exe:Enabled:GameVoIP" "C:\Programme\Windows Live\Sync\WindowsLiveSync.exe"="C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Programme\FlashGet\flashget.exe"="C:\Programme\FlashGet\flashget.exe:*:Enabled:Flashget" "C:\Programme\TuneUp Utilities 2009\Integrator.exe"="C:\Programme\TuneUp Utilities 2009\Integrator.exe:*isabled:TuneUp Utilities 2009" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4" "C:\Programme\Gameforge4D\AirRivals_DE\Launcher.atm"="C:\Programme\Gameforge4D\AirRivals_DE\Launcher.atm:Enabled:GameExe2" "C:\Programme\Gameforge4D\AirRivals_DE\Res-Voip\SCVoIP.exe"="C:\Programme\Gameforge4D\AirRivals_DE\Res-Voip\SCVoIP.exe:Enabled:GameVoIP" "C:\Programme\Java\jre1.6.0_05\bin\javaw.exe"="C:\Programme\Java\jre1.6.0_05\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary" "C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Programme\Microsoft ActiveSync\WCESMgr.exe"="C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0isabled:ActiveSync Application" "C:\Programme\Microsoft ActiveSync\wcescomm.exe"="C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0isabled:ActiveSync Connection Manager" "C:\Programme\Microsoft ActiveSync\rapimgr.exe"="C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0isabled:ActiveSync RAPI Manager" "D:\ADSDVBT.EXE"="D:\ADSDVBT.EXE:*isabled:ADSDVBT" "D:\World of Warcraft\WoW-3.0.1-to-3.0.2-deDE-Win-Update-downloader.exe"="D:\World of Warcraft\WoW-3.0.1-to-3.0.2-deDE-Win-Update-downloader.exe:*isabled:Blizzard Downloader" "D:\World of Warcraft\Launcher.exe"="D:\World of Warcraft\Launcher.exe:*isabled:Blizzard Launcher" "C:\WINDOWS\Temp\KD_installer.exe"="C:\WINDOWS\Temp\KD_installer.exe:*isabled:Kabel Deutschland Installer" "C:\Dokumente und Einstellungen\mama\Desktop\Metin2_Germany\metin2.bin"="C:\Dokumente und Einstellungen\mama\Desktop\Metin2_Germany\metin2.bin:*isabled:metin2" "C:\Programme\Microsoft Office\Office12\GROOVE.EXE"="C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*isabled:Microsoft Office Groove" "C:\Programme\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*isabled:Microsoft Office OneNote" "C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*isabled:Microsoft Office Outlook" "C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*isabled:@xpsp3res.dll,-20000" "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*isabled:@xpsp2res.dll,-22019" "C:\Programme\TeamViewer\Version4\TeamViewer.exe"="C:\Programme\TeamViewer\Version4\TeamViewer.exe:*isabled:TeamViewer Remote Control Application" "C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*isabled:WinRAR archiver" "C:\Programme\Curse\CurseClient.exe"="C:\Programme\Curse\CurseClient.exe:*:Enabled:Curse Client" "D:\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe"="D:\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe:*:Enabled:Blizzard Downloader" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\Microsoft ActiveSync\rapimgr.exe"="C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\Programme\Microsoft ActiveSync\wcescomm.exe"="C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\Programme\Microsoft ActiveSync\WCESMgr.exe"="C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\Programme\Windows Live\Sync\WindowsLiveSync.exe"="C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e6fdba1-4e26-11de-a333-001638c92d7e}] shell\AutoRun\command - J:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b318c1d2-a8db-11dd-a1b1-0016172879ff}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn ======File associations====== .js - open - %SystemRoot%\System32\CScript.exe "%1" %* .vbs - open - %SystemRoot%\System32\CScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2009-09-29 12:09:26 ----D---- C:\Dokumente und Einstellungen\mama\Anwendungsdaten\WinRAR 2009-09-29 11:40:52 ----D---- C:\WINDOWS\ERUNT 2009-09-29 11:34:15 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2009-09-29 11:34:15 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-09-29 11:30:50 ----D---- C:\rsit 2009-09-29 11:13:34 ----A---- C:\TB.txt 2009-09-29 11:13:14 ----D---- C:\ToolBar SD 2009-09-28 15:00:48 ----A---- C:\temp_8901245.exe 2009-09-27 14:30:03 ----D---- C:\Programme\ThreatFire 2009-09-23 14:47:01 ----A---- C:\WINDOWS\system32\lsdelete.exe 2009-09-23 14:35:29 ----HDC---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{EF63305C-BAD7-4144-9208-D65528260864} 2009-09-23 14:35:21 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft 2009-09-23 14:21:09 ----D---- C:\Programme\Spybot - Search & Destroy 2009-09-01 18:58:25 ----D---- C:\Programme\Curse ======List of files/folders modified in the last 1 months====== 2009-09-29 12:19:40 ----D---- C:\WINDOWS\Temp 2009-09-29 12:19:40 ----D---- C:\WINDOWS\system32 2009-09-29 12:19:04 ----D---- C:\Programme\Mozilla Firefox 2009-09-29 12:16:43 ----RASH---- C:\boot.ini 2009-09-29 12:16:43 ----A---- C:\WINDOWS\win.ini 2009-09-29 12:16:43 ----A---- C:\WINDOWS\system.ini 2009-09-29 11:46:36 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-09-29 11:40:52 ----D---- C:\WINDOWS 2009-09-29 11:38:23 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-09-29 11:34:16 ----D---- C:\WINDOWS\system32\drivers 2009-09-29 11:34:15 ----D---- C:\Programme 2009-09-29 11:29:55 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP 2009-09-29 11:13:14 ----D---- C:\WINDOWS\Prefetch 2009-09-29 08:49:17 ----D---- C:\WINDOWS\system32\CatRoot2 2009-09-28 20:21:39 ----D---- C:\WINDOWS\Minidump 2009-09-28 20:21:39 ----D---- C:\WINDOWS\Debug 2009-09-28 20:13:31 ----SD---- C:\Dokumente und Einstellungen\mama\Anwendungsdaten\Microsoft 2009-09-28 15:00:24 ----D---- C:\Programme\AntiVir PersonalEdition Classic 2009-09-28 15:00:23 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic 2009-09-23 16:47:50 ----D---- C:\Programme\Gemeinsame Dateien 2009-09-23 14:38:52 ----SD---- C:\WINDOWS\Tasks 2009-09-23 14:38:50 ----HD---- C:\WINDOWS\inf 2009-09-23 14:38:30 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-09-23 14:35:29 ----SHD---- C:\WINDOWS\Installer 2009-09-23 14:35:29 ----SHD---- C:\Config.Msi 2009-09-23 14:35:21 ----D---- C:\Programme\Lavasoft 2009-09-23 14:35:16 ----D---- C:\WINDOWS\WinSxS 2009-09-23 14:29:59 ----SHD---- C:\RECYCLER 2009-09-19 11:59:47 ----D---- C:\Programme\MioNet 2009-09-16 14:11:32 ----D---- C:\Temp 2009-09-16 12:04:59 ----D---- C:\Downloads 2009-09-12 19:14:36 ----A---- C:\WINDOWS\NeroDigital.ini 2009-09-09 09:58:37 ----HD---- C:\WINDOWS\$hf_mig$ 2009-09-09 09:58:32 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help 2009-09-07 13:22:50 ----D---- C:\WINDOWS\system32\config 2009-09-01 11:42:31 ----D---- C:\mama 2009-08-31 13:52:17 ----A---- C:\WINDOWS\Sysvxd.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Programme\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-06-12 75096] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720] R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys [] R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-05-31 17801] R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16512] R2 usbhub;DSC Composite USB Device; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-21 2843136] R3 avgntflt;avgntflt; \??\C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 1287296] R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2004-04-15 42496] R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS [] R3 PRISM_A02;Sinus 1054 data; C:\WINDOWS\system32\DRIVERS\PRISMA02.sys [2005-10-19 357792] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 X10Hid;X10 Hid Device; C:\WINDOWS\System32\Drivers\x10hid.sys [2005-11-28 7040] S2 Ca536av;Icatch(VII) Video Camera Device; C:\WINDOWS\System32\Drivers\Ca536av.sys [] S3 2c67;2c67; \??\C:\WINDOWS\system32\2c67.sys [] S3 amy4vt1k;amy4vt1k; C:\WINDOWS\system32\drivers\amy4vt1k.sys [] S3 awkvac82;awkvac82; C:\WINDOWS\system32\drivers\awkvac82.sys [] S3 catchme;catchme; \??\C:\DOKUME~1\mama\LOKALE~1\Temp\catchme.sys [] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Dokumente und Einstellungen\mama\Desktop\OCCTPT\SysInfo.sys [] S3 e1d18;e1d18; \??\C:\WINDOWS\system32\e1d18.sys [] S3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-08-29 12288] S3 MPE;BDA MPE Filter; C:\WINDOWS\System32\DRIVERS\MPE.sys [2008-04-13 15232] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320] S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288] S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288] S3 PDDSLADP;ProDyne DSL Adapter; C:\WINDOWS\system32\DRIVERS\PDDSLADP.SYS [2005-10-09 15571] S3 phc700;USB PC Camera (phc710); C:\WINDOWS\system32\DRIVERS\phc700.sys [2005-06-07 541568] S3 S3chipid;S3chipid; \??\C:\DOKUME~1\erkan\LOKALE~1\Temp\{2B43252C-A1E3-4C47-927C-9F2C276D3515}\S3chipid.sys [] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SONYPVU1;Sony USB-Filtertreiber (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] S3 streamip;BDA-IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usb_rndisx;USB-RNDIS-Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800] S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 USBCamera;Icatch(VII) Still Camera Device; C:\WINDOWS\System32\Drivers\Bulk536.sys [] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\System32\DRIVERS\w810bus.sys [] S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\System32\DRIVERS\w810mdfl.sys [] S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\System32\DRIVERS\w810mdm.sys [] S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\System32\DRIVERS\w810mgmt.sys [] S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\System32\DRIVERS\w810obex.sys [] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688] S3 XDva136;XDva136; \??\C:\WINDOWS\system32\XDva136.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Programme\AntiVir PersonalEdition Classic\sched.exe [2008-10-24 68865] R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Programme\AntiVir PersonalEdition Classic\avguard.exe [2008-10-24 151297] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-21 512000] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2009-09-23 1028432] R2 MioNet;MioNet Service; C:\Programme\MioNet\MioNetManager.exe [2005-07-15 139264] R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-12-20 593920] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-01 655624] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S4 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592] S4 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464] S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S4 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-01-19 66872] S4 Poweroff;Poweroff; C:\WINDOWS\system32\poweroff.exe [2003-08-16 172032] S4 SeaPort;SeaPort; C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512] S4 ServiceLayer;ServiceLayer; C:\Programme\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864] S4 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-08-04 306432] S4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-06-15 604416] S4 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S4 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480] -----------------EOF----------------- |
|
|
||
29.09.2009, 12:35
Member
Themenstarter Beiträge: 21 |
#6
Malwarebytes lässt sich leider aus unerklärlichen Gründen nicht ausführen.
Nachdem ich auf Ausführen klicke passiert nichts. |
|
|
||
29.09.2009, 13:37
Ehrenmitglied
Beiträge: 6028 |
#7
Starte ToolbarSD nochmal
Gib ein D Enter und klicke bei den Pop-Up ok Wähle 2 Enter Am Ende erscheint ein Log (C:\TB.txt) poste dessen inhalt im Thread Benenne die mbam.exe aus C:\Programme\Malwarebytes' Anti-Malware mal in winlogon.exe um und versuche es dann... __________ MfG Argus |
|
|
||
29.09.2009, 13:38
Ehrenmitglied
Beiträge: 6028 |
#8
Zitat Argus posteteUnd ein log von Hijack This __________ MfG Argus |
|
|
||
29.09.2009, 22:26
Member
Themenstarter Beiträge: 21 |
#9
-----------\\ ToolBar S&D 1.2.9 XP/Vista
Microsoft (R) Windows Script Host, Version 5.7 Copyright (C) Microsoft Corporation 1996-2001. Alle Rechte vorbehalten. Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.66GHz ) BIOS : Phoenix - AwardBIOS v6.00PG USER : mama ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Not Activated) C:\ (Local Disk) - NTFS - Total:71 Go (Free:15 Go) D:\ (Local Disk) - NTFS - Total:67 Go (Free:5 Go) E:\ (CD or DVD) F:\ (CD or DVD) G:\ (CD or DVD) H:\ (CD or DVD) I:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 ) Option : [2] ( 29.09.2009|22:20 ) -----------\\ FIX Geloescht ! - C:\DOKUME~1\mama\STARTM~1\PROGRA~1\PlayMP3z Geloescht ! - C:\WINDOWS\iun6002.exe -----------\\ Suche nach Dateien - Ordnern ... -----------\\ Extensions (erkan) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user (gönül.ERKAN-UDFFVSYSH.000) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user (mama) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user (mama) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.explorerstartpage.com/wspage.php?ver=#ver" "Search Page"="http://www.google.com" "ICQ Search"="http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd" "SearchMigratedDefaultURL"="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}" "Default_Page_URL"="http://de.msn.com/" "Search Bar"="http://www.mirarsearch.com/?useie5=1&q=" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.msn.com/" "SearchAssistant"="http://www.crawler.com/search/ie.aspx?tb_id=66024" "CustomizeSearch"="http://dnl.crawler.com/support/sa_customize.aspx?TbId=66024" "Search Bar"="http://www.mirarsearch.com/?useie5=1&q=" --------------------\\ Suche nach anderen Infektionen --------------------\\ Cracks & Keygens .. C:\DOKUME~1\mama\Desktop\2009\www.Marvin-Vibez.in hip pop\HipHop_3.01.09_www.Marvin-Vibez.in\Eminem - Crack A Bottle [www.Marvin-Vibez.in].mp3 C:\DOKUME~1\mama\Eigene Dateien\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Crack C:\DOKUME~1\mama\Eigene Dateien\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Crack.rar C:\DOKUME~1\mama\Eigene Dateien\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Crack\disable_activation.cmd 1 - "C:\ToolBar SD\TB_1.txt" - 29.09.2009|11:18 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 29.09.2009|22:23 - Option : [2] -----------\\ Scan beendet um 22:23:49,90 Hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:24:57, on 29.09.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Programme\MioNet\MioNetManager.exe C:\WINDOWS\System32\svchost.exe C:\Programme\MioNet\jvm\bin\MioNet.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\vphc700.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Microsoft ActiveSync\wcescomm.exe C:\Programme\Messenger\msmsgs.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Programme\Philips\Philips SPC710NC Webcam\TrayMin710.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\U3\U3Launcher\LaunchU3.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe C:\Programme\DT\Sinus 1054 data\Wifiusb.exe C:\WINDOWS\system32\cmd.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Dokumente und Einstellungen\mama\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q= R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.explorerstartpage.com/wspage.php?ver=#ver R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66024 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66024 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66024 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66024 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: FunPopupAdsForYou - {32D4E117-BC2F-202C-06D6-88426BC7489D} - C:\Programme\FunPopupAdsForYou\FunPopupAdsForYou.dll (file missing) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {AA61B0BB-5EE3-4E64-98D8-D46BE1BA3111} - C:\WINDOWS\System32\usrcntrb.dll O3 - Toolbar: (no name) - {B9833F22-2CB4-4BFC-BF1B-2AFC51536473} - (no file) O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [phc710] C:\WINDOWS\vphc700.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [GMX SMS-Manager] C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: LaunchU3.exe.lnk = ? O4 - Startup: PowerReg Scheduler.exe O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe O4 - Global Startup: TrayMin710.exe.lnk = ? O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Wecker-Alarm - {7B499570-29C5-4a80-9F57-94A420D140CE} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Nach Wecker für Windows exportieren - {7B499570-29C5-4a80-9F57-94A420D140CE} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O13 - DefaultPrefix: http://www.myhottersearchbox.com/not_found_de/?url= O13 - WWW Prefix: http://www.myhottersearchbox.com/not_found_de/?url= O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl5.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Programme\MioNet\MioNetManager.exe -- End of file - 11032 bytes |
|
|
||
30.09.2009, 00:00
Ehrenmitglied
Beiträge: 6028 |
#10
Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei Zitat R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=Klicke Fixed checked Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst Virustotal Verborgene Dateien sichtbar machen Arbeitsplatz öffnen >Extras >Ordneroptionen >den Reiter "Ansicht" >Versteckte Dateien und Ordner >"alle Dateien und Ordner anzeigen" aktivieren und >Extras >Ordneroptionen >den Reiter "Ansicht" >Dateien und Ordner >"Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren Prüfe mal diese Datei(en) bei Virustotal Zitat C:\WINDOWS\System32\usrcntrb.dllNote: Wenn bei VirusTotal die Meldung kommt ” Die Datei wurde bereits analysiert “wähle „Analysiere die Datei“ Poste nur die URL am Ende(der link oben in der leiste) LopSD Platform: Windows XP/Vista Download LopSD zum Desktop Doppelklick um es zu starten ,Tippe D (Deutsch), Enter und tippe jetzt 2 um CID zu entfernen Poste nachher das LopR.txt log ComboFix© by sUBs) Download ComboFix und speichert es auf den Desktop! Download link 1 ComboFix© by sUBs Download link 2 ComboFix© by sUBs Note:Wenn wehrend du Combofix runterlaedst oder anwendet ein Meldung deines Virenscanner kommt oder ein anderen Realtime scanner Schalte diese scanner dann aus und download ComboFix erneut Es gibt scanner die bestimmte komponente die durch CF benutzt werden als verdaechtig ansehen und versucht sie zu blokkieren oder zu entfernen Starte combofix.exe Folge den Instruktionen in das Fenster Wenn ComboFix schon vorher benutzt worden ist kann es sein das du eine Meldung bekommst das es ein Update gibt Erlaube diesen Update und klicke OK im "NirCmd“ fenster klicke nach ablauf auf "ja“um den Scan zu starten Während Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner Wenn das Tool fertig ist,oeffnet sich ein logfile (C:\ combofix.txt) nun das KOMPLETTE Log mit rechtem Mausklick ab kopieren und ins Forum mit rechtem Mausklick "einfügen" Befolge diese Anleitung __________ MfG Argus |
|
|
||
30.09.2009, 11:40
Member
Themenstarter Beiträge: 21 |
#11
1.) Hijackthis fix erledigt.
2.) Zitat C:\WINDOWS\System32\usrcntrb.dllBesagte Datei lässt sich nicht auffinden habs auch mit der Suchfunktion in dem Ordner versucht aber sie existiert nicht. 3.) LopSD Logfile: --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft (R) Windows Script Host, Version 5.7 Copyright (C) Microsoft Corporation 1996-2001. Alle Rechte vorbehalten. Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.66GHz ) BIOS : Phoenix - AwardBIOS v6.00PG USER : mama ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated) C:\ (Local Disk) - NTFS - Total:71 Go (Free:15 Go) D:\ (Local Disk) - NTFS - Total:67 Go (Free:5 Go) E:\ (CD or DVD) F:\ (CD or DVD) G:\ (CD or DVD) H:\ (CD or DVD) I:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [2] ( 30.09.2009|11:29 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX Geloescht ! - C:\DOKUME~1\ALLUSE~1\ANWEND~1\Cast ping base frag - [ Hosts Datei ] .. Wiederhergestellt \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Ordner Verzeichnis unter ANWEND~1 [04.09.2007|21:17] C:\DOKUME~1\ADMINI~1\ANWEND~1\Adobe [07.05.2007|21:41] C:\DOKUME~1\ADMINI~1\ANWEND~1\Microsoft [0|Datei(en)] C:\DOKUME~1\ADMINI~1\ANWEND~1\Bytes [4|Verzeichnis(se),] C:\DOKUME~1\ADMINI~1\ANWEND~1\Bytes frei [12.06.2009|21:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\{55A29068-F2CE-456C-9148-C869879E2357} [23.09.2009|14:35] C:\DOKUME~1\ALLUSE~1\ANWEND~1\{EF63305C-BAD7-4144-9208-D65528260864} [15.08.2009|01:40] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Adobe [13.05.2009|23:54] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Age of Empires 3 [29.09.2009|20:24] C:\DOKUME~1\ALLUSE~1\ANWEND~1\AntiVir PersonalEdition Classic [06.08.2007|15:53] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Apple [16.06.2008|11:45] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Apple Computer [11.02.2009|20:20] C:\DOKUME~1\ALLUSE~1\ANWEND~1\ATI [03.05.2009|18:54] C:\DOKUME~1\ALLUSE~1\ANWEND~1\AVS4YOU [16.06.2009|09:30] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Blizzard [07.05.2007|23:50] C:\DOKUME~1\ALLUSE~1\ANWEND~1\CyberLink [31.05.2009|14:43] C:\DOKUME~1\ALLUSE~1\ANWEND~1\DAEMON Tools Pro [14.09.2007|16:55] C:\DOKUME~1\ALLUSE~1\ANWEND~1\DFX [01.05.2009|19:24] C:\DOKUME~1\ALLUSE~1\ANWEND~1\FLEXnet [23.07.2007|02:17] C:\DOKUME~1\ALLUSE~1\ANWEND~1\FloodLightGames [07.04.2009|17:26] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Funcom [21.08.2009|15:35] C:\DOKUME~1\ALLUSE~1\ANWEND~1\GMX [13.06.2009|12:18] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Google [03.05.2009|11:48] C:\DOKUME~1\ALLUSE~1\ANWEND~1\ICQ [28.12.2007|17:46] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Installations [23.09.2009|14:38] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Lavasoft [15.10.2007|18:31] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Messenger Plus! [11.06.2009|18:55] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Microsoft [09.09.2009|09:58] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Microsoft Help [29.04.2009|18:12] C:\DOKUME~1\ALLUSE~1\ANWEND~1\MSN6 [02.08.2007|01:03] C:\DOKUME~1\ALLUSE~1\ANWEND~1\MumboJumbo [02.05.2009|13:10] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Nero [29.06.2009|18:05] C:\DOKUME~1\ALLUSE~1\ANWEND~1\NOS [27.02.2008|19:37] C:\DOKUME~1\ALLUSE~1\ANWEND~1\nView_Profiles [23.10.2007|20:23] C:\DOKUME~1\ALLUSE~1\ANWEND~1\PC Suite [31.07.2007|10:52] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Sandlot Games [01.05.2009|19:43] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Skype [16.06.2008|11:52] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Teleca [29.09.2009|11:29] C:\DOKUME~1\ALLUSE~1\ANWEND~1\TEMP [20.04.2009|18:30] C:\DOKUME~1\ALLUSE~1\ANWEND~1\TuneUp Software [31.05.2009|23:43] C:\DOKUME~1\ALLUSE~1\ANWEND~1\U3 [16.06.2009|09:51] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Ulead Systems [08.05.2007|15:17] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Windows Genuine Advantage [07.05.2007|23:33] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Windows Live Toolbar [22.11.2008|14:30] C:\DOKUME~1\ALLUSE~1\ANWEND~1\WLInstaller [24.11.2007|21:05] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Zylom [0|Datei(en)] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Bytes [43|Verzeichnis(se),] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Bytes frei [15.08.2009|01:40] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Macromedia [01.03.2008|15:23] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Microsoft [0|Datei(en)] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Bytes [4|Verzeichnis(se),] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Bytes frei [14.06.2009|01:15] C:\DOKUME~1\erkan\ANWEND~1\Adobe [08.05.2007|13:37] C:\DOKUME~1\erkan\ANWEND~1\AdobeUM [13.06.2009|11:09] C:\DOKUME~1\erkan\ANWEND~1\Ahead [19.08.2007|01:24] C:\DOKUME~1\erkan\ANWEND~1\ArcSoft [13.06.2009|11:05] C:\DOKUME~1\erkan\ANWEND~1\ATI [11.09.2007|10:01] C:\DOKUME~1\erkan\ANWEND~1\Avant Profiles [07.05.2007|23:50] C:\DOKUME~1\erkan\ANWEND~1\CyberLink [15.05.2007|20:58] C:\DOKUME~1\erkan\ANWEND~1\Google [31.05.2007|22:02] C:\DOKUME~1\erkan\ANWEND~1\ICQ Toolbar [07.05.2007|23:44] C:\DOKUME~1\erkan\ANWEND~1\ICQLite [07.05.2007|21:45] C:\DOKUME~1\erkan\ANWEND~1\Identities [07.05.2007|21:51] C:\DOKUME~1\erkan\ANWEND~1\Macromedia [22.06.2009|19:48] C:\DOKUME~1\erkan\ANWEND~1\Microsoft [13.06.2009|11:11] C:\DOKUME~1\erkan\ANWEND~1\Mozilla [24.05.2007|14:52] C:\DOKUME~1\erkan\ANWEND~1\MySpace [28.08.2009|17:35] C:\DOKUME~1\erkan\ANWEND~1\Nero [13.06.2009|11:09] C:\DOKUME~1\erkan\ANWEND~1\PC Suite [15.05.2007|22:09] C:\DOKUME~1\erkan\ANWEND~1\PC Tools [06.07.2009|17:47] C:\DOKUME~1\erkan\ANWEND~1\Sun [09.06.2007|21:32] C:\DOKUME~1\erkan\ANWEND~1\teamspeak2 [08.05.2007|15:07] C:\DOKUME~1\erkan\ANWEND~1\Teleca [08.05.2007|14:30] C:\DOKUME~1\erkan\ANWEND~1\Ulead Systems [09.05.2007|18:10] C:\DOKUME~1\erkan\ANWEND~1\VideoReDoPlus [31.05.2007|15:18] C:\DOKUME~1\erkan\ANWEND~1\vlc [0|Datei(en)] C:\DOKUME~1\erkan\ANWEND~1\Bytes [26|Verzeichnis(se),] C:\DOKUME~1\erkan\ANWEND~1\Bytes frei [31.05.2009|13:08] C:\DOKUME~1\Gast\ANWEND~1\Adobe [26.08.2007|21:15] C:\DOKUME~1\Gast\ANWEND~1\ArcSoft [31.05.2009|13:08] C:\DOKUME~1\Gast\ANWEND~1\ATI [01.09.2007|14:48] C:\DOKUME~1\Gast\ANWEND~1\Avant Profiles [31.05.2009|13:09] C:\DOKUME~1\Gast\ANWEND~1\Google [03.04.2008|15:53] C:\DOKUME~1\Gast\ANWEND~1\ICQ Toolbar [26.08.2007|21:12] C:\DOKUME~1\Gast\ANWEND~1\Identities [21.06.2008|20:03] C:\DOKUME~1\Gast\ANWEND~1\Macromedia [31.05.2009|13:11] C:\DOKUME~1\Gast\ANWEND~1\Microsoft [28.07.2008|16:51] C:\DOKUME~1\Gast\ANWEND~1\Mozilla [25.12.2007|02:39] C:\DOKUME~1\Gast\ANWEND~1\PC Suite [26.06.2008|15:01] C:\DOKUME~1\Gast\ANWEND~1\Sun [26.08.2007|21:15] C:\DOKUME~1\Gast\ANWEND~1\Teleca [26.08.2007|21:14] C:\DOKUME~1\Gast\ANWEND~1\Ulead Systems [0|Datei(en)] C:\DOKUME~1\Gast\ANWEND~1\Bytes [16|Verzeichnis(se),] C:\DOKUME~1\Gast\ANWEND~1\Bytes frei [01.03.2008|15:23] C:\DOKUME~1\GNL~1\ANWEND~1\Microsoft [0|Datei(en)] C:\DOKUME~1\GNL~1\ANWEND~1\Bytes [3|Verzeichnis(se),] C:\DOKUME~1\GNL~1\ANWEND~1\Bytes frei [01.03.2008|15:23] C:\DOKUME~1\GNL~1.ERK\ANWEND~1\Microsoft [0|Datei(en)] C:\DOKUME~1\GNL~1.ERK\ANWEND~1\Bytes [3|Verzeichnis(se),] C:\DOKUME~1\GNL~1.ERK\ANWEND~1\Bytes frei [06.07.2009|11:45] C:\DOKUME~1\GNLERK~1.000\ANWEND~1\Adobe [21.06.2009|15:47] C:\DOKUME~1\GNLERK~1.000\ANWEND~1\ATI [16.06.2009|15:47] C:\DOKUME~1\GNLERK~1.000\ANWEND~1\Identities [03.07.2009|23:55] C:\DOKUME~1\GNLERK~1.000\ANWEND~1\Macromedia [06.07.2009|11:57] C:\DOKUME~1\GNLERK~1.000\ANWEND~1\Microsoft [03.07.2009|23:54] C:\DOKUME~1\GNLERK~1.000\ANWEND~1\Mozilla [21.06.2009|15:47] C:\DOKUME~1\GNLERK~1.000\ANWEND~1\PC Suite [0|Datei(en)] C:\DOKUME~1\GNLERK~1.000\ANWEND~1\Bytes [9|Verzeichnis(se),] C:\DOKUME~1\GNLERK~1.000\ANWEND~1\Bytes frei [03.05.2009|22:26] C:\DOKUME~1\LOCALS~1\ANWEND~1\Microsoft [20.12.2007|13:42] C:\DOKUME~1\LOCALS~1\ANWEND~1\PC Suite [21.10.2007|11:13] C:\DOKUME~1\LOCALS~1\ANWEND~1\SmartSurfer [08.05.2007|00:24] C:\DOKUME~1\LOCALS~1\ANWEND~1\X10 Commander [0|Datei(en)] C:\DOKUME~1\LOCALS~1\ANWEND~1\Bytes [6|Verzeichnis(se),] C:\DOKUME~1\LOCALS~1\ANWEND~1\Bytes frei [15.08.2009|01:40] C:\DOKUME~1\mama\ANWEND~1\Adobe [10.08.2007|23:20] C:\DOKUME~1\mama\ANWEND~1\Ahead [01.09.2007|12:39] C:\DOKUME~1\mama\ANWEND~1\Apple Computer [13.08.2007|12:05] C:\DOKUME~1\mama\ANWEND~1\ArcSoft [11.02.2009|20:20] C:\DOKUME~1\mama\ANWEND~1\ATI [10.08.2007|16:43] C:\DOKUME~1\mama\ANWEND~1\Avant Profiles [04.08.2009|19:38] C:\DOKUME~1\mama\ANWEND~1\AVS4YOU [09.01.2008|21:35] C:\DOKUME~1\mama\ANWEND~1\Azureus [20.04.2009|19:49] C:\DOKUME~1\mama\ANWEND~1\BITS [20.04.2009|23:58] C:\DOKUME~1\mama\ANWEND~1\DAEMON Tools Pro [03.05.2009|22:19] C:\DOKUME~1\mama\ANWEND~1\DivX [10.12.2007|16:45] C:\DOKUME~1\mama\ANWEND~1\dvdcss [18.04.2008|14:29] C:\DOKUME~1\mama\ANWEND~1\flightgear.org [23.07.2007|02:17] C:\DOKUME~1\mama\ANWEND~1\FloodLightGames [21.08.2009|15:35] C:\DOKUME~1\mama\ANWEND~1\GMX [18.05.2007|19:43] C:\DOKUME~1\mama\ANWEND~1\Google [01.05.2009|17:12] C:\DOKUME~1\mama\ANWEND~1\gtk-2.0 [26.07.2007|22:37] C:\DOKUME~1\mama\ANWEND~1\Help [31.05.2009|14:40] C:\DOKUME~1\mama\ANWEND~1\ICQ [17.05.2007|17:56] C:\DOKUME~1\mama\ANWEND~1\ICQ Toolbar [12.05.2007|20:37] C:\DOKUME~1\mama\ANWEND~1\ICQLite [24.11.2007|21:05] C:\DOKUME~1\mama\ANWEND~1\Identities [03.10.2007|13:20] C:\DOKUME~1\mama\ANWEND~1\InstallShield [23.07.2007|01:45] C:\DOKUME~1\mama\ANWEND~1\iWin [29.04.2009|18:00] C:\DOKUME~1\mama\ANWEND~1\Kabel Deutschland [01.07.2007|18:59] C:\DOKUME~1\mama\ANWEND~1\Lavasoft [29.01.2008|13:51] C:\DOKUME~1\mama\ANWEND~1\Leadertech [09.08.2009|18:00] C:\DOKUME~1\mama\ANWEND~1\LimeWire [10.05.2007|12:44] C:\DOKUME~1\mama\ANWEND~1\Macromedia [03.05.2009|22:19] C:\DOKUME~1\mama\ANWEND~1\Media Player Classic [28.09.2009|20:13] C:\DOKUME~1\mama\ANWEND~1\Microsoft [27.07.2008|17:03] C:\DOKUME~1\mama\ANWEND~1\Mozilla [05.05.2009|18:23] C:\DOKUME~1\mama\ANWEND~1\MSN6 [28.05.2007|17:20] C:\DOKUME~1\mama\ANWEND~1\MySpace [02.05.2009|13:42] C:\DOKUME~1\mama\ANWEND~1\Nero [23.10.2007|20:25] C:\DOKUME~1\mama\ANWEND~1\Nokia [14.06.2008|01:01] C:\DOKUME~1\mama\ANWEND~1\Nokia Multimedia Player [18.06.2009|20:18] C:\DOKUME~1\mama\ANWEND~1\nounspamreal [20.12.2007|01:41] C:\DOKUME~1\mama\ANWEND~1\PC Suite [06.02.2009|12:46] C:\DOKUME~1\mama\ANWEND~1\ROUTE 66 Sync [31.07.2007|10:52] C:\DOKUME~1\mama\ANWEND~1\Sandlot Games [29.12.2007|15:24] C:\DOKUME~1\mama\ANWEND~1\SecuROM [01.07.2007|21:03] C:\DOKUME~1\mama\ANWEND~1\Slide [21.10.2007|11:16] C:\DOKUME~1\mama\ANWEND~1\SmartSurfer [01.05.2009|17:45] C:\DOKUME~1\mama\ANWEND~1\StarOffice8 [10.06.2007|18:38] C:\DOKUME~1\mama\ANWEND~1\Sun [11.05.2009|20:00] C:\DOKUME~1\mama\ANWEND~1\teamspeak2 [05.05.2009|23:33] C:\DOKUME~1\mama\ANWEND~1\TeamViewer [09.05.2007|10:58] C:\DOKUME~1\mama\ANWEND~1\Teleca [30.12.2007|23:00] C:\DOKUME~1\mama\ANWEND~1\temp [20.04.2009|18:31] C:\DOKUME~1\mama\ANWEND~1\TuneUp Software [19.09.2007|22:13] C:\DOKUME~1\mama\ANWEND~1\TVU Networks [28.08.2009|08:27] C:\DOKUME~1\mama\ANWEND~1\U3 [23.09.2007|21:33] C:\DOKUME~1\mama\ANWEND~1\Uniblue [13.07.2008|12:34] C:\DOKUME~1\mama\ANWEND~1\Unreal Streaming [03.10.2008|00:30] C:\DOKUME~1\mama\ANWEND~1\vghd [06.06.2007|11:09] C:\DOKUME~1\mama\ANWEND~1\vlc [21.10.2007|11:16] C:\DOKUME~1\mama\ANWEND~1\WEBDE [09.05.2009|12:42] C:\DOKUME~1\mama\ANWEND~1\Windows Live Writer [29.09.2009|12:09] C:\DOKUME~1\mama\ANWEND~1\WinRAR [24.11.2007|21:05] C:\DOKUME~1\mama\ANWEND~1\Zylom [0|Datei(en)] C:\DOKUME~1\mama\ANWEND~1\Bytes [63|Verzeichnis(se),] C:\DOKUME~1\mama\ANWEND~1\Bytes frei [24.11.2008|19:50] C:\DOKUME~1\NETWOR~1\ANWEND~1\Microsoft [25.12.2008|21:31] C:\DOKUME~1\NETWOR~1\ANWEND~1\PC Suite [24.11.2008|01:32] C:\DOKUME~1\NETWOR~1\ANWEND~1\X10 Commander [0|Datei(en)] C:\DOKUME~1\NETWOR~1\ANWEND~1\Bytes [5|Verzeichnis(se),] C:\DOKUME~1\NETWOR~1\ANWEND~1\Bytes frei --------------------\\ Geplante Aufgaben unter C:\WINDOWS\Tasks [23.09.2009 14:38][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [21.08.2009 17:23][--a------] C:\WINDOWS\tasks\1-Klick-Wartung.job [29.09.2009 22:21][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{313A2F4B-9CBF-4A70-B134-EE88F2486120}.job [25.09.2009 11:16][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [30.09.2009 11:17][--ah-----] C:\WINDOWS\tasks\SA.DAT [29.08.2002 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Ordner Verzeichnis unter C:\Programme [29.06.2009|13:50] C:\Programme\Adobe [13.08.2007|12:04] C:\Programme\ADS Tech [07.05.2007|22:51] C:\Programme\Ahead [29.09.2009|20:24] C:\Programme\AntiVir PersonalEdition Classic [30.03.2008|12:38] C:\Programme\Apple Software Update [11.02.2009|20:15] C:\Programme\ATI Technologies [18.06.2007|22:42] C:\Programme\audiograbber [18.10.2008|14:00] C:\Programme\Avant Browser [04.08.2009|19:38] C:\Programme\AVS4YOU [04.11.2007|01:48] C:\Programme\BHV [01.05.2009|19:53] C:\Programme\CA [15.06.2009|14:34] C:\Programme\CCleaner [07.05.2007|23:14] C:\Programme\Common Files [01.09.2009|18:58] C:\Programme\Curse [21.04.2009|00:10] C:\Programme\DAEMON Tools Pro [15.08.2009|01:40] C:\Programme\DeluxeStream [14.09.2007|16:55] C:\Programme\DFX [23.10.2007|20:20] C:\Programme\DIFX [10.08.2009|20:50] C:\Programme\DivX [31.05.2009|21:41] C:\Programme\DT [18.05.2009|16:29] C:\Programme\DVDVideoSoft [20.07.2009|22:36] C:\Programme\EPSON [21.10.2007|11:19] C:\Programme\GameSpy Arcade [23.09.2009|16:47] C:\Programme\Gemeinsame Dateien [21.08.2009|15:35] C:\Programme\GMX [13.06.2009|20:45] C:\Programme\Google [20.12.2007|01:29] C:\Programme\ImTOO [24.10.2007|17:32] C:\Programme\Infogrames [18.07.2009|16:15] C:\Programme\InstallShield Installation Information [07.05.2007|23:01] C:\Programme\Intel [29.07.2009|20:39] C:\Programme\Internet Explorer [23.06.2008|18:05] C:\Programme\Java [29.04.2009|17:33] C:\Programme\Kabel_Deutschland [03.05.2009|22:15] C:\Programme\K-Lite Codec Pack [23.09.2009|14:35] C:\Programme\Lavasoft [26.07.2009|14:22] C:\Programme\LimeWire [29.09.2008|03:06] C:\Programme\Messenger [13.01.2009|00:22] C:\Programme\Messenger Plus! Live [29.04.2009|21:01] C:\Programme\Microsoft [05.02.2009|18:31] C:\Programme\Microsoft ActiveSync [07.05.2007|21:42] C:\Programme\microsoft frontpage [01.05.2009|19:50] C:\Programme\Microsoft Office [29.04.2009|21:01] C:\Programme\Microsoft Office Outlook Connector [21.04.2009|17:00] C:\Programme\Microsoft Visual Studio [21.04.2009|16:57] C:\Programme\Microsoft Visual Studio 8 [21.04.2009|17:01] C:\Programme\Microsoft Works [21.04.2009|16:59] C:\Programme\Microsoft.NET [19.09.2009|11:59] C:\Programme\MioNet [12.06.2009|02:20] C:\Programme\Movie Maker [30.09.2009|11:25] C:\Programme\Mozilla Firefox [31.05.2009|22:06] C:\Programme\mozilla.org [31.05.2009|22:07] C:\Programme\MP3 Player Utilities 3.57 [21.04.2009|17:01] C:\Programme\MSBuild [12.11.2007|22:05] C:\Programme\MSECache [31.05.2009|22:05] C:\Programme\MSN [07.05.2007|21:39] C:\Programme\MSN Gaming Zone [22.04.2008|20:39] C:\Programme\MSN Messenger [09.05.2007|12:06] C:\Programme\MSXML 4.0 [02.05.2009|13:18] C:\Programme\Nero [28.09.2008|23:21] C:\Programme\NetMeeting [09.05.2007|11:12] C:\Programme\Netscape [07.04.2009|21:35] C:\Programme\Neuer Ordner [05.11.2007|21:57] C:\Programme\Nokia [29.06.2009|18:04] C:\Programme\NOS [18.08.2007|18:03] C:\Programme\Oberon Media [07.05.2007|21:39] C:\Programme\Online Services [07.05.2007|21:41] C:\Programme\Online-Dienste [24.12.2008|16:46] C:\Programme\OO Software [12.08.2009|09:29] C:\Programme\Outlook Express [29.07.2007|18:01] C:\Programme\OXXOGames [13.06.2009|12:20] C:\Programme\PacketVideo [23.10.2007|20:19] C:\Programme\PC Connectivity Solution [26.06.2009|18:40] C:\Programme\Philips [07.08.2009|13:10] C:\Programme\Reference Assemblies [02.08.2007|01:00] C:\Programme\ReflexiveArcade [06.02.2009|12:45] C:\Programme\ROUTE 66 [07.05.2007|23:11] C:\Programme\S3Inc [05.02.2009|18:53] C:\Programme\Samsung [01.07.2007|21:03] C:\Programme\Slide [28.09.2009|19:56] C:\Programme\Spybot - Search & Destroy [01.07.2007|21:03] C:\Programme\SpywareBlaster [16.06.2009|09:50] C:\Programme\STAMPIT [04.01.2008|05:28] C:\Programme\SuperScan [10.06.2007|21:16] C:\Programme\Teamspeak2_RC2 [05.05.2009|23:33] C:\Programme\TeamViewer [15.02.2008|21:41] C:\Programme\TGTSoft [29.09.2009|11:39] C:\Programme\ThreatFire [28.10.2007|13:33] C:\Programme\Tobit ClipInc [04.08.2009|19:28] C:\Programme\TuneUp Utilities 2008 [15.06.2009|14:53] C:\Programme\TuneUp Utilities 2009 [08.05.2007|14:29] C:\Programme\Ulead Systems [07.05.2007|21:45] C:\Programme\Uninstall Information [07.05.2007|22:58] C:\Programme\USB Wireless Keyboard Driver [13.08.2007|22:53] C:\Programme\Valve [31.05.2007|15:16] C:\Programme\VideoLAN [09.05.2007|18:10] C:\Programme\VideoReDoPlus [12.06.2009|02:24] C:\Programme\VistaVisualMaster [10.11.2007|00:08] C:\Programme\Winamp [31.10.2007|23:50] C:\Programme\Winamp Remote [16.06.2009|09:56] C:\Programme\Windows Live [29.04.2009|21:00] C:\Programme\Windows Live SkyDrive [13.01.2009|01:37] C:\Programme\Windows Live Toolbar [08.10.2007|22:59] C:\Programme\Windows Media Connect 2 [26.07.2009|14:47] C:\Programme\Windows Media Player [05.02.2009|18:30] C:\Programme\Windows Mobile Device Handbook [28.09.2008|23:20] C:\Programme\Windows NT [02.05.2009|13:16] C:\Programme\Windows Sidebar [05.09.2007|21:04] C:\Programme\WindowsUpdate [06.05.2009|07:03] C:\Programme\WinRAR [07.05.2007|23:15] C:\Programme\X10 Hardware [07.05.2007|21:42] C:\Programme\xerox [23.10.2007|21:11] C:\Programme\Zero G Registry [20.10.2007|01:02] C:\Programme\Zone Labs [0|Datei(en)] C:\Programme\Bytes [115|Verzeichnis(se),] C:\Programme\Bytes frei --------------------\\ Ordner Verzeichnis unter C:\Programme\Gemeinsame Dateien [29.06.2009|13:50] C:\Programme\Gemeinsame Dateien\Adobe [15.08.2009|01:40] C:\Programme\Gemeinsame Dateien\Adobe AIR [07.05.2007|22:51] C:\Programme\Gemeinsame Dateien\Ahead [06.08.2007|15:53] C:\Programme\Gemeinsame Dateien\Apple [26.06.2009|18:40] C:\Programme\Gemeinsame Dateien\ArcSoft [11.02.2009|20:11] C:\Programme\Gemeinsame Dateien\ATI Technologies [04.08.2009|19:38] C:\Programme\Gemeinsame Dateien\AVSMedia [16.06.2009|12:40] C:\Programme\Gemeinsame Dateien\Blizzard Entertainment [16.06.2009|09:32] C:\Programme\Gemeinsame Dateien\Blizzard Entertainment.temp [21.04.2009|17:00] C:\Programme\Gemeinsame Dateien\DESIGNER [14.10.2007|00:02] C:\Programme\Gemeinsame Dateien\Dienste [10.08.2009|20:49] C:\Programme\Gemeinsame Dateien\DivX Shared [18.05.2009|16:29] C:\Programme\Gemeinsame Dateien\DVDVideoSoft [08.05.2007|14:29] C:\Programme\Gemeinsame Dateien\InstallShield [10.06.2007|13:38] C:\Programme\Gemeinsame Dateien\Java [01.05.2009|18:54] C:\Programme\Gemeinsame Dateien\Macrovision Shared [21.04.2009|17:07] C:\Programme\Gemeinsame Dateien\Microsoft Shared [07.05.2007|21:40] C:\Programme\Gemeinsame Dateien\MSSoap [02.05.2009|13:35] C:\Programme\Gemeinsame Dateien\Nero [16.12.2007|21:40] C:\Programme\Gemeinsame Dateien\Nokia [28.05.2007|15:11] C:\Programme\Gemeinsame Dateien\NSV [07.05.2007|22:37] C:\Programme\Gemeinsame Dateien\ODBC [16.12.2007|21:40] C:\Programme\Gemeinsame Dateien\PCSuite [06.02.2009|12:45] C:\Programme\Gemeinsame Dateien\ROUTE 66 [07.05.2007|22:37] C:\Programme\Gemeinsame Dateien\SpeechEngines [20.10.2007|11:02] C:\Programme\Gemeinsame Dateien\SWF Studio [27.10.2007|11:49] C:\Programme\Gemeinsame Dateien\Symantec Shared [29.04.2009|21:01] C:\Programme\Gemeinsame Dateien\System [16.06.2008|11:53] C:\Programme\Gemeinsame Dateien\Teleca Shared [29.07.2007|22:49] C:\Programme\Gemeinsame Dateien\Totem Shared [12.01.2009|17:13] C:\Programme\Gemeinsame Dateien\Windows Live [18.02.2008|12:55] C:\Programme\Gemeinsame Dateien\WindowsLiveInstaller [04.08.2009|19:27] C:\Programme\Gemeinsame Dateien\Wise Installation Wizard [0|Datei(en)] C:\Programme\Gemeinsame Dateien\Bytes [35|Verzeichnis(se),] C:\Programme\Gemeinsame Dateien\Bytes frei --------------------\\ Process ( 36 Processes ) ... OK ! --------------------\\ Ueberpruefung mit S_Lop Kein Lop Ordner gefunden ! --------------------\\ Suche nach Lop Dateien - Ordnern Kein Lop Ordner gefunden ! --------------------\\ Suche innerhalb der Registry [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ..... OK ! --------------------\\ Ueberpruefung der Hosts Datei Hosts Datei SAUBER --------------------\\ Suche nach verborgenen Dateien mit Catchme --------------------\\ Suche nach anderen Infektionen --------------------\\ Cracks & Keygens .. C:\DOKUME~1\mama\Desktop\2009\www.Marvin-Vibez.in hip pop\HipHop_3.01.09_www.Marvin-Vibez.in\Eminem - Crack A Bottle [www.Marvin-Vibez.in].mp3 C:\DOKUME~1\mama\Eigene Dateien\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Crack C:\DOKUME~1\mama\Eigene Dateien\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Crack.rar C:\DOKUME~1\mama\Eigene Dateien\Adobe.Photoshop.CS4.Extended.v11.0.German-TIw\Crack\disable_activation.cmd [F:5][D:4]-> C:\DOKUME~1\mama\LOKALE~1\Temp [F:22][D:0]-> C:\DOKUME~1\mama\Cookies [F:458][D:4]-> C:\DOKUME~1\mama\LOKALE~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 30.09.2009|11:34 - Option : [2] --------------------\\ Scan beendet um 11:34:21 4.) Combofix Gleiches Problem wie bei Malwarebytes. Die .exe datei lässt sich nicht ausführen. Hab bei Malwarebytes das Setup neu runtergeladen aber auch das lässt sich nicht merh ausführen.. |
|
|
||
30.09.2009, 11:51
Ehrenmitglied
Beiträge: 6028 |
#12
Dein Rechner ist infiziert mit Conficker
http://de.wikipedia.org/wiki/Conficker __________ MfG Argus |
|
|
||
30.09.2009, 12:03
Member
Themenstarter Beiträge: 21 |
#13
hört sich an als wäre es eine aussichtslose lage
|
|
|
||
30.09.2009, 12:22
Moderator
Beiträge: 5694 |
#14
Kannst Du hier alles sehen?
http://board.protecus.de/t36640.htm Du hast Dir Conficker über den USB Stick eingeschleust. Ist zur Zeit einer angeschlossen oder war einer dran? Schliess den an und mache folgendes: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe (Ignoriere Meldugnen von Avira) Gruss Swiss |
|
|
||
30.09.2009, 18:43
Member
Themenstarter Beiträge: 21 |
#15
Ich sehe alle Bilder und Logos.
ja, ich hab gelegentlich mal einen USB Stick dran. Ich hatte auch mal den Stick eines Freundes dran vllcht ist der virus über seinen Usb Stick auf den Pc gelangt. Beim starten von flash disinfector erhalte ich folgende Fehlermeldung: "Flashdisinfector.exe hat einen Fehler festgestellt und muss beendet werden." PS: Nach den bisherigen Abhandlungen eurer Tipps läuft der PC schon wieder wesentlich flüssiger nur das Problem mit den .exe dateien die sich nicht ausführen lassen oder sich automatisch beenden, besteht weiterhin. Dieser Beitrag wurde am 30.09.2009 um 18:48 Uhr von Macobi51 editiert.
|
|
|
||
wäre echt lieb, wenn sich jemand mal meine Logfile anschauen würde, um mir zu sagen, was mit meinem Rechner nicht stimmt.
Danke schonmal im Vorraus.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:49, on 28.09.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\MioNet\MioNetManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\MioNet\jvm\bin\MioNet.exe
C:\Programme\ThreatFire\TFService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\DT\Sinus 1054 data\Wifiusb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\ThreatFire\TFGui.exe
C:\Programme\ThreatFire\TFTray.exe
C:\Dokumente und Einstellungen\mama\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.explorerstartpage.com/wspage.php?ver=#ver
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66024
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66024
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66024
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66024
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: FunPopupAdsForYou - {32D4E117-BC2F-202C-06D6-88426BC7489D} - C:\Programme\FunPopupAdsForYou\FunPopupAdsForYou.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA61B0BB-5EE3-4E64-98D8-D46BE1BA3111} - C:\WINDOWS\System32\usrcntrb.dll
O2 - BHO: Mirar - {B9833F23-2CB4-4BFC-BF1B-2AFC51536473} - C:\WINDOWS\system32\win8c78.dll
O3 - Toolbar: Mirar - {B9833F22-2CB4-4BFC-BF1B-2AFC51536473} - C:\WINDOWS\system32\win8c78.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [phc710] C:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Programme\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [GMX SMS-Manager] C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: LaunchU3.exe.lnk = ?
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: TrayMin710.exe.lnk = ?
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Wecker-Alarm - {7B499570-29C5-4a80-9F57-94A420D140CE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Nach Wecker für Windows exportieren - {7B499570-29C5-4a80-9F57-94A420D140CE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O13 - DefaultPrefix: http://www.myhottersearchbox.com/not_found_de/?url=
O13 - WWW Prefix: http://www.myhottersearchbox.com/not_found_de/?url=
O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Programme\MioNet\MioNetManager.exe
O23 - Service: ThreatFire - PC Tools - C:\Programme\ThreatFire\TFService.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 11297 bytes