|
Log-Analyse und Auswertung: Hacked by FRANKFURTER im Internet ExplorerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.06.2008, 18:25 | #1 |
| Hacked by FRANKFURTER im Internet Explorer Ich habe seit einigen Tagen folgendes Problem, dass egal welche Seite ich mit dem IE besuche hinten Hacked by FRANKFURTER steht. Alles auf meinem Laptop funktioniert aber einwandfrei. Was kann das sein, was richtet das an? Anbei die HiJack Datei. Leider habe ich nicht so viel Ahnung (. Vielen Dank für eure Hilfe! [code]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:09:39, on 02.06.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Windows\system32\svchost.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\lxbscoms.exe C:\Windows\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Windows\system32\taskeng.exe C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynMedion.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\WButton.exe C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe C:\Program Files\Launch Manager\WisLMSvc.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\SPYWAREfighter\spftray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Hardcopy\hardcopy.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\rundll32.exe C:\Program Files\SPYWAREfighter\spfprc.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\FirewallControlPanel.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by FRANKFURTER R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [TVBroadcast] C:\Program Files\Sceneo\Bonavista\SERVICES\ODSBC\ODSBCApp.exe O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: Hardcopy.LNK = C:\Program Files\Hardcopy\hardcopy.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-17/4 (file missing) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-17/4 (file missing) O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-17/4 (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-17/4 (file missing) (HKCU) O13 - Gopher Prefix: O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.studivz.net/photouploader/ImageUploader4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxbs_device - - C:\Windows\system32\lxbscoms.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe -- End of file - 12391 bytes[\code] |
02.06.2008, 20:23 | #3 |
| Hacked by FRANKFURTER im Internet Explorer Hallo Myrtille!
__________________Du hast mir den Tag gerettet! Vielen Dank, der Virus war auf meinem USB Stick. Soll ich die Änderungen im Explorer wieder rückgängig machen? Ich habe keine cscript.exe Datei gefunden und auch nicht die File: 04-HKLM\..\[FRANKFURTER] C:\Windows\System32\FRANKFURTER.vbs Ich hoffe das ist egal?!?!?!?! Was war das? Ein Trojaner? Was hat der gemacht und kann ich sicher sein, dass er jetzt weg ist? Weder AntiVir noch SpyDoctor und Spywarefighter haben es erkannt. Vielen Dank und liebe Grüße Bitburger |
02.06.2008, 20:33 | #4 |
/// TB-Ausbilder | Hacked by FRANKFURTER im Internet Explorer Hi, ich bevorzuge die Einstellungen, so wie sie in dem Post angegeben wurden. Dadurch siehst du eher wenn an deinem System verändert wurde. Wenn du allerdings die anderen Einstellungen lieber magst spricht nichts dagegen sie zurückzustellen. Das vbs-File sollte jedoch da sein. Erstelle daher bitte einen Bericht mit DSS
Da sollten die Dateien auftauchen, wenn sie noch vorhanden sind. Ein zusätzlicher Antivirenscan kann nicht schaden lg myrtille
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM Spelling mistakes? Never, but keybaord malfunctions constantly! |
02.06.2008, 21:25 | #5 |
| Hacked by FRANKFURTER im Internet Explorer Hey vielen Dank für deine Hilfe! Anbei die Inhalte der beiten txt Dateien... leider sehr umfangreich. Hoffe du kannst mir helfen. Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0 Architecture: X86; Language: German CPU 0: AMD Turion(tm) 64 X2 Mobile Technology TL-50 Percentage of Memory in Use: 66% Physical Memory (total/avail): 893.95 MiB / 298.71 MiB Pagefile Memory (total/avail): 2056.23 MiB / 929.81 MiB Virtual Memory (total/avail): 2047.88 MiB / 1892.99 MiB C: is Fixed (NTFS) - 88.42 GiB total, 39.28 GiB free. D: is Fixed (FAT32) - 23.36 GiB total, 14.69 GiB free. E: is CDROM (No Media) \\.\PHYSICALDRIVE0 - WDC WD12 00BEVS-00RST SCSI Disk Device - 111.79 GiB - 2 partitions \PARTITION0 - Erweitert mit Int 13 (erweitert) - 23.37 GiB - D: \PARTITION1 (bootable) - Installierbares Dateisystem - 88.42 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. AV: Avira AntiVir PersonalEdition v 7.0.3.158 (Avira GmbH) AV: BullGuard Antivirus v (BullGuard Software) Disabled Outdated AS: Spyware Doctor v5.5.0.204 (PC Tools) AS: Avira AntiVir PersonalEdition v 7.0.3.158 (Avira GmbH) AS: Windows-Defender v1.1.1505.0 (Microsoft Corporation) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\ProgramData APPDATA=C:\Users\x\AppData\Roaming CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=x-PC ComSpec=C:\Windows\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Users\x LOCALAPPDATA=C:\Users\x\AppData\Local LOGONSERVER=\\x-PC NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 72 Stepping 2, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=4802 ProgramData=C:\ProgramData ProgramFiles=C:\Program Files PROMPT=$P$G PUBLIC=C:\Users\Public QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip SystemDrive=C: SystemRoot=C:\Windows TEMP=C:\Users\x~1\AppData\Local\Temp TMP=C:\Users\x~1\AppData\Local\Temp USERDOMAIN=x-PC USERNAME=x USERPROFILE=C:\Users\x windir=C:\Windows -- User Profiles --------------------------------------------------------------- x -- Add/Remove Programs --------------------------------------------------------- --> "C:\Program Files\InstallShield Installation Information\{3AD59E07-5D54-4142-8505-62889FEDFA59}\setup.exe" REMOVEALL --> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\Windows\UNNeroBackItUp.exe /UNINSTALL --> C:\Windows\UNNeroMediaHome.exe /UNINSTALL --> C:\Windows\UNNeroShowTime.exe /UNINSTALL --> C:\Windows\UNNeroVision.exe /UNINSTALL --> C:\Windows\UNRecode.exe /UNINSTALL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA7621DC-7144-4A24-973C-B9BC0E945628}\setup.exe" -l0x9 Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BB65C393-C76E-4F06-9B0C-2124AA8AF97B} Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.2 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003} Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log ALDI Foto Manager Free Sued 3.4.0.466 (D) --> C:\Program Files\ALDI Sued Foto Service\ALDI_Foto_Manager_Free\instslct.exe Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} Autodesk Design Review 2008 --> MsiExec.exe /I{FCF3DFF4-CB33-4343-9878-DEEC6D131DF8} Avira AntiVir Personal – Free Antivirus --> C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE DVDFab Platinum 3.0.5.0 --> "C:\Program Files\DVDFab Platinum 3\unins000.exe" eBay.de - Skype 3.0 --> "C:\Program Files\Skype\Phone\unins000.exe" Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) --> C:\Program Files\ALDI Sued Foto Service\Common\Database\uninstall.exe Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall Hardcopy (C:\Program Files\Hardcopy) --> SwSetupu "C:\Program Files\Hardcopy\hardcopy.del" HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall IEEE 802.11g Wireless LAN driver --> C:\Program Files\InstallShield Installation Information\{1EDFA38A-2FEB-4E62-82C9-DA415C0EEF33}\setup.exe -runfromtemp -l0x0009 -removeonly InterVideo MediaOne Gallery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34F0D55F-C386-4195-9A5B-961D3F6ACD46}\setup.exe" REMOVEALL InterVideo WinDVD 8 --> C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0407 iPod for Windows 2006-06-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1031 iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B} Launch Manager V1.3.9 --> C:\Program Files\InstallShield Installation Information\{D0846526-66DD-4DC9-A02C-98F9A2806812}\setup.exe -runfromtemp -l0x0007 -removeonly LetsTrade Komponenten --> C:\Windows\fpuninst.exe -uninstall:"c:\program files\letstrade\uninst\uninst.ini" Lexmark 810 Series --> C:\Program Files\Lexmark 810 Series\Install\x86\Uninst.exe maxx PDFMAILER --> MsiExec.exe /X{01310914-E3B8-40E8-BCF7-9C42E0639A43} MEDION Fotos auf CD Sued 6.0.2.0 (D) --> C:\Program Files\ALDI Sued Foto Service\Medion_Fotos_auf_CD_6\instslct.exe Mein Geld Professional --> MsiExec.exe /I{08E4F3CE-A34E-4667-8DE9-147249FAE468} Microsoft Office 2000 Premium --> MsiExec.exe /I{00000407-78E1-11D2-B60F-006097C998E7} Microsoft Office Access MUI (German) 2007 --> MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE} Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (German) 2007 --> MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE} Microsoft Office Groove MUI (German) 2007 --> MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE} Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office InfoPath MUI (German) 2007 --> MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE} Microsoft Office OneNote MUI (German) 2007 --> MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE} Microsoft Office Outlook MUI (German) 2007 --> MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (German) 2007 --> MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE} Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Italian) 2007 --> MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE} Microsoft Office Proofing (German) 2007 --> MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE} Microsoft Office Publisher MUI (German) 2007 --> MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE} Microsoft Office Shared MUI (German) 2007 --> MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE} Microsoft Office Word MUI (German) 2007 --> MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Works --> MsiExec.exe /I{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3} Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB925672) --> MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63} MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} Nero 7 Essentials --> MsiExec.exe /X{63B75E16-F290-4FCD-AF67-A9134CD01031} Norton™ Security Scan --> MsiExec.exe /I{E5431FB5-B3EB-46C8-8275-F6447131C98A} NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD} Realtek High Definition Audio Driver --> RtlUpd.exe -r -m Sceneo AbsolutTV --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}\Setup.exe" Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03} Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG SPYWAREfighter --> MsiExec.exe /X{772BD148-E274-495C-BF15-AB9454D57563} Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Ulead PhotoImpact 12 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11AFE21E-B193-430D-B57A-DFF7815BB962}\setup.exe" -l0x7 Ulead VideoStudio SE DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}\setup.exe" -l0x7 Update for Office System 2007 Setup (KB929722) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3} WinRAR Archivierer --> C:\Program Files\WinRAR\uninstall.exe WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall -- Application Event Log ------------------------------------------------------- Event Record #/Type22449 / Success Event Submitted/Written: 06/02/2008 09:12:46 PM Event ID/Source: 5617 / WinMgmt Event Description: Event Record #/Type22446 / Success Event Submitted/Written: 06/02/2008 09:12:41 PM Event ID/Source: 5615 / WinMgmt Event Description: Event Record #/Type22441 / Success Event Submitted/Written: 06/02/2008 09:12:34 PM Event ID/Source: 902 / Software Licensing Service Event Description: Der Softwarelizenzierungsdienst wurde gestartet. Event Record #/Type22433 / Warning Event Submitted/Written: 06/02/2008 09:10:53 PM Event ID/Source: 1530 / profsvc Event Description: Es wurde festgestellt, dass Ihre Registrierungsdatei noch von anderen Anwendungen oder Diensten verwendet wird. Die Datei wird nun entladen. Die Anwendungen oder Dienste, die Ihre Registrierungsdatei anhalten, funktionieren anschließend u. U. nicht mehr ordnungsgemäß. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-1892606246-2706166644-2971130193-1001_Classes: Process 1004 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1892606246-2706166644-2971130193-1001_CLASSES Event Record #/Type22432 / Warning Event Submitted/Written: 06/02/2008 09:10:52 PM Event ID/Source: 1530 / profsvc Event Description: Es wurde festgestellt, dass Ihre Registrierungsdatei noch von anderen Anwendungen oder Diensten verwendet wird. Die Datei wird nun entladen. Die Anwendungen oder Dienste, die Ihre Registrierungsdatei anhalten, funktionieren anschließend u. U. nicht mehr ordnungsgemäß. DETAIL - 6 user registry handles leaked from \Registry\User\S-1-5-21-1892606246-2706166644-2971130193-1001: Process 1004 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1892606246-2706166644-2971130193-1001 Process 4176 (\Device\HarddiskVolume1\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-1892606246-2706166644-2971130193-1001\Software\ahead\Nero Home\MediaLibrary Process 4176 (\Device\HarddiskVolume1\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-1892606246-2706166644-2971130193-1001\Software\ahead\Nero Home\MediaLibrary Process 4176 (\Device\HarddiskVolume1\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-1892606246-2706166644-2971130193-1001\Software\ahead\Nero Home\MediaLibrary Process 4176 (\Device\HarddiskVolume1\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-1892606246-2706166644-2971130193-1001\Software\ahead\Nero Home\MediaLibrary\Scanner Process 4176 (\Device\HarddiskVolume1\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-1892606246-2706166644-2971130193-1001\Software\ahead\Nero Home\MediaLibrary\Scanner -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type131979 / Error Event Submitted/Written: 06/02/2008 09:14:01 PM Event ID/Source: 7026 / Service Control Manager Event Description: mailKmd sptd VClone Event Record #/Type131943 / Error Event Submitted/Written: 06/02/2008 09:14:01 PM Event ID/Source: 7000 / Service Control Manager Event Description: Treiber für parallelen Anschluss%%1058 Event Record #/Type131898 / Error Event Submitted/Written: 06/02/2008 09:12:28 PM Event ID/Source: 15016 / HTTP Event Description: \Device\Http\ReqQueueKerberos Event Record #/Type131887 / Warning Event Submitted/Written: 06/02/2008 09:11:09 PM Event ID/Source: 4001 / Microsoft-Windows-WLAN-AutoConfig Event Description: Event Record #/Type131871 / Warning Event Submitted/Written: 06/02/2008 09:08:41 PM Event ID/Source: 225 / Microsoft-Windows-Kernel-PnP Event Description: 310444\Device\HarddiskVolume1\Windows\explorer.exe34USB\VID_13FE&PID_1D00\90730C002D2B -- End of Deckard's System Scanner: finished at 2008-06-02 22:10:54 ------------ Die zweite Datei kommt als neuer Eintrag Geändert von Bitburger (02.06.2008 um 21:38 Uhr) |
02.06.2008, 21:27 | #6 |
| Hacked by FRANKFURTER im Internet Explorer Deckard's System Scanner v20071014.68 Run by x on 2008-06-02 22:01:42 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 19: 2008-06-02 12:22:40 UTC - RP409 - Installed SPYWAREfighter. 18: 2008-06-02 11:29:57 UTC - RP408 - Spyware Doctor: Cleaning Threats 17: 2008-05-31 11:12:09 UTC - RP406 - Windows Update 16: 2008-05-31 11:09:15 UTC - RP405 - Windows Update 15: 2008-05-24 18:00:23 UTC - RP404 - Windows Update -- First Restore Point -- 1: 2008-04-10 06:11:43 UTC - RP390 - Windows Update Backed up registry hives. Performed disk cleanup. Total Physical Memory: 894 MiB (1024 MiB recommended). -- HijackThis (run as x.exe) --------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:06:54, on 02.06.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Windows\system32\svchost.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\lxbscoms.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynMedion.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\WButton.exe C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Launch Manager\WisLMSvc.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\SPYWAREfighter\spftray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Hardcopy\hardcopy.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\SPYWAREfighter\spfprc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Users\x\Desktop\dss.exe C:\Windows\System32\svchost.exe C:\Windows\system32\conime.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\x.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [.[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [=54896]Live Search[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ]Live Search[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [.com[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [TVBroadcast] C:\Program Files\Sceneo\Bonavista\SERVICES\ODSBC\ODSBCApp.exe O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: Hardcopy.LNK = C:\Program Files\Hardcopy\hardcopy.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - /1/707-1170-17534-17/4]eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen[/url] (file missing) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - [rover.ebay.com/rover/1/707-1170-17534-17/4]eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen[/url] (file missing) O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - rover.ebay.com/rover/1/707-1170-17534-17/4]eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen[/url] (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - [://rover.ebay.com/rover/1/707-1170-17534-17/4]eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen[/url] (file missing) (HKCU) O13 - Gopher Prefix: O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxbs_device - - C:\Windows\system32\lxbscoms.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe -- End of file - 12221 bytes -- File Associations ----------------------------------------------------------- .scr - AutoCADScriptFile - shell\open\command - "C:\Windows\system32\notepad.exe" "%1" -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 Hotkey - c:\windows\system32\drivers\hotkey.sys R1 ssmdrv - c:\windows\system32\drivers\ssmdrv.sys <Not Verified; AVIRA GmbH; > -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - "c:\program files\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation> R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 srvcPVR (Sceneo PVR Service) - c:\program files\sceneo\bonavista\services\pvr\pvrservice.exe <Not Verified; Buhl Data Service GmbH; Sceneo Buenavista> R3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home> R3 WisLMSvc - "c:\program files\launch manager\wislmsvc.exe" <Not Verified; Wistron Corp.; > S3 FirebirdServerMAGIXInstance (Firebird Server - MAGIX Instance) - c:\program files\aldi sued foto service\common\database\bin\fbserver.exe <Not Verified; MAGIX®; Firebird SQL Server - MAGIX Edition> S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-04-25 15:00:30 424 --a------ C:\Windows\Tasks\Norton Security Scan.job -- Files created between 2008-05-02 and 2008-06-02 ----------------------------- 2008-06-02 19:07:56 0 d-------- C:\Program Files\Trend Micro 2008-06-02 14:24:11 0 d-------- C:\Program Files\Common Files\Application 2008-06-02 14:23:43 0 d-------- C:\Program Files\SPYWAREfighter 2008-05-16 20:43:09 0 d-------- C:\Program Files\GEngine 2008-05-16 20:43:00 0 d-------- C:\Users\All Users\gotomaxx 2008-05-16 20:39:10 0 d-------- C:\Program Files\gotomaxx -- Find3M Report --------------------------------------------------------------- 2008-06-02 21:15:08 33095 --a------ C:\Users\x\AppData\Roaming\nvModes.001 2008-06-02 21:10:25 618430 --a------ C:\Windows\system32\perfh007.dat 2008-06-02 21:10:25 122648 --a------ C:\Windows\system32\perfc007.dat 2008-06-02 14:24:11 0 d-------- C:\Program Files\Common Files 2008-06-02 13:38:29 0 d-------- C:\Program Files\Spyware Doctor 2008-06-01 23:41:11 33095 --a------ C:\Users\x\AppData\Roaming\nvModes.dat 2008-05-24 19:52:36 0 d-------- C:\Program Files\Lx_cats 2008-05-16 20:43:09 0 d-------- C:\Users\x\AppData\Roaming\gotomaxx 2008-05-16 12:59:40 0 d-------- C:\Users\x\AppData\Roaming\Adobe 2008-05-15 08:33:12 0 d-------- C:\Program Files\Windows Mail 2008-04-25 15:00:02 0 d-------- C:\Program Files\Norton Security Scan 2008-04-18 20:38:24 0 d-------- C:\Program Files\Apple Software Update 2008-04-17 17:29:37 0 d-------- C:\Program Files\ALDI Sued Foto Service 2008-04-04 12:32:15 0 d-------- C:\Program Files\iTunes 2008-04-04 12:32:01 0 d-------- C:\Program Files\iPod 2008-04-04 12:29:19 0 d-------- C:\Program Files\QuickTime 2008-04-01 20:41:03 174 --ahs---- C:\Program Files\desktop.ini -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19.01.2008 09:38] "RtHDVCpl"="RtHDVCpl.exe" [15.02.2007 18:07 C:\Windows\RtHDVCpl.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15.02.2007 22:50] "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [25.07.2005 14:36] "HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [14.12.2006 17:53] "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [] "LMgrOSD"="C:\Program Files\Launch Manager\OSD.exe" [26.12.2006 12:23] "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [09.11.2006 15:37] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12.01.2006 16:40] "TVBroadcast"="C:\Program Files\Sceneo\Bonavista\SERVICES\ODSBC\ODSBCApp.exe" [23.02.2007 15:44] "UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [09.08.2006 13:27] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [17.10.2007 20:19] "toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [09.02.2007 16:54] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [20.04.2008 22:37] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27.10.2006 00:47] "LXBSCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBStime.dll" [22.02.2007 05:52] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.01.2008 23:16] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01.02.2008 12:55] "NvSvc"="C:\Windows\system32\nvsvc.dll" [13.01.2007 11:40] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [13.01.2007 11:40] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [13.01.2007 11:40] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28.03.2008 23:37] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30.03.2008 10:36] "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [21.02.2008 15:37] "@"="" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [19.01.2008 09:33] "WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" [] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [19.01.2008 09:33] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [23.12.2006 19:05] C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Hardcopy.LNK - C:\Program Files\Hardcopy\hardcopy.exe [08.08.2007 20:11:54] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [17.10.2007 20:19:12] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [18.02.1999 05:05:56] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [16.09.2007 14:00:53] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) "EnableUIADesktopToggle"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e6ff5c6-fa49-11db-87d5-0016d38252d5}] AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe LAT13.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eff4a844-1b6e-11dc-96a4-0016d38252d5}] AutoRun\command- F:\Setup.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-06-02 22:10:54 ------------ VIELEN DANK!!!!!!!!! Geändert von Bitburger (02.06.2008 um 21:36 Uhr) |
02.06.2008, 22:35 | #7 |
/// TB-Ausbilder | Hacked by FRANKFURTER im Internet Explorer Hi, da ist nur noch ein Schlüssel zu sehen. Du kannst den Eintrag entweder von Hand in regedit (start->ausführen->regedit eingeben) löschen, indem du zu dem entsprechenden Schlüssel navigierst und diesen über Rechtsklick löschst, oder du benutzt folgendes Skript: Code:
ATTFilter REGEDIT4 [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e6ff5c6-fa49-11db-87d5-0016d38252d5}] Die Datei sollte nun folgendes Icon erhalten: Führe die Datei nun mit einem Doppelklick aus. Es sollte sich ein Fenster öffnen, dass fragt ob man die Informationen der Registry hinzufügen will. Klicke Ja. Erstelle danach bitte noch ein neues Log mit DSS (main.txt reicht). lg myrtille
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM Spelling mistakes? Never, but keybaord malfunctions constantly! |
03.06.2008, 09:29 | #8 |
| Hacked by FRANKFURTER im Internet Explorer Hey, danke, anbei die neue Mail.txt. Was habe ich da grade gemacht ) mit der Registry? Deckard's System Scanner v20071014.68 Run by x on 2008-06-03 10:20:41 Computer is in Normal Mode. -------------------------------------------------------------------------------- Percentage of Memory in Use: 76% (more than 75%). Total Physical Memory: 894 MiB (1024 MiB recommended). -- HijackThis (run as x.exe) --------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:21:16, on 03.06.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Windows\system32\svchost.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\lxbscoms.exe C:\Windows\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Windows\system32\taskeng.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\WButton.exe C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe C:\Program Files\Synaptics\SynTP\SynMedion.exe C:\Program Files\Launch Manager\WisLMSvc.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\SPYWAREfighter\spftray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Hardcopy\hardcopy.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\SPYWAREfighter\spfprc.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Users\x\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\x~1.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = x//go.microsoft.com/fwlink/?LinkId=54896]Live Search[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = x.web.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = x.aldi.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = x.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = x.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = x \Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [TVBroadcast] C:\Program Files\Sceneo\Bonavista\SERVICES\ODSBC\ODSBCApp.exe O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: Hardcopy.LNK = C:\Program Files\Hardcopy\hardcopy.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - x.ebay.com/rover/1/707-1170-17534-17/4 (file missing) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - x.ebay.com/rover/1/707-1170-17534-17/4]eBay: Neue und gebrauchte Elektronikartikel, Autos, Kleidung, Sammlerstücke, Sportartikel und mehr ? alles zu günstigen Preisen[/url] (file missing) O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - x.ebay.com/rover/1/707-1170-17534-17/4 (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - x.ebay.com/rover/1/707-1170-17534-17/4 (file missing) (HKCU) O13 - Gopher Prefix: O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - x O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - x.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxbs_device - - C:\Windows\system32\lxbscoms.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe -- End of file - 12198 bytes -- Files created between 2008-05-03 and 2008-06-03 ----------------------------- 2008-06-02 19:07:56 0 d-------- C:\Program Files\Trend Micro 2008-06-02 14:24:11 0 d-------- C:\Program Files\Common Files\Application 2008-06-02 14:23:43 0 d-------- C:\Program Files\SPYWAREfighter 2008-05-16 20:43:09 0 d-------- C:\Program Files\GEngine 2008-05-16 20:43:00 0 d-------- C:\Users\All Users\gotomaxx 2008-05-16 20:39:10 0 d-------- C:\Program Files\gotomaxx -- Find3M Report --------------------------------------------------------------- 2008-06-03 10:13:55 33095 --a------ C:\Users\x\AppData\Roaming\nvModes.001 2008-06-02 21:10:25 618430 --a------ C:\Windows\system32\perfh007.dat 2008-06-02 21:10:25 122648 --a------ C:\Windows\system32\perfc007.dat 2008-06-02 14:24:11 0 d-------- C:\Program Files\Common Files 2008-06-02 13:38:29 0 d-------- C:\Program Files\Spyware Doctor 2008-06-01 23:41:11 33095 --a------ C:\Users\x\AppData\Roaming\nvModes.dat 2008-05-24 19:52:36 0 d-------- C:\Program Files\Lx_cats 2008-05-16 20:43:09 0 d-------- C:\Users\x\AppData\Roaming\gotomaxx 2008-05-16 12:59:40 0 d-------- C:\Users\x\AppData\Roaming\Adobe 2008-05-15 08:33:12 0 d-------- C:\Program Files\Windows Mail 2008-04-25 15:00:02 0 d-------- C:\Program Files\Norton Security Scan 2008-04-18 20:38:24 0 d-------- C:\Program Files\Apple Software Update 2008-04-17 17:29:37 0 d-------- C:\Program Files\ALDI Sued Foto Service 2008-04-04 12:32:15 0 d-------- C:\Program Files\iTunes 2008-04-04 12:32:01 0 d-------- C:\Program Files\iPod 2008-04-04 12:29:19 0 d-------- C:\Program Files\QuickTime 2008-04-01 20:41:03 174 --ahs---- C:\Program Files\desktop.ini -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19.01.2008 09:38] "RtHDVCpl"="RtHDVCpl.exe" [15.02.2007 18:07 C:\Windows\RtHDVCpl.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15.02.2007 22:50] "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [25.07.2005 14:36] "HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [14.12.2006 17:53] "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [] "LMgrOSD"="C:\Program Files\Launch Manager\OSD.exe" [26.12.2006 12:23] "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [09.11.2006 15:37] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12.01.2006 16:40] "TVBroadcast"="C:\Program Files\Sceneo\Bonavista\SERVICES\ODSBC\ODSBCApp.exe" [23.02.2007 15:44] "UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [09.08.2006 13:27] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [17.10.2007 20:19] "toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [09.02.2007 16:54] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [20.04.2008 22:37] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27.10.2006 00:47] "LXBSCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBStime.dll" [22.02.2007 05:52] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.01.2008 23:16] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01.02.2008 12:55] "NvSvc"="C:\Windows\system32\nvsvc.dll" [13.01.2007 11:40] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [13.01.2007 11:40] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [13.01.2007 11:40] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28.03.2008 23:37] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30.03.2008 10:36] "spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [21.02.2008 15:37] "@"="" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [19.01.2008 09:33] "WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" [] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [19.01.2008 09:33] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [23.12.2006 19:05] C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Hardcopy.LNK - C:\Program Files\Hardcopy\hardcopy.exe [08.08.2007 20:11:54] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [17.10.2007 20:19:12] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [18.02.1999 05:05:56] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [16.09.2007 14:00:53] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) "EnableUIADesktopToggle"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eff4a844-1b6e-11dc-96a4-0016d38252d5}] AutoRun\command- F:\Setup.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-06-03 10:22:18 ------------ Ist mein Laptop jetzt wieder sauber? DANKE und liebe Grüße |
03.06.2008, 10:18 | #9 |
/// TB-Ausbilder | Hacked by FRANKFURTER im Internet Explorer Hi, sieht gut aus Der Eintrag ist weg. Den Eintrag, den ich dich hab entfernen lassen entsprach einem Autostarteintrag, der sagte, dass beim Einstecken des Sticks die vbs-Datei auf dem Stick ausgeführt werden sollte. Eigentlich war es mehr Kosmetik als sonstwas, da der Eintrag die Datei natürlich nur ausführen kann, wenn die Datei sich noch auf dem Stick befindet, was hofentlich nicht mehr der Fall ist. lg myrtille
__________________ Anfragen per Email, Profil- oder privater Nachricht werden ignoriert! Hilfe gibts NUR im Forum! Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM Spelling mistakes? Never, but keybaord malfunctions constantly! |
Themen zu Hacked by FRANKFURTER im Internet Explorer |
antivir, avira, bho, browser, desktop, drivers, ebay, firefox, google, hijack, hijackthis, internet, internet explorer, launch, logfile, magix, mozilla, mozilla firefox, object, problem, security, senden, server, software, spyware, system, uleadburninghelper, vista, windows, windows defender, windows sidebar |