TV/Vundo.Gen und seine Freunde

AlppiratHB · 08.07.2008, 10:53

Hallo an alle helfenden Kämpfer,

ich habe seit gestern einen "Freund" auf meinem Geschäftsrechner, der sich unanständig breit macht. Laut Anvira Antivir ist es der TR/Vundo.Gen mit allen netten Nebenwirkungen, die in diversen Foren zu lesen sind.
Da ich aber ein völliger Laie in der Beseitigung solcher Probleme bin, wende ich mich vertrauensvoll an euch und euer Wissen. Ich bin ein reiner Benutzer und in nichts fit, was nicht Windows oder Office heisst. Und bevor ich meine "Seele" hier platt mache, neu aufsetze oder sie zu einem PC-Doc bringe, probiere ich es erst einmal hier.

Neben dem o.g. "Trojaner" sind:
-die Adminrechte weg
-unter "Start" fehlt die Hälfte der sonst üblichen Icons
-ein blinkendes weißes Kreuz in rotem Kreis in der Tastleiste mit der VIRUS ALERT! Warnung neben der Uhr
- Ein PopUp mit Spyware Alert für Worm.Win.32.NetBoooster auf englisch, der zum Download von Vista Antivirus 2008 auffordert

-Desktop-HIntergrund ist ersetzt worden gegen einen mittig zentrierten Warnhinweis in halb gelb, halb transparent, welches eine Virenwarnung mitteilt und zum Herunterladen eines Spyware Removers rät.

Installiert ist Windows XP mit SP2, IE 7, Avira Antivir, PC Tools Spyware Doctor mit Antivir, aktiver Windows-Schutzprogramme und ein Router.

Ich weiss beim besten Willen nicht, wie ich zu dieser "Ehre" gekommen bin, aber egal. Nun habe ich das Problem und hoffe inständig, daß mir geholfen werden kann.
Denn dieser Rechner hat alle wichtigen Geschäftsdaten drauf und ein Neuaufsetzen des Systems brächte mir wochenlange Wiederherstellungsarbeit, die ich mir verständlicherweise ersparen möchte.

Bitte beachtet, daß ich in der Handhabung mir fremder Programme und Anwendungen ein vollkommender Töffel bin. Mit 44 habe ich den Umgang mit PCs erst seit ca. 6 Jahren in Learnimg-by-doing erfahren.

Anbei schon mal ein Logfile von HighJack, ich hoffe, es ist hilfreich und richtig hier gepostet.

Und schon mal jetzt ein großes Danke für die Hilfe.

LG Alppirat

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24: VIRUS ALERT!, on 08.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\Spyware Doctor\pctsAuxs.exe
C:\Programme\Spyware Doctor\pctsSvc.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
C:\Programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\TOSHIBA\Tvs\TvsTray.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Programme\Raxco\PerfectDisk\PDSched.exe
C:\Programme\Windows Media Player\WMPNetwk.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe:
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.arcor.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://w*w.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://w*w.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://w*w.arcor.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.arcor.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = h**p://w*w.arcor.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QXK Olive - {26BB7FDF-BB85-4513-8D57-41581C246610} - C:\WINDOWS\wbxdpgfeoba.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: sqvgnrpx - {4CD6E3CE-395E-46C7-BA94-8E23942E5F81} - C:\WINDOWS\sqvgnrpx.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Tvs] C:\Programme\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [wlconfig] "C:\Programme\WLAN Monitor\wlconfig.exe" -autostart
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MBBalloon] C:\Programme\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: MediaChecker.lnk = C:\Programme\HOTALBUMMyBOX\MediaChecker.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Programme\Free Download Manager\dllink.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: eBay - {2D941D56-1B19-44AE-8CF5-08331A3B4CCF} - C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe (HKCU)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - h**p://160.45.89.245/LiveMap_Reiten-in-MV/mapguide/download/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - h**p://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172232100328
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} - h**p://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - h**p://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12B92767-44FC-4600-8A3C-005FE5593FAC}: NameServer = 213.191.92.86
O20 - Winlogon Notify: cbXQiGaW - cbXQiGaW.dll (file missing)
O21 - SSODL: fdxbameg - {91D53267-9C92-4C1B-B69A-AAB46AA00931} - C:\WINDOWS\fdxbameg.dll
O21 - SSODL: fsrpknov - {9144BF40-9A5E-4C1A-818B-87121D535FB1} - C:\WINDOWS\fsrpknov.dll
O23 - Service: AccSys WiFi Component (accsvc) - AccSys GmbH - C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: UPnPService - Magix AG - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 12170 bytes

myrtille · 08.07.2008, 13:09

Hi,
wir geben keinen Support für Geschäftsrechner, bitte wende dich an die dafürzuständigen Leute in deiner Firma. Tut mir Leid.

Außerdem würde ich dir empfehlen deine wichtigen Geschäftsdaten auf jedenfall zu sichern!
Es gibt Viren, die Daten einfach zerstören und für dich unzugänglich machen. Da wird eine Rettung sehr umständlich...
Und wenn die Festplatte letzendlich stirbt (und das tut sie häufiger als man denkt), wird dir auch keiner mehr helfen können. Dann sind alle Daten die auf der Platte waren futsch.

Grad bei Geschäfts- und Firmendaten sind Backups extrem wichtig.

lg myrtille

AlppiratHB · 08.07.2008, 13:40

Hallo ans Team,

ich sitze NICHT in einer Firma mit eigener PC-Abteilung, sondern bin ein kleiner Boutiquen-Besitzer. Zu Hause habe ich einen normalen PC stehen, hier im Geschäft ein Laptop, welches befallen ist.

Will/kann/darf mir deshalb niemand helfen?

LG
Alppirat

myrtille · 08.07.2008, 16:28

Hi,
wenn der PC dir gehört ist es glaub ich kein Problem. Dann kannst du die folgenden Sachen abarbeiten:

Führe bitte zuerst Smitfraudfix durch. Arbeite dafür direkt den Abschnitt "Reinigung" ab.
Poste das Log dann hier.

Führe danach noch Malwarebytes aus und lasse alles löschen was es findet. Poste das Log ebenfalls hier.

lg myrtille

AlppiratHB · 09.07.2008, 11:25

Ja, werde ich tun. Habe jetzt einen Ersatzrechner, um erst einmal erreichbar zu sein. Dann wird es wohl eine lange Nacht......

.....und DANKE

Thx a lot
Alppirat

AlppiratHB · 11.07.2008, 14:25

So, nun sind die gewünschten Arbeiten erledigt, anbei die Scans.

Eins vorweg: ominöse Programmverknüpfungen und Warnmeldungen sind verschwunden.

Code:

ATTFilter

SmitFraudFix v2.329

Scan done at 13:43:11,29, 11.07.2008
Run from C:\Dokumente und Einstellungen\BIM\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\WINDOWS\wbxdpgfeoba.dll deleted.
C:\WINDOWS\sqvgnrpx.dll deleted.
C:\WINDOWS\fdxbameg.dll deleted.


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{12B92767-44FC-4600-8A3C-005FE5593FAC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{12B92767-44FC-4600-8A3C-005FE5593FAC}: NameServer=213.191.92.86
HKLM\SYSTEM\CS1\Services\Tcpip\..\{12B92767-44FC-4600-8A3C-005FE5593FAC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{12B92767-44FC-4600-8A3C-005FE5593FAC}: NameServer=213.191.92.86
HKLM\SYSTEM\CS3\Services\Tcpip\..\{12B92767-44FC-4600-8A3C-005FE5593FAC}: NameServer=213.191.92.86
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

und der zweite von Malware:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.20
Datenbank Version: 938
Windows 5.1.2600 Service Pack 2

15:09:20 11.07.2008
mbam-log-7-11-2008 (15-09-20).txt

Scan Art: Komplett Scan (C:\|)
Objekte gescannt: 175412
Scan Dauer: 1 hour(s), 5 minute(s), 15 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 1
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 1
Infizierte Datei Objekte der Registrierung: 16
Infizierte Verzeichnisse: 12
Infizierte Dateien: 29

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
C:\WINDOWS\fsrpknov.dll (Trojan.FakeAlert) -> Unloaded module successfully.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{9144bf40-9a5e-4c1a-818b-87121d535fb1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fsrpknov (Trojan.FakeAlert) -> Delete on reboot.

Infizierte Datei Objekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Programme\rhc9o1j0eac5 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\BIM\Anwendungsdaten\rhc9o1j0eac5 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\BIM\Anwendungsdaten\rhc9o1j0eac5\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\BIM\Anwendungsdaten\rhc9o1j0eac5\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\BIM\Anwendungsdaten\rhc9o1j0eac5\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\BIM\Anwendungsdaten\rhc9o1j0eac5\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\BIM\Anwendungsdaten\rhc9o1j0eac5\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\BIM\Anwendungsdaten\rhc9o1j0eac5\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\BIM\Anwendungsdaten\rhc9o1j0eac5\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\BIM\Anwendungsdaten\rhc9o1j0eac5\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\BIM\Anwendungsdaten\rhc9o1j0eac5\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\BIM\Anwendungsdaten\rhc9o1j0eac5\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\flvfxogm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mgoxfvlf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\fsrpknov.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Programme\rhc9o1j0eac5\rhc9o1j0eac5Skin.dll (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8D8D9A2-504F-41DC-9E3F-D1F2FD65C5E3}\RP482\A0091408.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8D8D9A2-504F-41DC-9E3F-D1F2FD65C5E3}\RP484\A0091459.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8D8D9A2-504F-41DC-9E3F-D1F2FD65C5E3}\RP487\A0091573.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8D8D9A2-504F-41DC-9E3F-D1F2FD65C5E3}\RP487\A0091574.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8D8D9A2-504F-41DC-9E3F-D1F2FD65C5E3}\RP487\A0091575.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\emrx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\gpefaowr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Programme\rhc9o1j0eac5\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhc9o1j0eac5\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhc9o1j0eac5\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhc9o1j0eac5\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhc9o1j0eac5\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhc9o1j0eac5\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhc9o1j0eac5\rhc9o1j0eac5.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Programme\rhc9o1j0eac5\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcco1j0eac5.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcco1j0eac5.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\BIM\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\BIM\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\BIM\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\BIM\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\BIM\Favoriten\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\BIM\Favoriten\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\BIM\Favoriten\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.

Soweit erst einmal von mir, warte nun auf neue ( wenn nötig ) Instruktionen.

LG & thx
Alppirat

myrtille · 11.07.2008, 15:01

Hi,
ja die beiden Programmen sollten die Situation deutlich verbessern.

Erstelle bitte noch ein Log mit DSS:

Lade dir DSS
Schließe alle Anwendungen und führe DSS.exe dann mit einem Doppelklick aus
Führe während DSS arbeitet bitte keine anderen Aktionen durch
Am Ende öffnen sich 2 Datein main.txt und extra.txt
Poste den Inhalt beider Dateien hier

Das Programm löscht die temporären Dateien und erstellt eine Liste an Punkten, die ich gern überprüfen würde.

lg myrtille

AlppiratHB · 11.07.2008, 15:29

So, hier der erste Teil:

Code:

ATTFilter

Deckard's System Scanner v20071014.68
Run by BIM on 2008-07-11 16:10:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
10: 2008-07-11 14:03:37 UTC - RP488 - Deckard's System Scanner Restore Point
9: 2008-07-08 15:23:48 UTC - RP487 - Spyware Doctor: Cleaning Threats
8: 2008-07-08 11:58:20 UTC - RP486 - Removed BUM
7: 2008-07-08 11:26:00 UTC - RP485 - Java(TM) 6 Update 6 wird installiert
6: 2008-07-07 16:36:23 UTC - RP484 - Spyware Doctor: Cleaning Threats


-- First Restore Point -- 
1: 2008-07-07 12:09:09 UTC - RP479 - Systemprüfpunkt


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-11 16:12:26
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\explorer.exe
C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Toshiba\ConfigFree\CFSvcs.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\Spyware Doctor\pctsAuxs.exe
C:\Programme\Spyware Doctor\pctsSvc.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.exe
C:\WINDOWS\agrsmmsg.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Programme\Toshiba\ConfigFree\NDSTray.exe
C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
C:\Programme\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\DLA\DLACTRLW.EXE
C:\Programme\Toshiba\Tvs\TvsTray.exe
C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe
C:\Programme\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Spyware Doctor\pctsTray.exe
C:\Programme\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\Programme\Windows Media Player\wmpnscfg.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Programme\Raxco\PerfectDisk\PDSched.exe
C:\Programme\Microsoft ActiveSync\rapimgr.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Windows Media Player\wmpnetwk.exe
C:\Programme\HP\Digital Imaging\bin\hpqste08.exe
C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\alg.exe
C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Dokumente und Einstellungen\BIM\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\GoogleToolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Tvs] C:\Programme\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [wlconfig] "C:\Programme\WLAN Monitor\wlconfig.exe" -autostart
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MBBalloon] C:\Programme\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Schnellstart.lnk = C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Programme\Free Download Manager\dllink.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/6/7/5/675d28f5-2a8e-4bac-bd9b-ee147f352714/OGAControl.cab
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} () - http://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://160.45.89.245/LiveMap_Reiten-in-MV/mapguide/download/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172232100328
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} () - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{12B92767-44FC-4600-8A3C-005FE5593FAC}: NameServer = 213.191.92.86
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - (no file)
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: cbXQiGaW - C:\WINDOWS\system32\cbXQiGaW.dll (file missing)
O23 - Service: AccSys WiFi Component (accsvc) - AccSys GmbH - C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\Toshiba\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: UPnPService - Magix AG - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe

AlppiratHB · 11.07.2008, 15:30

Teil 2 von main.txt

Code:

ATTFilter

--
End of file - 13452 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PzWDM - c:\windows\system32\drivers\pzwdm.sys <Not Verified; Prassi Technology; PzWDM>
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync03 (StarForce Protection Synchronization Driver (version 3.x)) - c:\windows\system32\drivers\sfsync03.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 ssmdrv - c:\windows\system32\drivers\ssmdrv.sys <Not Verified; AVIRA GmbH; >
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 enodpl - c:\windows\system32\drivers\enodpl.sys
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R2 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
R2 s24trans (WLAN-Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 tandpl - c:\windows\system32\drivers\tandpl.sys
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 TVALD (Toshiba Mobile PC Service) - c:\windows\system32\drivers\nbsmi.sys <Not Verified; Toshiba Corporation; Toshiba Notebook PC SMI Service>
R3 Tvs (TOSHIBA Virtual Sound with SRS technologies) - c:\windows\system32\drivers\tvs.sys <Not Verified; TOSHIBA Corporation; Audio Filter>

S3 BVRPMPR5 (BVRPMPR5 NDIS Protocol Driver) - d:\instal~a\core\bvrpmpr5.sys (file missing)
S3 mbr - c:\dokume~1\bim\lokale~1\temp\mbr.sys (file missing)
S3 SVRPEDRV - c:\dokumente und einstellungen\bim\desktop\batttoolge\tool3emeag_0822\pedrv.sys (file missing)
S3 tosrfec (Bluetooth ACPI from TOSHIBA) - c:\windows\system32\drivers\tosrfec.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth EC Driver>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 accsvc (AccSys WiFi Component) - c:\programme\gemeinsame dateien\accsys\accsvc.exe <Not Verified; AccSys GmbH; accsvc Module>
R2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Planer) - "c:\programme\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 CFSvcs (ConfigFree Service) - c:\programme\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)>
R2 PDSched (PDScheduler) - c:\programme\raxco\perfectdisk\pdsched.exe <Not Verified; Raxco Software, Inc.; PDSched Module>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\programme\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 TAPPSRV (TOSHIBA Application Service) - "c:\programme\toshiba\toshiba applet\tappsrv.exe" <Not Verified; TOSHIBA Corp.; TOSHIBA TAPPSRV>

S3 FirebirdServerMAGIXInstance (Firebird Server - MAGIX Instance) - c:\magix\common\database\bin\fbserver.exe <Not Verified; MAGIX®; Firebird SQL Server - MAGIX Edition>
S3 UPnPService - c:\programme\gemeinsame dateien\magix shared\upnpservice\upnpservice.exe <Not Verified; Magix AG; UPnPService Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-11 15:00:50       388 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job


-- Files created between 2008-06-11 and 2008-07-11 -----------------------------

2008-07-11 15:11:11         0 dr-h----- C:\Dokumente und Einstellungen\BIM\Recent
2008-07-11 14:00:02         0 d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-07-11 13:43:23      3600 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-11 13:37:32         0 dr------- C:\Dokumente und Einstellungen\Administrator\Favoriten
2008-07-11 13:37:32         0 dr------- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien
2008-07-11 13:37:32         0 d--h----- C:\Dokumente und Einstellungen\Administrator\Druckumgebung
2008-07-11 13:37:32         0 d-------- C:\Dokumente und Einstellungen\Administrator\Desktop
2008-07-11 13:37:32         0 d--hs---- C:\Dokumente und Einstellungen\Administrator\Cookies
2008-07-11 13:37:32         0 d-------- C:\Dokumente und Einstellungen\Administrator\Application Data
2008-07-11 13:37:32         0 d-------- C:\Dokumente und Einstellungen\Administrator\Application Data\Intel
2008-07-11 13:37:32         0 dr-h----- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten
2008-07-11 13:37:31         0 d-------- C:\Dokumente und Einstellungen\Administrator\WINDOWS
2008-07-11 13:37:31         0 d--h----- C:\Dokumente und Einstellungen\Administrator\Vorlagen
2008-07-11 13:37:31         0 dr------- C:\Dokumente und Einstellungen\Administrator\Startmenü
2008-07-11 13:37:31         0 dr-h----- C:\Dokumente und Einstellungen\Administrator\SendTo
2008-07-11 13:37:31         0 dr-h----- C:\Dokumente und Einstellungen\Administrator\Recent
2008-07-11 13:37:31         0 d-------- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung
2008-07-11 13:37:31         0 d--h----- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen
2008-07-11 13:37:29   1310720 --ah----- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT
2008-07-08 11:24:13         0 d-------- C:\Programme\Trend Micro
2008-07-07 18:22:52         0 d-------- C:\Programme\Gemeinsame Dateien\PC Tools
2008-07-07 17:43:23         0 d-------- C:\Programme\Spyware Doctor
2008-07-07 17:40:37       974 --ahs---- C:\WINDOWS\system32\filnnnpo.ini2
2008-07-07 17:01:12         0 d-------- C:\Programme\Norton Security Scan
2008-07-07 14:30:16         0 d-------- C:\Programme\Avira
2008-07-07 14:08:59      1498 --ahs---- C:\WINDOWS\system32\vGjjlnnn.ini2
2008-07-03 13:37:17         0 d-------- C:\Programme\Veoh Networks
2008-06-25 12:49:17         0 d-------- C:\Programme\Sauerbraten


-- Find3M Report ---------------------------------------------------------------

2008-07-11 16:06:05         0 d-------- C:\Programme\WLAN Monitor
2008-07-11 14:00:09         0 d-------- C:\Dokumente und Einstellungen\BIM\Anwendungsdaten\Malwarebytes
2008-07-08 13:50:07         0 d-------- C:\Dokumente und Einstellungen\BIM\Anwendungsdaten\TmpRecentIcons
2008-07-08 13:27:11         0 d-------- C:\Programme\Java
2008-07-07 18:22:52         0 d-------- C:\Programme\Gemeinsame Dateien
2008-07-07 17:45:29    425692 --a------ C:\WINDOWS\system32\perfh007.dat
2008-07-07 17:45:29     78320 --a------ C:\WINDOWS\system32\perfc007.dat
2008-07-07 17:43:23         0 d-------- C:\Dokumente und Einstellungen\BIM\Anwendungsdaten\PC Tools
2008-07-07 17:00:23         0 d-------- C:\Programme\Google
2008-07-04 16:33:10         0 d-------- C:\Programme\HOTALBUMMyBOX
2008-07-04 16:29:46         0 d-------- C:\Programme\Napster
2008-07-01 18:37:33         0 d-------- C:\Dokumente und Einstellungen\BIM\Anwendungsdaten\OpenOffice.org2
2008-06-19 15:46:18         0 d-------- C:\Programme\Ubisoft
2008-06-19 15:46:16         0 d--h----- C:\Programme\InstallShield Installation Information
2008-06-17 11:37:58         0 d-------- C:\Programme\SlySoft
2008-06-03 17:30:21         0 d-------- C:\Programme\Arcor Fotoservice
2008-06-02 13:28:36         0 d-------- C:\Programme\CASIO
2008-05-28 12:07:49         0 d-------- C:\Programme\Take2
2008-05-24 14:58:40     21504 --a------ C:\WINDOWS\jestertb.dll
2008-05-23 15:20:18         0 d-------- C:\Programme\All-In-One
2008-05-20 11:09:26         0 d-------- C:\Programme\Microsoft Silverlight
2008-05-15 14:14:58         0 d-------- C:\Programme\Huonker_Inst


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [17.12.2005 01:32]
"RTHDCPL"="RTHDCPL.EXE" [10.12.2005 00:49 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [04.05.2005 03:43 C:\WINDOWS\Alcmtr.exe]
"AGRSMMSG"="AGRSMMSG.exe" [15.10.2005 15:29 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [03.08.2005 17:16 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" []
"SmoothView"="C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe" [13.05.2005 12:01]
"TFncKy"="TFncKy.exe" []
"TDispVol"="TDispVol.exe" [16.09.2005 14:53 C:\WINDOWS\system32\TDispVol.exe]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [06.10.2005 06:20]
"Tvs"="C:\Programme\TOSHIBA\Tvs\TvsTray.exe" [30.11.2005 13:25]
"IntelZeroConfig"="C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" [05.12.2005 12:37]
"IntelWireless"="C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" [28.11.2005 11:41]
"CFSServ.exe"="CFSServ.exe" []
"wlconfig"="C:\Programme\WLAN Monitor\wlconfig.exe" [06.03.2006 14:45]
"HP Software Update"="C:\Programme\HP\HP Software Update\HPWuSchd2.exe" [12.05.2005 00:12]
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" [10.05.2006 10:12]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11.01.2008 23:16]
"MBBalloon"="C:\Programme\HOTALBUMMyBOX\MBBalloon.exe" [30.11.2007 14:48]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [12.02.2008 10:06]
"ISTray"="C:\Programme\Spyware Doctor\pctsTray.exe" [07.07.2008 18:23]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_06\bin\jusched.exe" [25.03.2008 04:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 15:00]
"Steam"="" []
"swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [14.05.2008 12:03]
"H/PC Connection Agent"="C:\Programme\Microsoft ActiveSync\wcescomm.exe" [13.11.2006 14:50]
"WMPNSCFG"="C:\Programme\Windows Media Player\WMPNSCFG.exe" [03.11.2006 10:56]
"@"="" []

C:\Dokumente und Einstellungen\BIM\Startmen\Programme\Autostart\
Microsoft Office OneNote 2003 Schnellstart.lnk - C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE [19.04.2007 14:49:52]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe [12.05.2005 00:23:26]
HP Image Zone Schnellstart.lnk - C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe [12.05.2005 01:49:24]
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE [13.02.2001 02:01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=01000000
"NoStartMenuMorePrograms"=0 (0x0)
"StartMenuLogOff"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoSetFolders"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXQiGaW] 
cbXQiGaW.dll 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\opnnnlif

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^MediaChecker.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\MediaChecker.lnk
backup=C:\WINDOWS\pss\MediaChecker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Programme\Veoh Networks\Veoh\VeohClient.exe" /VeohHide




-- End of Deckard's System Scanner: finished at 2008-07-11 16:13:07 ------------

AlppiratHB · 11.07.2008, 15:34

und hier die Extra.txt Teil 1

Code:

ATTFilter

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: German

CPU 0: Genuine Intel(R) CPU           T2300  @ 1.66GHz
CPU 1: Genuine Intel(R) CPU           T2300  @ 1.66GHz
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 1021.98 MiB / 492.26 MiB
Pagefile Memory (total/avail): 2464.13 MiB / 1761.59 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.78 MiB

C: is Fixed (NTFS) - 92.91 GiB total, 18.27 GiB free. 
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK1032GSX - 93.16 GiB - 2 partitions
  \PARTITION0 (bootable) - Installierbares Dateisystem - 92.91 GiB - C:
  \PARTITION1 - Unknown - 251.02 MiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.191
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.1.114
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.77
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.215
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.239
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.215
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.1.86
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.76
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.165
 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.194
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.165
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.225
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.138
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.215
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.215
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.242
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.54
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.2.82
 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.215
 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.30
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.93
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.184
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.2.39
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.4
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.218
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.163
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.84
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.56
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.165
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.52
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.145
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.2.70
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.1.73
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.40
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.23
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.72
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.2.23
 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.215
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.35
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.2.70
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.99
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.2.82
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.212
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.124
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.215
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.160
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.1.36
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.45
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.36
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.215
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.1.86
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.1.36
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.239
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.182
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.138
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.160
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.1.114
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.215
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.41
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.133
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.71
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.1.114
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.93
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.215
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.237
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.54
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.132
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.215
 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.165
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.124
 (Avira GmbH)
AV: Spyware Doctor with AntiVirus v5.5.1.2 (PC Tools)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.181
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.96
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.8
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.218
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.58
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.2.27
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.2.16
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.199
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.1.114
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.212
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.145
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.124
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.140
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.131
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.124
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.165
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.124
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.51
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.54
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.1.36
 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.215
 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.48
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.73
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.31
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.36
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.213
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.219
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.2.33
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.231
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.2.82
 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.62
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.56
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.215
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.190
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.2.23
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.1.68
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.96
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.160
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.54
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.57
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.84
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.215
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.1.167
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.1.63
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.88
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.22
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.160
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.215
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.204
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.174
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Outdated
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.194
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.190
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.1.72
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.215
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.36
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.153
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.2.46
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.62
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.176
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.96
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.215
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.215
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.54
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.10
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.56
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.2.82
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.124
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.199
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.150
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.124
 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.147
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled

AlppiratHB · 11.07.2008, 15:35

und Teil 2 der extra.txt

Code:

ATTFilter

AV: Avira AntiVir PersonalEdition Classic v 6.39.0.73
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.7
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.1.86
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.1.167
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.73
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.231
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.150
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.96
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.124
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.84
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.201
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.103
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.16
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.127
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.62
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.1.86
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.215
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.46
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.184
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.20
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.73
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.66
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.215
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v 6.39.1.36
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.218
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.215
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.169
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.218
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.20
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition v8.0.1.18 (Avira GmbH) Disabled Outdated
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.157
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.187
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.215
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.83
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.216
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.2.11
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.160
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.69
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.99
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.215
 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.150
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.160
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.84
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.150
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.248
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.99
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.1.42
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.205
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.118
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.30
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.124
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.1.52
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.133
 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.72
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.161
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.218
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.1.58
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.16
 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v 6.39.1.36
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.133
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.1.47
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.124
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.65
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.137
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.218
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.187
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.215
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.124
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.205
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.118
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.96
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.121
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.47
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.160
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.176
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.215
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.115
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.190
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.86
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.215
 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v 6.39.1.36
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.219
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.160
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.45
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.2.82
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.212
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.160
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.56
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.20
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.176
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.124
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.73
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.187
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.1.47
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.198
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.2.80
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.218
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.124
 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.82
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.1.86
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.27
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.20
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.182
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.157
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.212
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.190
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.38.1.218
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v 6.39.1.86
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.42
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.1.60
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.2.54
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.56
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.248
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.98
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 7.0.0.207
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.1.36
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.1.86
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.0.205
 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v 6.39.1.73
 (Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Programme\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\SPIELE\\PANZERS - Phase1\\Run\\Panzers.exe"="C:\\SPIELE\\PANZERS - Phase1\\Run\\Panzers.exe:*:Enabled:-"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Assistent zum Übertragen von Dateien und Einstellungen"
"C:\\Programme\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Programme\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Enabled:BF1942"
"C:\\Programme\\Ubisoft\\Gearbox Software\\BrothersInArmsEiB\\System\\EiB.exe"="C:\\Programme\\Ubisoft\\Gearbox Software\\BrothersInArmsEiB\\System\\EiB.exe:*:Enabled:Brothers In Arms EiB spielen"
"C:\\Programme\\Toshiba\\TOSHIBA Assist\\TInTouch.exe"="C:\\Programme\\Toshiba\\TOSHIBA Assist\\TInTouch.exe:*:Enabled:Assist"
"C:\\Programme\\MC2\\Sniper Elite\\SniperElite.exe"="C:\\Programme\\MC2\\Sniper Elite\\SniperElite.exe:*:Enabled:SniperElite"
"C:\\Programme\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Programme\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Programme\\SmartFTP Client\\SmartFTP.exe"="C:\\Programme\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Programme\\GMX\\GMX MultiMessenger\\MESSENGR.EXE"="C:\\Programme\\GMX\\GMX MultiMessenger\\MESSENGR.EXE:*:Enabled:GMX MultiMessenger"
"C:\\Dokumente und Einstellungen\\BIM\\Desktop\\The Hunted Chronicles\\The Hunted Chronicle - 1\\TheHunted.exe"="C:\\Dokumente und Einstellungen\\BIM\\Desktop\\The Hunted Chronicles\\The Hunted Chronicle - 1\\TheHunted.exe:*:Enabled:DarkPlaces Game Engine"
"C:\\Programme\\Take2\\Hidden and Dangerous Deluxe\\bin\\hde.exe"="C:\\Programme\\Take2\\Hidden and Dangerous Deluxe\\bin\\hde.exe:*:Disabled:hde"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8-Server"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Programme\\Ubisoft\\Splinter Cell Pandora Tomorrow\\pandora.exe"="C:\\Programme\\Ubisoft\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Enabled:pandora"
"C:\\Programme\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Programme\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users
APPDATA=C:\Dokumente und Einstellungen\BIM\Anwendungsdaten
CLIENTNAME=Console
CommonProgramFiles=C:\Programme\Gemeinsame Dateien
COMPUTERNAME=TOSHY
ComSpec=C:\WINDOWS\system32\cmd.exe
DEVMGR_SHOW_DETAILS=1
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Dokumente und Einstellungen\BIM
LOGONSERVER=\\TOSHY
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programme\ATI Technologies\ATI.ACE\;C:\Programme\Samsung\Samsung PC Studio 3\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Programme
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOKUME~1\BIM\LOKALE~1\Temp
TMP=C:\DOKUME~1\BIM\LOKALE~1\Temp
USERDOMAIN=TOSHY
USERNAME=BIM
USERPROFILE=C:\Dokumente und Einstellungen\BIM
windir=C:\WINDOWS

AlppiratHB · 11.07.2008, 15:36

Teil 3 Extra.txt

Code:

ATTFilter

-- User Profiles ---------------------------------------------------------------

BIM (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

 --> C:\Dokumente und Einstellungen\BIM\Lokale Einstellungen\Anwendungsdaten\KodakGallery\EasyShareSetup\$SETUP_140007_1cec1d\Setup.exe /APR-REMOVE
 --> C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu
 --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
 --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) --> 
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
All-In-One 6.5.4 --> C:\WINDOWS\uninstall\All-In-One\setup.exe
AntivirXP08 --> "C:\Programme\rhc9o1j0eac5\uninstall.exe"
Arcor Fotoservice --> "C:\Programme\Arcor Fotoservice\unins000.exe"
ATI - Dienstprogramm zur Deinstallation der Software --> C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{4A460FEA-AF9C-416F-BA6E-EE239609BD1D}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avanquest update --> C:\Programme\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0007 -removeonly
Avira AntiVir Personal – Free Antivirus --> C:\Programme\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Battlefield Vietnam(TM) --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E35B3C63-E958-4E31-A178-95D22024109A}\setup.exe" -l0x7 
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
CCleaner (remove only) --> "C:\Programme\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x7 
CopyRightLeft 0.4 Beta --> C:\Programme\CopyRightLeft\unins000.exe
EAX4 Unified Redist --> MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) --> C:\MAGIX\Common\Database\uninstall.exe
FLV-Media Player 1.4 --> C:\Programme\FLV-Media Player\uninst.exe
Free Download Manager 2.5 --> "C:\Programme\Free Download Manager\unins000.exe"
GMX MultiMessenger --> C:\Programme\GMX\GMX MultiMessenger\uninst.exe
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\programme\google\googletoolbar1.dll"
Google Updater --> "C:\Programme\Google\Google Updater\GoogleUpdater.exe" -uninstall
GPL Ghostscript 8.56 --> C:\Programme\gs\uninstgs.exe "C:\Programme\gs\gs8.56\uninstal.txt"
GPL Ghostscript Fonts --> C:\Programme\gs\uninstgs.exe "C:\Programme\gs\fonts\uninstal.txt"
Half-Life 2 --> "C:\programme\steam\steam.exe" steam://uninstall/220
Half-Life 2: Deathmatch --> "C:\programme\steam\steam.exe" steam://uninstall/320
Half-Life 2: Episode One --> "C:\programme\steam\steam.exe" steam://uninstall/380
Half-Life: Source --> "C:\programme\steam\steam.exe" steam://uninstall/280
Hidden and Dangerous Deluxe --> "C:\Programme\Take2\Hidden and Dangerous Deluxe\Bin\IIUninst.exe" C:\Programme\Take2\Hidden and Dangerous Deluxe\Bin\install.log
HijackThis 2.0.2 --> "C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HOT ALBUM MYBOX --> C:\Programme\HOTALBUMMyBOX\VUninst.exe /a
HP Document Viewer 5.3 --> C:\Programme\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Extended Capabilities 5.3 --> C:\Programme\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.3 --> C:\Programme\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3 --> C:\Programme\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Officejet 5600 series --> rundll32 hpzcon12.dll,VendorJettison HP Officejet 5600 series
HP PSC & OfficeJet 5.3.B --> "C:\Programme\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Solution Center & Imaging Support Tools 5.3 --> C:\Programme\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Intel(R) PRO Network Connections Drivers --> Prounstl.exe
Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD Creator 2 --> "C:\Programme\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD for TOSHIBA --> "C:\Programme\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
IrfanView (remove only) --> C:\Programme\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Java(TM) 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
KSE Entertainment Pack 3.5 (Pocket PC) --> C:\WINDOWS\unin0407.exe -f"c:\programme\microsoft activesync\DeIsL2.isu"
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
MAGIX Foto Manager 2006 (D) --> C:\MAGIX\Foto_Manager_2006\instslct.exe
MAGIX MP3 Maker 11 (D) --> C:\MAGIX\MP3_Maker_11\instslct.exe
MAGIX Online Druck Service (D) --> C:\MAGIX\Online_Druck_Service\instslct.exe
Malwarebytes' Anti-Malware --> "C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
Media Library Management Wizard --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplibwiz.inf,DefaultUninstall
MEDION-Navigator --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9DF4A22C-2965-400D-8ED2-521B8B48607D}\setup.exe" -l0x7 
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130407-6000-11D3-8CFE-0150048383C9}
Microsoft Office OneNote 2003 --> MsiExec.exe /I{91A10407-6000-11D3-8CFE-0150048383C9}
Microsoft Outlook 2002 --> MsiExec.exe /I{911A0407-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mobile PhoneTools --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x7 
Movie Maker Background Music Files --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmmusic.inf,DefaultUninstall
Movie Maker Sound Effects --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmsounds.inf,DefaultUninstall
Movie Maker Title Images --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmtitle.inf,DefaultUninstall
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
Musicload Manager --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FBB6E04F-B100-42BE-8B96-B35D23992163}\Setup.exe" 
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Napster --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x7  -removeonly
Napster 3.5 MP3 Encoder --> MsiExec.exe /X{708F9BEF-2B8C-421D-813E-8CA9EA29B1B8}
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
NetObjects Fusion 8 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DEC6FDC0-BC7E-4811-8AE7-B3585FD25D9D}\setup.exe" -l0x7 anything -uninst 
Norton Security Scan --> MsiExec.exe /I{D4D9F101-9C35-477E-88FC-935415CD9916}
OpenAL --> "C:\Programme\OpenAL\oalinst.exe" /U
OpenOffice.org 2.0 --> MsiExec.exe /I{55A4E9CC-3F8D-4940-A2A4-EE04D3BADF74}
PANZERS - Phase1 --> C:\SPIELE\PANZERS - Phase1\Uninstall\UNWISE.EXE C:\SPIELE\PANZERS - Phase1\Uninstall\INSTALL.LOG
PDFCreator --> C:\Programme\PDFCreator\unins000.exe
PerfectDisk --> MsiExec.exe /I{C190CB55-817E-4713-84F4-0BBB8961CED9}
Plus! MP3 Audio Converter LE --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\audcle.inf,DefaultUninstall
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7  -removeonly
Red Orchestra --> "C:\PROGRA~1\Steam\steam.exe" steam://uninstall/1200
RedOrchestra SDK Beta --> "C:\PROGRA~1\Steam\steam.exe" steam://uninstall/1220
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x7  -removeonly
Santa Claus in trouble ... gold! --> C:\PROGRA~1\Santa Claus in trouble ... gold!\Uninstall\UNWISE.EXE C:\PROGRA~1\Santa Claus in trouble ... gold!\Uninstall\INSTALL.LOG
Sauerbraten --> "C:\Programme\Sauerbraten\uninstall.exe"
Scribus 1.3.3.9 --> C:\Programme\Scribus 1.3.3.9\uninst.exe
Silent Hunter III --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7} /l1031 
SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SmartFTP Client German Language Addon (remove only) --> C:\Programme\SmartFTP Client\Uninstall.SmartFTPDEU.exe
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Splinter Cell Pandora Tomorrow --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}\Setup.exe" -l0x7 
Spyware Doctor 5.5 --> C:\Programme\Spyware Doctor\unins000.exe /LOG
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Programme\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamSpeak 2 RC2 --> C:\Programme\Teamspeak2_RC2\unins000.exe
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4497AFF6-98C4-4F49-B073-F48F42BCBF9E} /l1031 
TextPad 4.7 --> MsiExec.exe /X{B510A987-487E-4C66-9F4F-D386AC275715}
TOSHIBA Assist --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x7 
TOSHIBA Benutzerhandbücher --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3EB6332B-AF02-457C-A31C-835458C5B48B}\setup.exe" -l0x7  -removeonly
TOSHIBA ConfigFree --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x7 UNINSTALL
TOSHIBA Controls --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x7 UNINSTALL
TOSHIBA Hotkey Utility --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{64DD71BC-3109-4C88-9AD3-D5422644B722}\setup.exe" -l0x7 
TOSHIBA PC-Diagnose-Tool --> C:\WINDOWS\IsUn0407.exe -fC:\Programme\TOSHIBA\PCDiag\Uninst.isu
TOSHIBA Power Saver --> C:\WINDOWS\IsUn0407.exe -f"C:\Programme\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"
TOSHIBA SD-Speicherkarten-Formatierung --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe" -l0x7 
TOSHIBA Software Modem --> Tosmreg -U
TOSHIBA TouchPad ON/Off Utility --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{69BE47C2-36FE-4397-8199-85D8EAE69982}\setup.exe" -l0x7 
TOSHIBA Utilities --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}\setup.exe" -l0x7 
TOSHIBA Virtual Sound --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe"  /uninstall
TOSHIBA Zoom-Dienstprogramm --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\setup.exe" 
TUGZip 3.4 --> "C:\Programme\TUGZip\unins000.exe"
VeohTV BETA --> C:\Programme\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Bonus Pack for Windows XP --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmbonus.inf,DefaultUninstall
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB884018 --> 
Wise Registry Cleaner 2.7 --> "C:\Programme\Wise Registry Cleaner\unins000.exe"
WLAN Monitor --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2808E975-BD01-47DD-9852-54E3C622BDDC}\setup.exe" -l0x7 
WLAN Quick-Starter --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E40268F4-7E9F-4E07-B773-7FF64971F42E}\setup.exe" -l0x7 
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type24066 / Warning
Event Submitted/Written: 07/11/2008 04:02:51 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
DR/Tool.Reboot.F.108C:\Dokumente und Einstellungen\BIM\Desktop\SmitfraudFix.exe

Event Record #/Type24065 / Warning
Event Submitted/Written: 07/11/2008 03:37:34 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
DR/Tool.Reboot.F.108C:\Dokumente und Einstellungen\BIM\Desktop\SmitfraudFix.exe

Event Record #/Type24064 / Warning
Event Submitted/Written: 07/11/2008 03:36:35 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
DR/Tool.Reboot.F.108C:\Dokumente und Einstellungen\BIM\Desktop\SmitfraudFix.exe

Event Record #/Type24052 / Warning
Event Submitted/Written: 07/11/2008 02:21:41 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
DR/Tool.Reboot.F.108C:\Dokumente und Einstellungen\BIM\Desktop\SmitfraudFix.exe

Event Record #/Type24051 / Warning
Event Submitted/Written: 07/11/2008 02:21:03 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
DR/Tool.Reboot.F.108C:\Dokumente und Einstellungen\BIM\Desktop\SmitfraudFix.exe



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type64650 / Error
Event Submitted/Written: 07/11/2008 03:13:47 PM
Event ID/Source: 1002 / Dhcp
Event Description:
Die IP-Adresslease 192.168.1.33 für die Netzwerkkarte mit der Netzwerkadresse 00A0D13A88F9 wurde durch
den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).

Event Record #/Type64649 / Warning
Event Submitted/Written: 07/11/2008 03:13:47 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Der Computer konnte die Netzwerkadresse, die durch den DHCP-Server für die
Netzwerkkarte mit der Netzwerkadresse 00A0D13A88F9 zugeteilt wurde, nicht erneuern. Der
folgende Fehler ist aufgetreten: 
%%1223.
Es wird weiterhin im Hintergrund versucht, eine Adresse vom
Netzwerkadressserver (DHCP) zu erhalten.

Event Record #/Type64494 / Error
Event Submitted/Written: 07/11/2008 01:55:20 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Der Dienst "PC Tools Security Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Event Record #/Type64493 / Error
Event Submitted/Written: 07/11/2008 01:55:19 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst PC Tools Security Service.

Event Record #/Type64486 / Error
Event Submitted/Written: 07/11/2008 01:52:36 PM
Event ID/Source: 10005 / DCOM
Event Description:
Bei DCOM ist der Fehler "%%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{1BE1F766-5536-11D1-B726-00C04FB926AF}



-- End of Deckard's System Scanner: finished at 2008-07-11 16:13:07 ------------

Gehe wieder in Lauerstellung

LG Alppirat

myrtille · 12.07.2008, 15:49

Hi,
Es gibt noch 2-3 Kleinigkeiten, insgesamt sieht es aber eigentlich ganz gut aus

Rufe HijackThis auf und fixe folgende Einträge:

Zitat:

O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - (no file)
O20 - Winlogon Notify: cbXQiGaW - C:\WINDOWS\system32\cbXQiGaW.dll (file missing)

Navigiere außerdem zu folgenden Dateien und lösche sie:

Zitat:

C:\WINDOWS\system32\filnnnpo.ini2
C:\WINDOWS\system32\vGjjlnnn.ini2

sowie den Ordner:

Zitat:

C:\Dokumente und Einstellungen\BIM\Anwendungsdaten\TmpRecentIcons
C:\Programme\rhc9o1j0eac5 (der Ordner sollte nicht mehr existieren, überprüfe das sicherheitshalber nochmal

)

um die Dateien sehen zu können, musst du alle Dateien sichtbar machen.

Erstelle danach bitte ein neues Hijackthislog und poste es heir

lg myrtille

AlppiratHB · 14.07.2008, 09:56

So, hier der neue HJT-Log, wobei ich die Zeilen 09 und 018 so wie beschrieben nicht gefunden habe, deswegen habe ich da nichts gemacht, nur den 020-er hab ich geschreddert.
ini2-Dateien sind gelöscht, ebenso die genannten Ordner.

Wenn es das jetzt war, dann sage ich ein riesengroßes Danke und in Bremen steht immer ein Kaffee o.ä. fürs Team bereit.

DANKE-DANKE
Alppirat

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:13, on 14.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
C:\Programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\TOSHIBA\Tvs\TvsTray.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Spyware Doctor\pctsTray.exe
C:\Programme\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\Spyware Doctor\pctsAuxs.exe
C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Spyware Doctor\pctsSvc.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Programme\Raxco\PerfectDisk\PDSched.exe
C:\Programme\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Trend Micro\HijackThis\hjt.com
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.arcor.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Tvs] C:\Programme\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [wlconfig] "C:\Programme\WLAN Monitor\wlconfig.exe" -autostart
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MBBalloon] C:\Programme\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Schnellstart.lnk = C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Programme\Free Download Manager\dllink.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: eBay - {2D941D56-1B19-44AE-8CF5-08331A3B4CCF} - C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe (HKCU)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} - http://160.45.89.245/LiveMap_Reiten-in-MV/mapguide/download/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172232100328
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12B92767-44FC-4600-8A3C-005FE5593FAC}: NameServer = 213.191.92.86
O23 - Service: AccSys WiFi Component (accsvc) - AccSys GmbH - C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: UPnPService - Magix AG - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 11454 bytes

myrtille · 14.07.2008, 10:21

Hi,
sieht gut aus

Sämtliche Einträge waren "Karteileichen", das heißt Verweise auf Dateien die nicht mehr existieren. Es geht hauptsächlich darum, dass sie nicht mehr da sind.

Die von uns benutzten Programme kannst du über Start->Systemsteuerung->Software wieder deinstallieren. (Hijackthis und Malwarebytes). Hier bitte auch diese alte Javaversion deinstallieren:

Zitat:

J2SE Runtime Environment 5.0 Update 4

Aktuell ist 6.7

DSS und Smitfraudfix kannst du einfach so löschen.

Bremen ist dann doch ein wenig weit für einen Kaffee

Aber ich werd mich melden, sollte ich mal in Bremen sein.

Grüße aus dem südlichen Gipfel Deutschlands
lg myrtille

TV/Vundo.Gen und seine Freunde

Plagegeister aller Art und deren Bekämpfung: TV/Vundo.Gen und seine Freunde