View Full Version : Unwanted Popus, Redirect to maleware site and prnet.tmp
hornet99
2009-05-06, 10:37
Hi,
I think i have a virus or maleware on my System, please help.
I tried the solution from another thread with prnet.tmp on this Forum but
i think it doesnt helped.
When i Click on a link with prnet.tmp or something else, then i would redirected to a site with download button.
Thanks for help
Hubi
Here is my HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:52, on 06.05.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\DRIVERS\CDAC11BA.EXE
C:\WINDOWS\system32\SCMSymbols.exe
C:\Programme\Compaq\Compaq Management Agents\cpqalert.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Fujitsu HandyDrive\Password\F3EJTHDD.EXE
C:\Programme\Intel\Shiva VPN Client\icsrv.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\LogWatNT.exe
c:\Programme\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
c:\Programme\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
C:\Programme\Microsoft SQL Server\MSAS10.DEV2008\OLAP\bin\msmdsrv.exe
C:\Programme\Microsoft SQL Server\MSSQL10.DEV2008\MSSQL\Binn\sqlservr.exe
C:\Programme\Microsoft SQL Server\MSSQL$FRS\Binn\sqlservr.exe
C:\PROGRA~1\MICROS~4\MSSQL$~2\binn\sqlservr.exe
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
C:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Programme\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\NMSAccessU.exe
C:\Programme\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Programme\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Programme\Raxco\PerfectDiskRx\PD9Engine.exe
C:\Programme\Advanced Registry Doctor\RegManServ.exe
C:\Programme\Microsoft SQL Server\MSRS10.DEV2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\WINDOWS\system32\sokscmnt.exe
C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\Programme\Microsoft SQL Server\MSSQL\binn\sqlagent.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Programme\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\vmnat.exe
C:\Programme\VMware\VMware Server\tomcat\bin\Tomcat6.exe
C:\Programme\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\Programme\UltraVNC\WinVNC.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\Programme\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Programme\VMware\VMware Server\vmware-authd.exe
C:\Programme\MSI\SecureDoc\Logon.exe
C:\Programme\SpamPal\spampal.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Programme\VMware\VMware Server\vmware-hostd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=3079
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Programme\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: metaspinner GmbH - {D3AA56A9-8137-4950-A6F9-D0190A82AF2A} - (no file)
O3 - Toolbar: (no name) - {B50FCD28-C2CC-4f3b-B755-62B086EDE4D5} - (no file)
O3 - Toolbar: &Netviewer one2one - {CFC903DC-64D4-41AD-8EA7-B7A93F618F1A} - C:\PROGRA~1\NETVIE~1\one2one\Plugin\IEPLUG~1\IEONE2~1.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Netviewer Support - {E1F9EDE7-EF90-4A65-A5A4-D2FFEEA5D469} - C:\PROGRA~1\NETVIE~1\Support\Plugin\IEPLUG~1\NVIEPL~1.DLL
O4 - HKLM\..\Run: [PTBSync] C:\Programme\PTBSync\PTBSync.exe /Start
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [Matrox PowerDesk SE] "c:\Programme\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Mini-XP] C:\Dokumente und Einstellungen\hubi\Desktop\minimizer-xp\Mini-XP.exe
O4 - HKUS\S-1-5-21-2978594281-2573486863-215276418-1075\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-2978594281-2573486863-215276418-1075 Startup: DSL-Manager.lnk = C:\WINDOWS\DslMgr.exe (User 'postgres')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE
O4 - Startup: Netlaufwerke verbinden LXPro.lnk = C:\admin\netlogon\logon.bat
O4 - Startup: SpamPal.lnk.disabled
O4 - Global Startup: A-Trust a-sign Client.lnk.disabled
O4 - Global Startup: Adobe Reader - Schnellstart.lnk.disabled
O4 - Global Startup: Dienst-Manager.lnk = C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: klickTel - Schnellstarter - 32-Bit.lnk.disabled
O4 - Global Startup: Logitech SetPoint.lnk.disabled
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Programme\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: Office-Bibliothek-Direktsuche.lnk.disabled
O4 - Global Startup: Post-it® Software Notes Lite.lnk.disabled
O4 - Global Startup: SecureDoc.lnk = C:\Programme\MSI\SecureDoc\Logon.exe
O4 - Global Startup: SecureDoc.lnk.disabled
O4 - Global Startup: Verknüpfung mit spampal.lnk = C:\Programme\SpamPal\spampal.exe
O4 - Global Startup: VPN Client.lnk.disabled
O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/229?42cb7a0136984f96b226aa7eb2c947c4
O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/230?42cb7a0136984f96b226aa7eb2c947c4
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Buyertools Reminder - {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - C:\Programme\Buyertools Reminder\ReminderIE.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programme\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Programme\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyBingo.com - {B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - C:\Programme\PartyGaming\PartyBingo\RunBingo.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\vmware\vmware server\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\programme\vmware\vmware server\vsocklib.dll
O12 - Plugin for .UVR: C:\Programme\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {143B3E6F-2C70-4238-85A1-D4F414C792B8} (DemoShield DemoX Class) - http://www.installshield.com/downloads/ds/files/75/demox.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1118268009555
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1118267968383
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{57482DC5-6D39-4877-B56D-24748060927B}: NameServer = 10.0.1.254
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: CHIPDRIVE Disk Encryption Service (CHIPDRIVE_Disk_Encryption_Service) - Unknown owner - C:\WINDOWS\system32\SCMSymbols.exe
O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown owner - C:\DOKUME~1\hubi\LOKALE~1\Temp\INSTAL~1.EXE (file missing)
O23 - Service: Insight Local Alerter (CPQALERT) - Hewlett-Packard Company - C:\Programme\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Ferner Befehl für Client Access Express (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (file missing)
O23 - Service: HandyDrive Password Lock Tool Service (F3EJTHDD) - FUJITSU LIMITED - C:\Programme\Fujitsu HandyDrive\Password\F3EJTHDD.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Shiva VPN Client (ICService) - Unknown owner - C:\Programme\Intel\Shiva VPN Client\icsrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: eTrust Antivirus-RPC-Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus-Echtzeitserver (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus-Jobserver (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Programme\Gemeinsame Dateien\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: Matrox Centering Service - Matrox Graphics Inc. - c:\Programme\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
O23 - Service: Matrox.Pdesk.ServicesHost - Matrox Graphics Inc - c:\Programme\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
O23 - Service: MySQL - Unknown owner - C:\Programme\MySQL\MySQL.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\WINDOWS\system32\NMSAccessU.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: PD9Engine - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDiskRx\PD9Engine.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Radmin Communication Server (rcomsrv) - Unknown owner - C:\WINDOWS\system32\rcomsrv30\rcomsrv.exe (file missing)
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Programme\Advanced Registry Doctor\RegManServ.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: CHIPDRIVE Smartcard Office Kernel (SCM_Smart_Card_Office_Kernel) - SCM Microsystems - C:\WINDOWS\system32\sokscmnt.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programme\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: VMware Host Agent (VMwareHostd) - Unknown owner - C:\Programme\VMware\VMware Server\vmware-hostd.exe
O23 - Service: VMware Server Web Access (VMwareServerWebAccess) - Apache Software Foundation - C:\Programme\VMware\VMware Server\tomcat\bin\Tomcat6.exe
O23 - Service: VMware VSS Writer (vmwriter) - VMware, Inc. - C:\Programme\VMware\VMware Server\vmVssWriter.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Programme\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Programme\UltraVNC\WinVNC.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOKUME~1/hubi/LOKALE~1/Temp/msohtml1/01/clip_image002.jpg
--
End of file - 19795 bytes
pskelley
2009-05-08, 13:13
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
You must have read and followed the "Before you Post" instructions, anything else will waste your time and mine.
When i Click on a link with prnet.tmp
Why would you click on a link for something you do not know?
http://www.prevx.com/filenames/X3205869875180229744-X1/PRNET.TMP.html
Before we start. you have a load of running processes, many the I do not know. This information may help your computer run better:
http://www.netsquirrel.com/msconfig/msconfig_xp.html
http://www.malwareremoval.com/tutorials/runningslowly.php
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/atwork/getstarted/speed.mspx
Read and follow the directions carefully and always in the posted/numbered order.
1) Please DO NOT ENABLE Spybot S&D TeaTimer while we work together.
2) A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use
Download ComboFix from here:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://i24.photobucket.com/albums/c30/ken545/RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://i24.photobucket.com/albums/c30/ken545/whatnext.jpg
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Tutorial if needed
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
3) Post also an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Image: http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
Thanks
hornet99
2009-05-11, 15:01
Hi psKelley,
thanks for your help.
I will work off all your instructions.
hornet99
PS:
[QUOTE=pskelley;310792]
Why would you click on a link for something you do not know?
http://www.prevx.com/filenames/X3205869875180229744-X1/PRNET.TMP.html
The Link was on a similar website as your link but it was redirected
hornet99
2009-05-11, 15:21
Hi pskelley,
here is the combofix log:
ComboFix 09-05-05.03 - hubi 11.05.2009 15:07.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.43.1031.18.3071.2040 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\hubi\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\MabryObj.dll
.
((((((((((((((((((((((( Dateien erstellt von 2009-04-11 bis 2009-05-11 ))))))))))))))))))))))))))))))
.
2026-03-08 09:43 . 2026-03-08 09:43 3120 ----a-w c:\windows\system32\DISPKRNL.DLL
2009-05-07 08:52 . 2009-05-07 09:22 -------- d-----w c:\dokumente und einstellungen\hubi\Anwendungsdaten\Download Manager
2009-05-06 16:11 . 2008-08-26 14:17 113664 ----a-w c:\windows\system32\drivers\ewusbnet.sys
2009-05-06 16:11 . 2008-04-14 07:36 621056 ----a-w c:\windows\system32\drivers\mod7700.sys
2009-05-06 16:11 . 2008-07-24 10:02 101376 ----a-w c:\windows\system32\drivers\ewusbmdm.sys
2009-05-06 16:11 . 2007-08-09 02:13 24448 ----a-w c:\windows\system32\drivers\ewdcsc.sys
2009-05-06 16:10 . 2009-05-06 16:15 -------- d-----w c:\programme\Mobile Partner
2009-05-06 13:42 . 2009-05-06 13:43 -------- d-----w c:\dokumente und einstellungen\hubi-online
2009-05-06 12:57 . 2009-05-06 12:57 -------- d-----w c:\dokumente und einstellungen\hubi\Anwendungsdaten\Malwarebytes
2009-05-06 12:57 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-06 12:57 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-06 12:57 . 2009-05-06 12:57 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-05-06 12:57 . 2009-05-06 12:57 -------- d-----w c:\programme\Malwarebytes' Anti-Malware
2009-05-06 08:57 . 2009-05-11 12:59 -------- d-----w c:\programme\SDistTest
2009-05-06 08:27 . 2009-05-06 08:27 -------- d-----w c:\programme\Trend Micro
2009-05-06 08:25 . 2009-05-06 08:25 -------- d-----w c:\programme\ERUNT
2009-05-05 15:20 . 2009-05-05 15:20 23040 ----a-w c:\windows\system32\loader49.exe
2009-05-04 10:16 . 2008-07-11 00:27 79896 ----a-w c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2009-05-04 10:16 . 2008-07-11 00:27 50200 ----a-w c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2009-04-29 16:13 . 2009-04-29 16:13 22 ----a-w C:\Datenbank20090429181343_ID3584104.zip
2009-04-29 08:24 . 2009-05-05 09:43 -------- d-----w C:\PS
2009-04-29 08:06 . 2009-04-29 08:20 -------- d-----w c:\dokumente und einstellungen\hubi\Anwendungsdaten\PersBackup
2009-04-29 08:06 . 2009-04-29 08:06 -------- d-----w c:\programme\Personal Backup 4
2009-04-17 11:14 . 2000-08-05 23:50 36939 ----a-w c:\windows\system32\insrepim.exe
2009-04-16 14:04 . 2009-04-16 14:05 -------- d-----w c:\programme\MobileMeter3
2009-04-16 09:57 . 2009-04-16 09:57 -------- d-----w c:\programme\Registry System Wizard
2009-04-16 08:50 . 2009-04-16 08:51 -------- d-----w C:\KingstonUSBStick
2009-04-15 05:21 . 2009-02-09 10:51 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 05:21 . 2009-02-09 10:51 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 05:21 . 2009-02-09 10:51 678400 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 05:21 . 2009-02-09 10:51 736768 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 05:21 . 2009-02-09 10:51 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 05:21 . 2009-02-09 10:51 740352 ------w c:\windows\system32\dllcache\ntdll.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-07 10:34 . 2004-06-09 07:26 -------- d-----w c:\programme\HOB
2009-05-06 16:38 . 2004-06-09 11:52 -------- d-----w c:\programme\VBPartner 6.0
2009-05-06 16:17 . 2003-05-27 12:45 834622 ----a-w c:\windows\system32\perfh007.dat
2009-05-06 16:17 . 2003-05-27 12:45 234548 ----a-w c:\windows\system32\perfc007.dat
2009-05-06 15:17 . 2004-06-09 12:36 -------- d-----w c:\programme\DB Ghost
2009-05-06 15:15 . 2004-10-04 17:39 -------- d-----w c:\programme\Preispiraten
2009-05-06 08:06 . 2007-08-30 12:03 12 ----a-w c:\windows\bthservsdp.dat
2009-05-05 15:23 . 2004-06-16 21:52 -------- d-----w c:\programme\Spybot - Search & Destroy
2009-05-05 14:55 . 2004-06-08 20:15 -------- d-----w c:\programme\IrfanView
2009-05-04 17:33 . 2008-08-12 12:23 0 ----a-w c:\dokumente und einstellungen\All Users\Anwendungsdaten\playercachelines.tmp
2009-05-04 17:26 . 2008-11-20 17:36 2269 ----a-w c:\dokumente und einstellungen\All Users\Anwendungsdaten\sortedcards.tmp
2009-05-04 15:47 . 2008-02-17 13:42 -------- d-----w c:\programme\Titan
2009-05-04 12:56 . 2005-08-02 14:27 -------- d-----w c:\programme\Microsoft
2009-05-04 10:15 . 2004-06-08 21:59 -------- d-----w c:\programme\Microsoft SQL Server
2009-05-04 10:02 . 2008-03-28 19:28 -------- d-----w c:\programme\Microsoft Visual Studio 9.0
2009-04-30 12:46 . 2006-02-16 21:02 -------- d-----w c:\programme\PartyGaming
2009-04-28 14:30 . 2005-11-30 23:21 -------- d-----w c:\programme\Z-DBackup
2009-04-28 14:05 . 2005-11-30 23:21 90416 ------w c:\windows\AKDeInstall.exe
2009-04-28 10:05 . 2007-05-21 13:35 -------- d-----w c:\programme\Motorola Phone Tools
2009-04-28 10:04 . 2007-05-21 13:36 -------- d-----w c:\programme\Avanquest update
2009-04-28 08:02 . 2006-11-03 19:26 -------- d-----w c:\programme\BitTornado
2009-04-20 12:23 . 2005-09-18 08:50 -------- d-----w c:\programme\Buyertools Reminder
2009-04-17 09:54 . 2009-01-13 08:18 -------- d-----w c:\programme\PDFZilla
2009-04-17 09:19 . 2009-03-30 14:43 -------- d-----w c:\programme\Microsoft Analysis Services
2009-04-15 16:23 . 2004-10-08 10:21 -------- d-----w c:\programme\NetViewer
2009-04-14 16:19 . 2007-08-29 08:58 67088 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-04-08 10:07 . 2009-04-08 10:07 100 ----a-w C:\copytest.bat
2009-04-08 08:37 . 2009-03-24 14:34 -------- d-----w c:\programme\Microsoft Enterprise Library 4.1 - October 2008
2009-04-03 10:59 . 2009-04-03 10:59 -------- d-----w c:\programme\PostgreSQL
2009-04-01 08:00 . 2009-04-01 08:00 -------- d-----w c:\programme\sevZIP30
2009-03-31 14:20 . 2009-03-31 14:18 -------- d-----w c:\programme\Dino Chiesa
2009-03-31 14:18 . 2009-03-31 14:18 -------- d-----w c:\programme\DotNetZip Utilities v1.7
2009-03-31 13:51 . 2009-03-31 13:51 -------- d-----w c:\programme\Kellerman Software
2009-03-30 15:54 . 2009-03-30 15:54 2272 ----a-w c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
2009-03-30 08:19 . 2009-03-30 08:19 -------- d-----w c:\programme\Apache Software Foundation
2009-03-30 07:51 . 2006-02-20 13:59 -------- d-----w c:\programme\Poker Tracker V2
2009-03-27 11:00 . 2009-03-27 11:00 -------- d-----w c:\programme\MySQL
2009-03-27 10:55 . 2009-03-27 10:55 -------- d-----w c:\programme\CVS Suite
2009-03-27 10:55 . 2009-03-27 10:55 -------- d-----w c:\programme\Gemeinsame Dateien\March Hare Software Ltd
2009-03-25 13:11 . 2008-09-05 08:16 -------- d-----w c:\programme\Win2day Poker
2009-03-25 09:31 . 2005-05-02 12:31 -------- d-----w c:\programme\Gemeinsame Dateien\Symantec Shared
2009-03-24 13:53 . 2009-03-24 13:53 -------- d-----w c:\programme\Microsoft Synchronization Services
2009-03-24 13:53 . 2009-03-24 13:53 -------- d-----w c:\programme\Microsoft SQL Server Compact Edition
2009-03-23 15:15 . 2008-12-17 08:24 -------- d-----w c:\programme\CCleaner
2009-03-16 09:34 . 2009-03-16 09:28 -------- d-----w c:\programme\Windows Live
2009-03-16 09:33 . 2006-09-04 07:20 -------- d-----w c:\programme\Windows Live Toolbar
2009-03-16 09:30 . 2006-08-08 13:24 -------- d-----w c:\programme\MSN Messenger
2009-03-16 09:29 . 2009-03-16 09:29 -------- d-----w c:\programme\Windows Live SkyDrive
2009-03-16 09:26 . 2009-03-16 09:26 -------- d-----w c:\programme\Gemeinsame Dateien\Windows Live
2009-03-06 14:19 . 2002-08-29 10:43 286720 ----a-w c:\windows\system32\pdh.dll
2009-02-20 10:23 . 2008-11-18 08:41 3888 ----a-w c:\windows\system32\drivers\NTHANDLE.SYS
2009-02-20 08:09 . 2005-02-18 15:35 671744 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:09 . 2004-08-04 07:57 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-17 10:06 . 2008-08-15 07:56 11959 ----a-w c:\dokumente und einstellungen\hubi\ntuserdirect_MSManager.dat
2008-09-18 16:52 . 2008-09-18 16:52 147 ----a-w c:\programme\WS_FTP.LOG
2008-02-20 11:27 . 2008-02-20 11:27 179 ----a-w c:\programme\2SR48T24.bat
2008-02-20 11:23 . 2008-02-20 11:23 200 ----a-w c:\programme\2SR484OE.bat
2005-06-15 18:15 . 2005-06-15 18:05 75264 ----a-w c:\programme\Gemeinsame Dateien\Havelka.xls
2004-11-13 16:40 . 2004-11-13 16:41 529674 ------w c:\programme\mztools.zip
2004-07-17 09:08 . 2004-06-10 19:19 859508 ------w c:\programme\Innovasysexceptions.log
2004-06-09 07:17 . 2004-06-09 07:17 2139939 ------w c:\programme\HOB.zip
2003-01-13 08:59 . 2007-10-11 12:16 278528 ------w c:\programme\internet explorer\plugins\PanoViewer.dll
1999-04-30 14:00 . 2007-10-11 12:16 98304 ------w c:\programme\internet explorer\plugins\UPjpeg.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-06_08.12.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-11 12:48 . 2009-05-11 12:48 16384 c:\windows\Temp\Perflib_Perfdata_f48.dat
+ 2009-05-11 12:48 . 2009-05-11 12:48 16384 c:\windows\Temp\Perflib_Perfdata_b0c.dat
+ 2009-05-11 12:49 . 2009-05-11 12:49 16384 c:\windows\Temp\Perflib_Perfdata_81c.dat
+ 2009-05-11 12:50 . 2009-05-11 12:50 16384 c:\windows\Temp\Perflib_Perfdata_1558.dat
+ 2009-05-11 12:50 . 2009-05-11 12:50 16384 c:\windows\Temp\Perflib_Perfdata_12e8.dat
- 2006-09-27 13:03 . 2006-09-27 13:03 30720 c:\windows\Installer\{630787BE-D76B-400C-8AA1-E299E6A5AF5F}\Icon630787BE13.exe
+ 2006-09-27 13:03 . 2009-05-06 15:17 30720 c:\windows\Installer\{630787BE-D76B-400C-8AA1-E299E6A5AF5F}\Icon630787BE13.exe
+ 2006-09-27 13:03 . 2009-05-06 15:17 7168 c:\windows\Installer\{630787BE-D76B-400C-8AA1-E299E6A5AF5F}\Icon630787BE9.exe
- 2006-09-27 13:03 . 2006-09-27 13:03 7168 c:\windows\Installer\{630787BE-D76B-400C-8AA1-E299E6A5AF5F}\Icon630787BE9.exe
+ 2006-09-27 13:03 . 2009-05-06 15:17 7680 c:\windows\Installer\{630787BE-D76B-400C-8AA1-E299E6A5AF5F}\Icon630787BE10.exe
- 2006-09-27 13:03 . 2006-09-27 13:03 7680 c:\windows\Installer\{630787BE-D76B-400C-8AA1-E299E6A5AF5F}\Icon630787BE10.exe
+ 2003-05-27 12:45 . 2009-05-06 16:17 784172 c:\windows\system32\perfh009.dat
- 2003-05-27 12:45 . 2009-05-04 10:16 784172 c:\windows\system32\perfh009.dat
- 2003-05-27 12:45 . 2009-05-04 10:16 207542 c:\windows\system32\perfc009.dat
+ 2003-05-27 12:45 . 2009-05-06 16:17 207542 c:\windows\system32\perfc009.dat
+ 2008-11-11 13:54 . 2009-05-11 12:51 243781 c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-05-11 12:49 . 2009-05-11 12:49 245760 c:\windows\ERDNT\AutoBackup\11.05.2009\Users\00000002\UsrClass.dat
+ 2009-05-11 12:49 . 2005-10-20 10:02 163328 c:\windows\ERDNT\AutoBackup\11.05.2009\ERDNT.EXE
+ 2009-05-06 08:26 . 2005-10-20 10:02 163328 c:\windows\ERDNT\06.05.2009\ERDNT.EXE
+ 2009-03-11 21:16 . 2009-03-11 21:16 689536 c:\windows\Downloaded Program Files\Manager.exe
+ 2009-05-11 12:49 . 2009-05-11 12:49 11739136 c:\windows\ERDNT\AutoBackup\11.05.2009\Users\00000001\NTUSER.DAT
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Mini-XP"="c:\dokumente und einstellungen\hubi\Desktop\minimizer-xp\Mini-XP.exe" [2005-01-13 80896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PTBSync"="c:\programme\PTBSync\PTBSync.exe" [2007-07-31 326656]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"Matrox PowerDesk SE"="c:\programme\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe" [2008-06-11 2630664]
"Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2004-06-25 504080]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 144384]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-17 19968]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
c:\dokumente und einstellungen\hubi\Startmen\Programme\Autostart\
ERUNT AutoBackup.lnk - c:\programme\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Netlaufwerke verbinden LXPro.lnk - c:\admin\netlogon\logon.bat [2008-7-18 484]
SpamPal.lnk.disabled [2008-7-29 614]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
A-Trust a-sign Client.lnk.disabled [2006-3-9 1731]
Adobe Reader - Schnellstart.lnk.disabled [2005-11-29 1743]
Dienst-Manager.lnk - c:\programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2004-6-9 81920]
klickTel - Schnellstarter - 32-Bit.lnk.disabled [2008-11-13 535]
Logitech SetPoint.lnk.disabled [2008-8-7 1657]
Monitor Apache Servers.lnk - c:\programme\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2008-12-10 41042]
Office-Bibliothek-Direktsuche.lnk.disabled [2007-3-27 1586]
Post-it© Software Notes Lite.lnk.disabled [2005-11-30 793]
SecureDoc.lnk - c:\programme\MSI\SecureDoc\Logon.exe [2008-6-19 82944]
SecureDoc.lnk.disabled [2005-11-23 728]
Verknpfung mit spampal.lnk - c:\programme\SpamPal\spampal.exe [2005-10-24 387616]
VPN Client.lnk.disabled [2008-11-13 1974]
WinZip Quick Pick.lnk.disabled [2005-12-3 1504]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWLgn.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"mixer"= DrvTrNTm.dll
"MIDI1"= SYNCOR11.DLL
"wave6"= serwvdrv.dll
"wave2"= serwvdrv.dll
"wave"= DrvTrNTm.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\dokumente und einstellungen\hubi\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c
"ISUSPM"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"=c:\programme\Winamp\winampa.exe
"ccApp"="c:\programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
"Client Access Check Version"="c:\programme\IBM\Client Access\cwbckver.exe" LOGIN
"Client Access Express Welcome"="c:\programme\IBM\Client Access\cwbwlwiz.exe"
"Client Access Help Update"="c:\programme\IBM\Client Access\cwbinhlp.exe"
"Client Access Service"="c:\programme\IBM\Client Access\cwbsvstr.exe"
"Norton Ghost 9.0"=c:\programme\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
"QuickTime Task"="c:\programme\quicktime\qttask.exe" -atboottime
"zBrowser Launcher"=c:\programme\Logitech\iTouch\iTouch.exe
"InCD"=c:\programme\Ahead\InCD\InCD.exe
"MOD"=c:\programme\microangelo\muamgr.exe
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup
"FreePDF Assistant"=c:\programme\FreePDF_XP\fpassist.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"BMan"=c:\programme\CHIPDRIVE\CHIPDRIVE Smartcard Office\AddressBook\BMan.exe
"CHIPDRIVEPinManager"=c:\windows\system32\sokscmpn.exe
"CHIPDRIVESmartcardManager"="c:\programme\CHIPDRIVE\Smartcard Manager\SCMgr.exe" x
"DiskEncryption"="c:\programme\CHIPDRIVE\CHIPDRIVE Smartcard Office\DiskEncryption\DCAdmin.exe" x
"FrmFill"=c:\programme\CHIPDRIVE\CHIPDRIVE Smartcard Office\FormFill\FrmFill.exe
"PCard"=c:\programme\CHIPDRIVE\CHIPDRIVE Smartcard Office\PCard\PCard.exe
"SmartcardOfficeTour"=c:\programme\CHIPDRIVE\CHIPDRIVE Smartcard Office\SCTour.exe
"WinLogon Support"=c:\programme\CHIPDRIVE\CHIPDRIVE Smartcard Office\WinLogon\WLBack.exe
"PTBSync"=c:\programme\PTBSync\PTBSync.exe /Start
"SunJavaUpdateSched"=c:\programme\Java\jre1.5.0_07\bin\jusched.exe
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Auto Run Software for Photo Frame"=
"ChkAdmin"=c:\progra~1\Compaq\COMPAQ~1\CHKADMIN.EXE
"ControlCenter2.0"=c:\programme\Brother\ControlCenter2\brctrcen.exe /autorun
"IndexSearch"=c:\programme\ScanSoft\PaperPort\IndexSearch.exe
"PaperPort PTD"=c:\programme\ScanSoft\PaperPort\pptd40nt.exe
"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"Adobe Photo Downloader"="c:\programme\Adobe\Photoshop Elements 6.0\apdproxy.exe"
"DrvLsnr"=c:\programme\Analog Devices\SoundMAX\DrvLsnr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Radmin\\r_server.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programme\\COMPAQ\\Compaq Management Agents\\Dmi\\Win32\\idmiex\\IDmieX.exe"=
"c:\\Programme\\ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\Perl\\bin\\perl.exe"=
"c:\\Programme\\TrueUpdate 2.0\\TU20Design.exe"=
"c:\\Programme\\WS_FTP\\WS_FTP95.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programme\\NetViewer\\Aktuelle Version\\NV_o2o_Berater_DE.exe"=
"c:\\Programme\\VoipBuster.com\\VoipBuster\\voipbuster.exe"=
"c:\\Programme\\BitTornado\\btdownloadgui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Programme\\LimeWire\\LimeWire.exe"=
"c:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"=
"c:\\Programme\\Motorola\\Software Update\\msu.exe"=
"c:\\Programme\\InternetCalls.com\\InternetCalls\\InternetCalls.exe"=
"c:\\SWKey\\Instant PLUS\\InstantPLUS.exe"=
"c:\\SWKey\\PLUS\\LFEdit.exe"=
"c:\\admin\\gateway-discovery.exe"=
"c:\\Programme\\NetViewer\\one2one\\NV_o2o_Berater_DE.exe"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programme\\PokerStrategy\\PokerStrategy Elephant\\PokerStrategy Elephant.exe"=
"c:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"=
"c:\\Programme\\FRITZ!DSL\\WebwaIgd.exe"=
"c:\\InstantMantis\\server\\Apache2\\bin\\Apache_IM.exe"=
"c:\\Programme\\VMware\\VMware Server\\vmware-authd.exe"=
"c:\\Programme\\VMware\\VMware Server\\vmware-hostd.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Apache Software Foundation\\Apache2.2\\bin\\httpd.exe"=
"c:\\Programme\\NetViewer\\Support\\NV_Support_Berater_DE.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4899:TCP"= 4899:TCP:Radmin
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3306:TCP"= 3306:TCP:MySQL Server
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 CiscoVpnInstallService;Cisco Systems, Inc. Installer service;c:\dokume~1\hubi\LOKALE~1\Temp\INSTAL~1.EXE [x]
R2 MSSQL$SQLSERVER2008;SQL Server (SQLSERVER2008);c:\programme\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [2007-11-09 32756248]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\programme\PostgreSQL\8.3\bin\pg_ctl.exe [2008-02-01 65536]
R3 AVMUNET;AVM FRITZ!Box;c:\windows\system32\DRIVERS\avmunet.sys [2006-11-06 14976]
R3 MgaFG;MgaFG;c:\windows\system32\drivers\MgaFG.sys [2008-09-17 5376]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
R3 PciDumpr;PciDumpr;c:\programme\T-DSL SpeedManager\PciDumpr.sys [x]
R3 PD91Engine;PD91Engine;c:\programme\Raxco\PerfectDisk2008\PD91Engine.exe [2008-12-31 910600]
R3 rcomsrv;Radmin Communication Server;c:\windows\system32\rcomsrv30\rcomsrv.exe [x]
R3 RServer3;Radmin Server V3;c:\windows\system32\rserver30\RServer3.exe [2007-02-02 1235032]
R3 SPR132;SPRx32 Serial Smart Card Reader;c:\windows\system32\DRIVERS\SPR132.sys [2003-10-10 181504]
R3 SPRx32 USB Smart Card Reader;SPRx32 USB Smart Card Reader;c:\windows\system32\DRIVERS\SPR332.sys [2003-10-13 63252]
R3 SQLAgent$DEV2008;SQL Server-Agent (DEV2008);c:\programme\Microsoft SQL Server\MSSQL10.DEV2008\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
R3 SQLAgent$FRS;SQLAgent$FRS;c:\programme\Microsoft SQL Server\MSSQL$FRS\Binn\sqlagent.EXE [2002-12-17 311872]
R3 SQLAgent$SQLSERVER2000;SQLAgent$SQLSERVER2000;c:\progra~1\MICROS~4\MSSQL$~2\binn\sqlagent.exe [2000-08-05 303170]
R3 SQLAgent$SQLSERVER2008;SQL Server Agent (SQLSERVER2008);c:\programme\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [2007-11-09 347160]
R3 TSMPacket;T-DSL SpeedManager Service;c:\windows\system32\DRIVERS\tsmpkt.sys [x]
R3 vmwriter;VMware VSS Writer;c:\programme\VMware\VMware Server\vmVssWriter.exe [2008-10-12 29744]
R4 MSSQLFDLauncher$DEV2008;SQL Full-text Filter Daemon Launcher (DEV2008);c:\programme\Microsoft SQL Server\MSSQL10.DEV2008\MSSQL\Binn\fdlauncher.exe [2008-07-09 31256]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\programme\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\programme\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
R4 RsFx0100;RsFx0100 Driver;c:\windows\system32\DRIVERS\RsFx0100.sys [2007-11-09 235416]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S0 PQV2i;PQV2i; [x]
S1 ClntMgmt;HP Client Management Driver;c:\windows\system32\Drivers\ClntMgmt.sys [2003-10-29 59044]
S1 ICsrvr;Shiva VPN Client Protocol;c:\windows\system32\DRIVERS\ICsrvr.sys [2002-11-01 133956]
S1 ICtdi;Shiva VPN Client TDI Driver;c:\windows\system32\DRIVERS\ictdi.sys [2002-11-01 18674]
S1 Mtxparmx;Mtxparmx;c:\windows\system32\DRIVERS\Mtxparmx.sys [2008-06-10 5504]
S1 PQIMount;PQIMount; [x]
S1 raddrvv3;raddrvv3;c:\windows\system32\rserver30\raddrvv3.sys [2007-02-02 41176]
S1 SLEE_16_DRIVER;Steganos Live Encryption Engine 16 [Driver];c:\windows\system32\drivers\Sleen16.sys [2007-10-11 10:24 79104]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2008-10-23 96016]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2008-10-23 41744]
S2 Apache2.2;Apache2.2;c:\programme\Apache Software Foundation\Apache2.2\bin\httpd.exe [2008-12-09 24636]
S2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 3744]
S2 CHIPDRIVE_Disk_Encryption_Driver;CHIPDRIVE Disk Encryption Driver;c:\windows\system32\SCMLive.sys [2003-06-25 84800]
S2 CHIPDRIVE_Disk_Encryption_Service;CHIPDRIVE Disk Encryption Service;c:\windows\system32\SCMSymbols.exe [2003-06-02 35840]
S2 F3EJTHDD;HandyDrive Password Lock Tool Service;c:\programme\Fujitsu HandyDrive\Password\F3EJTHDD.EXE [2007-11-30 53248]
S2 ICService;Shiva VPN Client;c:\programme\Intel\Shiva VPN Client\icsrv.exe [2002-11-01 13312]
S2 IGDCTRL;AVM IGD CTRL Service;c:\programme\FRITZ!DSL\IGDCTRL.EXE [2007-09-04 87344]
S2 LogWatch;Event Log Watch;c:\windows\LogWatNT.exe [1999-11-03 50688]
S2 Machnm32;Machnm32 Driver;c:\windows\system32\Machnm32.sys [2007-03-09 7432]
S2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 3904]
S2 Matrox Centering Service;Matrox Centering Service;c:\programme\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe [2008-06-11 586760]
S2 Matrox.Pdesk.ServicesHost;Matrox.Pdesk.ServicesHost;c:\programme\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe [2008-06-11 189448]
S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\programme\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2008-07-09 218136]
S2 MSOLAP$DEV2008;SQL Server Analysis Services (DEV2008);c:\programme\Microsoft SQL Server\MSAS10.DEV2008\OLAP\bin\msmdsrv.exe [2008-07-09 21945368]
S2 MSSQL$DEV2008;SQL Server (DEV2008);c:\programme\Microsoft SQL Server\MSSQL10.DEV2008\MSSQL\Binn\sqlservr.exe [2008-07-10 40999448]
S2 MSSQL$FRS;MSSQL$FRS;c:\programme\Microsoft SQL Server\MSSQL$FRS\Binn\sqlservr.exe [2002-12-17 7520337]
S2 MSSQL$SQLSERVER2000;MSSQL$SQLSERVER2000;c:\progra~1\MICROS~4\MSSQL$~2\binn\sqlservr.exe [2000-08-17 7442493]
S2 PD91Agent;PD91Agent;c:\programme\Raxco\PerfectDisk2008\PD91Agent.exe [2008-12-31 693512]
S2 PD9Engine;PD9Engine;c:\programme\Raxco\PerfectDiskRx\PD9Engine.exe [2007-06-18 689680]
S2 PortTalk;PortTalk;c:\windows\system32\Drivers\PtbTalk.sys [2007-07-31 3567]
S2 ReportServer$DEV2008;SQL Server Reporting Services (DEV2008);c:\programme\Microsoft SQL Server\MSRS10.DEV2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2008-07-10 1106968]
S2 SCM_Smart_Card_Office_Kernel;CHIPDRIVE Smartcard Office Kernel;c:\windows\system32\sokscmnt.exe [2004-11-16 707584]
S2 SDisTestService;SpybotSnD Distributed Testing;c:\programme\SDistTest\SDistTestSvc.exe [2008-11-24 907680]
S2 SeaPort;SeaPort;c:\programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2008-10-12 54960]
S2 VMwareHostd;VMware Host Agent;c:\programme\VMware\VMware Server\vmware-hostd.exe [2008-10-12 322096]
S2 VMwareServerWebAccess;VMware Server Web Access;c:\programme\VMware\VMware Server\tomcat\bin\Tomcat6.exe [2008-10-12 57344]
S2 WinDefend;Windows Defender;c:\programme\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 ICvnic;Shiva VPN Client Virtual Adapter;c:\windows\system32\DRIVERS\ICvnic.sys [2002-11-01 6708]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\Drivers\LCcFltr.Sys [2003-12-17 14095]
S3 mirrorv3;mirrorv3;c:\windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]
S3 MTXPAR;MTXPAR;c:\windows\system32\DRIVERS\MTXPARM.sys [2008-06-10 1485568]
S3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2008-11-03 16896]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - ACEDRV05
*Deregistered* - adfs
*Deregistered* - AFD
*Deregistered* - agp440
*Deregistered* - ALG
*Deregistered* - Apache2.2
*Deregistered* - Apple Mobile Device
*Deregistered* - Aspi32
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - BCMNTIO
*Deregistered* - Beep
*Deregistered* - Brother XP spl Service
*Deregistered* - Browser
*Deregistered* - BtAudio
*Deregistered* - BTDriver
*Deregistered* - BthServ
*Deregistered* - BTKRNL
*Deregistered* - BTSERIAL
*Deregistered* - BTSLBCSP
*Deregistered* - btwdins
*Deregistered* - BTWDNDIS
*Deregistered* - C-DillaCdaC11BA
*Deregistered* - ccSetMgr
*Deregistered* - Cdfs
*Deregistered* - CDRPDACC
*Deregistered* - CHIPDRIVE_Disk_Encryption_Driver
*Deregistered* - CHIPDRIVE_Disk_Encryption_Service
*Deregistered* - ClntMgmt
*Deregistered* - CPQALERT
*Deregistered* - cpqdmi
*Deregistered* - CryptSvc
*Deregistered* - CVPND
*Deregistered* - CVPNDRVA
*Deregistered* - DcomLaunch
*Deregistered* - DefragFS
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - DNE
*Deregistered* - Dnscache
*Deregistered* - EAWDMFD
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - F3EJTHDD
*Deregistered* - Fastfat
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - giveio
*Deregistered* - Gpc
*Deregistered* - hcmon
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - HTTP
*Deregistered* - HTTPFilter
*Deregistered* - ICService
*Deregistered* - ICsrvr
*Deregistered* - ICtdi
*Deregistered* - ICvnic
*Deregistered* - IGDCTRL
*Deregistered* - IISADMIN
*Deregistered* - imagesrv
*Deregistered* - ImapiService
*Deregistered* - InCDfs
*Deregistered* - InCDsrv
*Deregistered* - INO_FLPY
*Deregistered* - INO_FLTR
*Deregistered* - InoRPC
*Deregistered* - InoRT
*Deregistered* - InoTask
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - LogWatch
*Deregistered* - Machnm32
*Deregistered* - MAPMEM
*Deregistered* - Matrox Centering Service
*Deregistered* - Matrox.Pdesk.ServicesHost
*Deregistered* - mbmiodrvr
*Deregistered* - MDM
*Deregistered* - mirrorv3
*Deregistered* - mnmdd
*Deregistered* - Modem
*Deregistered* - Mouclass
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - MSDTC
*Deregistered* - MsDtsServer100
*Deregistered* - Msfs
*Deregistered* - MSIServer
*Deregistered* - MSOLAP$DEV2008
*Deregistered* - mssmbios
*Deregistered* - MSSQL$DEV2008
*Deregistered* - MSSQL$FRS
*Deregistered* - MSSQL$SQLEXPRESS
*Deregistered* - MSSQL$SQLSERVER2000
*Deregistered* - MSSQL$SQLSERVER2008
*Deregistered* - MSSQLSERVER
*Deregistered* - Mtxparmx
*Deregistered* - Mup
*Deregistered* - MySQL
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netlogon
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - NMSAccessU
*Deregistered* - Norton Ghost
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - NtmsSvc
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - Pcouffin
*Deregistered* - PD91Agent
*Deregistered* - PD91Engine
*Deregistered* - PD9Engine
*Deregistered* - pgsql-8.3
*Deregistered* - PolicyAgent
*Deregistered* - PortTalk
*Deregistered* - PptpMiniport
*Deregistered* - PQIMount
*Deregistered* - PQV2i
*Deregistered* - ProtectedStorage
*Deregistered* - raddrvv3
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RegManServ
*Deregistered* - RemoteRegistry
*Deregistered* - ReportServer$DEV2008
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SCardSvr
*Deregistered* - SCDEmu
*Deregistered* - Schedule
*Deregistered* - SCM_Smart_Card_Office_Kernel
*Deregistered* - SDisTestService
*Deregistered* - SeaPort
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SLEE_16_DRIVER
*Deregistered* - SMTPSVC
*Deregistered* - SoundMAX Agent Service (default)
*Deregistered* - speedfan
*Deregistered* - Spooler
*Deregistered* - SQLBrowser
*Deregistered* - SQLSERVERAGENT
*Deregistered* - SQLWriter
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - StillCam
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - Symantec Core LC
*Deregistered* - symlcbrd
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VBoxDrv
*Deregistered* - VBoxUSBMon
*Deregistered* - VgaSave
*Deregistered* - VMAuthdService
*Deregistered* - vmci
*Deregistered* - VMnetAdapter
*Deregistered* - VMnetBridge
*Deregistered* - VMnetDHCP
*Deregistered* - VMnetuserif
*Deregistered* - VMparport
*Deregistered* - VMware NAT Service
*Deregistered* - VMwareHostd
*Deregistered* - VMwareServerWebAccess
*Deregistered* - vmx86
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - W3SVC
*Deregistered* - Wanarp
*Deregistered* - Wdf01000
*Deregistered* - WebClient
*Deregistered* - WIN32SL
*Deregistered* - WinDefend
*Deregistered* - winmgmt
*Deregistered* - winvnc
*Deregistered* - WMDM PMSP Service
*Deregistered* - WS2IFSL
*Deregistered* - wscsvc
*Deregistered* - wsvad_driver
*Deregistered* - wuauserv
*Deregistered* - wwSecSvc
*Deregistered* - WZCSVC
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{101d11bd-2902-11de-bc15-005056c00008}]
\Shell\AutoRun\command - G:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a12586a-3a17-11de-bc23-005056c00008}]
\Shell\AutoRun\command - G:\AutoRun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\programme\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
2004-09-12 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2200 series272A572217594EBCF1CEE215E352B92AD073FDE4086772675.job
- c:\programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 15:56]
2009-05-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programme\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
2009-05-11 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\programme\Norton SystemWorks\OBC.exe [2004-11-23 14:53]
2005-07-25 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\programme\Spybot - Search & Destroy\SpybotSD.exe [2004-05-11 14:31]
2009-05-10 c:\windows\Tasks\Symantec Drmc.job
- c:\programme\Gemeinsame Dateien\Symantec Shared\SymDrmc.exe [2004-10-27 10:48]
2009-05-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\programme\Symantec\LiveUpdate\NDETECT.EXE [2005-05-02 13:39]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: {{27914077-B4D6-4A0E-9763-76B6E9DD9A81} - c:\programme\Buyertools Reminder\ReminderIE.exe
LSP: c:\programme\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
LSP: c:\programme\VMware\VMware Server\vsocklib.dll
TCP: {57482DC5-6D39-4877-B56D-24748060927B} = 10.0.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {143B3E6F-2C70-4238-85A1-D4F414C792B8} - hxxp://www.installshield.com/downloads/ds/files/75/demox.cab
FF - ProfilePath - c:\dokumente und einstellungen\hubi\Anwendungsdaten\Mozilla\Firefox\Profiles\frttfc0o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - plugin: c:\dokumente und einstellungen\hubi\Anwendungsdaten\Mozilla\Firefox\Profiles\frttfc0o.default\extensions\VMwareVMRC@vmware.com\plugins\np-vmware-vmrc-2.5.0-122581.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npOGAPlugin.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-11 15:10
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\programme\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\programme\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(1308)
c:\windows\system32\VMGINA.DLL
c:\windows\system32\twkGina.dll
c:\windows\system32\SOKSCM.DLL
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\sirenacm.dll
- - - - - - - > 'lsass.exe'(1364)
c:\programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Zeit der Fertigstellung: 2009-05-11 15:14
ComboFix-quarantined-files.txt 2009-05-11 13:14
ComboFix2.txt 2009-05-06 08:17
Vor Suchlauf: 2.716.508.160 Bytes frei
Nach Suchlauf: 2.715.099.136 Bytes frei
636 --- E O F --- 2009-05-06 10:11
hornet99
2009-05-11, 15:23
Hi pskelley,
and here is the HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:18:47, on 11.05.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\DRIVERS\CDAC11BA.EXE
C:\WINDOWS\system32\SCMSymbols.exe
C:\Programme\Compaq\Compaq Management Agents\cpqalert.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Fujitsu HandyDrive\Password\F3EJTHDD.EXE
C:\Programme\Intel\Shiva VPN Client\icsrv.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\LogWatNT.exe
c:\Programme\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
c:\Programme\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Programme\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe
C:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Programme\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Microsoft SQL Server\MSAS10.DEV2008\OLAP\bin\msmdsrv.exe
C:\Programme\Microsoft SQL Server\MSSQL10.DEV2008\MSSQL\Binn\sqlservr.exe
C:\Programme\Microsoft SQL Server\MSSQL$FRS\Binn\sqlservr.exe
C:\PROGRA~1\MICROS~4\MSSQL$~2\binn\sqlservr.exe
C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programme\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Programme\MSI\SecureDoc\Logon.exe
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
C:\Programme\SpamPal\spampal.exe
C:\Programme\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\NMSAccessU.exe
C:\Programme\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Programme\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Programme\Raxco\PerfectDiskRx\PD9Engine.exe
C:\Programme\Advanced Registry Doctor\RegManServ.exe
C:\Programme\Microsoft SQL Server\MSRS10.DEV2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\WINDOWS\system32\sokscmnt.exe
C:\Programme\SDistTest\SDistTestSvc.exe
C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\Programme\Microsoft SQL Server\MSSQL\binn\sqlagent.exe
c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\vmnat.exe
C:\Programme\VMware\VMware Server\tomcat\bin\Tomcat6.exe
C:\Programme\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\Programme\UltraVNC\WinVNC.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wwSecure.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\Programme\VMware\VMware Server\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Programme\VMware\VMware Server\vmware-hostd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\CA\eTrust Antivirus\Realmon.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Programme\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: metaspinner GmbH - {D3AA56A9-8137-4950-A6F9-D0190A82AF2A} - (no file)
O3 - Toolbar: (no name) - {B50FCD28-C2CC-4f3b-B755-62B086EDE4D5} - (no file)
O3 - Toolbar: &Netviewer one2one - {CFC903DC-64D4-41AD-8EA7-B7A93F618F1A} - C:\PROGRA~1\NETVIE~1\one2one\Plugin\IEPLUG~1\IEONE2~1.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Netviewer Support - {E1F9EDE7-EF90-4A65-A5A4-D2FFEEA5D469} - C:\PROGRA~1\NETVIE~1\Support\Plugin\IEPLUG~1\NVIEPL~1.DLL
O4 - HKLM\..\Run: [PTBSync] C:\Programme\PTBSync\PTBSync.exe /Start
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [Matrox PowerDesk SE] "c:\Programme\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Mini-XP] C:\Dokumente und Einstellungen\hubi\Desktop\minimizer-xp\Mini-XP.exe
O4 - HKUS\S-1-5-21-2978594281-2573486863-215276418-1075\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-2978594281-2573486863-215276418-1075 Startup: DSL-Manager.lnk = C:\WINDOWS\DslMgr.exe (User 'postgres')
O4 - S-1-5-18 Startup: DSL-Manager.lnk = C:\WINDOWS\DslMgr.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: DSL-Manager.lnk = C:\WINDOWS\DslMgr.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE
O4 - Startup: Netlaufwerke verbinden LXPro.lnk = C:\admin\netlogon\logon.bat
O4 - Startup: SpamPal.lnk.disabled
O4 - Global Startup: A-Trust a-sign Client.lnk.disabled
O4 - Global Startup: Adobe Reader - Schnellstart.lnk.disabled
O4 - Global Startup: Dienst-Manager.lnk = C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: klickTel - Schnellstarter - 32-Bit.lnk.disabled
O4 - Global Startup: Logitech SetPoint.lnk.disabled
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Programme\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: Office-Bibliothek-Direktsuche.lnk.disabled
O4 - Global Startup: Post-it® Software Notes Lite.lnk.disabled
O4 - Global Startup: SecureDoc.lnk = C:\Programme\MSI\SecureDoc\Logon.exe
O4 - Global Startup: SecureDoc.lnk.disabled
O4 - Global Startup: Verknüpfung mit spampal.lnk = C:\Programme\SpamPal\spampal.exe
O4 - Global Startup: VPN Client.lnk.disabled
O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Buyertools Reminder - {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - C:\Programme\Buyertools Reminder\ReminderIE.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\vmware\vmware server\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\programme\vmware\vmware server\vsocklib.dll
O12 - Plugin for .UVR: C:\Programme\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {143B3E6F-2C70-4238-85A1-D4F414C792B8} (DemoShield DemoX Class) - http://www.installshield.com/downloads/ds/files/75/demox.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1118268009555
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1118267968383
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{57482DC5-6D39-4877-B56D-24748060927B}: NameServer = 10.0.1.254
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: CHIPDRIVE Disk Encryption Service (CHIPDRIVE_Disk_Encryption_Service) - Unknown owner - C:\WINDOWS\system32\SCMSymbols.exe
O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown owner - C:\DOKUME~1\hubi\LOKALE~1\Temp\INSTAL~1.EXE (file missing)
O23 - Service: Insight Local Alerter (CPQALERT) - Hewlett-Packard Company - C:\Programme\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Ferner Befehl für Client Access Express (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (file missing)
O23 - Service: HandyDrive Password Lock Tool Service (F3EJTHDD) - FUJITSU LIMITED - C:\Programme\Fujitsu HandyDrive\Password\F3EJTHDD.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Shiva VPN Client (ICService) - Unknown owner - C:\Programme\Intel\Shiva VPN Client\icsrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: eTrust Antivirus-RPC-Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus-Echtzeitserver (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus-Jobserver (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Programme\Gemeinsame Dateien\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: Matrox Centering Service - Matrox Graphics Inc. - c:\Programme\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
O23 - Service: Matrox.Pdesk.ServicesHost - Matrox Graphics Inc - c:\Programme\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
O23 - Service: MySQL - Unknown owner - C:\Programme\MySQL\MySQL.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\WINDOWS\system32\NMSAccessU.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: PD9Engine - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDiskRx\PD9Engine.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Radmin Communication Server (rcomsrv) - Unknown owner - C:\WINDOWS\system32\rcomsrv30\rcomsrv.exe (file missing)
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Programme\Advanced Registry Doctor\RegManServ.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: CHIPDRIVE Smartcard Office Kernel (SCM_Smart_Card_Office_Kernel) - SCM Microsystems - C:\WINDOWS\system32\sokscmnt.exe
O23 - Service: SpybotSnD Distributed Testing (SDisTestService) - Safer Networking Limited - C:\Programme\SDistTest\SDistTestSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programme\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: VMware Host Agent (VMwareHostd) - Unknown owner - C:\Programme\VMware\VMware Server\vmware-hostd.exe
O23 - Service: VMware Server Web Access (VMwareServerWebAccess) - Apache Software Foundation - C:\Programme\VMware\VMware Server\tomcat\bin\Tomcat6.exe
O23 - Service: VMware VSS Writer (vmwriter) - VMware, Inc. - C:\Programme\VMware\VMware Server\vmVssWriter.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Programme\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Programme\UltraVNC\WinVNC.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
--
End of file - 18322 bytes
hornet99
2009-05-11, 15:26
Hi psKelley,
and here is the uninstall list:
Thanks again for your help!
hornet99
0.2
1&1 EasyLogin
2.06
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.32
ActivePerl 5.10.0 Build 1004
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Illustrator CS2
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 8.1.2 - Deutsch
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SVG Viewer 3.0
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced IP Scanner v1.5
Advanced Registry Doctor
AdventureWorksDB
AdventureWorksLT
Alt-Tab Task Switcher Powertoy for Windows XP
AnalogX QuickDNS
Apache HTTP Server 2.2.11
API Error Reader 1.31
Apple Mobile Device Support
Apple Software Update
a-sign Client
Asterisk Key 8.3
AttachmentOptions
AutoHotkey 1.0.46.12
AutoPlay Media Studio 6.0
AutoPlay Media Studio 6.0 Mega Content Pack
Avanquest update
Avery Zweckform DesignPro
AVM FRITZ!DSL
AWStats
aXbo up2date
AxTools CodeSMART 2005 for VB6
AxTools VssRecursivePurge 1.2
BitTornado 0.3.17
Blattschutz-Addin
blueshell Data Guy
Bluetooth Software
Bootstrapper Manifest Generator for VS2008
Broadcom Management Programs
Brother Driver Deployment Wizard
Brother MFL-Pro Suite
Browsen mit Registerkarten (Windows Live Toolbar)
Buyertools Reminder
CA eTrust Antivirus
ccCommon
CCleaner (remove only)
CDDRV_Installer
CheckIt Diagnostics
CHIPDRIVE Smartcard Office
CHIPDRIVE Smartcard Tools
Choice Guard
clrmamepro
CLR-Typen des SQL Server-Systems
CmdHere Powertoy For Windows XP
Code Advisor for Visual Basic 6 - 1.0
Compatibility Pack for the 2007 Office system
ComponentOne Chart 8.0
ComponentOne Query 8.0
ComponentOne SizerOne 8.0
ComponentOne Studio for ActiveX
ComponentOne Studio for ActiveX - Q4 2003
ComponentOne Studio for ActiveX - Q4 2003
ComponentOne Studio® for WinForms 2.0
ComponentOne True DataControl 8.0
ComponentOne True DBGrid Pro 8.0
ComponentOne True DBList Pro 8.0
ComponentOne TrueDBInput
ComponentOne VS FlexGridPro 8.0
ComponentOne VS FlexGridPro 8.0
ComponentOne VSSPELL 8.0
ComponentOne VSVIEW 8.0
Connect
Corel Uninstaller
CP210x USB to UART Bridge Controller
CVS Suite 2.5.04.3236 Client Trial Version
Daniusoft Media Converter(Build 2.3.1.34)
Data Dynamics ActiveReports 2
Data Exchange Software
Data Lifeguard
DB Ghost
DemoForge Player
DivX Converter
DotNetZip Utilities v1.7
DVD Shrink 3.2
DVD X Copy Platinum 4.0.3
DVD X Rescue
DVD43 v3.5.3
DVDXCopy Xpress 3.2.1
DVR-Studio Pro
Easy Access Button Unterstützung
Easy Icon Maker 3.0
EasySQL Tools
EMS SQL Manager 2008 Lite for SQL Server
Enterprise Library 4.1 - October 2008
Enterprise Library for .NET Framework 2.0, Hands On Labs
ERUNT 1.1j
Eurofibu EA 2002 Professional
Eurofibu EA 2005 Standard
Eurofibu UVA
Eurofibu UVA 2004
Feederkennung (Windows Live Toolbar)
FeedReader
File Type Manager 2.0.1
Flexible Reporting Systems
FoxyTunes for Firefox
FreePDF XP (Remove only)
FreePHG V2.09
Full Tilt Poker
GEAR Software Drivers
Google Desktop Search
Google Earth
GTK+ 2.6.7-2 runtime environment
GYM-O-FIZZ
HandyDrive Password Lock Tool
HijackThis 2.0.2
Holdem Manager
Hotfix 2050 for SQL Server 2000 DEU (KB948110)
Hotfix 2055 for SQL Server 2000 DEU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2008 Standard Edition - ENU (KB952241)
Hotfix for Office (KB950278)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB945282)
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB946040)
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB946308)
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB946344)
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB947540)
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB947789)
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB948127)
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB951708)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix für Windows XP (KB942288-v3)
Hotfix für Windows XP (KB952287)
Hotfix für Windows XP (KB961118)
hp deskjet 5100 series
HP Foto- und Bildbearbeitung 2.0 - All-in-One
HP Foto und Bildbearbeitung 2.0 - hp psc 2200 series
HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber
hp print screen utility
hp psc 2200 series
http.SIGN Client Library
IBM AS/400 Client Access Express für Windows
ICM Trainer Light
ICM Trainer Light
ImageMagick 6.2.3-4 Q16 (07/14/05)
ImageMixer VCD2
InCD
Innovasys DockStudioXP 2
Innovasys Freeware Component Suite
Innovasys RealWorld 1.0.15
Insight Management Agent
InstallShield 11 Express Edition
InstallShield Express German
InstallShield Express German
InstallShield MSDE 2000 Object
Instant PLUS
Intel A/V Codecs V2.0
Intel(R) NetStructure(TM) VPN Client
InternetCalls
InterVideo WinDVD
iPod for Windows 2006-01-10
Ipswitch WS_FTP Pro
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 7
JASP 1.4
Java 2 Runtime Environment, SE v1.4.2_01
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 7
KhalInstallWrapper
KPS-HomePlanner - Brinkmann
KPS-HomePlanner - Brinkmann
kuler
Lemmings for Windows 95
LimeWire 4.12.11
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Logitech iTouch Software
Logitech MouseWare 9.79.1
Logitech Resource Center
Logitech SetPoint
LookyLooky
Macromedia Flash Player
Malwarebytes' Anti-Malware
Matrox Driver
Matrox PowerDesk-SE
Microangelo 5.5
Microsoft .NET Framework (German)
Microsoft .NET Framework (German) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Color Control Panel Applet for Windows XP
Microsoft Data Access Components KB870669
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008 Language Pack - DEU
Microsoft Document Explorer 2008 Language Pack - DEU
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Excel Viewer 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office XP Professional
Microsoft Outlook-Sicherung für Persönliche Ordner
Microsoft PowerPoint Viewer 97
Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2000 (SQLSERVER2000)
Microsoft SQL Server 2005
Microsoft SQL Server 2008
Microsoft SQL Server 2008
Microsoft SQL Server 2008 (SQLSERVER2008)
Microsoft SQL Server 2008 Analysis Services
Microsoft SQL Server 2008 Analysis Services
Microsoft SQL Server 2008 BI Development Studio
Microsoft SQL Server 2008 BI Development Studio
Microsoft SQL Server 2008 Client Tools
Microsoft SQL Server 2008 Client Tools
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Full text search
Microsoft SQL Server 2008 Integration Services
Microsoft SQL Server 2008 Integration Services
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Management Studio
Microsoft SQL Server 2008 Management Studio
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 Reporting Services
Microsoft SQL Server 2008 Reporting Services
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server 2008-Browser
Microsoft SQL Server 2008-Onlinedokumentation (Deutsch)
Microsoft SQL Server 2008-Richtlinien
Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Compact 3.5 SP1-Abfragetools (Deutsch)
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server Desktop Engine
Microsoft SQL Server Desktop Engine (FRS)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Framework Runtime v1.0 (x86) de
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Sync Framework Services v1.0 (x86)
Microsoft Sync Services for ADO.NET v2.0 (x86) de
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visio für Enterprise Architects [DEU]
Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU
Microsoft Visual Basic 2008 Express Edition with SP1 - DEU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ Toolkit 2003
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio .NET Enterprise Architect - Deutsch
Microsoft Visual Studio .NET Enterprise Architect 2003 - Deutsch
Microsoft Visual Studio 2005 Premier Partner Edition - ENU
Microsoft Visual Studio 2005 Tools for Applications - ENU
Microsoft Visual Studio 2005 Tools for Applications - ENU
Microsoft Visual Studio 2008 Shell (integrated mode) - DEU
Microsoft Visual Studio 2008 Standard Edition - ENU
Microsoft Visual Studio 2008 Standard Edition - ENU
Microsoft Visual Studio 2008 Standard Edition - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio 6.0 Enterprise Edition (Deutsch)
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
Microsoft Visual Studio Web Authoring Component
Microsoft Visual Web Developer 2005 Express Edition - ENU
Microsoft Visual Web Developer 2005 Express Edition - ENU
Microsoft Visual Web Developer 2005 Express Edition - ENU Service Pack 1 (KB926751)
Microsoft Web Publishing Wizard 1.53
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
MinD
Mobile Partner
Motherboard Monitor 5
Motherboard Monitor 5 Languages
Motorola Driver Installation 3.7.0
Motorola Phone Tools
Motorola Software Update
Mozilla Firefox (3.0.10)
MSDE 2000 Deployment Toolkit 1.0
MSDE Manager Version G
MSDN Library - Visual Studio 6.0a (Deutsch)
MSDN Library for Visual Studio 2008 - ENU
MSDN Library for Visual Studio 2008 - ENU
MSRedist
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser und SDK
MSXML 6.0 Parser (KB933579)
MWSnap 3
myFairTunes v.7.0.2c
MySQL Administrator 1.1
MySQL Server 5.0
NEOedit
Nero 6
Nero Digital
Nero Media Player
NetObjects Fusion 10.0
NetObjects Fusion 7.5
NetObjects Toolbox - Bonusanwendungen
Netviewer one2one
Netviewer Support
Norton Ghost 9.0
Norton SystemWorks
Norton SystemWorks 2005 Premier (Symantec Corporation)
NSW_DRM_COLLECTION
O&O SafeErase
Office-Bibliothek 4.1
Orca
Pacific Poker
Paint.NET v3.36
PaperPort
PartyPoker
Passware Kit 5.3
PasswordKeeper
PDF Settings CS4
PDFZilla V1.0.7
PerfectDisk 2008 Professional
PerfectDisk Rx Suite
Personal Backup 4.3
phase5
Philips Photo Manager 1.1
Photoshop Camera Raw
Picture Package
PictureAgent V3.5
PixiePack Codec Pack
PodSpider 1.2
Poker Grapher
Poker Patterns
PokerAce Hud (remove only)
PokerStars
PokerStrategy Elephant
Pool 'm Up
POP3 preview 8.5 en
PostgreSQL 8.0
PostgreSQL 8.3
Post-it® Software Notes Lite
PowerISO
Preispiraten
ProntoNEO Firmware Update Tool
Protection PLUS .NET
Protection PLUS 4.4 Professional Edition
PTBSync (Atomuhr Synchronisation & Terminkalender)
Python 2.4 clearsilver-0.9.14
Python 2.4 pysqlite-2.3.2
Python 2.4 setuptools-0.6c7
Python 2.4 svn-python-1.4.2
Python 2.4 Trac 0.10
Python 2.4.3
QuickTime
Radiotracker
RadioTracker 2.0.1.4400
Radmin Server 3.0
Radmin Viewer 3.0
Radmin Viewer 3.0
RC3200 Setup
RealPlayer
Red Gate SQL Bundle
Red Gate SQL Bundle
RedMon - Redirection Port Monitor
Registrar Lite 2.00
Registry System Wizard
Relo v0.9.9
Remote Administrator v2.2
Remove Uli Stein Screensaver
RoboHelp For Word X3
RoboHelp Office X3
RouterControl 1.91
Schnell Schreiben 3.4.4
Screensaver augenpause
SecureDoc
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office system 2007 (KB954326)
Segoe UI
SetEditTF (remove only)
SetEditTF5000 (remove only)
sevCommand ActiveX 2.1.0.23
sevEingabe ActiveX 2.10.0.20
sevMail ActiveX 1.3.0.121
sevMenuXP 2.0.0.40
sevTabStrip ActiveX 1.0.0.2
sevTrayIcon ActiveX 2.0.0.0
sevWizard ActiveX 1.0.0.5
sevXPControl ActiveX 1.19.0.8
sevZIP30 PRO 3.0
sevZIP32 1.0
Sharp Zip Wrapper
sheepworld - Ohne Dich ist alles doof Screensaver
Sicherheitsupdate für Windows Media Encoder (KB954156)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows Media Player 9 (KB911565)
Sicherheitsupdate für Windows Media Player 9 (KB917734)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB938464)
Sicherheitsupdate für Windows XP (KB941569)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950759)
Sicherheitsupdate für Windows XP (KB950760)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951698)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952004)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB953155)
Sicherheitsupdate für Windows XP (KB953838)
Sicherheitsupdate für Windows XP (KB953839)
Sicherheitsupdate für Windows XP (KB954211)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB954600)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956390)
Sicherheitsupdate für Windows XP (KB956391)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956841)
Sicherheitsupdate für Windows XP (KB957095)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958215)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958687)
Sicherheitsupdate für Windows XP (KB958690)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960714)
Sicherheitsupdate für Windows XP (KB960715)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB961373)
Sicherheitsupdate für Windows XP (KB963027)
SiSoftware Sandra Lite XII.SP1
Skype 2.5
SLC-2080 USB Driver
Smart Menus (Windows Live Toolbar)
SMButton VB6 Source Code
Software Setup
SONY Photosizetool
Sony USB Driver
SoundMAX
SpamPal
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 8
SPRx32 SmartCard Reader
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Spybot-S&D Distributed Testing Client
SpywareBlaster v3.2
SQL Backup 5
SQL Log Rescue 1
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
SQLXML4
Steganos Safe One
Streamripper Plugin 1.62-beta-3 (Remove only)
Subversion 1.4.2-r22196
Suite Shared Configuration CS4
Sun xVM VirtualBox
SurfMusik 3.1
SyncToy 2.0 (x86)
TagRunner 1.2
Teach/Me - Neue Deutsche Rechtschreibung
TeamSpeak 2 RC2
Telefon- und Branchenbuch Netzwerkversion - 32-Bit
Texas Grab'em
The GIMP 2.2.8
Tools für Microsoft SQL Server 2005 Express Edition
TopfHDRead/Write V0.14
Total Commander (Remove or Repair)
Total Recorder 6.0
TreeSize Professional 3.3.3
TrueMoneygames Game Client
TrueUpdate 1.0
TrueUpdate 2.0
TV Movie.de
TVgenial 4.06
Tweak UI
TweakNow PowerPack 2005
Übungsdateien
Ulead COOL 360 1.0
Ulead Photo Explorer 8.6
Ulead PhotoImpact 11
Ultr@VNC 1.0.0 RC11d - Win32
UltraEdit-32
UltraSentry
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update für Windows XP (KB951072-v2)
Update für Windows XP (KB951978)
Update für Windows XP (KB955839)
Update für Windows XP (KB961503)
Update für Windows XP (KB967715)
URFIN JUS CLASSter 2.2 MS SQL/Sybase Edition
vb@rchiv CDROM Vol.2
vb@rchiv CDROM Vol.3
VBEx32 2.1.03
VBPartner 6.0
VideoLAN VLC media player 0.8.6h
Visendo SQL-Admin
Visual C++ 2008 IA64 Runtime - (v9.0.30729)
Visual C++ 2008 IA64 Runtime - v9.0.30729.01
Visual C++ 2008 x64 Runtime - (v9.0.30729)
Visual C++ 2008 x64 Runtime - v9.0.30729.01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual J# .NET Redistributable 1.1- German Language Pack
Visual Patch 2.0
VMware Server
VoipBuster 2.07 build 235
vowelXP
Web Application Installer
Webalizer GUI
Win2day Poker
Winamp (remove only)
Window Washer
Windows Defender
Windows Defender Signatures
Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer Clean Up
Windows Installer Clean Up
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Toolbar
Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
Windows Live-Uploadtool
Windows Media Encoder 9-Reihe
Windows Media Encoder 9-Reihe
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows PowerShell(TM) 1.0
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Service Pack 3
WindowWatch 1.4.10
WinRAR Archivierer
WinZip
XML Paper Specification Shared Components Language Pack 1.0
Yahoo! Widget Engine
Yahoo! Widget Engine
Z-DBackup
pskelley
2009-05-11, 16:33
I am assuming eTrust Antivirus is your antivius program of choice and that any Symantec on the computer with the exception of Norton Ghost, is leftover from the installation and not needed. If this is not the case, stop now and tell me about it.
Uninstall list: I look for malware and security issues and will not know all of your programs, but you should.
Hackers are using out of date programs to infect folks more and more,
Here is a small free tool that lets you know when something needs an update if you are interested:
http://secunia.com/vulnerability_scanning/personal/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.
Adobe Flash Player ActiveX
Adobe recommends all users of Adobe Flash Player 10.0.12.36 and earlier versions upgrade to the newest version 10.0.22.87
http://www.adobe.com/support/security/bulletins/apsb09-01.html
Adobe Reader 8.1.2 - Deutsch <<< out of date and unsafe, see this:
http://news.cnet.com/8301-1009_3-10081618-83.html?tag=nl.e433
http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
http://www.filehippo.com/download_adobe_reader/
(if you want a smaller program, look at this one)
Foxit Reader 2.3 for Windows (make sure to uncheck any toolbars)
http://www.foxitsoftware.com/pdf/rd_intro.php
BitTornado 0.3.17 <<< p2p, must be uninstalled.
http://forums.spybot.info/showthread.php?t=282 <<< see this
If your helper detects the presence of such programs on your computer he/she will ask you to remove them. Help will be withdrawn should you not agree to their removal.
J2SE Runtime Environment 5.0 Update 7
JASP 1.4 <<< don't know what this is?
Java 2 Runtime Environment, SE v1.4.2_01 <<< very old
Java 2 Runtime Environment, SE v1.4.2_03 <<< very old
Java(TM) 6 Update 7
Out of date and unsate, see this:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Be aware of this information so you can opt out of anything you do not want.
Microsoft Does MSN Toolbar Distribution Deal With Java:
http://searchengineland.com/microsoft-does-msn-toolbar-distribution-deal-with-java-15413.php
http://raproducts.org/ <<< will help if you have trouble uninstall those old versions.
LimeWire 4.12.11 <<< p2p, must be uninstalled.
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation
Norton SystemWorks
Norton SystemWorks 2005 Premier (Symantec Corporation)
I left Norton Ghost and suggest you uninstall the rest of this Symantec/Norton stuff
http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000031316555206
"Microsoft recommends that you have only one anti-virus program installed on your computer."
http://www.washingtonpost.com/wp-dyn/content/article/2005/12/03/AR2005120300087.html
http://www.smartcomputing.com/editorial/article.asp?article=articles/2003/s1407/38s07/38s07.asp
Spybot - Search & Destroy 1.4 <<< uninstall this old version
Spybot - Search & Destroy <<< Please be sure Spybot S&D is up to date and fully immunized.
http://www.safer-networking.org/en/
http://www.safer-networking.org/en/news/2008-07-08.html
http://www.safer-networking.org/en/faq/index.html
http://www.safer-networking.org/en/tutorial/index.html
SpywareBlaster v3.2 <<< obsolete, update to version 4.2
Follow the directions carefully and in the numbered order.
1) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.
2) Open notepad and copy/paste the text in the codebox below into it:
File::
c:\windows\system32\loader49.exe
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{101d11bd-2902-11de-bc15-005056c00008}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a12586a-3a17-11de-bc23-005056c00008}]
Save this as CFScript
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Referring to the picture above, drag CFScript into ComboFix.exe.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log. (wait until you finish to post the logs)
3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
O2 - BHO: metaspinner GmbH - {D3AA56A9-8137-4950-A6F9-D0190A82AF2A} - (no file)
O3 - Toolbar: (no name) - {B50FCD28-C2CC-4f3b-B755-62B086EDE4D5} - (no file)
Close all programs but HJT and all browser windows, then click on "Fix Checked"
4) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
*Cleaning Prefetch may result in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html
(If you still have Malwarebytes' Anti-Malware, no need to download again, but make sure you update first and run the program as instructed)
5) Download Malwarebytes' Anti-Malware to your Desktop
http://www.malwarebytes.org/
* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post the log from CFScript, the log from MBAM and a new HJT log.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Tutorial if needed:
http://www.techsupportteam.org/forum/tutorials/2282-malwarebytes-anti-malware-mbam.html
Recap: I want to see a new uninstall list, the log from CFScript, the log from MBAM, and a new HJT log run after all other tools.
How is the computer running now.
Thanks
hornet99
2009-05-12, 13:49
Hi pskelley,
JASP is a Tool for File Splitting
Can't remove LiveReg because it depends on SystemWorks (only Ghost ist installed)
MabryObj.dll
This file is removed from Combofix.
This File is recommend for the Software DBGhost, a SQL Server Change Management Tool which i need for development.
For more information: www.dbghost.com
When i start dbghost the dll is installed by installshield.
>>>>>>>>>>>>>>>>>>>>>>>>>>>
Malwarebytes' Anti-Malware 1.36
Datenbank Version: 2114
Windows 5.1.2600 Service Pack 3
12.05.2009 12:03:09
mbam-log-2009-05-12 (12-03-09).txt
Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 570766
Laufzeit: 1 hour(s), 54 minute(s), 36 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 78
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\AROR\FRS\Reporting Test\Projekt1.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\AROR\frs-copy\Projekt1.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\AROR\REGTest\RegTest.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\AROR\test vbcodeshield\Projekt1.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\AROR\testinnovasys\Projekt1.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\AROR\testinnovasys\vbCodeShieldCode\Projekt1.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2282\A0507240.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2282\A0507249.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2282\A0507250.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2282\A0507251.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2282\A0507253.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2282\A0507254.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2282\A0507259.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2282\A0507262.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2283\A0507517.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2283\A0507526.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2283\A0507527.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2283\A0507528.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2283\A0507530.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2283\A0507531.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2283\A0507536.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2283\A0507539.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2286\A0508143.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2286\A0508153.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2286\A0508154.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2286\A0508155.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2286\A0508157.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2286\A0508158.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2286\A0508163.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2286\A0508166.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2286\A0508302.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2286\A0508312.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2286\A0508313.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2286\A0508314.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2286\A0508316.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2286\A0508317.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2286\A0508322.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2286\A0508325.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2289\A0508758.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2289\A0508767.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2289\A0508768.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2289\A0508769.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2289\A0508771.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2289\A0508772.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2289\A0508777.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2289\A0508780.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E417DD3C-4060-4491-9F98-9017643F5B62}\RP2289\A0509741.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Programme\cd2_vbArchiv\html\tipps\source\131\Projekt1.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Programme\cd2_vbArchiv\html\tipps\source\132\Projekt1.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Programme\cd2_vbArchiv\html\workshop\source\Activex\Projekt1.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Programme\cd2_vbArchiv\html\workshop\source\dbClass\Projekt1.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Programme\cd2_vbArchiv\html\workshop\source\Diashow\Diashow.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Programme\cd3_vbArchiv\html\tipps\source\131\Projekt1.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Programme\cd3_vbArchiv\html\tipps\source\132\Projekt1.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Programme\cd3_vbArchiv\html\tipps\source\610\Xp-Beispiel.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Programme\cd3_vbArchiv\html\tipps\source\615\Projekt1.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Programme\cd3_vbArchiv\html\tipps\source\841\Projekt1.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Programme\cd3_vbArchiv\html\workshop\source\creditbox\Demo_der_Funktionen\Projekt1.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Programme\cd3_vbArchiv\html\workshop\source\Diashow\Diashow.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Programme\cd3_vbArchiv\html\workshop\source\Mailslot\Projekt1.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Programme\cd3_vbArchiv\html\workshop\source\MySQL\Projekt1.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Programme\cd3_vbArchiv\html\workshop\source\resize\Projekt1.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Programme\cd3_vbArchiv\html\workshop\source\Resize2\Projekt1.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.
C:\Programme\Microsoft Enterprise Library 4.1 - October 2008\Visual Studio Integration\Microsoft.Practices.EnterpriseLibrary.Configuration.Design.VisualStudioIntegration.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Programme\TrueUpdate\data\Client.dat (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
C:\Programme\TrueUpdate\update\Update.exe (Rogue.MalwareSweeper) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ovfsthemkrxtlqitaguvysmsfoypeoklltugeo.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\871DF2BE41D24334AC33839AF16FC8FE.TMP\WiseCustomCalla41.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\871DF2BE41D24334AC33839AF16FC8FE.TMP\WiseCustomCalla41.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\871DF2BE41D24334AC33839AF16FC8FE.TMP\WiseCustomCalla42.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\871DF2BE41D24334AC33839AF16FC8FE.TMP\WiseCustomCalla43.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\871DF2BE41D24334AC33839AF16FC8FE.TMP\WiseCustomCalla44.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\871DF2BE41D24334AC33839AF16FC8FE.TMP\WiseCustomCalla44.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\871DF2BE41D24334AC33839AF16FC8FE.TMP\WiseCustomCalla46.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\871DF2BE41D24334AC33839AF16FC8FE.TMP\WiseCustomCalla47.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\871DF2BE41D24334AC33839AF16FC8FE.TMP\WiseCustomCalla47.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\871DF2BE41D24334AC33839AF16FC8FE.TMP\WiseCustomCalla48.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\871DF2BE41D24334AC33839AF16FC8FE.TMP\WiseCustomCalla49.dll (Rogue.Installer) -> Quarantined and deleted successfully.
hornet99
2009-05-12, 13:50
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:39:50, on 12.05.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\DRIVERS\CDAC11BA.EXE
C:\WINDOWS\system32\SCMSymbols.exe
C:\Programme\Compaq\Compaq Management Agents\cpqalert.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Fujitsu HandyDrive\Password\F3EJTHDD.EXE
C:\Programme\Intel\Shiva VPN Client\icsrv.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\LogWatNT.exe
c:\Programme\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
c:\Programme\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
C:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Programme\Microsoft SQL Server\MSAS10.DEV2008\OLAP\bin\msmdsrv.exe
C:\Programme\Microsoft SQL Server\MSSQL10.DEV2008\MSSQL\Binn\sqlservr.exe
C:\Programme\Microsoft SQL Server\MSSQL$FRS\Binn\sqlservr.exe
C:\PROGRA~1\MICROS~4\MSSQL$~2\binn\sqlservr.exe
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
C:\Programme\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\NMSAccessU.exe
C:\Programme\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Programme\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Programme\Raxco\PerfectDiskRx\PD9Engine.exe
C:\Programme\Advanced Registry Doctor\RegManServ.exe
C:\Programme\Microsoft SQL Server\MSRS10.DEV2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\WINDOWS\system32\sokscmnt.exe
C:\Programme\SDistTest\SDistTestSvc.exe
C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\Programme\Microsoft SQL Server\MSSQL\binn\sqlagent.exe
c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\vmnat.exe
C:\Programme\VMware\VMware Server\tomcat\bin\Tomcat6.exe
C:\Programme\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\Programme\UltraVNC\WinVNC.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wwSecure.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\Programme\VMware\VMware Server\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Programme\VMware\VMware Server\vmware-hostd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\PTBSync\PTBSync.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programme\MSI\SecureDoc\Logon.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\SpamPal\spampal.exe
C:\Programme\Windows Live\Contacts\wlcomm.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Programme\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Netviewer one2one - {CFC903DC-64D4-41AD-8EA7-B7A93F618F1A} - C:\PROGRA~1\NETVIE~1\one2one\Plugin\IEPLUG~1\IEONE2~1.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Netviewer Support - {E1F9EDE7-EF90-4A65-A5A4-D2FFEEA5D469} - C:\PROGRA~1\NETVIE~1\Support\Plugin\IEPLUG~1\NVIEPL~1.DLL
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [PTBSync] C:\Programme\PTBSync\PTBSync.exe /Start
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Mini-XP] C:\Dokumente und Einstellungen\hubi\Desktop\minimizer-xp\Mini-XP.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE
O4 - Startup: Netlaufwerke verbinden LXPro.lnk = C:\admin\netlogon\logon.bat
O4 - Global Startup: Dienst-Manager.lnk = C:\Programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SecureDoc.lnk = C:\Programme\MSI\SecureDoc\Logon.exe
O4 - Global Startup: Verknüpfung mit spampal.lnk = C:\Programme\SpamPal\spampal.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Buyertools Reminder - {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - C:\Programme\Buyertools Reminder\ReminderIE.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\vmware\vmware server\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\programme\vmware\vmware server\vsocklib.dll
O12 - Plugin for .UVR: C:\Programme\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {143B3E6F-2C70-4238-85A1-D4F414C792B8} (DemoShield DemoX Class) - http://www.installshield.com/downloads/ds/files/75/demox.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1118268009555
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1118267968383
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{57482DC5-6D39-4877-B56D-24748060927B}: NameServer = 10.0.1.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: CHIPDRIVE Disk Encryption Service (CHIPDRIVE_Disk_Encryption_Service) - Unknown owner - C:\WINDOWS\system32\SCMSymbols.exe
O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown owner - C:\DOKUME~1\hubi\LOKALE~1\Temp\INSTAL~1.EXE
O23 - Service: Insight Local Alerter (CPQALERT) - Hewlett-Packard Company - C:\Programme\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Ferner Befehl für Client Access Express (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (file missing)
O23 - Service: HandyDrive Password Lock Tool Service (F3EJTHDD) - FUJITSU LIMITED - C:\Programme\Fujitsu HandyDrive\Password\F3EJTHDD.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Shiva VPN Client (ICService) - Unknown owner - C:\Programme\Intel\Shiva VPN Client\icsrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: eTrust Antivirus-RPC-Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus-Echtzeitserver (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus-Jobserver (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Programme\Gemeinsame Dateien\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: Matrox Centering Service - Matrox Graphics Inc. - c:\Programme\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe
O23 - Service: Matrox.Pdesk.ServicesHost - Matrox Graphics Inc - c:\Programme\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
O23 - Service: MySQL - Unknown owner - C:\Programme\MySQL\MySQL.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\WINDOWS\system32\NMSAccessU.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: PD9Engine - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDiskRx\PD9Engine.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Radmin Communication Server (rcomsrv) - Unknown owner - C:\WINDOWS\system32\rcomsrv30\rcomsrv.exe (file missing)
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Programme\Advanced Registry Doctor\RegManServ.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe
O23 - Service: CHIPDRIVE Smartcard Office Kernel (SCM_Smart_Card_Office_Kernel) - SCM Microsystems - C:\WINDOWS\system32\sokscmnt.exe
O23 - Service: SpybotSnD Distributed Testing (SDisTestService) - Safer Networking Limited - C:\Programme\SDistTest\SDistTestSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programme\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: VMware Host Agent (VMwareHostd) - Unknown owner - C:\Programme\VMware\VMware Server\vmware-hostd.exe
O23 - Service: VMware Server Web Access (VMwareServerWebAccess) - Apache Software Foundation - C:\Programme\VMware\VMware Server\tomcat\bin\Tomcat6.exe
O23 - Service: VMware VSS Writer (vmwriter) - VMware, Inc. - C:\Programme\VMware\VMware Server\vmVssWriter.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Programme\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Programme\UltraVNC\WinVNC.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
--
End of file - 17566 bytes
hornet99
2009-05-12, 13:52
ComboFix 09-05-11.03 - hubi 12.05.2009 9:55.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.43.1031.18.3071.1971 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\hubi\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\hubi\Desktop\CFScript.txt
FILE ::
c:\windows\system32\loader49.exe
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\loader49.exe
c:\windows\system32\MabryObj.dll
.
((((((((((((((((((((((( Dateien erstellt von 2009-04-12 bis 2009-05-12 ))))))))))))))))))))))))))))))
.
2026-03-08 09:43 . 2026-03-08 09:43 3120 ----a-w c:\windows\system32\DISPKRNL.DLL
2009-05-12 07:45 . 2009-05-12 07:45 -------- d-----w c:\windows\LastGood
2009-05-11 15:26 . 2009-05-11 15:25 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-11 15:22 . 2009-05-11 15:22 -------- d-----w c:\programme\Gemeinsame Dateien\Skype
2009-05-11 15:22 . 2009-05-11 15:22 -------- d-----r c:\programme\Skype
2009-05-11 15:11 . 2009-05-11 15:12 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-11 15:11 . 2009-05-11 15:12 -------- d-----w c:\programme\iTunes
2009-05-11 15:10 . 2009-05-11 15:10 -------- d-----w c:\programme\Bonjour
2009-05-11 15:08 . 2009-05-11 15:09 -------- d-----w c:\programme\QuickTime
2009-05-11 14:41 . 2009-05-11 14:41 -------- d-----w c:\dokumente und einstellungen\hubi\Anwendungsdaten\Foxit
2009-05-11 14:41 . 2009-05-11 14:41 -------- d-----w c:\programme\Foxit Software
2009-05-11 14:39 . 2009-05-11 14:39 -------- d-----w c:\programme\Secunia
2009-05-07 08:52 . 2009-05-07 09:22 -------- d-----w c:\dokumente und einstellungen\hubi\Anwendungsdaten\Download Manager
2009-05-06 16:11 . 2008-08-26 14:17 113664 ----a-w c:\windows\system32\drivers\ewusbnet.sys
2009-05-06 16:11 . 2008-04-14 07:36 621056 ----a-w c:\windows\system32\drivers\mod7700.sys
2009-05-06 16:11 . 2008-07-24 10:02 101376 ----a-w c:\windows\system32\drivers\ewusbmdm.sys
2009-05-06 16:11 . 2007-08-09 02:13 24448 ----a-w c:\windows\system32\drivers\ewdcsc.sys
2009-05-06 16:10 . 2009-05-06 16:15 -------- d-----w c:\programme\Mobile Partner
2009-05-06 13:43 . 2009-05-06 13:43 -------- d-----w c:\dokumente und einstellungen\hubi-online\Anwendungsdaten\vlc
2009-05-06 12:57 . 2009-05-06 12:57 -------- d-----w c:\dokumente und einstellungen\hubi\Anwendungsdaten\Malwarebytes
2009-05-06 12:57 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-06 12:57 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-06 12:57 . 2009-05-06 12:57 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-05-06 12:57 . 2009-05-06 12:57 -------- d-----w c:\programme\Malwarebytes' Anti-Malware
2009-05-06 08:57 . 2009-05-11 15:20 -------- d-----w c:\programme\SDistTest
2009-05-06 08:27 . 2009-05-06 08:27 -------- d-----w c:\programme\Trend Micro
2009-05-06 08:25 . 2009-05-06 08:25 -------- d-----w c:\programme\ERUNT
2009-05-04 10:16 . 2008-07-11 00:27 79896 ----a-w c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2009-05-04 10:16 . 2008-07-11 00:27 50200 ----a-w c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2009-04-29 16:13 . 2009-04-29 16:13 22 ----a-w C:\Datenbank20090429181343_ID3584104.zip
2009-04-29 08:24 . 2009-05-05 09:43 -------- d-----w C:\PS
2009-04-29 08:06 . 2009-04-29 08:20 -------- d-----w c:\dokumente und einstellungen\hubi\Anwendungsdaten\PersBackup
2009-04-29 08:06 . 2009-04-29 08:06 -------- d-----w c:\programme\Personal Backup 4
2009-04-17 11:14 . 2000-08-05 23:50 36939 ----a-w c:\windows\system32\insrepim.exe
2009-04-16 14:04 . 2009-04-16 14:05 -------- d-----w c:\programme\MobileMeter3
2009-04-16 09:57 . 2009-04-16 09:57 -------- d-----w c:\programme\Registry System Wizard
2009-04-16 08:50 . 2009-04-16 08:51 -------- d-----w C:\KingstonUSBStick
2009-04-15 05:21 . 2009-02-09 10:51 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 05:21 . 2009-02-09 10:51 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 05:21 . 2009-02-09 10:51 678400 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 05:21 . 2009-02-09 10:51 736768 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 05:21 . 2009-02-09 10:51 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 05:21 . 2009-02-09 10:51 740352 ------w c:\windows\system32\dllcache\ntdll.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-12 07:50 . 2004-12-05 10:09 -------- d-----w c:\programme\SpywareBlaster
2009-05-12 07:35 . 2007-08-30 12:03 12 ----a-w c:\windows\bthservsdp.dat
2009-05-11 15:51 . 2004-06-16 21:52 -------- d-----w c:\programme\Spybot - Search & Destroy
2009-05-11 15:50 . 2004-06-08 06:56 -------- d-----w c:\programme\Java
2009-05-11 15:36 . 2005-05-02 12:30 -------- d-----w c:\programme\Symantec
2009-05-11 15:11 . 2004-10-16 09:35 -------- d-----w c:\programme\iPod
2009-05-11 15:10 . 2004-06-09 07:26 -------- d-----w c:\programme\HOB
2009-05-11 15:07 . 2006-10-27 07:53 -------- d-----w c:\programme\Apple Software Update
2009-05-11 14:55 . 2005-12-27 09:12 -------- d-----w c:\programme\7-Zip
2009-05-11 13:40 . 2004-06-09 12:36 -------- d-----w c:\programme\DB Ghost
2009-05-06 16:38 . 2004-06-09 11:52 -------- d-----w c:\programme\VBPartner 6.0
2009-05-06 16:17 . 2003-05-27 12:45 834622 ----a-w c:\windows\system32\perfh007.dat
2009-05-06 16:17 . 2003-05-27 12:45 234548 ----a-w c:\windows\system32\perfc007.dat
2009-05-06 15:15 . 2004-10-04 17:39 -------- d-----w c:\programme\Preispiraten
2009-05-05 14:55 . 2004-06-08 20:15 -------- d-----w c:\programme\IrfanView
2009-05-04 17:33 . 2008-08-12 12:23 0 ----a-w c:\dokumente und einstellungen\All Users\Anwendungsdaten\playercachelines.tmp
2009-05-04 17:26 . 2008-11-20 17:36 2269 ----a-w c:\dokumente und einstellungen\All Users\Anwendungsdaten\sortedcards.tmp
2009-05-04 15:47 . 2008-02-17 13:42 -------- d-----w c:\programme\Titan
2009-05-04 12:56 . 2005-08-02 14:27 -------- d-----w c:\programme\Microsoft
2009-05-04 10:15 . 2004-06-08 21:59 -------- d-----w c:\programme\Microsoft SQL Server
2009-05-04 10:02 . 2008-03-28 19:28 -------- d-----w c:\programme\Microsoft Visual Studio 9.0
2009-04-30 12:46 . 2006-02-16 21:02 -------- d-----w c:\programme\PartyGaming
2009-04-28 14:30 . 2005-11-30 23:21 -------- d-----w c:\programme\Z-DBackup
2009-04-28 14:05 . 2005-11-30 23:21 90416 ------w c:\windows\AKDeInstall.exe
2009-04-28 10:05 . 2007-05-21 13:35 -------- d-----w c:\programme\Motorola Phone Tools
2009-04-28 10:04 . 2007-05-21 13:36 -------- d-----w c:\programme\Avanquest update
2009-04-20 12:23 . 2005-09-18 08:50 -------- d-----w c:\programme\Buyertools Reminder
2009-04-17 09:54 . 2009-01-13 08:18 -------- d-----w c:\programme\PDFZilla
2009-04-17 09:19 . 2009-03-30 14:43 -------- d-----w c:\programme\Microsoft Analysis Services
2009-04-15 16:23 . 2004-10-08 10:21 -------- d-----w c:\programme\NetViewer
2009-04-14 16:19 . 2007-08-29 08:58 67088 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-04-08 10:07 . 2009-04-08 10:07 100 ----a-w C:\copytest.bat
2009-04-08 08:37 . 2009-03-24 14:34 -------- d-----w c:\programme\Microsoft Enterprise Library 4.1 - October 2008
2009-04-03 10:59 . 2009-04-03 10:59 -------- d-----w c:\programme\PostgreSQL
2009-04-01 08:00 . 2009-04-01 08:00 -------- d-----w c:\programme\sevZIP30
2009-03-31 14:20 . 2009-03-31 14:18 -------- d-----w c:\programme\Dino Chiesa
2009-03-31 14:18 . 2009-03-31 14:18 -------- d-----w c:\programme\DotNetZip Utilities v1.7
2009-03-31 13:51 . 2009-03-31 13:51 -------- d-----w c:\programme\Kellerman Software
2009-03-30 15:54 . 2009-03-30 15:54 2272 ----a-w c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
2009-03-30 08:19 . 2009-03-30 08:19 -------- d-----w c:\programme\Apache Software Foundation
2009-03-30 07:51 . 2006-02-20 13:59 -------- d-----w c:\programme\Poker Tracker V2
2009-03-27 11:00 . 2009-03-27 11:00 -------- d-----w c:\programme\MySQL
2009-03-27 10:55 . 2009-03-27 10:55 -------- d-----w c:\programme\CVS Suite
2009-03-27 10:55 . 2009-03-27 10:55 -------- d-----w c:\programme\Gemeinsame Dateien\March Hare Software Ltd
2009-03-25 13:11 . 2008-09-05 08:16 -------- d-----w c:\programme\Win2day Poker
2009-03-25 09:31 . 2005-05-02 12:31 -------- d-----w c:\programme\Gemeinsame Dateien\Symantec Shared
2009-03-24 13:53 . 2009-03-24 13:53 -------- d-----w c:\programme\Microsoft Synchronization Services
2009-03-24 13:53 . 2009-03-24 13:53 -------- d-----w c:\programme\Microsoft SQL Server Compact Edition
2009-03-24 11:03 . 2009-03-24 11:03 7808 ----a-w c:\windows\system32\drivers\psi_mf.sys
2009-03-23 15:15 . 2008-12-17 08:24 -------- d-----w c:\programme\CCleaner
2009-03-19 14:32 . 2006-09-19 14:44 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-16 09:34 . 2009-03-16 09:28 -------- d-----w c:\programme\Windows Live
2009-03-16 09:33 . 2006-09-04 07:20 -------- d-----w c:\programme\Windows Live Toolbar
2009-03-16 09:30 . 2006-08-08 13:24 -------- d-----w c:\programme\MSN Messenger
2009-03-16 09:29 . 2009-03-16 09:29 -------- d-----w c:\programme\Windows Live SkyDrive
2009-03-16 09:26 . 2009-03-16 09:26 -------- d-----w c:\programme\Gemeinsame Dateien\Windows Live
2009-03-06 14:19 . 2002-08-29 10:43 286720 ----a-w c:\windows\system32\pdh.dll
2009-02-20 10:23 . 2008-11-18 08:41 3888 ----a-w c:\windows\system32\drivers\NTHANDLE.SYS
2009-02-20 08:09 . 2005-02-18 15:35 671744 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:09 . 2004-08-04 07:57 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-17 10:06 . 2008-08-15 07:56 11959 ----a-w c:\dokumente und einstellungen\hubi\ntuserdirect_MSManager.dat
2008-09-18 16:52 . 2008-09-18 16:52 147 ----a-w c:\programme\WS_FTP.LOG
2008-02-20 11:27 . 2008-02-20 11:27 179 ----a-w c:\programme\2SR48T24.bat
2008-02-20 11:23 . 2008-02-20 11:23 200 ----a-w c:\programme\2SR484OE.bat
2005-06-15 18:15 . 2005-06-15 18:05 75264 ----a-w c:\programme\Gemeinsame Dateien\Havelka.xls
2004-11-13 16:40 . 2004-11-13 16:41 529674 ------w c:\programme\mztools.zip
2004-07-17 09:08 . 2004-06-10 19:19 859508 ------w c:\programme\Innovasysexceptions.log
2004-06-09 07:17 . 2004-06-09 07:17 2139939 ------w c:\programme\HOB.zip
2003-01-13 08:59 . 2007-10-11 12:16 278528 ------w c:\programme\internet explorer\plugins\PanoViewer.dll
1999-04-30 14:00 . 2007-10-11 12:16 98304 ------w c:\programme\internet explorer\plugins\UPjpeg.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-06_08.12.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-12 07:38 . 2009-05-12 07:38 16384 c:\windows\Temp\Perflib_Perfdata_c28.dat
+ 2009-05-12 07:38 . 2009-05-12 07:38 16384 c:\windows\Temp\Perflib_Perfdata_bcc.dat
+ 2009-05-12 07:38 . 2009-05-12 07:38 16384 c:\windows\Temp\Perflib_Perfdata_adc.dat
+ 2009-05-12 07:38 . 2009-05-12 07:38 16384 c:\windows\Temp\Perflib_Perfdata_6e8.dat
+ 2009-05-12 07:39 . 2009-05-12 07:39 16384 c:\windows\Temp\Perflib_Perfdata_17a4.dat
+ 2009-05-12 07:39 . 2009-05-12 07:39 16384 c:\windows\Temp\Perflib_Perfdata_1560.dat
+ 2007-11-23 16:19 . 2009-05-11 14:38 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2007-11-23 16:19 . 2009-03-20 08:15 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2007-08-15 21:22 . 2009-05-12 07:45 89102 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-09-15 11:22 . 2008-09-15 11:22 59719 c:\windows\system32\Macromed\Download\Install.exe
+ 2008-09-15 20:21 . 2008-09-15 20:21 67984 c:\windows\system32\Macromed\Download\Download.exe
+ 2009-05-11 15:00 . 2009-03-26 13:23 36864 c:\windows\system32\DRVSTORE\usbaapl_AF109929C2381E41FEF454F3FEDAA257A9E85F92\usbaapl.sys
+ 2009-05-11 15:12 . 2009-03-19 14:32 23400 c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspiWDM.sys
+ 2008-12-12 09:11 . 2008-12-12 09:11 61440 c:\windows\system32\dnssd.dll
+ 2008-12-12 09:18 . 2008-12-12 09:18 87336 c:\windows\system32\dns-sd.exe
+ 2009-05-11 15:07 . 2009-05-11 15:07 27136 c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2006-09-27 13:03 . 2009-05-11 13:40 30720 c:\windows\Installer\{630787BE-D76B-400C-8AA1-E299E6A5AF5F}\Icon630787BE13.exe
- 2006-09-27 13:03 . 2006-09-27 13:03 30720 c:\windows\Installer\{630787BE-D76B-400C-8AA1-E299E6A5AF5F}\Icon630787BE13.exe
+ 2009-05-11 15:10 . 2009-05-11 15:10 86016 c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
- 2006-09-27 13:03 . 2006-09-27 13:03 7168 c:\windows\Installer\{630787BE-D76B-400C-8AA1-E299E6A5AF5F}\Icon630787BE9.exe
+ 2006-09-27 13:03 . 2009-05-11 13:40 7168 c:\windows\Installer\{630787BE-D76B-400C-8AA1-E299E6A5AF5F}\Icon630787BE9.exe
- 2006-09-27 13:03 . 2006-09-27 13:03 7680 c:\windows\Installer\{630787BE-D76B-400C-8AA1-E299E6A5AF5F}\Icon630787BE10.exe
+ 2006-09-27 13:03 . 2009-05-11 13:40 7680 c:\windows\Installer\{630787BE-D76B-400C-8AA1-E299E6A5AF5F}\Icon630787BE10.exe
- 2003-05-27 12:45 . 2009-05-04 10:16 784172 c:\windows\system32\perfh009.dat
+ 2003-05-27 12:45 . 2009-05-06 16:17 784172 c:\windows\system32\perfh009.dat
- 2003-05-27 12:45 . 2009-05-04 10:16 207542 c:\windows\system32\perfc009.dat
+ 2003-05-27 12:45 . 2009-05-06 16:17 207542 c:\windows\system32\perfc009.dat
+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
+ 2008-09-15 11:22 . 2008-09-15 11:22 112016 c:\windows\system32\Macromed\Download\Download.dll
+ 2009-05-11 15:26 . 2009-05-11 15:25 148888 c:\windows\system32\javaws.exe
+ 2009-05-11 15:26 . 2009-05-11 15:25 144792 c:\windows\system32\javaw.exe
+ 2009-05-11 15:26 . 2009-05-11 15:25 144792 c:\windows\system32\java.exe
+ 2008-11-11 13:54 . 2009-05-12 07:40 243779 c:\windows\system32\inetsrv\MetaBase.bin
- 2008-11-11 13:54 . 2009-05-06 08:11 243779 c:\windows\system32\inetsrv\MetaBase.bin
+ 2006-10-03 18:47 . 2008-04-17 10:12 107368 c:\windows\system32\GEARAspi.dll
+ 2009-05-11 15:12 . 2008-04-17 10:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspi.dll
+ 2009-05-11 15:13 . 2009-05-11 15:13 102400 c:\windows\Installer\{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}\iTunesIco.exe
+ 2009-05-11 15:23 . 2009-05-11 15:23 364726 c:\windows\Installer\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}\SkypeIcon.exe
+ 2009-05-12 07:33 . 2009-05-12 07:33 245760 c:\windows\ERDNT\AutoBackup\12.05.2009\Users\00000002\UsrClass.dat
+ 2009-05-12 07:33 . 2005-10-20 10:02 163328 c:\windows\ERDNT\AutoBackup\12.05.2009\ERDNT.EXE
+ 2009-05-11 12:49 . 2009-05-11 12:49 245760 c:\windows\ERDNT\AutoBackup\11.05.2009\Users\00000002\UsrClass.dat
+ 2009-05-11 12:49 . 2005-10-20 10:02 163328 c:\windows\ERDNT\AutoBackup\11.05.2009\ERDNT.EXE
+ 2009-05-06 08:26 . 2005-10-20 10:02 163328 c:\windows\ERDNT\06.05.2009\ERDNT.EXE
+ 2009-03-11 21:16 . 2009-03-11 21:16 689536 c:\windows\Downloaded Program Files\Manager.exe
+ 2009-05-11 15:00 . 2009-03-26 13:23 1900544 c:\windows\system32\DRVSTORE\usbaapl_AF109929C2381E41FEF454F3FEDAA257A9E85F92\usbaaplrc.dll
+ 2009-05-12 07:33 . 2009-05-12 07:33 11763712 c:\windows\ERDNT\AutoBackup\12.05.2009\Users\00000001\NTUSER.DAT
+ 2009-05-11 12:49 . 2009-05-11 12:49 11739136 c:\windows\ERDNT\AutoBackup\11.05.2009\Users\00000001\NTUSER.DAT
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Mini-XP"="c:\dokumente und einstellungen\hubi\Desktop\minimizer-xp\Mini-XP.exe" [2005-01-13 80896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PTBSync"="c:\programme\PTBSync\PTBSync.exe" [2007-07-31 326656]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2004-06-25 504080]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-05-11 148888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
c:\dokumente und einstellungen\hubi\Startmen\Programme\Autostart\
ERUNT AutoBackup.lnk - c:\programme\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Netlaufwerke verbinden LXPro.lnk - c:\admin\netlogon\logon.bat [2008-7-18 484]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Dienst-Manager.lnk - c:\programme\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2004-6-9 81920]
SecureDoc.lnk - c:\programme\MSI\SecureDoc\Logon.exe [2008-6-19 82944]
Verknpfung mit spampal.lnk - c:\programme\SpamPal\spampal.exe [2005-10-24 387616]
VPN Client.lnk.disabled [2008-11-13 1974]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 00:42 72208 ----a-w c:\programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"mixer"= DrvTrNTm.dll
"MIDI1"= SYNCOR11.DLL
"wave6"= serwvdrv.dll
"wave2"= serwvdrv.dll
"wave"= DrvTrNTm.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^A-Trust a-sign Client.lnk.disabled]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\A-Trust a-sign Client.lnk.disabled
backup=c:\windows\pss\A-Trust a-sign Client.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk.disabled]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk.disabled
backup=c:\windows\pss\Adobe Reader - Schnellstart.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^klickTel - Schnellstarter - 32-Bit.lnk.disabled]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\klickTel - Schnellstarter - 32-Bit.lnk.disabled
backup=c:\windows\pss\klickTel - Schnellstarter - 32-Bit.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech SetPoint.lnk.disabled]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk.disabled
backup=c:\windows\pss\Logitech SetPoint.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Monitor Apache Servers.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Monitor Apache Servers.lnk
backup=c:\windows\pss\Monitor Apache Servers.lnkCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Office-Bibliothek-Direktsuche.lnk.disabled]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Office-Bibliothek-Direktsuche.lnk.disabled
backup=c:\windows\pss\Office-Bibliothek-Direktsuche.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Post-it® Software Notes Lite.lnk.disabled]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Post-it® Software Notes Lite.lnk.disabled
backup=c:\windows\pss\Post-it® Software Notes Lite.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^SecureDoc.lnk.disabled]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\SecureDoc.lnk.disabled
backup=c:\windows\pss\SecureDoc.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WinZip Quick Pick.lnk.disabled]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk.disabled
backup=c:\windows\pss\WinZip Quick Pick.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^hubi^Startmenü^Programme^Autostart^SpamPal.lnk.disabled]
path=c:\dokumente und einstellungen\hubi\Startmenü\Programme\Autostart\SpamPal.lnk.disabled
backup=c:\windows\pss\SpamPal.lnk.disabledStartup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\dokumente und einstellungen\hubi\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c
"ISUSPM"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"=c:\programme\Winamp\winampa.exe
"ccApp"="c:\programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
"Client Access Check Version"="c:\programme\IBM\Client Access\cwbckver.exe" LOGIN
"Client Access Express Welcome"="c:\programme\IBM\Client Access\cwbwlwiz.exe"
"Client Access Help Update"="c:\programme\IBM\Client Access\cwbinhlp.exe"
"Client Access Service"="c:\programme\IBM\Client Access\cwbsvstr.exe"
"Norton Ghost 9.0"=c:\programme\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
"QuickTime Task"="c:\programme\quicktime\qttask.exe" -atboottime
"zBrowser Launcher"=c:\programme\Logitech\iTouch\iTouch.exe
"InCD"=c:\programme\Ahead\InCD\InCD.exe
"MOD"=c:\programme\microangelo\muamgr.exe
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup
"FreePDF Assistant"=c:\programme\FreePDF_XP\fpassist.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"BMan"=c:\programme\CHIPDRIVE\CHIPDRIVE Smartcard Office\AddressBook\BMan.exe
"CHIPDRIVEPinManager"=c:\windows\system32\sokscmpn.exe
"CHIPDRIVESmartcardManager"="c:\programme\CHIPDRIVE\Smartcard Manager\SCMgr.exe" x
"DiskEncryption"="c:\programme\CHIPDRIVE\CHIPDRIVE Smartcard Office\DiskEncryption\DCAdmin.exe" x
"FrmFill"=c:\programme\CHIPDRIVE\CHIPDRIVE Smartcard Office\FormFill\FrmFill.exe
"PCard"=c:\programme\CHIPDRIVE\CHIPDRIVE Smartcard Office\PCard\PCard.exe
"SmartcardOfficeTour"=c:\programme\CHIPDRIVE\CHIPDRIVE Smartcard Office\SCTour.exe
"WinLogon Support"=c:\programme\CHIPDRIVE\CHIPDRIVE Smartcard Office\WinLogon\WLBack.exe
"PTBSync"=c:\programme\PTBSync\PTBSync.exe /Start
"SunJavaUpdateSched"=c:\programme\Java\jre1.5.0_07\bin\jusched.exe
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Auto Run Software for Photo Frame"=
"ChkAdmin"=c:\progra~1\Compaq\COMPAQ~1\CHKADMIN.EXE
"ControlCenter2.0"=c:\programme\Brother\ControlCenter2\brctrcen.exe /autorun
"IndexSearch"=c:\programme\ScanSoft\PaperPort\IndexSearch.exe
"PaperPort PTD"=c:\programme\ScanSoft\PaperPort\pptd40nt.exe
"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"Adobe Photo Downloader"="c:\programme\Adobe\Photoshop Elements 6.0\apdproxy.exe"
"DrvLsnr"=c:\programme\Analog Devices\SoundMAX\DrvLsnr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Radmin\\r_server.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programme\\COMPAQ\\Compaq Management Agents\\Dmi\\Win32\\idmiex\\IDmieX.exe"=
"c:\\Programme\\ahead\\Nero ShowTime\\ShowTime.exe"=
"c:\\Perl\\bin\\perl.exe"=
"c:\\Programme\\TrueUpdate 2.0\\TU20Design.exe"=
"c:\\Programme\\WS_FTP\\WS_FTP95.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programme\\NetViewer\\Aktuelle Version\\NV_o2o_Berater_DE.exe"=
"c:\\Programme\\VoipBuster.com\\VoipBuster\\voipbuster.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"=
"c:\\Programme\\Motorola\\Software Update\\msu.exe"=
"c:\\Programme\\InternetCalls.com\\InternetCalls\\InternetCalls.exe"=
"c:\\SWKey\\Instant PLUS\\InstantPLUS.exe"=
"c:\\SWKey\\PLUS\\LFEdit.exe"=
"c:\\admin\\gateway-discovery.exe"=
"c:\\Programme\\NetViewer\\one2one\\NV_o2o_Berater_DE.exe"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\Win32\\RpcDataSrv.exe"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite XII.SP1\\RpcSandraSrv.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programme\\PokerStrategy\\PokerStrategy Elephant\\PokerStrategy Elephant.exe"=
"c:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"=
"c:\\Programme\\FRITZ!DSL\\WebwaIgd.exe"=
"c:\\InstantMantis\\server\\Apache2\\bin\\Apache_IM.exe"=
"c:\\Programme\\VMware\\VMware Server\\vmware-authd.exe"=
"c:\\Programme\\VMware\\VMware Server\\vmware-hostd.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Apache Software Foundation\\Apache2.2\\bin\\httpd.exe"=
"c:\\Programme\\NetViewer\\Support\\NV_Support_Berater_DE.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4899:TCP"= 4899:TCP:Radmin
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3306:TCP"= 3306:TCP:MySQL Server
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [29.07.2004 03:33 138801]
R1 ClntMgmt;HP Client Management Driver;c:\windows\system32\drivers\Clntmgmt.sys [02.08.2005 20:25 59044]
R1 ICsrvr;Shiva VPN Client Protocol;c:\windows\system32\drivers\ICSRVR.SYS [27.10.2004 16:34 133956]
R1 ICtdi;Shiva VPN Client TDI Driver;c:\windows\system32\drivers\ICTDI.SYS [27.10.2004 16:34 18674]
R1 Mtxparmx;Mtxparmx;c:\windows\system32\drivers\mtxparmx.sys [17.09.2008 17:59 5504]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [29.07.2004 04:13 46800]
R1 raddrvv3;raddrvv3;c:\windows\system32\rserver30\raddrvv3.sys [02.02.2007 14:54 41176]
R1 SLEE_16_DRIVER;Steganos Live Encryption Engine 16 [Driver];c:\windows\system32\drivers\sleen16.sys [11.10.2007 12:24 79104]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [04.11.2008 12:02 96016]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [04.11.2008 12:02 41744]
R2 Apache2.2;Apache2.2;c:\programme\Apache Software Foundation\Apache2.2\bin\httpd.exe [10.12.2008 00:10 24636]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [07.05.2005 22:36 3744]
R2 CHIPDRIVE_Disk_Encryption_Driver;CHIPDRIVE Disk Encryption Driver;c:\windows\system32\SCMLive.sys [25.06.2003 16:10 84800]
R2 CHIPDRIVE_Disk_Encryption_Service;CHIPDRIVE Disk Encryption Service;c:\windows\system32\SCMSymbols.exe [02.06.2003 12:17 35840]
R2 F3EJTHDD;HandyDrive Password Lock Tool Service;c:\programme\Fujitsu HandyDrive\Password\F3EJTHDD.EXE [26.01.2009 10:29 53248]
R2 ICService;Shiva VPN Client;c:\programme\Intel\Shiva VPN Client\ICSRV.EXE [27.10.2004 16:34 13312]
R2 IGDCTRL;AVM IGD CTRL Service;c:\programme\FRITZ!DSL\IGDCTRL.EXE [04.09.2007 11:14 87344]
R2 LogWatch;Event Log Watch;c:\windows\LogWatNT.exe [03.11.1999 07:17 50688]
R2 Machnm32;Machnm32 Driver;c:\windows\system32\Machnm32.sys [14.06.2005 11:29 7432]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [07.05.2005 22:36 3904]
R2 Matrox Centering Service;Matrox Centering Service;c:\programme\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe [11.06.2008 16:29 586760]
R2 Matrox.Pdesk.ServicesHost;Matrox.Pdesk.ServicesHost;c:\programme\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe [11.06.2008 16:33 189448]
R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\programme\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [10.07.2008 01:22 218136]
R2 MSOLAP$DEV2008;SQL Server Analysis Services (DEV2008);c:\programme\Microsoft SQL Server\MSAS10.DEV2008\OLAP\bin\msmdsrv.exe [10.07.2008 01:22 21945368]
R2 MSSQL$DEV2008;SQL Server (DEV2008);c:\programme\Microsoft SQL Server\MSSQL10.DEV2008\MSSQL\Binn\sqlservr.exe [10.07.2008 11:49 40999448]
R2 MSSQL$FRS;MSSQL$FRS;c:\programme\Microsoft SQL Server\MSSQL$FRS\Binn\sqlservr.exe -sFRS --> c:\programme\Microsoft SQL Server\MSSQL$FRS\Binn\sqlservr.exe -sFRS [?]
R2 MSSQL$SQLSERVER2000;MSSQL$SQLSERVER2000;c:\progra~1\MICROS~4\MSSQL$~2\binn\sqlservr.exe -sSQLSERVER2000 --> c:\progra~1\MICROS~4\MSSQL$~2\binn\sqlservr.exe -sSQLSERVER2000 [?]
R2 PD91Agent;PD91Agent;c:\programme\Raxco\PerfectDisk2008\PD91Agent.exe [31.12.2008 14:12 693512]
R2 PD9Engine;PD9Engine;c:\programme\Raxco\PerfectDiskRx\PD9Engine.exe [18.06.2007 15:11 689680]
R2 PortTalk;PortTalk;c:\windows\system32\drivers\ptbtalk.sys [03.05.2006 14:15 3567]
R2 ReportServer$DEV2008;SQL Server Reporting Services (DEV2008);c:\programme\Microsoft SQL Server\MSRS10.DEV2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe [10.07.2008 02:22 1106968]
R2 SCM_Smart_Card_Office_Kernel;CHIPDRIVE Smartcard Office Kernel;c:\windows\system32\sokscmnt.exe [16.11.2004 15:24 707584]
R2 SDisTestService;SpybotSnD Distributed Testing;c:\programme\SDistTest\SDistTestSvc.exe [06.05.2009 10:57 907680]
R2 SeaPort;SeaPort;c:\programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [14.01.2009 18:53 226656]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [12.10.2008 14:24 54960]
R2 VMwareHostd;VMware Host Agent;c:\programme\VMware\VMware Server\vmware-hostd.exe [12.10.2008 14:24 322096]
R2 VMwareServerWebAccess;VMware Server Web Access;c:\programme\VMware\VMware Server\tomcat\bin\tomcat6.exe [12.10.2008 21:27 57344]
R2 WinDefend;Windows Defender;c:\programme\Windows Defender\MsMpEng.exe [03.11.2006 19:19 13592]
R3 ICvnic;Shiva VPN Client Virtual Adapter;c:\windows\system32\drivers\icvnic.sys [27.10.2004 16:34 6708]
R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [04.07.2005 22:33 14095]
R3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [01.11.2006 05:01 3328]
R3 MTXPAR;MTXPAR;c:\windows\system32\drivers\MTXPARM.sys [17.09.2008 17:59 1485568]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [20.11.2008 18:12 16896]
S2 CiscoVpnInstallService;Cisco Systems, Inc. Installer service;c:\dokume~1\hubi\LOKALE~1\Temp\INSTAL~1.EXE --> c:\dokume~1\hubi\LOKALE~1\Temp\INSTAL~1.EXE [?]
S2 MSSQL$SQLSERVER2008;SQL Server (SQLSERVER2008);c:\programme\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [09.11.2007 03:01 32756248]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\programme\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N "pgsql-8.3" -D "h:\elephant\data\" --> c:\programme\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N pgsql-8.3 [?]
S3 AVMUNET;AVM FRITZ!Box;c:\windows\system32\drivers\avmunet.sys [02.04.2007 16:57 14976]
S3 MgaFG;MgaFG;c:\windows\system32\drivers\MgaFG.sys [03.05.2006 11:57 5376]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [23.06.2008 15:43 42112]
S3 PciDumpr;PciDumpr;\??\c:\programme\T-DSL SpeedManager\PciDumpr.sys --> c:\programme\T-DSL SpeedManager\PciDumpr.sys [?]
S3 PD91Engine;PD91Engine;c:\programme\Raxco\PerfectDisk2008\PD91Engine.exe [31.12.2008 14:12 910600]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [24.03.2009 13:03 7808]
S3 rcomsrv;Radmin Communication Server;"c:\windows\system32\rcomsrv30\rcomsrv.exe" /service --> c:\windows\system32\rcomsrv30\rcomsrv.exe [?]
S3 RServer3;Radmin Server V3;c:\windows\system32\rserver30\rserver3.exe [02.02.2007 14:35 1235032]
S3 SPR132;SPRx32 Serial Smart Card Reader;c:\windows\system32\drivers\SPR132.sys [10.10.2003 05:10 181504]
S3 SPRx32 USB Smart Card Reader;SPRx32 USB Smart Card Reader;c:\windows\system32\drivers\SPR332.sys [13.10.2003 05:20 63252]
S3 SQLAgent$DEV2008;SQL Server-Agent (DEV2008);c:\programme\Microsoft SQL Server\MSSQL10.DEV2008\MSSQL\Binn\SQLAGENT.EXE [10.07.2008 11:49 369688]
S3 SQLAgent$FRS;SQLAgent$FRS;c:\programme\Microsoft SQL Server\MSSQL$FRS\Binn\sqlagent.EXE -i FRS --> c:\programme\Microsoft SQL Server\MSSQL$FRS\Binn\sqlagent.EXE -i FRS [?]
S3 SQLAgent$SQLSERVER2000;SQLAgent$SQLSERVER2000;c:\progra~1\MICROS~4\MSSQL$~2\binn\sqlagent.exe -i SQLSERVER2000 --> c:\progra~1\MICROS~4\MSSQL$~2\binn\sqlagent.exe -i SQLSERVER2000 [?]
S3 SQLAgent$SQLSERVER2008;SQL Server Agent (SQLSERVER2008);c:\programme\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [09.11.2007 03:01 347160]
S3 TSMPacket;T-DSL SpeedManager Service;c:\windows\system32\DRIVERS\tsmpkt.sys --> c:\windows\system32\DRIVERS\tsmpkt.sys [?]
S3 vmwriter;VMware VSS Writer;c:\programme\VMware\VMware Server\vmVssWriter.exe [12.10.2008 14:24 29744]
S4 MSSQLFDLauncher$DEV2008;SQL Full-text Filter Daemon Launcher (DEV2008);c:\programme\Microsoft SQL Server\MSSQL10.DEV2008\MSSQL\Binn\fdlauncher.exe [10.07.2008 01:15 31256]
S4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\programme\Microsoft SQL Server\100\Shared\sqladhlp.exe [10.07.2008 11:49 47128]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\programme\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23.09.2005 07:01 2799808]
S4 RsFx0100;RsFx0100 Driver;c:\windows\system32\drivers\RsFx0100.sys [09.11.2007 03:07 235416]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.07.2008 02:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.07.2008 02:27 369688]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\programme\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
2009-05-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2004-09-12 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 2200 series272A572217594EBCF1CEE215E352B92AD073FDE4086772675.job
- c:\programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 15:56]
2009-05-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programme\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
2009-05-11 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\programme\Norton SystemWorks\OBC.exe [2004-11-23 14:53]
2005-07-25 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\programme\Spybot - Search & Destroy\SpybotSD.exe [2009-05-11 13:31]
2009-05-10 c:\windows\Tasks\Symantec Drmc.job
- c:\programme\Gemeinsame Dateien\Symantec Shared\SymDrmc.exe [2004-10-27 10:48]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: {{27914077-B4D6-4A0E-9763-76B6E9DD9A81} - c:\programme\Buyertools Reminder\ReminderIE.exe
LSP: c:\programme\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
LSP: c:\programme\VMware\VMware Server\vsocklib.dll
TCP: {57482DC5-6D39-4877-B56D-24748060927B} = 10.0.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {143B3E6F-2C70-4238-85A1-D4F414C792B8} - hxxp://www.installshield.com/downloads/ds/files/75/demox.cab
FF - ProfilePath - c:\dokumente und einstellungen\hubi\Anwendungsdaten\Mozilla\Firefox\Profiles\frttfc0o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - plugin: c:\dokumente und einstellungen\hubi\Anwendungsdaten\Mozilla\Firefox\Profiles\frttfc0o.default\extensions\VMwareVMRC@vmware.com\plugins\np-vmware-vmrc-2.5.0-122581.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npOGAPlugin.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-12 09:59
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\programme\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\programme\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(1304)
c:\windows\system32\VMGINA.DLL
c:\windows\system32\twkGina.dll
c:\windows\system32\SOKSCM.DLL
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTServ.dll
- - - - - - - > 'lsass.exe'(1360)
c:\programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Zeit der Fertigstellung: 2009-05-12 10:03
ComboFix-quarantined-files.txt 2009-05-12 08:02
ComboFix2.txt 2009-05-11 13:14
ComboFix3.txt 2009-05-06 08:17
Vor Suchlauf: 3.336.925.184 Bytes frei
Nach Suchlauf: 3.510.661.120 Bytes frei
479 --- E O F --- 2009-05-06 10:11
hornet99
2009-05-12, 13:53
0.2
1&1 EasyLogin
2.06
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.65
ActivePerl 5.10.0 Build 1004
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS2
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SVG Viewer 3.0
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced IP Scanner v1.5
Advanced Registry Doctor
AdventureWorksDB
AdventureWorksLT
Alt-Tab Task Switcher Powertoy for Windows XP
AnalogX QuickDNS
Apache HTTP Server 2.2.11
API Error Reader 1.31
Apple Mobile Device Support
Apple Software Update
a-sign Client
Asterisk Key 8.3
AttachmentOptions
AutoHotkey 1.0.46.12
AutoPlay Media Studio 6.0
AutoPlay Media Studio 6.0 Mega Content Pack
Avanquest update
Avery Zweckform DesignPro
AVM FRITZ!DSL
AWStats
aXbo up2date
AxTools CodeSMART 2005 for VB6
AxTools VssRecursivePurge 1.2
Blattschutz-Addin
blueshell Data Guy
Bluetooth Software
Bonjour
Bootstrapper Manifest Generator for VS2008
Broadcom Management Programs
Brother Driver Deployment Wizard
Brother MFL-Pro Suite
Browsen mit Registerkarten (Windows Live Toolbar)
Buyertools Reminder
CA eTrust Antivirus
ccCommon
CCleaner (remove only)
CDDRV_Installer
CheckIt Diagnostics
CHIPDRIVE Smartcard Office
CHIPDRIVE Smartcard Tools
Choice Guard
clrmamepro
CLR-Typen des SQL Server-Systems
CmdHere Powertoy For Windows XP
Code Advisor for Visual Basic 6 - 1.0
Compatibility Pack for the 2007 Office system
ComponentOne Chart 8.0
ComponentOne Query 8.0
ComponentOne SizerOne 8.0
ComponentOne Studio for ActiveX
ComponentOne Studio for ActiveX - Q4 2003
ComponentOne Studio for ActiveX - Q4 2003
ComponentOne Studio® for WinForms 2.0
ComponentOne True DataControl 8.0
ComponentOne True DBGrid Pro 8.0
ComponentOne True DBList Pro 8.0
ComponentOne TrueDBInput
ComponentOne VS FlexGridPro 8.0
ComponentOne VS FlexGridPro 8.0
ComponentOne VSSPELL 8.0
ComponentOne VSVIEW 8.0
Connect
Corel Uninstaller
CP210x USB to UART Bridge Controller
CVS Suite 2.5.04.3236 Client Trial Version
Daniusoft Media Converter(Build 2.3.1.34)
Data Dynamics ActiveReports 2
Data Exchange Software
Data Lifeguard
DB Ghost
DemoForge Player
DivX Converter
DotNetZip Utilities v1.7
DVD Shrink 3.2
DVD X Copy Platinum 4.0.3
DVD X Rescue
DVD43 v3.5.3
DVDXCopy Xpress 3.2.1
DVR-Studio Pro
Easy Access Button Unterstützung
Easy Icon Maker 3.0
EasySQL Tools
EMS SQL Manager 2008 Lite for SQL Server
Enterprise Library 4.1 - October 2008
Enterprise Library for .NET Framework 2.0, Hands On Labs
ERUNT 1.1j
Eurofibu EA 2002 Professional
Eurofibu EA 2005 Standard
Eurofibu UVA
Eurofibu UVA 2004
Feederkennung (Windows Live Toolbar)
FeedReader
File Type Manager 2.0.1
Flexible Reporting Systems
Foxit Reader
FoxyTunes for Firefox
FreePDF XP (Remove only)
FreePHG V2.09
Full Tilt Poker
GEAR Software Drivers
Google Desktop Search
Google Earth
GTK+ 2.6.7-2 runtime environment
GYM-O-FIZZ
HandyDrive Password Lock Tool
HijackThis 2.0.2
Holdem Manager
Hotfix 2050 for SQL Server 2000 DEU (KB948110)
Hotfix 2055 for SQL Server 2000 DEU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2008 Standard Edition - ENU (KB952241)
Hotfix for Office (KB950278)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB945282)
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB946040)
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB946308)
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB946344)
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB947540)
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB947789)
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB948127)
Hotfix für Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU (KB951708)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix für Windows XP (KB942288-v3)
Hotfix für Windows XP (KB952287)
Hotfix für Windows XP (KB961118)
hp deskjet 5100 series
HP Foto- und Bildbearbeitung 2.0 - All-in-One
HP Foto und Bildbearbeitung 2.0 - hp psc 2200 series
HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber
hp print screen utility
hp psc 2200 series
http.SIGN Client Library
IBM AS/400 Client Access Express für Windows
ICM Trainer Light
ICM Trainer Light
ImageMagick 6.2.3-4 Q16 (07/14/05)
ImageMixer VCD2
InCD
Innovasys DockStudioXP 2
Innovasys Freeware Component Suite
Innovasys RealWorld 1.0.15
Insight Management Agent
InstallShield 11 Express Edition
InstallShield Express German
InstallShield Express German
InstallShield MSDE 2000 Object
Instant PLUS
Intel A/V Codecs V2.0
Intel(R) NetStructure(TM) VPN Client
InternetCalls
InterVideo WinDVD
iPod for Windows 2006-01-10
Ipswitch WS_FTP Pro
IrfanView (remove only)
iTunes
JASP 1.4
Java(TM) 6 Update 13
KhalInstallWrapper
KPS-HomePlanner - Brinkmann
KPS-HomePlanner - Brinkmann
kuler
Lemmings for Windows 95
LiveReg (Symantec Corporation)
Logitech iTouch Software
Logitech MouseWare 9.79.1
Logitech Resource Center
Logitech SetPoint
LookyLooky
Macromedia Flash Player
Malwarebytes' Anti-Malware
Matrox Driver
Matrox PowerDesk-SE
Microangelo 5.5
Microsoft .NET Framework (German)
Microsoft .NET Framework (German) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Color Control Panel Applet for Windows XP
Microsoft Data Access Components KB870669
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008 Language Pack - DEU
Microsoft Document Explorer 2008 Language Pack - DEU
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Excel Viewer 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office XP Professional
Microsoft Outlook-Sicherung für Persönliche Ordner
Microsoft PowerPoint Viewer 97
Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2000 (SQLSERVER2000)
Microsoft SQL Server 2005
Microsoft SQL Server 2008
Microsoft SQL Server 2008
Microsoft SQL Server 2008 (SQLSERVER2008)
Microsoft SQL Server 2008 Analysis Services
Microsoft SQL Server 2008 Analysis Services
Microsoft SQL Server 2008 BI Development Studio
Microsoft SQL Server 2008 BI Development Studio
Microsoft SQL Server 2008 Client Tools
Microsoft SQL Server 2008 Client Tools
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Full text search
Microsoft SQL Server 2008 Integration Services
Microsoft SQL Server 2008 Integration Services
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Management Studio
Microsoft SQL Server 2008 Management Studio
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 Reporting Services
Microsoft SQL Server 2008 Reporting Services
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server 2008-Browser
Microsoft SQL Server 2008-Onlinedokumentation (Deutsch)
Microsoft SQL Server 2008-Richtlinien
Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Compact 3.5 SP1-Abfragetools (Deutsch)
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server Desktop Engine
Microsoft SQL Server Desktop Engine (FRS)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Framework Runtime v1.0 (x86) de
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Sync Framework Services v1.0 (x86)
Microsoft Sync Services for ADO.NET v2.0 (x86) de
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visio für Enterprise Architects [DEU]
Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU
Microsoft Visual Basic 2008 Express Edition with SP1 - DEU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ Toolkit 2003
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio .NET Enterprise Architect - Deutsch
Microsoft Visual Studio .NET Enterprise Architect 2003 - Deutsch
Microsoft Visual Studio 2005 Premier Partner Edition - ENU
Microsoft Visual Studio 2005 Tools for Applications - ENU
Microsoft Visual Studio 2005 Tools for Applications - ENU
Microsoft Visual Studio 2008 Shell (integrated mode) - DEU
Microsoft Visual Studio 2008 Standard Edition - ENU
Microsoft Visual Studio 2008 Standard Edition - ENU
Microsoft Visual Studio 2008 Standard Edition - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio 6.0 Enterprise Edition (Deutsch)
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
Microsoft Visual Studio Web Authoring Component
Microsoft Visual Web Developer 2005 Express Edition - ENU
Microsoft Visual Web Developer 2005 Express Edition - ENU
Microsoft Visual Web Developer 2005 Express Edition - ENU Service Pack 1 (KB926751)
Microsoft Web Publishing Wizard 1.53
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
MinD
Mobile Partner
Motherboard Monitor 5
Motherboard Monitor 5 Languages
Motorola Driver Installation 3.7.0
Motorola Phone Tools
Motorola Software Update
Mozilla Firefox (3.0.10)
MSDE 2000 Deployment Toolkit 1.0
MSDE Manager Version G
MSDN Library - Visual Studio 6.0a (Deutsch)
MSDN Library for Visual Studio 2008 - ENU
MSDN Library for Visual Studio 2008 - ENU
MSRedist
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser und SDK
MSXML 6.0 Parser (KB933579)
MWSnap 3
myFairTunes v.7.0.2c
MySQL Administrator 1.1
MySQL Server 5.0
NEOedit
Nero 6
Nero Digital
Nero Media Player
NetObjects Fusion 10.0
NetObjects Fusion 7.5
NetObjects Toolbox - Bonusanwendungen
Netviewer one2one
Netviewer Support
Norton Ghost 9.0
Norton SystemWorks
Norton SystemWorks 2005 Premier (Symantec Corporation)
NSW_DRM_COLLECTION
O&O SafeErase
Office-Bibliothek 4.1
Orca
Pacific Poker
Paint.NET v3.36
PaperPort
PartyPoker
Passware Kit 5.3
PasswordKeeper
PDF Settings CS4
PDFZilla V1.0.7
PerfectDisk 2008 Professional
PerfectDisk Rx Suite
Personal Backup 4.3
phase5
Philips Photo Manager 1.1
Photoshop Camera Raw
Picture Package
PictureAgent V3.5
PixiePack Codec Pack
PodSpider 1.2
Poker Grapher
Poker Patterns
PokerAce Hud (remove only)
PokerStars
PokerStrategy Elephant
Pool 'm Up
POP3 preview 8.5 en
PostgreSQL 8.0
PostgreSQL 8.3
Post-it® Software Notes Lite
PowerISO
Preispiraten
ProntoNEO Firmware Update Tool
Protection PLUS .NET
Protection PLUS 4.4 Professional Edition
PTBSync (Atomuhr Synchronisation & Terminkalender)
Python 2.4 clearsilver-0.9.14
Python 2.4 pysqlite-2.3.2
Python 2.4 setuptools-0.6c7
Python 2.4 svn-python-1.4.2
Python 2.4 Trac 0.10
Python 2.4.3
QuickTime
Radiotracker
RadioTracker 2.0.1.4400
Radmin Server 3.0
Radmin Viewer 3.0
Radmin Viewer 3.0
RC3200 Setup
RealPlayer
Red Gate SQL Bundle
Red Gate SQL Bundle
RedMon - Redirection Port Monitor
Registrar Lite 2.00
Registry System Wizard
Relo v0.9.9
Remote Administrator v2.2
Remove Uli Stein Screensaver
RoboHelp For Word X3
RoboHelp Office X3
RouterControl 1.91
Schnell Schreiben 3.4.4
Screensaver augenpause
Secunia PSI
SecureDoc
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office system 2007 (KB954326)
Segoe UI
SetEditTF (remove only)
SetEditTF5000 (remove only)
sevCommand ActiveX 2.1.0.23
sevEingabe ActiveX 2.10.0.20
sevMail ActiveX 1.3.0.121
sevMenuXP 2.0.0.40
sevTabStrip ActiveX 1.0.0.2
sevTrayIcon ActiveX 2.0.0.0
sevWizard ActiveX 1.0.0.5
sevXPControl ActiveX 1.19.0.8
sevZIP30 PRO 3.0
sevZIP32 1.0
Sharp Zip Wrapper
sheepworld - Ohne Dich ist alles doof Screensaver
Sicherheitsupdate für Windows Media Encoder (KB954156)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows Media Player 9 (KB911565)
Sicherheitsupdate für Windows Media Player 9 (KB917734)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB938464)
Sicherheitsupdate für Windows XP (KB941569)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950759)
Sicherheitsupdate für Windows XP (KB950760)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951698)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952004)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB953155)
Sicherheitsupdate für Windows XP (KB953838)
Sicherheitsupdate für Windows XP (KB953839)
Sicherheitsupdate für Windows XP (KB954211)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB954600)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956390)
Sicherheitsupdate für Windows XP (KB956391)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956841)
Sicherheitsupdate für Windows XP (KB957095)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958215)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958687)
Sicherheitsupdate für Windows XP (KB958690)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960714)
Sicherheitsupdate für Windows XP (KB960715)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB961373)
Sicherheitsupdate für Windows XP (KB963027)
SiSoftware Sandra Lite XII.SP1
Skype™ 4.0
SLC-2080 USB Driver
Smart Menus (Windows Live Toolbar)
SMButton VB6 Source Code
Software Setup
SONY Photosizetool
Sony USB Driver
SoundMAX
SpamPal
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 8
SPRx32 SmartCard Reader
Spybot - Search & Destroy
Spybot-S&D Distributed Testing Client
SpywareBlaster 4.2
SQL Backup 5
SQL Log Rescue 1
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
SQLXML4
Steganos Safe One
Streamripper Plugin 1.62-beta-3 (Remove only)
Subversion 1.4.2-r22196
Suite Shared Configuration CS4
Sun xVM VirtualBox
SurfMusik 3.1
SyncToy 2.0 (x86)
TagRunner 1.2
Teach/Me - Neue Deutsche Rechtschreibung
TeamSpeak 2 RC2
Telefon- und Branchenbuch Netzwerkversion - 32-Bit
Texas Grab'em
The GIMP 2.2.8
Tools für Microsoft SQL Server 2005 Express Edition
TopfHDRead/Write V0.14
Total Commander (Remove or Repair)
Total Recorder 6.0
TreeSize Professional 3.3.3
TrueMoneygames Game Client
TrueUpdate 1.0
TrueUpdate 2.0
TV Movie.de
TVgenial 4.06
Tweak UI
TweakNow PowerPack 2005
Übungsdateien
Ulead COOL 360 1.0
Ulead Photo Explorer 8.6
Ulead PhotoImpact 11
Ultr@VNC 1.0.0 RC11d - Win32
UltraEdit-32
UltraSentry
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update für Windows XP (KB951072-v2)
Update für Windows XP (KB951978)
Update für Windows XP (KB955839)
Update für Windows XP (KB961503)
Update für Windows XP (KB967715)
URFIN JUS CLASSter 2.2 MS SQL/Sybase Edition
vb@rchiv CDROM Vol.2
vb@rchiv CDROM Vol.3
VBEx32 2.1.03
VBPartner 6.0
Visendo SQL-Admin
Visual C++ 2008 IA64 Runtime - (v9.0.30729)
Visual C++ 2008 IA64 Runtime - v9.0.30729.01
Visual C++ 2008 x64 Runtime - (v9.0.30729)
Visual C++ 2008 x64 Runtime - v9.0.30729.01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual J# .NET Redistributable 1.1- German Language Pack
Visual Patch 2.0
VLC media player 0.9.8a
VMware Server
VoipBuster 2.07 build 235
vowelXP
Web Application Installer
Webalizer GUI
Win2day Poker
Winamp (remove only)
Window Washer
Windows Defender
Windows Defender Signatures
Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer Clean Up
Windows Installer Clean Up
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Toolbar
Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
Windows Live-Uploadtool
Windows Media Encoder 9-Reihe
Windows Media Encoder 9-Reihe
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows PowerShell(TM) 1.0
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Service Pack 3
WindowWatch 1.4.10
WinRAR Archivierer
WinZip
XML Paper Specification Shared Components Language Pack 1.0
Yahoo! Widget Engine
Yahoo! Widget Engine
Z-DBackup
pskelley
2009-05-12, 14:10
For future reference:
http://forums.spybot.info/forumdisplay.php?f=15
I have a hard enough time with English...
Programs can and do make mistake, that's why they quarantine what they remove. You may want to look at the quarantine list in MBAM to make sure nothing it removed is needed. Once you are sure, then clean out that MBAM quarantine folder.
How is the computer running now.Unless I missed something, I can see no response to this question.
Let's see if we can wrap up like this.
Remove combofix from the computer like this:
Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
Clean the System Restore files like this:
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot
Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
Update MBAM and scan to be sure we missed none of the junk, there is no need to post a clean scan result.
(MBAM is yours to keep if you wish, keep it updated and run it once a month or so)
Update eTrust Antivirus and scan the system, to be sure it is running right and scanning clean. If you have problems with the program, contact tech support for instructions.
If all is well at this point, let me know and I will close the topic.
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
http://www.malwarecomplaints.info/
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
How hard are your passwords to crack?
http://www.microsoft.com/protect/yourself/password/checker.mspx
http://users.telenet.be/bluepatchy/miekiemoes/Links.html
http://www.microsoft.com/windows/ie/community/columns/protection.mspx
Improve the safety of your browsing and e-mail activities
http://www.microsoft.com/protect/computer/advanced/browsing.mspx
hornet99
2009-05-12, 14:31
Hi pskelley,
sorry for that!
The Computer runs fine, no redirection at the moment.
Thanks for your help
Hornet99