security toolbar 7.1 mit mehreren Trojanern :-(

K

kuleo

New member
hi,
ich habe auf einmal viele trojaner in meinem pc und im browser die security toolbat 7.1.....
meine versuche sie mit search & destroy zu entfernen sind leider gescheitert...

ich habe einmal ein logfile mit dem programm hijackthis erstellt.

velleicht kann mir jemand helfen wie ich diese dinger wieder entgültig loswerde !!!

lg kuleo :sad:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14:10, on 20.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Programme\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\Programme\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\vVX6000.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Programme\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Programme\Microsoft Windows OneCare Live\winssnotify.exe
C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Creative\MediaSource\Detector\CTDetect.exe
C:\Programme\Tunebite\tunebite.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\Microsoft ActiveSync\Wcescomm.exe
C:\Programme\Sprite Software\Sprite Backup\SpriteService.exe
C:\Programme\Picasa2\PicasaMediaDetector.exe
C:\Programme\Creative\ShareDLL\CADI\NotiMan.exe
C:\Programme\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme\Microsoft Windows OneCare Live\winss.exe
C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE
C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\utxhqvfl.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Rar$EX00.500\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://jukon.kuleo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\fbsahjof.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [Zune Launcher] "C:\Programme\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Programme\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programme\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Programme\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Programme\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [bc50e688] rundll32.exe "C:\WINDOWS\system32\uwhsqllm.dll",b
O4 - HKLM\..\Run: [OneCareUI] "C:\Programme\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingE1577] "C:\Programme\Spybot - Search & Destroy\SDDelFile.exe" "C:\WINDOWS\system32\fbsahjof.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingE8752] "C:\Programme\Spybot - Search & Destroy\SDDelFile.exe" "C:\WINDOWS\system32\fbsahjof.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingE3944] "C:\Programme\Spybot - Search & Destroy\SDDelFile.exe" "C:\WINDOWS\system32\fbsahjof.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingE5900] "C:\Programme\Spybot - Search & Destroy\SDDelFile.exe" "C:\WINDOWS\system32\fbsahjof.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingE3674] "C:\Programme\Spybot - Search & Destroy\SDDelFile.exe" "C:\WINDOWS\system32\fbsahjof.dll_old"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [tunebite.exe] C:\Programme\Tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpriteService] "C:\Programme\Sprite Software\Sprite Backup\SpriteService.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingF9034] "C:\Programme\Spybot - Search & Destroy\SDDelFile.exe" "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\removalfile.bat"
O4 - HKCU\..\RunOnce: [SpybotDeletingF102] "C:\Programme\Spybot - Search & Destroy\SDDelFile.exe" "C:\WINDOWS\system32\fbsahjof.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingF4811] "C:\Programme\Spybot - Search & Destroy\SDDelFile.exe" "C:\WINDOWS\system32\fbsahjof.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingF6663] "C:\Programme\Spybot - Search & Destroy\SDDelFile.exe" "C:\WINDOWS\system32\fbsahjof.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingF2270] "C:\Programme\Spybot - Search & Destroy\SDDelFile.exe" "C:\WINDOWS\system32\fbsahjof.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingF8637] "C:\Programme\Spybot - Search & Destroy\SDDelFile.exe" "C:\WINDOWS\system32\fbsahjof.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoCAD-Startbeschleuniger.lnk = C:\Programme\Gemeinsame Dateien\Autodesk Shared\acstart16.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Harmony Remote Software 7.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Windows-Desktopsuche.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/22.26/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169226334224
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169226325756
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c005E5B.dat
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: BroadWave Service (BroadWaveService) - Unknown owner - C:\Programme\NCH Swift Sound\BroadWave\broadwave.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 16870 bytes
 
Last edited:
Hallo,

Kennen Sie folgenden Prozess?
Running processes:
C:\WINDOWS\vVX6000.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c005E5B.dat

Des weiteren würde ich folgendes löschen mit Hijackthis:

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\fbsahjof.dll
O4 - HKLM\..\Run: [bc50e688] rundll32.exe "C:\WINDOWS\system32\uwhsqllm.dll",b
O4 - HKLM\..\RunOnce: [SpybotDeletingE1577] "C:\Programme\Spybot - Search & Destroy\SDDelFile.exe" "C:\WINDOWS\system32\fbsahjof.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingE8752] "C:\Programme\Spybot - Search & Destroy\SDDelFile.exe" "C:\WINDOWS\system32\fbsahjof.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingE3944] "C:\Programme\Spybot - Search & Destroy\SDDelFile.exe" "C:\WINDOWS\system32\fbsahjof.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingE5900] "C:\Programme\Spybot - Search & Destroy\SDDelFile.exe" "C:\WINDOWS\system32\fbsahjof.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingE3674] "C:\Programme\Spybot - Search & Destroy\SDDelFile.exe" "C:\WINDOWS\system32\fbsahjof.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingF9034] "C:\Programme\Spybot - Search & Destroy\SDDelFile.exe" "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\removalfile.bat"
O4 - HKCU\..\RunOnce: [SpybotDeletingF102] "C:\Programme\Spybot - Search & Destroy\SDDelFile.exe" "C:\WINDOWS\system32\fbsahjof.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingF4811] "C:\Programme\Spybot - Search & Destroy\SDDelFile.exe" "C:\WINDOWS\system32\fbsahjof.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingF6663] "C:\Programme\Spybot - Search & Destroy\SDDelFile.exe" "C:\WINDOWS\system32\fbsahjof.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingF2270] "C:\Programme\Spybot - Search & Destroy\SDDelFile.exe" "C:\WINDOWS\system32\fbsahjof.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingF8637] "C:\Programme\Spybot - Search & Destroy\SDDelFile.exe" "C:\WINDOWS\system32\fbsahjof.dll_old"

Bitte starten Sie Ihren PC neu, nachdem Sie die Einträge gelöscht haben.

Mit freundlichen Grüßen
Sandra
Team Spybot
 
Kennen Sie folgenden Prozess?
Running processes:
C:\WINDOWS\vVX6000.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c005E5B.dat


kann damit leider nichts anfangen...den rest sollte ich hinbekommen :red:

danke für die antwort !!!!!!!:alien:
 
bin inzwischen draufgekomme sie gemeint haben...aber wie es schein habe ich nicht alles erwischt...
das problem ist zwar besser geworden aber immer noch da....:sad:

lg kuleo

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:06:33, on 21.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Microsoft LifeCam\MSCamS32.exe
C:\Programme\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programme\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programme\Microsoft Windows OneCare Live\winssnotify.exe
C:\Programme\Zune\ZuneLauncher.exe
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Programme\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe
C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe
C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDClock.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\TGTSoft\StyleXP\StyleXP.exe
C:\Programme\Creative\MediaSource\Detector\CTDetect.exe
C:\Programme\Tunebite\tunebite.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\Microsoft ActiveSync\Wcescomm.exe
C:\Programme\Sprite Software\Sprite Backup\SpriteService.exe
C:\Programme\Picasa2\PicasaMediaDetector.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE
C:\Programme\Creative\ShareDLL\CADI\NotiMan.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Windows Desktop Search\WindowsSearch.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\Defrag.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Gemeinsame Dateien\Logitech\WebColct\webcolct.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jukon.kuleo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [Zune Launcher] "C:\Programme\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Programme\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programme\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Programme\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Programme\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Programme\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [bc50e688] rundll32.exe "C:\WINDOWS\system32\uwhsqllm.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [tunebite.exe] C:\Programme\Tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpriteService] "C:\Programme\Sprite Software\Sprite Backup\SpriteService.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingF9034] "C:\Programme\Spybot - Search & Destroy\SDDelFile.exe" "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\removalfile.bat"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoCAD-Startbeschleuniger.lnk = C:\Programme\Gemeinsame Dateien\Autodesk Shared\acstart16.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Harmony Remote Software 7.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Windows-Desktopsuche.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/22.26/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169226334224
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169226325756
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: BroadWave Service (BroadWaveService) - Unknown owner - C:\Programme\NCH Swift Sound\BroadWave\broadwave.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 15625 bytes
 
Last edited:
Ohne es genaqu sehen zu koennen, wuerde ich denken, das da zumindest noch ein Vundo steckt.

Nutze bitte Smitfraudfix nach Anleitung: http://siri.urz.free.fr/Fix/SmitfraudFix_De.php

und erstelle ein Combofix Report:

Lade es von von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop

Starte es durch doppelklick auf die Combofix.exe und bestaetige die folgende Abfrage mit 1 und drueckt Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Waehrend des Scans bitte nichts am Rechner unternehmen
Es kann moeglich sein, das der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report angezeigt, den bitte kopieren und in deinem Thread einfuegen.
 
und hier ist er ....

thx kuleo

ComboFix 07-11-19.3 - Administrator 2007-11-22 0:03:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.938 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZJQ3J479\ComboFix[1].exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

Nicht in der Lage Systemrechte zu erhalten

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\Administrator\Favoriten\Online Security Guide.lnk
C:\Dokumente und Einstellungen\All Users\Startmenü\Live Safety Center.lnk
C:\Dokumente und Einstellungen\All Users\Startmenü\Online Security Guide.lnk
C:\Programme\Insider
C:\Programme\WinAble
C:\WINDOWS\b111.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\gfhkj.ini
C:\WINDOWS\system32\gfhkj.ini2
C:\WINDOWS\system32\jkhfg.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((( Dateien erstellt von 2007-10-21 bis 2007-11-21 ))))))))))))))))))))))))))))))
.

2007-11-21 23:56 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-21 23:56 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-21 23:56 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-21 11:28 85,056 --a------ C:\WINDOWS\system32\fniwmbbx.dll
2007-11-21 11:28 294 ---hs---- C:\WINDOWS\system32\xbbmwinf.ini
2007-11-21 11:25 80,960 --a------ C:\WINDOWS\system32\hvuktoug.dll
2007-11-21 11:18 145,984 --a------ C:\WINDOWS\system32\rkdcvnfx.dll
2007-11-20 15:58 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2007-11-20 14:40 91,328 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2007-11-20 14:39 116,416 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2007-11-20 14:38 70,928 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2007-11-20 14:37 409,600 -----c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2007-11-20 14:37 18,944 -----c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2007-11-20 14:37 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2007-11-20 14:37 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2007-11-20 14:33 <DIR> d-------- C:\Programme\Microsoft Windows OneCare Live
2007-11-20 13:51 12,172 --a------ C:\Dokumente und Einstellungen\Administrator\x.dat
2007-11-20 13:50 37,376 --a------ C:\WINDOWS\system32\awttqrr.dll
2007-11-20 13:50 511 --a------ C:\Dokumente und Einstellungen\Administrator\z.dat
2007-11-20 11:31 84,544 --a------ C:\WINDOWS\system32\fafqjlul.dll
2007-11-20 11:27 688,765 ---hs---- C:\WINDOWS\system32\mllqshwu.ini
2007-11-20 11:21 145,984 --a------ C:\WINDOWS\system32\prmukqqr.dll
2007-11-19 11:11 36,352 --a------ C:\WINDOWS\system32\yayvsro.dll
2007-11-19 11:11 36,352 --a------ C:\WINDOWS\system32\efcbbba.dll
2007-11-19 01:33 <DIR> d-a------ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2007-11-16 15:18 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skypePM
2007-11-16 15:18 32 --a------ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
2007-11-16 15:17 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Skype
2007-11-14 16:15 <DIR> d-------- C:\limedaten
2007-11-14 16:15 <DIR> d-------- C:\Incomplete
2007-10-30 15:32 <DIR> d-------- C:\Programme\FreePDF_XP
2007-10-30 15:32 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\FreePDF
2007-10-29 14:28 120 --a------ C:\WINDOWS\system32\Log_20071029_142810_638.txt
2007-10-29 14:28 118 --a------ C:\WINDOWS\system32\Log_20071029_142809_958.txt
2007-10-29 14:28 118 --a------ C:\WINDOWS\system32\Log_20071029_142809_1348.txt
2007-10-29 14:28 118 --a------ C:\WINDOWS\system32\Log_20071029_142808_AE4.txt
2007-10-21 20:29 142,524 --a------ C:\WINDOWS\system32\ASTULog.cab
2007-10-21 20:29 1,054 --a------ C:\WINDOWS\system32\setup.inf
2007-10-21 20:29 283 --a------ C:\WINDOWS\system32\setup.rpt
2007-10-21 06:36 5,686 --a------ C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-21 23:05 --------- d-----w C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype
2007-11-21 00:16 --------- d-----w C:\Programme\Hypercosm
2007-11-21 00:15 --------- d-----w C:\Programme\NCH Swift Sound
2007-11-20 13:06 --------- d-----w C:\Programme\GIMP-2.0
2007-11-20 12:51 120 ----a-w C:\n.bat
2007-11-20 12:49 --------- d-----w C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\tunebite
2007-11-19 10:11 0 ----a-w C:\z.dat
2007-11-19 10:11 0 ----a-w C:\x.dat
2007-11-14 11:15 --------- d-----w C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\UseNeXT
2007-11-14 08:22 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2007-10-31 11:35 --------- d-----w C:\Programme\HP
2007-10-28 08:15 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FLEXnet
2007-10-24 08:35 --------- d-----w C:\Programme\Picasa2
2007-10-21 05:36 --------- d-----w C:\Programme\Java
2007-10-16 07:44 --------- d-----w C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InstallShield
2007-10-13 05:04 --------- d-----w C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Juniper Networks
2007-10-12 17:32 --------- d-----w C:\Programme\SWiSH Max2
2007-10-12 16:54 --------- d-----w C:\Programme\SWiSHmax2test
2007-10-12 14:41 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Juniper Networks
2007-10-12 13:09 --------- d-----w C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Juniper Networks
2007-10-12 13:09 --------- d-----w C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Juniper Networks
2007-10-12 13:08 --------- d-----w C:\Programme\Neoteris
2007-10-04 14:03 --------- d-----w C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Bullzip
2007-10-04 13:59 --------- d-----w C:\Programme\gs
2007-10-04 13:59 --------- d-----w C:\Programme\Bullzip
2007-10-01 11:15 839,690 ----a-w C:\WINDOWS\Fonts\Crack.exe
2007-10-01 11:15 839,689 --sh--w C:\WINDOWS\Fonts\svchost.exe
2007-09-26 15:14 --------- d--h--w C:\Programme\InstallShield Installation Information
2007-09-26 15:12 --------- d-----w C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sprite Software
2007-09-26 15:12 --------- d-----w C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sprite Setup Wizard
2007-09-26 15:12 --------- d-----w C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sprite PC Agent
2007-09-26 15:11 --------- d-----w C:\Programme\Sprite Software
2007-09-26 15:10 --------- d-----w C:\Programme\Microsoft ActiveSync
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED203331-9C33-49D8-8714-D24A366A04EC}]
2007-11-20 13:50 37376 --a------ C:\WINDOWS\system32\awttqrr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:57]
"LDM"="C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-24 11:25]
"STYLEXP"="C:\Programme\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 19:31]
"Creative Detector"="C:\Programme\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"tunebite.exe"="C:\Programme\Tunebite\tunebite.exe" [2006-12-18 15:33]
"swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 08:13]
"Skype"="C:\Programme\Skype\Phone\Skype.exe" [2007-11-12 15:48]
"WMPNSCFG"="C:\Programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:56]
"H/PC Connection Agent"="C:\Programme\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 12:50]
"SpriteService"="C:\Programme\Sprite Software\Sprite Backup\SpriteService.exe" [2006-10-30 15:31]
"Picasa Media Detector"="C:\Programme\Picasa2\PicasaMediaDetector" []
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2007-11-17 18:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingF9034"="C:\Programme\Spybot - Search & Destroy\SDDelFile.exe" [2007-11-17 18:19]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 12:03]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 C:\WINDOWS\KHALMNPR.Exe]
"BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21]
"NVIDIA nTune"="C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-01-22 17:22]
"Zune Launcher"="C:\Programme\Zune\ZuneLauncher.exe" [2006-12-12 23:45]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 08:58 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-02-23 10:25 C:\WINDOWS\system32\nwiz.exe]
"Launch LCDMon"="C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe" [2006-07-19 03:39]
"Launch LGDCore"="C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe" []
"CTHelper"="CTHELPER.EXE" [2005-08-08 07:10 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2005-08-08 07:10 C:\WINDOWS\system32\CTXFIHLP.EXE]
"CTDVDDET"="C:\Programme\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00]
"RCSystem"="C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25]
"AudioDrvEmulator"="C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25]
"VolPanel"="C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 11:34]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 08:58 C:\WINDOWS\system32\rundll32.exe]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"LifeCam"="C:\Programme\Microsoft LifeCam\LifeExp.exe" [2007-01-13 02:48]
"VX6000"="C:\WINDOWS\vVX6000.exe" [2006-12-19 20:29]
"GrooveMonitor"="C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 08:58 C:\WINDOWS\system32\bthprops.cpl]
"ToolBoxFX"="C:\Programme\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-06-15 07:43]
"FreePDF Assistant"="C:\Programme\FreePDF_XP\fpassist.exe" [2007-06-26 20:27]
"HP Software Update"="C:\Programme\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-10-01 12:15]
"Acrobat Assistant 8.0"="C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46]
"Adobe Acrobat Speed Launcher"="C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe" [2007-05-11 02:59]
"OneCareUI"="C:\Programme\Microsoft Windows OneCare Live\winssnotify.exe" [2007-10-31 13:18]
"bc50e688"="C:\WINDOWS\system32\fniwmbbx.dll" [2007-11-21 11:28]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:57]
"Picasa Media Detector"="C:\Programme\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-10-19 14:53 293888]
"{ED203331-9C33-49D8-8714-D24A366A04EC}"= C:\WINDOWS\system32\awttqrr.dll [2007-11-20 13:50 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awttqrr]
awttqrr.dll 2007-11-20 13:50 37376 C:\WINDOWS\system32\awttqrr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fbsahjof]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhfg.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

R1 MSFWHLPR;MSFWHLPR;C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys
R1 NEOFLTR_500_10581;Juniper Networks TDI Filter Driver (NEOFLTR_500_10581);\??\C:\WINDOWS\system32\Drivers\NEOFLTR_500_10581.SYS
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys
R2 MSCamSvc;MSCamSvc;"C:\Programme\Microsoft LifeCam\MSCamS32.exe"
R2 MSFWDrv;MSFWDrv;C:\WINDOWS\system32\DRIVERS\msfwdrv.sys
R2 msfwsvc;OneCare Firewall;"C:\Programme\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe"
R2 OneCareMP;OneCare AntiSpyware and AntiVirus;"C:\Programme\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe"
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys
R3 HPFXBULK;HPFXBULK;C:\WINDOWS\system32\drivers\hpfxbulk.sys
R3 MpFilter;Microsoft Malware Protection Driver;C:\WINDOWS\system32\DRIVERS\MpFilter.sys
R3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys
R3 VX6000;Microsoft LifeCam VX-6000;C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys
S3 BroadWaveService;BroadWave Service;"C:\Programme\NCH Swift Sound\BroadWave\broadwave.exe" -service
S3 RemoteControl-USBLAN;RemoteControl-USBLAN;C:\WINDOWS\system32\DRIVERS\rcblan.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-22 00:13:54
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2007-11-22 0:17:19 - machine was rebooted
.
--- E O F ---
 
1.crack .exe

File Crack.exe received on 11.11.2007 18:24:27 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 14/32 (43.75%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - TR/Agent.cmn.1
Authentium - - -
Avast - - -
AVG - - Generic9.AOT
BitDefender - - Trojan.Agent.AFSZ
CAT-QuickHeal - - Trojan.Agent.cmn
ClamAV - - -
DrWeb - - -
eSafe - - Win32.Agent.cmn
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - Trojan.Win32.Agent.cmn
Ikarus - - Backdoor.Win32.Rbot.esp
Kaspersky - - Trojan.Win32.Agent.cmn
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - Agent.DBHF
Panda - - Trj/Agent.GZY
Prevx1 - - Heuristic: Suspicious File With Covert Attributes
Rising - - -
Sophos - - Troj/Agent-GFL
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - Trojan.Win32.Agent.cmn
VirusBuster - - -
Webwasher-Gateway - - Trojan.Agent.cmn.1
Additional information
MD5: c187d672d47fc97fc75215e93d127258

2. svchost.exe

File svchost.exe received on 11.14.2007 16:28:37 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 17/32 (53.13%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - TR/Agent.cmn.1
Authentium - - -
Avast - - -
AVG - - Generic9.AOT
BitDefender - - Trojan.Agent.AFSZ
CAT-QuickHeal - - Trojan.Agent.cmn
ClamAV - - -
DrWeb - - -
eSafe - - Win32.Agent.cmn
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - Trojan.Win32.Agent.cmn
Ikarus - - Backdoor.Win32.Rbot.esp
Kaspersky - - Trojan.Win32.Agent.cmn
McAfee - - -
Microsoft - - -
NOD32v2 - - probably a variant of Win32/Agent
Norman - - Agent.DEQZ
Panda - - Adware/CommAd
Prevx1 - - Heuristic: Suspicious File With Bad Child Associations
Rising - - -
Sophos - - Troj/Agent-GFL
Sunbelt - - Trojan.Agent.AFSZ
Symantec - - -
TheHacker - - Trojan/Agent.cmn
VBA32 - - Trojan.Win32.Agent.cmn
VirusBuster - - -
Webwasher-Gateway - - Trojan.Agent.cmn.1
Additional information
MD5: 3058e412e26851f6a380efcb2d8dd613




lg kuleo
 
Sowas hab ich befuerchtet. Es ist eigentlich besser, den Rechner neu aufzusetzen und alle auf dem Rechner benutzten und gespeicherten Passworte zu wechseln.

Das Problem ist, das diese Malware Passworte und aehnliche Informationen verschickt und du auf deinem Rechner kein Antivirenprogramm nutzt. Sprich da koennte sich noch einiges mehr(ausser einem Vundo und dem Rbot) auf deinem Rechner befinden.

Eine Reinigung koennte man versuchen, aber Garantie, das wirklich alles an boesen Dateien geloescht und alle Aenderungen, die die Malware an Registrierung und anderen Dateien vorgenommen hat, rueckgaengig gemacht werden koennen ist nicht 100%ig sicher.
 
Dateien und Registrierungseintraege loeschen! :)
Das liese sich einfach machen, aber 100%ige Garantie, das wir alles erwischen gibt es leider nicht...

Nachtrag: Koenntest du den Ordner c:\qoobox packen( am liebsten mit Passwort) und an virus@protecus.de und an detections (@) spybot.info schicken?
 
ich habe versucht die dateien hoch zuladen ca 12 mb....bin mir aber nicht sicher obs funktioniert hat..

hier der beitrag bei hijackthis:
security toolbar 7.1 mit mehreren Trojanern :-(

lg kurt
 
Danke, das hat geklappt. Das die Datei so gross war, lag an den Registry Backup von Combofix. Ich hatte vergessen, das es diese neuerdings auch in qoobox ablegt....

Wie gesagt, besser und vor allem sicherer waere es den PC neu aufzusetzen....
Siehe dazu auch: http://board.protecus.de/t13020.htm
 
Nur, wenn du vista die Partition/Festplatte formatieren laesst..

Ich weiss nicht, welche Vistaversion du nutzen moechtest, aber OEM Versionen von Vista bieten eh kein Update an, da ist immer Neuinstallation angesagt....
 
so wie es aussieht habe ich alle bösen pferde erwischt bis auf den VIRTUMONDE...
und es popt imme ein kleines fenster auf mit der meldung:
malicious action blocked
c:\windows\system32\mlljk.dll

hier das logfile ...

lg kuleo

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:53, on 27.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\wudfhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Microsoft LifeCam\MSCamS32.exe
C:\Programme\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Spyware Doctor\svcntaux.exe
C:\Programme\Spyware Doctor\swdsvc.exe
C:\Programme\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programme\Zune\ZuneNss.exe
C:\Programme\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Programme\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Programme\Windows Media Player\WMPNetwk.exe
C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\vVX6000.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Creative\MediaSource\Detector\CTDetect.exe
C:\Programme\Tunebite\tunebite.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\Programme\Sprite Software\Sprite Backup\SpriteService.exe
C:\Programme\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Windows Desktop Search\WindowsSearch.exe
C:\Programme\Creative\ShareDLL\CADI\NotiMan.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\dpmdlayy.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jukon.kuleo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {4D13CC06-9796-424A-860D-1D4B8DE5638F} - (no file)
O2 - BHO: {886fed60-aeab-22e8-42a4-49bbc38c7c76} - {67c7c83c-bb94-4a24-8e22-baea06def688} - C:\WINDOWS\system32\xtfvtfht.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {92D6197F-C32B-4509-8732-B17DFA63045A} - C:\WINDOWS\system32\mlljk.dll
O2 - BHO: (no name) - {974E3E09-0EA5-42F5-8267-79016D389C21} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: (no name) - {AC104E4C-BD51-4B97-A5B7-4A24294D713B} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C2B5D4D5-6124-4C9C-BB4C-68AC98F49A84} - (no file)
O2 - BHO: (no name) - {ED203331-9C33-49D8-8714-D24A366A04EC} - C:\WINDOWS\system32\awttqrr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [Zune Launcher] "C:\Programme\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Programme\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programme\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Programme\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Programme\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Programme\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [bc50e688] rundll32.exe "C:\WINDOWS\system32\uwhsqllm.dll",b
O4 - HKLM\..\Run: [SDTray] "C:\Programme\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SpyHunter] C:\Programme\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [tunebite.exe] C:\Programme\Tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpriteService] "C:\Programme\Sprite Software\Sprite Backup\SpriteService.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Windows-Desktopsuche.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169226334224
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169226325756
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: awttqrr - C:\WINDOWS\SYSTEM32\awttqrr.dll
O20 - Winlogon Notify: fbsahjof - C:\WINDOWS\
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: BroadWave Service (BroadWaveService) - Unknown owner - C:\Programme\NCH Swift Sound\BroadWave\broadwave.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DomainService - - C:\WINDOWS\system32\dpmdlayy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\swdsvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 16831 bytes
 
Nein, da ist mehr als nur Vundo. Wi koennen ja soweit dein System saebern, das der Rechner erstmal keine "Gefahr" fuer andere Rechner im Internet ist.

Hake bitte folgendes in Hijackthis an und druecke fix checked:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
O2 - BHO: (no name) - {4D13CC06-9796-424A-860D-1D4B8DE5638F} - (no file)
O2 - BHO: {886fed60-aeab-22e8-42a4-49bbc38c7c76} - {67c7c83c-bb94-4a24-8e22-baea06def688} - C:\WINDOWS\system32\xtfvtfht.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C2B5D4D5-6124-4C9C-BB4C-68AC98F49A84} - (no file)
O2 - BHO: (no name) - {ED203331-9C33-49D8-8714-D24A366A04EC} - C:\WINDOWS\system32\awttqrr.dll
O4 - HKLM\..\Run: [bc50e688] rundll32.exe "C:\WINDOWS\system32\uwhsqllm.dll",b
O20 - Winlogon Notify: awttqrr - C:\WINDOWS\SYSTEM32\awttqrr.dll
O20 - Winlogon Notify: fbsahjof - C:\WINDOWS\
O23 - Service: DomainService - - C:\WINDOWS\system32\dpmdlayy.exe

Starte dann neu.
Pruefe diese Datei C:\WINDOWS\System32\wudfhost.exe bitte auch bei Virustotal. Schreib was gemeldet wird.

Danach nutze bitte Vundofix. Als Anleitung kannst du diesen Thread nehmen: http://forum.hijackthis.de/showthread.php?t=18415

Danach bitte ein neues Hijackthis log, den Vundofix Report und ein neuen Combofix Report. Dazu aber bitte eine neue Version von Combofix herunterladen.
 
hier der hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:25:06, on 28.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wudfhost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Microsoft LifeCam\MSCamS32.exe
C:\Programme\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Spyware Doctor\svcntaux.exe
C:\Programme\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programme\Zune\ZuneNss.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programme\Microsoft Windows OneCare Live\winss.exe
C:\Programme\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Zune\ZuneLauncher.exe
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe
C:\WINDOWS\CTHELPER.EXE
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDClock.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Programme\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe
C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\vVX6000.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Programme\Microsoft Windows OneCare Live\winssnotify.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Creative\MediaSource\Detector\CTDetect.exe
C:\Programme\Tunebite\tunebite.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\Programme\Sprite Software\Sprite Backup\SpriteService.exe
C:\Programme\Picasa2\PicasaMediaDetector.exe
C:\Programme\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Windows Desktop Search\WindowsSearch.exe
C:\Programme\Creative\ShareDLL\CADI\NotiMan.exe
C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programme\Windows Live Toolbar\msn_sl.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jukon.kuleo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: {6c42ea3a-6529-71c9-f154-82a48d0d46e0} - {0e64d0d8-4a28-451f-9c17-9256a3ae24c6} - C:\WINDOWS\system32\vgjkmsqt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: (no name) - {AC104E4C-BD51-4B97-A5B7-4A24294D713B} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C2B5D4D5-6124-4C9C-BB4C-68AC98F49A84} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [Zune Launcher] "C:\Programme\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Programme\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Programme\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Programme\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Programme\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Programme\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [bc50e688] rundll32.exe "C:\WINDOWS\system32\uwhsqllm.dll",b
O4 - HKLM\..\Run: [SDTray] "C:\Programme\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SpyHunter] C:\Programme\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [tunebite.exe] C:\Programme\Tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpriteService] "C:\Programme\Sprite Software\Sprite Backup\SpriteService.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Windows-Desktopsuche.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169226334224
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169226325756
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: tuvuvvt - C:\WINDOWS\SYSTEM32\tuvuvvt.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: BroadWave Service (BroadWaveService) - Unknown owner - C:\Programme\NCH Swift Sound\BroadWave\broadwave.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\swdsvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 16735 bytes







Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2007-11-28 17:20:51 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-22 00:17
.
--- E O F ---
 
You must log in or register to reply here.
Back
Top