mamabiti

Members
  • Content Count

    17
  • Joined

  • Last visited

Community Reputation

0 Neutral

About mamabiti

  • Rank
    Member
  1. I am waiting for your O.K. to go online with this system now. Best regards tuk-tuk
  2. Logfile of HijackThis v1.99.1 Scan saved at 13:28:49, on 03.02.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe d:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\nvraidservice.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Java\jre1.5.0_02\bin\jusched.exe D:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe D:\Programme\Spybot - Search & Destroy\TeaTimer.exe D:\Acrobat 5.0\Distillr\AcroTray.exe D:\Programme\Hardcopy\hardcopy.exe D:\FRITZ!\IWatch.exe C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Spontania4IM\spontania4IM.exe D:\WinZip\WZQKPICK.EXE C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.metager.de/ R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [{E0BC8662-0710-1031-0225-050412060031}] "C:\Programme\Gemeinsame Dateien\{E0BC8662-0710-1031-0225-050412060031}\Update.exe" te-110-12-0000273 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [d:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe] "1&1 EasyLogin" HIDE O4 - HKCU\..\Run: [spybotSD TeaTimer] d:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: FriFax32.exe.lnk = D:\FRITZ!\FriFax32.exe O4 - Startup: Trillian.lnk = D:\Programme\Trillian\trillian.exe O4 - Global Startup: Acrobat Assistant.lnk = D:\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Hardcopy.LNK = D:\Programme\Hardcopy\hardcopy.exe O4 - Global Startup: ISDNWatch.lnk = D:\FRITZ!\IWatch.exe O4 - Global Startup: Spontania Monitor.lnk = C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Spontania4IM\spontania4IM.exe O4 - Global Startup: WinZip Quick Pick.lnk = D:\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136215224218 O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D1391B7B-F497-4963-82F6-1E2FEEB28AA5}: NameServer = 192.168.120.252,192.168.120.253 O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - d:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - A V G A n t i - S p y w a r e - S c a n - B e r i c h t - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + E r s t e l l t u m : 1 3 : 2 4 : 1 1 0 3 . 0 2 . 2 0 0 7 + S c a n - E r g e b n i s : K e i n e B e d r o h u n g g e f u n d e n . : : B e r i c h t e n d e
  3. Logfile of HijackThis v1.99.1 Scan saved at 13:28:49, on 03.02.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe d:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\nvraidservice.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Java\jre1.5.0_02\bin\jusched.exe D:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe D:\Programme\Spybot - Search & Destroy\TeaTimer.exe D:\Acrobat 5.0\Distillr\AcroTray.exe D:\Programme\Hardcopy\hardcopy.exe D:\FRITZ!\IWatch.exe C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Spontania4IM\spontania4IM.exe D:\WinZip\WZQKPICK.EXE C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.metager.de/ R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [{E0BC8662-0710-1031-0225-050412060031}] "C:\Programme\Gemeinsame Dateien\{E0BC8662-0710-1031-0225-050412060031}\Update.exe" te-110-12-0000273 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [d:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe] "1&1 EasyLogin" HIDE O4 - HKCU\..\Run: [spybotSD TeaTimer] d:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: FriFax32.exe.lnk = D:\FRITZ!\FriFax32.exe O4 - Startup: Trillian.lnk = D:\Programme\Trillian\trillian.exe O4 - Global Startup: Acrobat Assistant.lnk = D:\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Hardcopy.LNK = D:\Programme\Hardcopy\hardcopy.exe O4 - Global Startup: ISDNWatch.lnk = D:\FRITZ!\IWatch.exe O4 - Global Startup: Spontania Monitor.lnk = C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Spontania4IM\spontania4IM.exe O4 - Global Startup: WinZip Quick Pick.lnk = D:\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136215224218 O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D1391B7B-F497-4963-82F6-1E2FEEB28AA5}: NameServer = 192.168.120.252,192.168.120.253 O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - d:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
  4. Ad-Aware SE Build 1.06r1 Logfile Created on:Samstag, 3. Februar 2007 13:33:42 Using definitions file:SE1R147 25.01.2007 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):10 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Search for low-risk threats Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Ignore spanned files when scanning cab archives Set : Scan registry for all users instead of current user only Set : Automatically check all objects in results lists Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Block pop-ups aggressively Set : Automatically select problematic objects in results lists Set : Include info about ignored objects in log file, if detected in scan Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include used command line parameters in log file Set : Include reference summary in log file Set : Include module list in log file Set : Include alternate data stream details in log file Set : Show splash screen Set : Backup current definitions file before updating Set : Create and save WebUpdate log file Set : Play sound at scan completion if scan locates critical objects 03.02.2007 13:33:42 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Dokumente und Einstellungen\Birgit.N-CHBQJIO7IMVKM\recent Description : list of recently opened documents MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : S-1-5-21-1547161642-573735546-839522115-1003\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1547161642-573735546-839522115-1003\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1547161642-573735546-839522115-1003\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-1547161642-573735546-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-1547161642-573735546-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-1547161642-573735546-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-1547161642-573735546-839522115-1003\software\nico mak computing\winzip\filemenu Description : winzip recently used archives Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 416 ThreadCreationTime : 03.02.2007 11:35:40 BasePriority : Normal Scanning Module:\SystemRoot\System32\smss.exe... Scanning Module:C:\WINDOWS\system32\ntdll.dll... #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 472 ThreadCreationTime : 03.02.2007 11:35:42 BasePriority : Normal Scanning Module:\??\C:\WINDOWS\system32\csrss.exe... Scanning Module:C:\WINDOWS\system32\CSRSRV.dll... Scanning Module:C:\WINDOWS\system32\basesrv.dll... Scanning Module:C:\WINDOWS\system32\winsrv.dll... Scanning Module:C:\WINDOWS\system32\USER32.dll... Scanning Module:C:\WINDOWS\system32\KERNEL32.dll... Scanning Module:C:\WINDOWS\system32\GDI32.dll... Scanning Module:C:\WINDOWS\system32\LPK.DLL... Scanning Module:C:\WINDOWS\system32\USP10.dll... Scanning Module:C:\WINDOWS\system32\msvcrt.dll... Scanning Module:C:\WINDOWS\system32\ADVAPI32.dll... Scanning Module:C:\WINDOWS\system32\RPCRT4.dll... Scanning Module:C:\WINDOWS\system32\sxs.dll... Scanning Module:C:\WINDOWS\system32\Apphelp.dll... Scanning Module:C:\WINDOWS\system32\VERSION.dll... #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 504 ThreadCreationTime : 03.02.2007 11:35:43 BasePriority : High Scanning Module:\??\C:\WINDOWS\system32\winlogon.exe... Scanning Module:C:\WINDOWS\system32\AUTHZ.dll... Scanning Module:C:\WINDOWS\system32\CRYPT32.dll... Scanning Module:C:\WINDOWS\system32\MSASN1.dll... Scanning Module:C:\WINDOWS\system32\NDdeApi.dll... Scanning Module:C:\WINDOWS\system32\PROFMAP.dll... Scanning Module:C:\WINDOWS\system32\NETAPI32.dll... Scanning Module:C:\WINDOWS\system32\USERENV.dll... Scanning Module:C:\WINDOWS\system32\PSAPI.DLL... Scanning Module:C:\WINDOWS\system32\REGAPI.dll... Scanning Module:C:\WINDOWS\system32\Secur32.dll... Scanning Module:C:\WINDOWS\system32\SETUPAPI.dll... Scanning Module:C:\WINDOWS\system32\WINSTA.dll... Scanning Module:C:\WINDOWS\system32\WINTRUST.dll... Scanning Module:C:\WINDOWS\system32\IMAGEHLP.dll... Scanning Module:C:\WINDOWS\system32\WS2_32.dll... Scanning Module:C:\WINDOWS\system32\WS2HELP.dll... Scanning Module:C:\WINDOWS\system32\IMM32.DLL... Scanning Module:C:\WINDOWS\system32\MSGINA.dll... Scanning Module:C:\WINDOWS\system32\SHELL32.dll... Scanning Module:C:\WINDOWS\system32\SHLWAPI.dll... Scanning Module:C:\WINDOWS\system32\COMCTL32.dll... Scanning Module:C:\WINDOWS\system32\ODBC32.dll... Scanning Module:C:\WINDOWS\system32\comdlg32.dll... Scanning Module:C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll... Scanning Module:C:\WINDOWS\system32\odbcint.dll... Scanning Module:C:\WINDOWS\system32\SHSVCS.dll... Scanning Module:C:\WINDOWS\system32\sfc.dll... Scanning Module:C:\WINDOWS\system32\sfc_os.dll... Scanning Module:C:\WINDOWS\system32\ole32.dll... Scanning Module:C:\WINDOWS\system32\msctfime.ime... Scanning Module:C:\WINDOWS\system32\WINSCARD.DLL... Scanning Module:C:\WINDOWS\system32\WTSAPI32.dll... Scanning Module:C:\WINDOWS\system32\uxtheme.dll... Scanning Module:C:\WINDOWS\system32\WINMM.dll... Scanning Module:C:\WINDOWS\system32\Ati2evxx.dll... Scanning Module:C:\WINDOWS\system32\rsaenh.dll... Scanning Module:C:\WINDOWS\system32\cscdll.dll... Scanning Module:C:\WINDOWS\system32\WlNotify.dll... Scanning Module:C:\WINDOWS\system32\WINSPOOL.DRV... Scanning Module:C:\WINDOWS\system32\MPR.dll... Scanning Module:C:\WINDOWS\system32\wldap32.dll... Scanning Module:C:\WINDOWS\system32\SAMLIB.dll... Scanning Module:C:\WINDOWS\system32\cscui.dll... Scanning Module:C:\WINDOWS\system32\msv1_0.dll... Scanning Module:C:\WINDOWS\system32\iphlpapi.dll... Scanning Module:C:\WINDOWS\system32\MPRAPI.dll... Scanning Module:C:\WINDOWS\system32\ACTIVEDS.dll... Scanning Module:C:\WINDOWS\system32\adsldpc.dll... Scanning Module:C:\WINDOWS\system32\ATL.DLL... Scanning Module:C:\WINDOWS\system32\OLEAUT32.dll... Scanning Module:C:\WINDOWS\system32\rtutils.dll... Scanning Module:C:\WINDOWS\system32\xpsp2res.dll... Scanning Module:C:\WINDOWS\system32\wdmaud.drv... Scanning Module:C:\WINDOWS\system32\msacm32.drv... Scanning Module:C:\WINDOWS\system32\MSACM32.dll... Scanning Module:C:\WINDOWS\system32\midimap.dll... Scanning Module:C:\WINDOWS\system32\COMRes.dll... Scanning Module:C:\WINDOWS\system32\CLBCATQ.DLL... Scanning Module:C:\WINDOWS\system32\NTMARTA.DLL... #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 548 ThreadCreationTime : 03.02.2007 11:35:44 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe Scanning Module:C:\WINDOWS\system32\services.exe... Scanning Module:C:\WINDOWS\system32\SCESRV.dll... Scanning Module:C:\WINDOWS\system32\umpnpmgr.dll... Scanning Module:C:\WINDOWS\system32\NCObjAPI.DLL... Scanning Module:C:\WINDOWS\system32\MSVCP60.dll... Scanning Module:C:\WINDOWS\system32\ShimEng.dll... Scanning Module:C:\WINDOWS\AppPatch\AcGenral.DLL... Scanning Module:C:\WINDOWS\system32\eventlog.dll... #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 560 ThreadCreationTime : 03.02.2007 11:35:44 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe Scanning Module:C:\WINDOWS\system32\lsass.exe... Scanning Module:C:\WINDOWS\system32\LSASRV.dll... Scanning Module:C:\WINDOWS\system32\SAMSRV.dll... Scanning Module:C:\WINDOWS\system32\cryptdll.dll... Scanning Module:C:\WINDOWS\system32\DNSAPI.dll... Scanning Module:C:\WINDOWS\system32\NTDSAPI.dll... Scanning Module:C:\WINDOWS\system32\msprivs.dll... Scanning Module:C:\WINDOWS\system32\kerberos.dll... Scanning Module:C:\WINDOWS\system32\netlogon.dll... Scanning Module:C:\WINDOWS\system32\w32time.dll... Scanning Module:C:\WINDOWS\system32\schannel.dll... Scanning Module:C:\WINDOWS\system32\wdigest.dll... Scanning Module:C:\WINDOWS\system32\scecli.dll... Scanning Module:C:\WINDOWS\system32\ipsecsvc.dll... Scanning Module:C:\WINDOWS\system32\oakley.DLL... Scanning Module:C:\WINDOWS\system32\WINIPSEC.DLL... Scanning Module:C:\WINDOWS\system32\pstorsvc.dll... Scanning Module:C:\WINDOWS\system32\psbase.dll... Scanning Module:C:\Programme\Steganos Internet Anonym 5\sselsp.dll... Scanning Module:C:\WINDOWS\system32\mswsock.dll... Scanning Module:C:\WINDOWS\system32\hnetcfg.dll... Scanning Module:C:\WINDOWS\System32\wshtcpip.dll... Scanning Module:C:\WINDOWS\system32\dssenh.dll... #:6 [ati2evxx.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 708 ThreadCreationTime : 03.02.2007 11:35:44 BasePriority : Normal Scanning Module:C:\WINDOWS\system32\Ati2evxx.exe... #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 728 ThreadCreationTime : 03.02.2007 11:35:44 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe Scanning Module:C:\WINDOWS\system32\svchost.exe... Scanning Module:c:\windows\system32\rpcss.dll... Scanning Module:c:\windows\system32\termsrv.dll... Scanning Module:c:\windows\system32\ICAAPI.dll... Scanning Module:c:\windows\system32\mstlsapi.dll... #:8 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 812 ThreadCreationTime : 03.02.2007 11:35:45 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe Scanning Module:C:\WINDOWS\System32\winrnr.dll... Scanning Module:C:\WINDOWS\system32\rasadhlp.dll... #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 860 ThreadCreationTime : 03.02.2007 11:35:45 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe Scanning Module:c:\windows\system32\dhcpcsvc.dll... Scanning Module:c:\windows\system32\wzcsvc.dll... Scanning Module:c:\windows\system32\WMI.dll... Scanning Module:c:\windows\system32\ESENT.dll... Scanning Module:c:\windows\system32\schedsvc.dll... Scanning Module:C:\WINDOWS\System32\MSIDLE.DLL... Scanning Module:C:\WINDOWS\System32\rastls.dll... Scanning Module:C:\WINDOWS\system32\CRYPTUI.dll... Scanning Module:C:\WINDOWS\system32\WININET.dll... Scanning Module:C:\WINDOWS\System32\RASAPI32.dll... Scanning Module:C:\WINDOWS\System32\rasman.dll... Scanning Module:C:\WINDOWS\System32\TAPI32.dll... Scanning Module:C:\WINDOWS\System32\raschap.dll... Scanning Module:c:\windows\system32\audiosrv.dll... Scanning Module:c:\windows\system32\wkssvc.dll... Scanning Module:c:\windows\system32\cryptsvc.dll... Scanning Module:c:\windows\system32\certcli.dll... Scanning Module:c:\windows\system32\dmserver.dll... Scanning Module:c:\windows\system32\ersvc.dll... Scanning Module:c:\windows\system32\es.dll... Scanning Module:c:\windows\pchealth\helpctr\binaries\pchsvc.dll... Scanning Module:c:\windows\system32\hidserv.dll... Scanning Module:c:\windows\system32\HID.DLL... Scanning Module:c:\windows\system32\srvsvc.dll... Scanning Module:c:\windows\system32\netman.dll... Scanning Module:c:\windows\system32\netshell.dll... Scanning Module:c:\windows\system32\credui.dll... Scanning Module:c:\windows\system32\WZCSAPI.DLL... Scanning Module:c:\windows\system32\seclogon.dll... Scanning Module:c:\windows\system32\sens.dll... Scanning Module:c:\windows\system32\srsvc.dll... Scanning Module:c:\windows\system32\POWRPROF.dll... Scanning Module:c:\windows\system32\trkwks.dll... Scanning Module:c:\windows\system32\wbem\wmisvc.dll... Scanning Module:C:\WINDOWS\system32\VSSAPI.DLL... Scanning Module:c:\windows\system32\wuauserv.dll... Scanning Module:C:\WINDOWS\system32\wuaueng.dll... Scanning Module:C:\WINDOWS\System32\ADVPACK.dll... Scanning Module:C:\WINDOWS\System32\SHFOLDER.dll... Scanning Module:C:\WINDOWS\System32\WINHTTP.dll... Scanning Module:C:\WINDOWS\System32\Cabinet.dll... Scanning Module:C:\WINDOWS\System32\mspatcha.dll... Scanning Module:c:\windows\system32\ipnathlp.dll... Scanning Module:c:\windows\system32\wscsvc.dll... Scanning Module:c:\windows\system32\msi.dll... Scanning Module:C:\WINDOWS\System32\wbem\wbemcomn.dll... Scanning Module:C:\WINDOWS\System32\Wbem\wbemcore.dll... Scanning Module:C:\WINDOWS\System32\Wbem\esscli.dll... Scanning Module:C:\WINDOWS\System32\Wbem\FastProx.dll... Scanning Module:C:\WINDOWS\System32\wbem\wbemsvc.dll... Scanning Module:C:\WINDOWS\System32\wbem\wmiutils.dll... Scanning Module:C:\WINDOWS\System32\wbem\repdrvfs.dll... Scanning Module:C:\WINDOWS\system32\comsvcs.dll... Scanning Module:C:\WINDOWS\system32\MTXCLU.DLL... Scanning Module:C:\WINDOWS\system32\WSOCK32.dll... Scanning Module:C:\WINDOWS\system32\colbact.DLL... Scanning Module:C:\WINDOWS\System32\CLUSAPI.DLL... Scanning Module:C:\WINDOWS\System32\RESUTILS.DLL... Scanning Module:C:\WINDOWS\System32\wbem\wmiprvsd.dll... Scanning Module:C:\WINDOWS\System32\wbem\wbemess.dll... Scanning Module:c:\windows\system32\browser.dll... Scanning Module:C:\WINDOWS\System32\wbem\ncprov.dll... Scanning Module:C:\WINDOWS\System32\netcfgx.dll... Scanning Module:C:\WINDOWS\System32\upnp.dll... Scanning Module:C:\WINDOWS\System32\SSDPAPI.dll... Scanning Module:C:\WINDOWS\System32\rasmans.dll... Scanning Module:c:\windows\system32\tapisrv.dll... Scanning Module:C:\WINDOWS\System32\rastapi.dll... Scanning Module:C:\WINDOWS\System32\unimdm.tsp... Scanning Module:C:\WINDOWS\System32\uniplat.dll... Scanning Module:C:\WINDOWS\System32\kmddsp.tsp... Scanning Module:C:\WINDOWS\System32\ndptsp.tsp... Scanning Module:C:\WINDOWS\System32\ipconf.tsp... Scanning Module:C:\WINDOWS\System32\h323.tsp... Scanning Module:C:\WINDOWS\System32\hidphone.tsp... Scanning Module:C:\WINDOWS\System32\rasppp.dll... Scanning Module:C:\WINDOWS\System32\ntlsapi.dll... Scanning Module:C:\WINDOWS\System32\RASDLG.dll... #:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 924 ThreadCreationTime : 03.02.2007 11:35:45 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe Scanning Module:c:\windows\system32\dnsrslvr.dll... #:11 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 952 ThreadCreationTime : 03.02.2007 11:35:45 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe Scanning Module:c:\windows\system32\lmhsvc.dll... Scanning Module:c:\windows\system32\webclnt.dll... Scanning Module:C:\WINDOWS\system32\urlmon.dll... Scanning Module:c:\windows\system32\regsvc.dll... Scanning Module:c:\windows\system32\ssdpsrv.dll... #:12 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1040 ThreadCreationTime : 03.02.2007 11:35:45 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe Scanning Module:C:\WINDOWS\system32\spoolsv.exe... Scanning Module:C:\WINDOWS\system32\SPOOLSS.DLL... Scanning Module:C:\WINDOWS\system32\localspl.dll... Scanning Module:C:\WINDOWS\system32\cnbjmon.dll... Scanning Module:C:\WINDOWS\system32\FritzColorPort.dll... Scanning Module:C:\WINDOWS\system32\MFC70U.DLL... Scanning Module:C:\WINDOWS\system32\MSVCR70.dll... Scanning Module:C:\WINDOWS\system32\OLEACC.dll... Scanning Module:C:\WINDOWS\system32\FritzPort.dll... Scanning Module:C:\WINDOWS\system32\mdimon.dll... Scanning Module:C:\WINDOWS\system32\pdfports.dll... Scanning Module:d:\Acrobat 5.0\Distillr\adistres.dll... Scanning Module:C:\WINDOWS\system32\pjlmon.dll... Scanning Module:C:\WINDOWS\system32\tcpmon.dll... Scanning Module:C:\WINDOWS\system32\usbmon.dll... Scanning Module:C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll... Scanning Module:C:\WINDOWS\system32\win32spl.dll... Scanning Module:C:\WINDOWS\system32\NETRAP.dll... Scanning Module:C:\WINDOWS\system32\inetpp.dll... #:13 [guard.exe] FilePath : d:\Programme\Grisoft\AVG Anti-Spyware 7.5\ ProcessID : 1136 ThreadCreationTime : 03.02.2007 11:35:46 BasePriority : Normal FileVersion : 7, 5, 0, 47 ProductVersion : 7, 5, 0, 47 ProductName : AVG Anti-Spyware CompanyName : Anti-Malware Development a.s. FileDescription : AVG Anti-Spyware guard InternalName : AVG Anti-Spyware guard LegalCopyright : Copyright © 2006 Anti-Malware Development a.s. OriginalFilename : guard.exe Scanning Module:d:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe... Scanning Module:d:\Programme\Grisoft\AVG Anti-Spyware 7.5\engine.dll... #:14 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1340 ThreadCreationTime : 03.02.2007 11:35:50 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe Scanning Module:c:\windows\system32\wiaservc.dll... Scanning Module:c:\windows\system32\CFGMGR32.dll... Scanning Module:c:\windows\system32\mscms.dll... Scanning Module:C:\WINDOWS\System32\actxprxy.dll... Scanning Module:C:\WINDOWS\System32\sti.dll... #:15 [wdfmgr.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1424 ThreadCreationTime : 03.02.2007 11:35:51 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe Scanning Module:C:\WINDOWS\system32\wdfmgr.exe... #:16 [ati2evxx.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1864 ThreadCreationTime : 03.02.2007 11:35:57 BasePriority : Normal Scanning Module:C:\WINDOWS\system32\MSCTF.dll... Scanning Module:D:\Programme\Hardcopy\HcDLL2_J_Win32.dll... #:17 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1936 ThreadCreationTime : 03.02.2007 11:35:57 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE Scanning Module:C:\WINDOWS\Explorer.EXE... Scanning Module:C:\WINDOWS\system32\BROWSEUI.dll... Scanning Module:C:\WINDOWS\system32\SHDOCVW.dll... Scanning Module:C:\WINDOWS\System32\themeui.dll... Scanning Module:C:\WINDOWS\System32\MSIMG32.dll... Scanning Module:C:\WINDOWS\System32\msutb.dll... Scanning Module:C:\PROGRA~1\WINDOW~2\wmpband.dll... Scanning Module:C:\WINDOWS\system32\browselc.dll... Scanning Module:C:\WINDOWS\system32\LINKINFO.dll... Scanning Module:C:\WINDOWS\system32\ntshrui.dll... Scanning Module:D:\PROGRA~1\SPYBOT~1\SDHelper.dll... Scanning Module:C:\WINDOWS\system32\olepro32.dll... Scanning Module:C:\WINDOWS\system32\DUSER.dll... Scanning Module:D:\Programme\Microsoft Office\OFFICE11\msohev.dll... Scanning Module:C:\WINDOWS\System32\webcheck.dll... Scanning Module:C:\WINDOWS\System32\stobject.dll... Scanning Module:C:\WINDOWS\System32\BatMeter.dll... Scanning Module:C:\WINDOWS\system32\upnpui.dll... Scanning Module:C:\WINDOWS\System32\drprov.dll... Scanning Module:C:\WINDOWS\System32\ntlanman.dll... Scanning Module:C:\WINDOWS\System32\NETUI0.dll... Scanning Module:C:\WINDOWS\System32\NETUI1.dll... Scanning Module:C:\WINDOWS\System32\davclnt.dll... Scanning Module:C:\WINDOWS\system32\syncui.dll... Scanning Module:D:\WINZIP\WZSHLSTB.DLL... Scanning Module:C:\Programme\WinRAR\rarext.dll... Scanning Module:c:\programme\steganos internet anonym 5\shredderse.dll... Scanning Module:C:\Programme\ICQLite\ICQLiteShell.dll... Scanning Module:C:\WINDOWS\system32\MFC42.DLL... Scanning Module:C:\WINDOWS\system32\MFC42LOC.DLL... Scanning Module:d:\Programme\Grisoft\AVG Anti-Spyware 7.5\context.dll... Scanning Module:d:\PROGRA~1\ROMAIN~1\ATTRIB~1\acshell.dll... Scanning Module:d:\PROGRA~1\ROMAIN~1\ATTRIB~1\AcLang.dll... Scanning Module:d:\Programme\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll... Scanning Module:C:\WINDOWS\system32\shdoclc.dll... Scanning Module:C:\WINDOWS\System32\shimgvw.dll... Scanning Module:C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll... Scanning Module:c:\windows\srchasst\srchui.dll... Scanning Module:c:\windows\srchasst\srchctls.dll... Scanning Module:C:\WINDOWS\msagent\agentdp2.dll... Scanning Module:C:\WINDOWS\System32\msxml3.dll... Scanning Module:C:\WINDOWS\System32\jscript.dll... Scanning Module:C:\WINDOWS\system32\MLANG.dll... Scanning Module:D:\Programme\Hardcopy\hardcopy.dll... Scanning Module:C:\WINDOWS\system32\msadp32.acm... Scanning Module:C:\WINDOWS\system32\xpsp1res.dll... Scanning Module:C:\WINDOWS\system32\RichEd32.dll... Scanning Module:C:\WINDOWS\system32\RICHED20.dll... Scanning Module:C:\WINDOWS\System32\mydocs.dll... #:18 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 144 ThreadCreationTime : 03.02.2007 11:35:58 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe Scanning Module:C:\WINDOWS\System32\alg.exe... #:19 [wscntfy.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 280 ThreadCreationTime : 03.02.2007 11:35:59 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Security Center Notification App InternalName : wscntfy.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : wscntfy.exe Scanning Module:C:\WINDOWS\system32\wscntfy.exe... #:20 [soundman.exe] FilePath : C:\WINDOWS\ ProcessID : 388 ThreadCreationTime : 03.02.2007 11:36:03 BasePriority : Normal FileVersion : 5.1.0.29 ProductVersion : 5.1.0.29 ProductName : Realtek Sound Manager CompanyName : Realtek Semiconductor Corp. FileDescription : Realtek Sound Manager InternalName : ALSMTray LegalCopyright : Copyright © 2001-2004 Realtek Semiconductor Corp. OriginalFilename : ALSMTray.exe Comments : Realtek AC97 Audio Sound Manager Scanning Module:C:\WINDOWS\SOUNDMAN.EXE... #:21 [nvraidservice.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 396 ThreadCreationTime : 03.02.2007 11:36:03 BasePriority : Normal FileVersion : 1.0.1 ProductVersion : 1.0.1 ProductName : NVIDIA® NVRAID CompanyName : NVIDIA Corporation FileDescription : Raid Service U.S. English Resources InternalName : NvRaidServiceENU.dll LegalCopyright : Copyright© NVIDIA Corporation 2000-2003. LegalTrademarks : NVIDIA® is a registered trademark of NVIDIA Corporation. OriginalFilename : NvRaidServiceENU.dll Scanning Module:C:\WINDOWS\System32\nvraidservice.exe... Scanning Module:C:\WINDOWS\System32\wbem\wbemprox.dll... Scanning Module:C:\WINDOWS\System32\NvRaidSvENU.dll... #:22 [atiptaxx.exe] FilePath : C:\Programme\ATI Technologies\ATI Control Panel\ ProcessID : 440 ThreadCreationTime : 03.02.2007 11:36:03 BasePriority : Normal FileVersion : 6.14.10.5046 ProductVersion : 6.14.10.5046 ProductName : ATI Desktop Component CompanyName : ATI Technologies, Inc. FileDescription : ATI Desktop Control Panel InternalName : Atiptaxx.exe LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc. OriginalFilename : Atiptaxx.exe Scanning Module:C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe... Scanning Module:C:\Programme\ATI Technologies\ATI Control Panel\atipdsxx.dll... Scanning Module:C:\PROGRAMME\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.DEU... Scanning Module:C:\Programme\ATI Technologies\ATI Control Panel\atipdxxx.dll... Scanning Module:C:\WINDOWS\system32\DINPUT8.dll... #:23 [wmiprvse.exe] FilePath : C:\WINDOWS\System32\wbem\ ProcessID : 460 ThreadCreationTime : 03.02.2007 11:36:03 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : WMI InternalName : Wmiprvse.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : Wmiprvse.exe Scanning Module:C:\WINDOWS\System32\wbem\wmiprvse.exe... Scanning Module:C:\WINDOWS\System32\wbem\wmiprov.dll... #:24 [jusched.exe] FilePath : C:\Programme\Java\jre1.5.0_02\bin\ ProcessID : 476 ThreadCreationTime : 03.02.2007 11:36:04 BasePriority : Normal Scanning Module:C:\Programme\Java\jre1.5.0_02\bin\jusched.exe... #:25 [avgas.exe] FilePath : D:\Programme\Grisoft\AVG Anti-Spyware 7.5\ ProcessID : 348 ThreadCreationTime : 03.02.2007 11:36:04 BasePriority : Normal FileVersion : 7, 5, 0, 50 ProductVersion : 7, 5, 0, 50 ProductName : AVG Anti-Spyware CompanyName : Anti-Malware Development a.s. FileDescription : AVG Anti-Spyware InternalName : AVG Anti-Spyware LegalCopyright : Copyright © 2006 Anti-Malware Development a.s. OriginalFilename : avgas.exe Scanning Module:D:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe... Scanning Module:C:\WINDOWS\System32\shgina.dll... Scanning Module:C:\WINDOWS\system32\wiashext.dll... #:26 [unsecapp.exe] FilePath : C:\WINDOWS\System32\wbem\ ProcessID : 1740 ThreadCreationTime : 03.02.2007 11:36:05 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : WMI InternalName : unsecapp.dll LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : unsecapp.dll Scanning Module:C:\WINDOWS\System32\wbem\unsecapp.exe... #:27 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1840 ThreadCreationTime : 03.02.2007 11:36:06 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE Scanning Module:C:\WINDOWS\system32\ctfmon.exe... #:28 [msmsgs.exe] FilePath : C:\Programme\Messenger\ ProcessID : 1764 ThreadCreationTime : 03.02.2007 11:36:06 BasePriority : Normal FileVersion : 4.7.3001 ProductVersion : Version 4.7.3001 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Windows Messenger InternalName : msmsgs LegalCopyright : Copyright © Microsoft Corporation 2004 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe Scanning Module:C:\Programme\Messenger\msmsgs.exe... Scanning Module:C:\WINDOWS\system32\XPOB2RES.DLL... #:29 [teatimer.exe] FilePath : D:\Programme\Spybot - Search & Destroy\ ProcessID : 1724 ThreadCreationTime : 03.02.2007 11:36:09 BasePriority : Idle FileVersion : 1, 4, 0, 2 ProductVersion : 1, 4, 0, 3 ProductName : Spybot - Search & Destroy CompanyName : Safer Networking Limited FileDescription : System settings protector InternalName : TeaTimer LegalCopyright : © 2000-2005 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten. LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen. OriginalFilename : TeaTimer.exe Comments : Schützt Systemeinstellungen vor ungewollten Änderungen. Scanning Module:D:\Programme\Spybot - Search & Destroy\TeaTimer.exe... Scanning Module:C:\WINDOWS\system32\hhctrl.ocx... Scanning Module:C:\WINDOWS\system32\mui\0007\hhctrlui.dll... Scanning Module:D:\Programme\Spybot - Search & Destroy\advcheck.dll... #:30 [acrotray.exe] FilePath : D:\Acrobat 5.0\Distillr\ ProcessID : 1956 ThreadCreationTime : 03.02.2007 11:36:09 BasePriority : Normal FileVersion : 5, 0, 0, 0 ProductVersion : 5, 0, 0, 0 ProductName : AcroTray - Adobe Acrobat Distiller helper application. CompanyName : Adobe Systems Inc. FileDescription : AcroTray InternalName : AcroTray LegalCopyright : Copyright © 2001 OriginalFilename : AcroTray.exe Scanning Module:D:\Acrobat 5.0\Distillr\AcroTray.exe... #:31 [hardcopy.exe] FilePath : D:\Programme\Hardcopy\ ProcessID : 1128 ThreadCreationTime : 03.02.2007 11:36:10 BasePriority : Normal FileVersion : 16.1.09 ProductVersion : 16.1.09 ProductName : Hardcopy für Windows CompanyName : sw4you, Siegfried Weckmann FileDescription : Hardcopy - Drucken Fenster/Bildschirminhalt InternalName : HARDCOPY LegalCopyright : Copyright © Siegfried Weckmann 1995-2003 OriginalFilename : HARDCOPY.EXE Scanning Module:D:\Programme\Hardcopy\hardcopy.exe... Scanning Module:D:\Programme\Hardcopy\HcDllS.dll... Scanning Module:D:\Programme\Hardcopy\ltkrn14n.dll... Scanning Module:D:\Programme\Hardcopy\ltfil14n.dll... Scanning Module:D:\Programme\Hardcopy\ltdis14n.dll... #:32 [iwatch.exe] FilePath : D:\FRITZ!\ ProcessID : 1148 ThreadCreationTime : 03.02.2007 11:36:11 BasePriority : Normal FileVersion : 2.01.21 ProductVersion : 2.01.21 ProductName : ISDNWatch CompanyName : AVM Berlin FileDescription : ISDNWatch Monitor InternalName : ISDNWatch LegalCopyright : Copyright © AVM Berlin OriginalFilename : IWatch.exe Scanning Module:D:\FRITZ!\IWatch.exe... Scanning Module:C:\WINDOWS\system32\MFC71.DLL... Scanning Module:C:\WINDOWS\system32\MSVCR71.dll... Scanning Module:D:\FRITZ!\C66dll.dll... Scanning Module:C:\WINDOWS\system32\MFC71DEU.DLL... Scanning Module:D:\FRITZ!\I2errdeu.dll... #:33 [spontania4im.exe] FilePath : C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Spontania4IM\ ProcessID : 2012 ThreadCreationTime : 03.02.2007 11:36:11 BasePriority : Normal Scanning Module:C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Spontania4IM\spontania4IM.exe... #:34 [wzqkpick.exe] FilePath : D:\WinZip\ ProcessID : 2052 ThreadCreationTime : 03.02.2007 11:36:11 BasePriority : Normal FileVersion : 1.0 (32-bit) ProductVersion : 9.0 (6224g) ProductName : WinZip CompanyName : WinZip Computing, Inc. FileDescription : WinZip Executable InternalName : WZQKPICK.EXE LegalCopyright : Copyright © WinZip Computing, Inc. 1991-2004 - All Rights Reserved LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc OriginalFilename : WZQKPICK.EXE Comments : StringFileInfo: German Scanning Module:D:\WinZip\WZQKPICK.EXE... #:35 [ad-aware.exe] FilePath : D:\Programme\Lavasoft\Ad-Aware SE Plus\ ProcessID : 2788 ThreadCreationTime : 03.02.2007 12:33:12 BasePriority : Normal FileVersion : 6.2.0.237 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Scanning Module:D:\Programme\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe... Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 10 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 10 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 10 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 10 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 10 Deep scanning and examining files (D:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for D:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 10 Deep scanning and examining files (E:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for E:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 10 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 10 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 10 13:42:46 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:09:03.485 Objects scanned:275181 Objects identified:0 Objects ignored:0 New critical objects:0
  5. Hi David, first excuse my very very late response, please. I am down with influenza. :/ I have scanned my system with Ad-Aware, AVG Antispy and HijackThis. The logfiles I will copy into in the next posts. I have to say, that I have not been online with the infected Windows system since kasperskyonlinescan. I am now online with Knoppix (Linux live DVD). tuk-tuk
  6. Hi David, here is the ADS logfile: C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Eigene Bilder\Thumbs.db : encryptable (0 bytes) C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Lager\Smilies\Thumbs.db : encryptable (0 bytes) C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Lager\Thumbs.db : encryptable (0 bytes) C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Bilder\Beispielbilder\Thumbs.db : encryptable (0 bytes) C:\Dokumente und Einstellungen\All Users.WINDOWS\Dokumente\Eigene Bilder\Beispielbilder\Thumbs.db : encryptable (0 bytes) C:\Dokumente und Einstellungen\Birgit\Eigene Dateien\Eigene Bilder\Thumbs.db : encryptable (0 bytes) C:\Dokumente und Einstellungen\Birgit\Eigene Dateien\Eigene Musik\Thumbs.db : encryptable (0 bytes) C:\Dokumente und Einstellungen\Birgit.N-CHBQJIO7IMVKM : zylomtest (0 bytes) C:\Dokumente und Einstellungen\Birgit.N-CHBQJIO7IMVKM : zylomtr{0000278T-TT9K-T8DU-1KFV-23O5NTEJMVRR} (15 bytes) C:\Dokumente und Einstellungen\Birgit.N-CHBQJIO7IMVKM : zylomtr{0000278T-TT9K-T8DU-1KFV-23O5NTEJMVS2} (15 bytes) C:\Dokumente und Einstellungen\Birgit.N-CHBQJIO7IMVKM : zylomtest (0 bytes) C:\Dokumente und Einstellungen\Birgit.N-CHBQJIO7IMVKM : zylomtr{0000278T-TT9K-T8DU-1KFV-23O5NTEJMVRR} (15 bytes) C:\Dokumente und Einstellungen\Birgit.N-CHBQJIO7IMVKM : zylomtr{0000278T-TT9K-T8DU-1KFV-23O5NTEJMVS2} (15 bytes) C:\Dokumente und Einstellungen\Birgit.N-CHBQJIO7IMVKM\Desktop\attribute.exe : Zone.Identifier (26 bytes) C:\Dokumente und Einstellungen\Birgit.N-CHBQJIO7IMVKM\Desktop\blbeta.exe : Zone.Identifier (26 bytes) C:\Dokumente und Einstellungen\Birgit.N-CHBQJIO7IMVKM\Desktop\confixx2_handbuch.zip : Zone.Identifier (26 bytes) C:\Dokumente und Einstellungen\Birgit.N-CHBQJIO7IMVKM\Desktop\ElsterFormular2004-Setup.exe : Zone.Identifier (26 bytes) C:\Dokumente und Einstellungen\Birgit.N-CHBQJIO7IMVKM\Desktop\hijackthis\hijackthis.zip : Zone.Identifier (26 bytes) C:\Dokumente und Einstellungen\Birgit.N-CHBQJIO7IMVKM\Desktop\hijackthis\hijackthis_199.zip : Zone.Identifier (26 bytes) C:\Dokumente und Einstellungen\Birgit.N-CHBQJIO7IMVKM\Desktop\matisse.zip : Zone.Identifier (26 bytes) C:\Dokumente und Einstellungen\Birgit.N-CHBQJIO7IMVKM\Desktop\regsearch.zip : Zone.Identifier (26 bytes) C:\Dokumente und Einstellungen\Birgit.N-CHBQJIO7IMVKM\Desktop\rustbfix.exe : Zone.Identifier (26 bytes) C:\Dokumente und Einstellungen\Birgit.N-CHBQJIO7IMVKM\Desktop\SDFix.exe : Zone.Identifier (26 bytes) C:\Dokumente und Einstellungen\meilaodiy\Thumbs.db : encryptable (0 bytes) C:\Programme\Travian\img\en\a\Thumbs.db : encryptable (0 bytes) C:\Programme\Travian\img\en\b\Thumbs.db : encryptable (0 bytes) C:\Programme\Travian\img\en\css\Thumbs.db : encryptable (0 bytes) C:\Programme\Travian\img\en\f\Thumbs.db : encryptable (0 bytes) C:\Programme\Travian\img\en\g\1\Thumbs.db : encryptable (0 bytes) C:\Programme\Travian\img\en\g\2\Thumbs.db : encryptable (0 bytes) C:\Programme\Travian\img\en\g\3\Thumbs.db : encryptable (0 bytes) C:\Programme\Travian\img\en\g\4\Thumbs.db : encryptable (0 bytes) C:\Programme\Travian\img\en\g\5\Thumbs.db : encryptable (0 bytes) C:\Programme\Travian\img\en\g\Thumbs.db : encryptable (0 bytes) C:\Programme\Travian\img\en\h\faq\Thumbs.db : encryptable (0 bytes) C:\Programme\Travian\img\en\h\geb\Thumbs.db : encryptable (0 bytes) C:\Programme\Travian\img\en\h\Thumbs.db : encryptable (0 bytes) C:\Programme\Travian\img\en\haeder\Thumbs.db : encryptable (0 bytes) C:\Programme\Travian\img\en\l\Thumbs.db : encryptable (0 bytes) C:\Programme\Travian\img\en\m\Thumbs.db : encryptable (0 bytes) C:\Programme\Travian\img\en\msg\Thumbs.db : encryptable (0 bytes) C:\Programme\Travian\img\en\p\Thumbs.db : encryptable (0 bytes) C:\Programme\Travian\img\en\r\Thumbs.db : encryptable (0 bytes) C:\Programme\Travian\img\en\s\Thumbs.db : encryptable (0 bytes) C:\Programme\Travian\img\en\st\Thumbs.db : encryptable (0 bytes) C:\Programme\Travian\img\en\t1\Thumbs.db : encryptable (0 bytes) C:\Programme\Travian\img\en\t2\Thumbs.db : encryptable (0 bytes) C:\Programme\Travian\img\en\Thumbs.db : encryptable (0 bytes) C:\Programme\Travian\img\en\u\Thumbs.db : encryptable (0 bytes) C:\Programme\Travian\img\Thumbs.db : encryptable (0 bytes) C:\WINDOWS\system32\svchost.exe : exe.exe (35840 bytes) tuk-tuk
  7. Hi David, here are the logfiles. Logfile of HijackThis v1.99.1 Scan saved at 11:02:44, on 29.01.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe d:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\nvraidservice.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Java\jre1.5.0_02\bin\jusched.exe C:\WINDOWS\System32\wbem\unsecapp.exe D:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe D:\Acrobat 5.0\Distillr\AcroTray.exe D:\Programme\Hardcopy\hardcopy.exe D:\FRITZ!\IWatch.exe C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Spontania4IM\spontania4IM.exe D:\WinZip\WZQKPICK.EXE D:\FRITZ!\FriFax32.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.metager.de/ R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [{E0BC8662-0710-1031-0225-050412060031}] "C:\Programme\Gemeinsame Dateien\{E0BC8662-0710-1031-0225-050412060031}\Update.exe" te-110-12-0000273 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [d:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe] "1&1 EasyLogin" HIDE O4 - HKCU\..\Run: [spybotSD TeaTimer] d:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: FriFax32.exe.lnk = D:\FRITZ!\FriFax32.exe O4 - Startup: Trillian.lnk = D:\Programme\Trillian\trillian.exe O4 - Global Startup: Acrobat Assistant.lnk = D:\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Hardcopy.LNK = D:\Programme\Hardcopy\hardcopy.exe O4 - Global Startup: ISDNWatch.lnk = D:\FRITZ!\IWatch.exe O4 - Global Startup: Spontania Monitor.lnk = C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Spontania4IM\spontania4IM.exe O4 - Global Startup: WinZip Quick Pick.lnk = D:\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136215224218 O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D1391B7B-F497-4963-82F6-1E2FEEB28AA5}: NameServer = 192.168.120.252,192.168.120.253 O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - d:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe ÿþ- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - K A S P E R S K Y O N L I N E S C A N N E R R E P O R T M o n d a y , J a n u a r y 2 9 , 2 0 0 7 1 1 : 0 1 : 3 2 A M O p e r a t i n g S y s t e m : M i c r o s o f t W i n d o w s X P P r o f e s s i o n a l , S e r v i c e P a c k 2 ( B u i l d 2 6 0 0 ) K a s p e r s k y O n l i n e S c a n n e r v e r s i o n : 5 . 0 . 8 3 . 0 K a s p e r s k y A n t i - V i r u s d a t a b a s e l a s t u p d a t e : 2 9 / 0 1 / 2 0 0 7 K a s p e r s k y A n t i - V i r u s d a t a b a s e r e c o r d s : 2 4 8 0 8 7 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - S c a n S e t t i n g s : S c a n u s i n g t h e f o l l o w i n g a n t i v i r u s d a t a b a s e : s t a n d a r d S c a n A r c h i v e s : t r u e S c a n M a i l B a s e s : t r u e S c a n T a r g e t - M y C o m p u t e r : C : \ D : \ E : \ J : \ K : \ L : \ S c a n S t a t i s t i c s : T o t a l n u m b e r o f s c a n n e d o b j e c t s : 2 9 5 9 3 6 N u m b e r o f v i r u s e s f o u n d : 9 N u m b e r o f i n f e c t e d o b j e c t s : 2 5 / 0 N u m b e r o f s u s p i c i o u s o b j e c t s : 0 D u r a t i o n o f t h e s c a n p r o c e s s : 0 2 : 5 0 : 5 4 I n f e c t e d O b j e c t N a m e / V i r u s N a m e / L a s t A c t i o n C : \ D o k u m e n t e u n d E i n s t e l l u n g e n \ A l l U s e r s \ A n w e n d u n g s d a t e n \ M i c r o s o f t \ D r W a t s o n \ u s e r . d m p O b j e c t i s l o c k e d s k i p p e d C : \ D o k u m e n t e u n d E i n s t e l l u n g e n \ B i r g i t . N - C H B Q J I O 7 I M V K M \ C o o k i e s \ i n d e x . d a t O b j e c t i s l o c k e d s k i p p e d C : \ D o k u m e n t e u n d E i n s t e l l u n g e n \ B i r g i t . N - C H B Q J I O 7 I M V K M \ L o k a l e E i n s t e l l u n g e n \ A n w e n d u n g s d a t e n \ M i c r o s o f t \ W i n d o w s \ U s r C l a s s . d a t O b j e c t i s l o c k e d s k i p p e d C : \ D o k u m e n t e u n d E i n s t e l l u n g e n \ B i r g i t . N - C H B Q J I O 7 I M V K M \ L o k a l e E i n s t e l l u n g e n \ A n w e n d u n g s d a t e n \ M i c r o s o f t \ W i n d o w s \ U s r C l a s s . d a t . L O G O b j e c t i s l o c k e d s k i p p e d C : \ D o k u m e n t e u n d E i n s t e l l u n g e n \ B i r g i t . N - C H B Q J I O 7 I M V K M \ L o k a l e E i n s t e l l u n g e n \ T e m p o r a r y I n t e r n e t F i l e s \ C o n t e n t . I E 5 \ i n d e x . d a t O b j e c t i s l o c k e d s k i p p e d C : \ D o k u m e n t e u n d E i n s t e l l u n g e n \ B i r g i t . N - C H B Q J I O 7 I M V K M \ L o k a l e E i n s t e l l u n g e n \ V e r l a u f \ H i s t o r y . I E 5 \ i n d e x . d a t O b j e c t i s l o c k e d s k i p p e d C : \ D o k u m e n t e u n d E i n s t e l l u n g e n \ B i r g i t . N - C H B Q J I O 7 I M V K M \ L o k a l e E i n s t e l l u n g e n \ V e r l a u f \ H i s t o r y . I E 5 \ M S H i s t 0 1 2 0 0 7 0 1 2 9 2 0 0 7 0 1 3 0 \ i n d e x . d a t O b j e c t i s l o c k e d s k i p p e d C : \ D o k u m e n t e u n d E i n s t e l l u n g e n \ B i r g i t . N - C H B Q J I O 7 I M V K M \ n t u s e r . d a t O b j e c t i s l o c k e d s k i p p e d C : \ D o k u m e n t e u n d E i n s t e l l u n g e n \ B i r g i t . N - C H B Q J I O 7 I M V K M \ n t u s e r . d a t . L O G O b j e c t i s l o c k e d s k i p p e d C : \ D o k u m e n t e u n d E i n s t e l l u n g e n \ L o c a l S e r v i c e . N T - A U T O R I T Ä T \ C o o k i e s \ i n d e x . d a t O b j e c t i s l o c k e d s k i p p e d C : \ D o k u m e n t e u n d E i n s t e l l u n g e n \ L o c a l S e r v i c e . N T - A U T O R I T Ä T \ L o k a l e E i n s t e l l u n g e n \ A n w e n d u n g s d a t e n \ M i c r o s o f t \ W i n d o w s \ U s r C l a s s . d a t O b j e c t i s l o c k e d s k i p p e d C : \ D o k u m e n t e u n d E i n s t e l l u n g e n \ L o c a l S e r v i c e . N T - A U T O R I T Ä T \ L o k a l e E i n s t e l l u n g e n \ A n w e n d u n g s d a t e n \ M i c r o s o f t \ W i n d o w s \ U s r C l a s s . d a t . L O G O b j e c t i s l o c k e d s k i p p e d C : \ D o k u m e n t e u n d E i n s t e l l u n g e n \ L o c a l S e r v i c e . N T - A U T O R I T Ä T \ L o k a l e E i n s t e l l u n g e n \ T e m p o r a r y I n t e r n e t F i l e s \ C o n t e n t . I E 5 \ 0 H 2 7 8 H E B \ g a m e [ 1 ] . e x e I n f e c t e d : E m a i l - W o r m . W i n 3 2 . B a n w a r u m . k s k i p p e d C : \ D o k u m e n t e u n d E i n s t e l l u n g e n \ L o c a l S e r v i c e . N T - A U T O R I T Ä T \ L o k a l e E i n s t e l l u n g e n \ T e m p o r a r y I n t e r n e t F i l e s \ C o n t e n t . I E 5 \ i n d e x . d a t O b j e c t i s l o c k e d s k i p p e d C : \ D o k u m e n t e u n d E i n s t e l l u n g e n \ L o c a l S e r v i c e . N T - A U T O R I T Ä T \ L o k a l e E i n s t e l l u n g e n \ V e r l a u f \ H i s t o r y . I E 5 \ i n d e x . d a t O b j e c t i s l o c k e d s k i p p e d C : \ D o k u m e n t e u n d E i n s t e l l u n g e n \ L o c a l S e r v i c e . N T - A U T O R I T Ä T \ n t u s e r . d a t O b j e c t i s l o c k e d s k i p p e d C : \ D o k u m e n t e u n d E i n s t e l l u n g e n \ L o c a l S e r v i c e . N T - A U T O R I T Ä T \ n t u s e r . d a t . L O G O b j e c t i s l o c k e d s k i p p e d C : \ D o k u m e n t e u n d E i n s t e l l u n g e n \ N e t w o r k S e r v i c e . N T - A U T O R I T Ä T \ L o k a l e E i n s t e l l u n g e n \ A n w e n d u n g s d a t e n \ M i c r o s o f t \ W i n d o w s \ U s r C l a s s . d a t O b j e c t i s l o c k e d s k i p p e d C : \ D o k u m e n t e u n d E i n s t e l l u n g e n \ N e t w o r k S e r v i c e . N T - A U T O R I T Ä T \ L o k a l e E i n s t e l l u n g e n \ A n w e n d u n g s d a t e n \ M i c r o s o f t \ W i n d o w s \ U s r C l a s s . d a t . L O G O b j e c t i s l o c k e d s k i p p e d C : \ D o k u m e n t e u n d E i n s t e l l u n g e n \ N e t w o r k S e r v i c e . N T - A U T O R I T Ä T \ N T U S E R . D A T O b j e c t i s l o c k e d s k i p p e d C : \ D o k u m e n t e u n d E i n s t e l l u n g e n \ N e t w o r k S e r v i c e . N T - A U T O R I T Ä T \ n t u s e r . d a t . L O G O b j e c t i s l o c k e d s k i p p e d C : \ S y s t e m V o l u m e I n f o r m a t i o n \ M o u n t P o i n t M a n a g e r R e m o t e D a t a b a s e O b j e c t i s l o c k e d s k i p p e d C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 7 4 \ A 0 0 7 4 0 6 1 . e x e I n f e c t e d : B a c k d o o r . W i n 3 2 . S d B o t . b d j s k i p p e d C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 7 4 \ A 0 0 7 4 0 7 0 . e x e I n f e c t e d : T r o j a n - D o w n l o a d e r . W i n 3 2 . S m a l l . d a m s k i p p e d C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 7 7 \ A 0 0 7 6 8 6 7 . e x e I n f e c t e d : E m a i l - W o r m . W i n 3 2 . Z h e l a t i n . a s k i p p e d C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 7 8 \ A 0 1 0 2 0 5 6 . e x e I n f e c t e d : E m a i l - W o r m . W i n 3 2 . Z h e l a t i n . a s k i p p e d C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 8 1 \ A 0 1 1 1 7 8 8 . e x e I n f e c t e d : E m a i l - W o r m . W i n 3 2 . B a n w a r u m . k s k i p p e d C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 8 1 \ A 0 1 1 1 7 8 9 . e x e I n f e c t e d : E m a i l - W o r m . W i n 3 2 . Z h e l a t i n . a s k i p p e d C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 8 1 \ A 0 1 1 1 7 9 0 . e x e I n f e c t e d : P a c k e d . W i n 3 2 . T i b s . l s k i p p e d C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 8 1 \ A 0 1 1 1 7 9 1 . e x e I n f e c t e d : P a c k e d . W i n 3 2 . T i b s . l s k i p p e d C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 8 1 \ A 0 1 1 1 7 9 2 . e x e I n f e c t e d : E m a i l - W o r m . W i n 3 2 . Z h e l a t i n . d s k i p p e d C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 8 1 \ A 0 1 1 1 7 9 3 . e x e I n f e c t e d : P a c k e d . W i n 3 2 . T i b s . l s k i p p e d C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 8 1 \ A 0 1 1 1 7 9 6 . e x e I n f e c t e d : E m a i l - W o r m . W i n 3 2 . B a n w a r u m . k s k i p p e d C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 8 3 \ c h a n g e . l o g O b j e c t i s l o c k e d s k i p p e d C : \ W I N D O W S \ D e b u g \ P A S S W D . L O G O b j e c t i s l o c k e d s k i p p e d C : \ W I N D O W S \ S c h e d L g U . T x t O b j e c t i s l o c k e d s k i p p e d C : \ W I N D O W S \ S o f t w a r e D i s t r i b u t i o n \ R e p o r t i n g E v e n t s . l o g O b j e c t i s l o c k e d s k i p p e d C : \ W I N D O W S \ S t i _ T r a c e . l o g O b j e c t i s l o c k e d s k i p p e d C : \ W I N D O W S \ s y s t e m 3 2 \ C a t R o o t 2 \ e d b . l o g O b j e c t i s l o c k e d s k i p p e d C : \ W I N D O W S \ s y s t e m 3 2 \ C a t R o o t 2 \ t m p . e d b O b j e c t i s l o c k e d s k i p p e d C : \ W I N D O W S \ s y s t e m 3 2 \ c o n f i g \ A p p E v e n t . E v t O b j e c t i s l o c k e d s k i p p e d C : \ W I N D O W S \ s y s t e m 3 2 \ c o n f i g \ d e f a u l t O b j e c t i s l o c k e d s k i p p e d C : \ W I N D O W S \ s y s t e m 3 2 \ c o n f i g \ d e f a u l t . L O G O b j e c t i s l o c k e d s k i p p e d C : \ W I N D O W S \ s y s t e m 3 2 \ c o n f i g \ S A M O b j e c t i s l o c k e d s k i p p e d C : \ W I N D O W S \ s y s t e m 3 2 \ c o n f i g \ S A M . L O G O b j e c t i s l o c k e d s k i p p e d C : \ W I N D O W S \ s y s t e m 3 2 \ c o n f i g \ S e c E v e n t . E v t O b j e c t i s l o c k e d s k i p p e d C : \ W I N D O W S \ s y s t e m 3 2 \ c o n f i g \ S E C U R I T Y O b j e c t i s l o c k e d s k i p p e d C : \ W I N D O W S \ s y s t e m 3 2 \ c o n f i g \ S E C U R I T Y . L O G O b j e c t i s l o c k e d s k i p p e d C : \ W I N D O W S \ s y s t e m 3 2 \ c o n f i g \ s o f t w a r e O b j e c t i s l o c k e d s k i p p e d C : \ W I N D O W S \ s y s t e m 3 2 \ c o n f i g \ s o f t w a r e . L O G O b j e c t i s l o c k e d s k i p p e d C : \ W I N D O W S \ s y s t e m 3 2 \ c o n f i g \ S y s E v e n t . E v t O b j e c t i s l o c k e d s k i p p e d C : \ W I N D O W S \ s y s t e m 3 2 \ c o n f i g \ s y s t e m O b j e c t i s l o c k e d s k i p p e d C : \ W I N D O W S \ s y s t e m 3 2 \ c o n f i g \ s y s t e m . L O G O b j e c t i s l o c k e d s k i p p e d C : \ W I N D O W S \ s y s t e m 3 2 \ h 3 2 3 l o g . t x t O b j e c t i s l o c k e d s k i p p e d C : \ W I N D O W S \ s y s t e m 3 2 \ l n w i n . e x e I n f e c t e d : P a c k e d . W i n 3 2 . T i b s . l s k i p p e d C : \ W I N D O W S \ s y s t e m 3 2 \ s v c h o s t . e x e : e x e . e x e : $ D A T A I n f e c t e d : T r o j a n . W i n 3 2 . A g e n t . a e k s k i p p e d C : \ W I N D O W S \ s y s t e m 3 2 \ w b e m \ R e p o s i t o r y \ F S \ I N D E X . B T R O b j e c t i s l o c k e d s k i p p e d C : \ W I N D O W S \ s y s t e m 3 2 \ w b e m \ R e p o s i t o r y \ F S \ I N D E X . M A P O b j e c t i s l o c k e d s k i p p e d C : \ W I N D O W S \ s y s t e m 3 2 \ w b e m \ R e p o s i t o r y \ F S \ M A P P I N G . V E R O b j e c t i s l o c k e d s k i p p e d C : \ W I N D O W S \ s y s t e m 3 2 \ w b e m \ R e p o s i t o r y \ F S \ M A P P I N G 1 . M A P O b j e c t i s l o c k e d s k i p p e d C : \ W I N D O W S \ s y s t e m 3 2 \ w b e m \ R e p o s i t o r y \ F S \ M A P P I N G 2 . M A P O b j e c t i s l o c k e d s k i p p e d C : \ W I N D O W S \ s y s t e m 3 2 \ w b e m \ R e p o s i t o r y \ F S \ O B J E C T S . D A T A O b j e c t i s l o c k e d s k i p p e d C : \ W I N D O W S \ s y s t e m 3 2 \ w b e m \ R e p o s i t o r y \ F S \ O B J E C T S . M A P O b j e c t i s l o c k e d s k i p p e d C : \ W I N D O W S \ w i a d e b u g . l o g O b j e c t i s l o c k e d s k i p p e d C : \ W I N D O W S \ w i a s e r v c . l o g O b j e c t i s l o c k e d s k i p p e d C : \ W I N D O W S \ W i n d o w s U p d a t e . l o g O b j e c t i s l o c k e d s k i p p e d D : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 8 3 \ c h a n g e . l o g O b j e c t i s l o c k e d s k i p p e d E : \ S i c h e r u n g e n v o r N e u i n s t a l l a t i o n \ P M M a i l 2 0 0 0 \ F A R Y N 0 . A C T \ I N B O X . F L D \ J C 4 J D I 0 . M S G / [ F r o m b e f r i e n d < s g y n y d @ a c t o r s - p o o l . d e > ] [ D a t e F r i , 1 9 J a n 2 0 0 7 0 4 : 4 7 : 5 6 + 0 2 0 0 ] / F u l l I n f e c t e d : T r o j a n - D o w n l o a d e r . W i n 3 2 . S m a l l . d a m s k i p p e d E : \ S i c h e r u n g e n v o r N e u i n s t a l l a t i o n \ P M M a i l 2 0 0 0 \ F A R Y N 0 . A C T \ I N B O X . F L D \ J C 4 J D I 0 . M S G M a i l : i n f e c t e d - 1 s k i p p e d E : \ S i c h e r u n g e n v o r N e u i n s t a l l a t i o n \ P M M a i l 2 0 0 0 \ B _ F _ M 0 . A C T \ I N B O X . F L D \ J C 4 J D T 0 . M S G / [ F r o m b e f r i e n d < s g y n y d @ a c t o r s - p o o l . d e > ] [ D a t e F r i , 1 9 J a n 2 0 0 7 0 4 : 4 7 : 5 6 + 0 2 0 0 ] / F u l l I n f e c t e d : T r o j a n - D o w n l o a d e r . W i n 3 2 . S m a l l . d a m s k i p p e d E : \ S i c h e r u n g e n v o r N e u i n s t a l l a t i o n \ P M M a i l 2 0 0 0 \ B _ F _ M 0 . A C T \ I N B O X . F L D \ J C 4 J D T 0 . M S G M a i l : i n f e c t e d - 1 s k i p p e d E : \ S i c h e r u n g e n v o r N e u i n s t a l l a t i o n \ P M M a i l 2 0 0 0 \ R U D O L 0 . A C T \ I N B O X . F L D \ J C 4 J 0 9 0 . M S G / [ F r o m " V o l k s b a n k e n R a i f f e i s e n b a n k e n " < r e c h n u n g s u p p o r t - i d 0 4 7 0 1 2 3 v r @ v r - n e t w o r l d . d e > ] [ D a t e S u n , 1 4 J a n 2 0 0 7 0 8 : 0 7 : 2 8 + 0 1 0 0 ] / h t m l I n f e c t e d : T r o j a n - S p y . H T M L . B a n k f r a u d . o d s k i p p e d E : \ S i c h e r u n g e n v o r N e u i n s t a l l a t i o n \ P M M a i l 2 0 0 0 \ R U D O L 0 . A C T \ I N B O X . F L D \ J C 4 J 0 9 0 . M S G M a i l : i n f e c t e d - 1 s k i p p e d E : \ S i c h e r u n g e n v o r N e u i n s t a l l a t i o n \ P M M a i l 2 0 0 0 \ R U D O L 0 . A C T \ I N B O X . F L D \ J C 4 J 3 W 0 . M S G / [ F r o m " V o l k s b a n k e n R a i f f e i s e n b a n k e n " < s u p p o r t - 4 3 7 7 6 6 4 9 2 0 v r @ v r - n e t w o r l d . d e > ] [ D a t e T u e , 1 6 J a n 2 0 0 7 0 7 : 5 7 : 3 2 + 0 1 0 0 ] / h t m l I n f e c t e d : T r o j a n - S p y . H T M L . B a n k f r a u d . o d s k i p p e d E : \ S i c h e r u n g e n v o r N e u i n s t a l l a t i o n \ P M M a i l 2 0 0 0 \ R U D O L 0 . A C T \ I N B O X . F L D \ J C 4 J 3 W 0 . M S G M a i l : i n f e c t e d - 1 s k i p p e d E : \ S i c h e r u n g e n v o r N e u i n s t a l l a t i o n \ P M M a i l 2 0 0 0 \ P U C K _ 0 . A C T \ I N B O X . F L D \ J C 4 J 0 3 0 . M S G / [ F r o m " G E Z O n l i n e " < r e c h n u n g @ g e z . d e > ] [ D a t e S u n , 1 4 J a n 2 0 0 7 1 7 : 4 0 : 2 5 + 0 6 0 0 ] / R e c h n u n g _ G E Z . z i p / R e c h n u n g G E Z . p d f . e x e I n f e c t e d : T r o j a n - D o w n l o a d e r . W i n 3 2 . S m a l l . e f e s k i p p e d E : \ S i c h e r u n g e n v o r N e u i n s t a l l a t i o n \ P M M a i l 2 0 0 0 \ P U C K _ 0 . A C T \ I N B O X . F L D \ J C 4 J 0 3 0 . M S G / [ F r o m " G E Z O n l i n e " < r e c h n u n g @ g e z . d e > ] [ D a t e S u n , 1 4 J a n 2 0 0 7 1 7 : 4 0 : 2 5 + 0 6 0 0 ] / R e c h n u n g _ G E Z . z i p I n f e c t e d : T r o j a n - D o w n l o a d e r . W i n 3 2 . S m a l l . e f e s k i p p e d E : \ S i c h e r u n g e n v o r N e u i n s t a l l a t i o n \ P M M a i l 2 0 0 0 \ P U C K _ 0 . A C T \ I N B O X . F L D \ J C 4 J 0 3 0 . M S G M a i l : i n f e c t e d - 2 s k i p p e d S c a n p r o c e s s c o m p l e t e d .
  8. Hi David, sad news. Here is the logfile of AVG Antispy: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - A V G A n t i - S p y w a r e - S c a n - B e r i c h t - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + E r s t e l l t u m : 1 9 : 2 4 : 0 7 2 8 . 0 1 . 2 0 0 7 + S c a n - E r g e b n i s : C : \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / g a m e 5 . e x e - > D o w n l o a d e r . A g e n t . b e t : M i t B a c k u p g e s ä u b e r t ( u n t e r Q u a r a n t ä n e g e s t e l l t ) . C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 7 8 \ A 0 1 0 2 0 9 1 . e x e - > D o w n l o a d e r . A g e n t . b e t : M i t B a c k u p g e s ä u b e r t ( u n t e r Q u a r a n t ä n e g e s t e l l t ) . C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 7 8 \ A 0 1 0 2 0 9 2 . e x e - > D o w n l o a d e r . A g e n t . b e t : M i t B a c k u p g e s ä u b e r t ( u n t e r Q u a r a n t ä n e g e s t e l l t ) . C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 7 8 \ A 0 1 0 2 0 9 3 . e x e - > D o w n l o a d e r . A g e n t . b e t : M i t B a c k u p g e s ä u b e r t ( u n t e r Q u a r a n t ä n e g e s t e l l t ) . C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 8 1 \ A 0 1 0 9 6 9 1 . e x e - > D o w n l o a d e r . A g e n t . b e t : M i t B a c k u p g e s ä u b e r t ( u n t e r Q u a r a n t ä n e g e s t e l l t ) . C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 8 1 \ A 0 1 1 1 7 9 4 . e x e - > D o w n l o a d e r . A g e n t . b e t : M i t B a c k u p g e s ä u b e r t ( u n t e r Q u a r a n t ä n e g e s t e l l t ) . C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 8 1 \ A 0 1 0 8 6 5 4 . e x e - > D o w n l o a d e r . S m a l l . c i w : M i t B a c k u p g e s ä u b e r t ( u n t e r Q u a r a n t ä n e g e s t e l l t ) . C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 8 1 \ A 0 1 0 9 6 8 5 . e x e - > D o w n l o a d e r . S m a l l . c i w : M i t B a c k u p g e s ä u b e r t ( u n t e r Q u a r a n t ä n e g e s t e l l t ) . C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 8 1 \ A 0 1 0 9 6 8 6 . e x e - > D o w n l o a d e r . S m a l l . c i w : M i t B a c k u p g e s ä u b e r t ( u n t e r Q u a r a n t ä n e g e s t e l l t ) . C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 8 1 \ A 0 1 0 9 6 8 8 . e x e - > D o w n l o a d e r . S m a l l . c i w : M i t B a c k u p g e s ä u b e r t ( u n t e r Q u a r a n t ä n e g e s t e l l t ) . C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 8 1 \ A 0 1 0 9 6 9 0 . e x e - > D o w n l o a d e r . S m a l l . c i w : M i t B a c k u p g e s ä u b e r t ( u n t e r Q u a r a n t ä n e g e s t e l l t ) . C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 8 1 \ A 0 1 1 1 7 0 6 . e x e - > D o w n l o a d e r . S m a l l . c i w : M i t B a c k u p g e s ä u b e r t ( u n t e r Q u a r a n t ä n e g e s t e l l t ) . C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 7 7 \ A 0 0 7 6 8 7 9 . e x e - > D o w n l o a d e r . S m a l l . d a m : M i t B a c k u p g e s ä u b e r t ( u n t e r Q u a r a n t ä n e g e s t e l l t ) . C : \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / w i n c o m 3 2 . s y s - > D r o p p e r . A g e n t . b b v : M i t B a c k u p g e s ä u b e r t ( u n t e r Q u a r a n t ä n e g e s t e l l t ) . C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 8 1 \ A 0 1 0 9 6 8 9 . s y s - > D r o p p e r . A g e n t . b b v : M i t B a c k u p g e s ä u b e r t ( u n t e r Q u a r a n t ä n e g e s t e l l t ) . C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 8 1 \ A 0 1 1 1 7 9 8 . s y s - > D r o p p e r . A g e n t . b b v : M i t B a c k u p g e s ä u b e r t ( u n t e r Q u a r a n t ä n e g e s t e l l t ) . C : \ D o k u m e n t e u n d E i n s t e l l u n g e n \ B i r g i t . N - C H B Q J I O 7 I M V K M \ L o k a l e E i n s t e l l u n g e n \ T e m p o r a r y I n t e r n e t F i l e s \ C o n t e n t . I E 5 \ Y X X U 7 E H G \ d e m o 3 [ 1 ] . e x e - > T r o j a n . B H O . t : M i t B a c k u p g e s ä u b e r t ( u n t e r Q u a r a n t ä n e g e s t e l l t ) . C : \ S D F i x \ b a c k u p s \ b a c k u p s . z i p / b a c k u p s / a d i r . d l l - > W o r m . B a n w a r u m . f : M i t B a c k u p g e s ä u b e r t ( u n t e r Q u a r a n t ä n e g e s t e l l t ) . C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 8 1 \ A 0 1 1 1 7 8 7 . d l l - > W o r m . B a n w a r u m . f : M i t B a c k u p g e s ä u b e r t ( u n t e r Q u a r a n t ä n e g e s t e l l t ) . C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 8 1 \ A 0 1 0 9 6 8 2 . e x e - > W o r m . B a n w a r u m . k : M i t B a c k u p g e s ä u b e r t ( u n t e r Q u a r a n t ä n e g e s t e l l t ) . C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 8 1 \ A 0 1 0 9 6 8 4 . e x e - > W o r m . B a n w a r u m . k : M i t B a c k u p g e s ä u b e r t ( u n t e r Q u a r a n t ä n e g e s t e l l t ) . C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 8 1 \ A 0 1 1 1 6 7 3 . e x e - > W o r m . B a n w a r u m . k : M i t B a c k u p g e s ä u b e r t ( u n t e r Q u a r a n t ä n e g e s t e l l t ) . C : \ S y s t e m V o l u m e I n f o r m a t i o n \ _ r e s t o r e { E 3 E 2 B 0 4 9 - 9 5 A 3 - 4 5 9 3 - A 3 2 3 - 0 E 7 E 3 C 0 4 A 0 B 7 } \ R P 5 8 1 \ A 0 1 1 1 7 8 0 . e x e - > W o r m . B a n w a r u m . k : M i t B a c k u p g e s ä u b e r t ( u n t e r Q u a r a n t ä n e g e s t e l l t ) . : : B e r i c h t e n d e
  9. Hi David, here are two logfiles. The logfile avanger.txt didn't open and is not to find on my PC. ************************* Rustock.b-fix -- By ejvindh ************************* 28.01.2007 16:04:51,01 Rustock.b-driver on the system: NONE! Rustock.b-ADS attached to the System32-folder: :lzx32.sys 65568 Total size: 65568 bytes. Attempting to remove ADS... system32: deleted 65568 bytes in 1 streams. Looking for Rustock.b-files in the System32-folder: No Rustock.b-files found in system32 ******************* Post-run Status of system ******************* Rustock.b-driver on the system: NONE! Rustock.b-ADS attached to the System32-folder: No System32-ADS found. Looking for Rustock.b-files in the System32-folder: No Rustock.b-files found in system32 ******************************* End of Logfile ******************************** Logfile of HijackThis v1.99.1 Scan saved at 16:06:04, on 28.01.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe d:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\nvraidservice.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Java\jre1.5.0_02\bin\jusched.exe C:\WINDOWS\System32\wbem\unsecapp.exe D:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe D:\Acrobat 5.0\Distillr\AcroTray.exe D:\Programme\Hardcopy\hardcopy.exe D:\FRITZ!\IWatch.exe C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Spontania4IM\spontania4IM.exe D:\WinZip\WZQKPICK.EXE C:\WINDOWS\notepad.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.metager.de/ R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [d:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe] "1&1 EasyLogin" HIDE O4 - HKCU\..\Run: [spybotSD TeaTimer] d:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: FriFax32.exe.lnk = D:\FRITZ!\FriFax32.exe O4 - Startup: Trillian.lnk = D:\Programme\Trillian\trillian.exe O4 - Global Startup: Acrobat Assistant.lnk = D:\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Hardcopy.LNK = D:\Programme\Hardcopy\hardcopy.exe O4 - Global Startup: ISDNWatch.lnk = D:\FRITZ!\IWatch.exe O4 - Global Startup: Spontania Monitor.lnk = C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Spontania4IM\spontania4IM.exe O4 - Global Startup: WinZip Quick Pick.lnk = D:\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136215224218 O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D1391B7B-F497-4963-82F6-1E2FEEB28AA5}: NameServer = 192.168.120.252,192.168.120.253 O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - d:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
  10. Hi David, the attrib-command is running. But if I want to the del-command I get a Windows message like this: Couldn't find "del". Be shure that the name is written correctly and try again. Klick on "Start" and then "Search" to search for the file. What should I do now? tuk-tuk
  11. Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.2.0 ; Results at 26.01.2007 00:08:52 for strings: ; 'clcbt' ; 'adirss' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\adirss.exe"="C:\\WINDOWS\\system32\\adirss.exe:*:Enabled:enable" "C:\\WINDOWS\\system32\\clcbt.exe"="C:\\WINDOWS\\system32\\clcbt.exe:*:Enabled:enable" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\adirss.exe"="C:\\WINDOWS\\system32\\adirss.exe:*:Enabled:enable" "C:\\WINDOWS\\system32\\clcbt.exe"="C:\\WINDOWS\\system32\\clcbt.exe:*:Enabled:enable" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\adirss.exe"="C:\\WINDOWS\\system32\\adirss.exe:*:Enabled:enable" "C:\\WINDOWS\\system32\\clcbt.exe"="C:\\WINDOWS\\system32\\clcbt.exe:*:Enabled:enable" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*] "c"="C:\\WINDOWS\\system32\\adirss.exe" "d"="C:\\WINDOWS\\system32\\clcbt.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe] "b"="C:\\WINDOWS\\system32\\adirss.exe" "c"="C:\\WINDOWS\\system32\\clcbt.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\\WINDOWS\\system32\\clcbt.exe"="clcbt" "C:\\WINDOWS\\system32\\adirss.exe"="adirss" ; End Of The Log...
  12. Two other thins happend while this procedure: 1. After reboot from Safe Mode XP gave a message that the system starts after a "big mistake" 2. Registry Search is hanging and i can only close it with the Task-Manager. Is this O.K. ?
  13. 01/26/07 00:17:00 [info]: BlackLight Engine 1.0.55 initialized 01/26/07 00:17:00 [info]: OS: 5.1 build 2600 (Service Pack 2) 01/26/07 00:17:00 [Note]: 7019 4 01/26/07 00:17:00 [Note]: 7005 0 01/26/07 00:17:12 [Note]: 7006 0 01/26/07 00:17:12 [Note]: 7011 1880 01/26/07 00:17:12 [Note]: 7026 0 01/26/07 00:17:12 [Note]: 7026 0 01/26/07 00:17:15 [Note]: FSRAW library version 1.7.1021 01/26/07 00:19:41 [Note]: 2000 1012
  14. SDFix: Version 1.62 25.01.2007 - 23:55:47,35 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Name: COM+ Messages wincom32 Path: "C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000273 \??\C:\WINDOWS\system32\wincom32.sys COM+ Messages Deleted wincom32 Deleted Restoring Windows Registry Entries Restoring Default Hosts File Rebooting... Normal Mode: Checking Files: Files will be copied to Backups folder and removed: C:\DOKUME~1\BIRGIT~1.N-C\LOKALE~1\Temp\temp_166320046.bat - Deleted C:\WINDOWS\system32\adir.dll - Deleted C:\WINDOWS\system32\game.exe - Deleted C:\WINDOWS\system32\game0.exe - Deleted C:\WINDOWS\system32\game1.exe - Deleted C:\WINDOWS\system32\game2.exe - Deleted C:\WINDOWS\system32\game3.exe - Deleted C:\WINDOWS\system32\game4.exe - Deleted C:\WINDOWS\system32\game5.exe - Deleted C:\WINDOWS\system32\peers.ini - Deleted C:\WINDOWS\system32\taskdir.exe - Deleted C:\WINDOWS\system32\unsvchosts.lzma - Deleted C:\WINDOWS\system32\wincom32.ini - Deleted C:\WINDOWS\system32\wincom32.sys - Deleted C:\WINDOWS\system32\zlbw.dll - Deleted Alternate Streams Check: C:\WINDOWS\system32 No streams found. Final Check: Remaining Services: ------------------ Rootkit PE386 Found! Authorized Application Key Export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\ICQLite\\ICQLite.exe"="C:\\Programme\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite" "D:\\nilstemp\\steam\\Steam.exe"="D:\\nilstemp\\steam\\Steam.exe:*:Enabled:Steam" "D:\\nilstemp\\steam\\SteamApps\\lincoooln\\counter-strike\\hl.exe"="D:\\nilstemp\\steam\\SteamApps\\lincoooln\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher" "D:\\nilstemp\\steam\\SteamApps\\lincoooln\\day of defeat\\hl.exe"="D:\\nilstemp\\steam\\SteamApps\\lincoooln\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher" "D:\\Skype\\Phone\\Skype.exe"="D:\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Dokumente und Einstellungen\\Birgit.N-CHBQJIO7IMVKM\\Lokale Einstellungen\\Temp\\metasploit.exe"="C:\\Dokumente und Einstellungen\\Birgit.N-CHBQJIO7IMVKM\\Lokale Einstellungen\\Temp\\metasploit.exe:*:Enabled:enable" "C:\\boot.inx"="C:\\boot.inx:*:Enabled:enable" "C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost" "C:\\WINDOWS\\system32\\adirss.exe"="C:\\WINDOWS\\system32\\adirss.exe:*:Enabled:enable" "C:\\WINDOWS\\system32\\clcbt.exe"="C:\\WINDOWS\\system32\\clcbt.exe:*:Enabled:enable" "C:\\WINDOWS\\system32\\game1.exe"="C:\\WINDOWS\\system32\\game1.exe:*:Enabled:enable" "C:\\WINDOWS\\system32\\game4.exe"="C:\\WINDOWS\\system32\\game4.exe:*:Enabled:enable" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files: --------------- Backups Folder: - C:\SDFix\backups\backups.zip Checking For Files with Hidden Attributes : C:\NTDETECT.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\DEVICE.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\KEYB.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\MODE.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\MOUSE.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\NETBIND.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\Paralink.com C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\pcdos\command.com C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\pcdos\IBMBIO.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\pcdos\IBMDOS.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\CMDS.EXE C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\CMDS16.EXE C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\E.EXE C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\GUEST.EXE C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\MSCDEX.EXE C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\Net.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\OHCI.EXE C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\PROTMAN.EXE C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\UHCI.EXE C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe C:\Programme\Gemeinsame Dateien\Adobe\ESD\DLMCleanup.exe C:\WINDOWS\system32\cdplayer.exe.manifest C:\WINDOWS\system32\logonui.exe.manifest C:\WINDOWS\system32\sdmvdlxe.exe C:\IO.SYS C:\MSDOS.SYS C:\pagefile.sys C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\ASPI1394.SYS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\ASPI2DOS.SYS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\ASPI4DOS.SYS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\ASPI8DOS.SYS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\ASPI8U2.SYS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\ASPICD.SYS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\ASPIEHCI.SYS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\ASPIOHCI.SYS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\ASPIUHCI.SYS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\BOOTSRV.SYS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\bootsrv16.sys C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\BTCDROM.SYS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\BTDOSM.SYS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\COUNTRY.SYS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\DISPLAY.SYS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\DLSHELP.SYS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\FLASHPT.SYS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\HIMEM.SYS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\KEYBOARD.SYS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\msbootsrv16.sys C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Ghost\Template\common\OAKCDROM.SYS C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Microsoft\Word\~WRL0623.tmp C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Microsoft\Word\~WRL0989.tmp C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Microsoft\Word\~WRL3001.tmp C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Microsoft\Word\~WRL3754.tmp C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Microsoft\Word\~WRL3937.tmp C:\Dokumente und Einstellungen\Birgit.N-CHBQJIO7IMVKM\Anwendungsdaten\Microsoft\Word\~WRL0259.tmp C:\Dokumente und Einstellungen\Birgit.N-CHBQJIO7IMVKM\Anwendungsdaten\Microsoft\Word\~WRL0284.tmp C:\Dokumente und Einstellungen\Birgit.N-CHBQJIO7IMVKM\Anwendungsdaten\Microsoft\Word\~WRL0807.tmp C:\Dokumente und Einstellungen\Birgit.N-CHBQJIO7IMVKM\Anwendungsdaten\Microsoft\Word\~WRL0946.tmp C:\Programme\Microsoft Office2003\Vorlagen\~WRL0003.tmp Finished
  15. I needed a little bit time because I have installed a German version of XP. Here are coming the logfiles you need: Logfile of HijackThis v1.99.1 Scan saved at 00:22:32, on 26.01.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe d:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\notepad.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\nvraidservice.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Java\jre1.5.0_02\bin\jusched.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\WINDOWS\system32\ctfmon.exe D:\Acrobat 5.0\Distillr\AcroTray.exe D:\Programme\Hardcopy\hardcopy.exe D:\FRITZ!\IWatch.exe C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Spontania4IM\spontania4IM.exe D:\WinZip\WZQKPICK.EXE C:\RegSearch\regsearch.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Birgit.N-CHBQJIO7IMVKM\Desktop\blbeta.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.metager.de/ R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [{E0BC8662-0710-1031-0225-050412060031}] "C:\Programme\Gemeinsame Dateien\{E0BC8662-0710-1031-0225-050412060031}\Update.exe" te-110-12-0000273 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [d:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe] "1&1 EasyLogin" HIDE O4 - HKCU\..\Run: [spybotSD TeaTimer] d:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: FriFax32.exe.lnk = D:\FRITZ!\FriFax32.exe O4 - Startup: Trillian.lnk = D:\Programme\Trillian\trillian.exe O4 - Global Startup: Acrobat Assistant.lnk = D:\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Hardcopy.LNK = D:\Programme\Hardcopy\hardcopy.exe O4 - Global Startup: ISDNWatch.lnk = D:\FRITZ!\IWatch.exe O4 - Global Startup: Spontania Monitor.lnk = C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Spontania4IM\spontania4IM.exe O4 - Global Startup: WinZip Quick Pick.lnk = D:\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136215224218 O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D1391B7B-F497-4963-82F6-1E2FEEB28AA5}: NameServer = 192.168.120.252,192.168.120.253 O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - d:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe