nervendes Fenster

Dieses Thema nervendes Fenster im Forum "Viren, Trojaner, Spyware etc." wurde erstellt von balsam60, 20. Feb. 2010.

Thema: nervendes Fenster hallo, [img] seitdem ich FF 3 install.habe,geht dieses fenster ( Filmchen ) im regelmässigem abstand auf :| auch...

  1. hallo,

    [​IMG]

    seitdem ich FF 3 install.habe,geht dieses fenster ( Filmchen ) im regelmässigem abstand auf :|
    auch wenn ich nicht online bin.

    wer kann mir sagen,wo ich den schalter finde,um es auszuknipsen


    habe ein hijackthis.log erstellt

    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:41:23, on 20.02.2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
    C:\Programme\Analog Devices\Core\smax4pnp.exe
    C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe
    C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE
    C:\Programme\Microsoft ActiveSync\Wcescomm.exe
    C:\Programme\I8kfanGUI\I8kfanGUI.exe
    C:\Programme\TVR\TVR.exe
    C:\Programme\Biet-O-Matic\Biet-O-Matic.exe
    C:\Programme\PC Uhr synchcronisieren\tclock.exe
    C:\PROGRA~1\MICROS~2\rapimgr.exe
    C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
    C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
    C:\WINDOWS\system32\lvhidsvc.exe
    C:\Programme\TVR\video.ex_
    C:\Programme\UltraVNC\WinVNC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Internet Explorer\iexplore.exe
    C:\Programme\Internet Explorer\iexplore.exe
    C:\Programme\GPSoftware\Directory Opus\DOpus.exe
    Y:\HijackThis.....OK\HijackThis.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR[/url]
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR[/url]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.daemon-search.com/startpage[/url]
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR[/url]
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: D - {8D74111B-089D-39CA-B88C-364F55027973} - C:\WINDOWS\system32\xwr22607.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
    O4 - HKLM\..\Run: [TEMP-Terminator] C:\WINDOWS\cleartmp.bat
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
    O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programme\Agnitum\Outpost Firewall Pro\feedback.exe /dump:os_startup
    O4 - HKCU\..\Run: [RouterControl] C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE
    O4 - HKCU\..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\Wcescomm.exe
    O4 - HKCU\..\Run: [ccleaner] C:\Programme\CCleaner\CCleaner.exe /AUTO
    O4 - HKCU\..\Run: [i8kfangui] C:\Programme\I8kfanGUI\I8kfanGUI.exe /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->NETZWERKDIENST')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->Default user')
    O4 - Startup: TV Capture Card .lnk = C:\Programme\TVR\TVR.exe
    O4 - Startup: Biet-O-Matic.lnk = C:\Programme\Biet-O-Matic\Biet-O-Matic.exe
    O4 - Startup: Verknüpfung mit tclock.lnk = C:\Programme\PC Uhr synchcronisieren\tclock.exe
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra->Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Programme\Agnitum\Outpost Firewall Pro\ie_bar.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra->Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - [url]http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[/url]
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [url]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/url]
    O17 - HKLM\System\CCS\Services\Tcpip\..\{25AF9887-3994-4270-B106-D72F63A7D13A}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{79EFFE9A-E8C2-45AE-9D7B-7C47768BD91A}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{25AF9887-3994-4270-B106-D72F63A7D13A}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{25AF9887-3994-4270-B106-D72F63A7D13A}: NameServer = 192.168.1.1
    O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
    O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
    O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: Remote HID Service (LvHidSvc) - Philips - C:\WINDOWS\system32\lvhidsvc.exe
    O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Programme\UltraVNC\WinVNC.exe
    
    --
    End of file - 6053 bytes
    
     
  2. Internet Explorer ist veraltet - Neue Version:
    http://www.wintotal.de/softwarearchiv/?id=4980

    xwr22607.dll
    ist Adware XML Parser AIE/Crypt (Trojan.BHO) und wird für das Filmchen zuständig sein.

    in deiner LOG ist zwar das eigentliche Tool Daemon-Tool (SPTD.sy s/daemon.exe) nicht zu finden, sondern nur eine Daemon-Tool-Toolbar (DTToolbar.dll) und die Startpage, deshalb drück ich mal ein Auge zu.

    Den Hinweis hast du ja gesehen aber es betrifft ja nicht die Toolbar:
    [sub]O3 - Toolbar: Daemon Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\Daemon Tools Toolbar\DTToolbar.dll[/sub]

    pan_fee
     
  3. Code:
    info.txt logfile of random's system information tool 1.06 2010-02-20 12:13:25
    
    ======Uninstall list======
    
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    ACDSee 10 Foto-Manager-->MsiExec.exe /I{F8B98EB6-FC06-45BF-87D4-9784E0408611}
    AcronisTrueImageHome-->MsiExec.exe /X{67ED38A3-4882-448B-B44D-3428AB00D7D5}
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 9 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A90000000001}
    Around the World in 80 Days-->C:\Programme\Around the World in 80 Days\Uninstall.exe
    Biet-O-Matic v2.4.1-->C:\PROGRA~1\BIET-O~1\UNWISE.EXE C:\PROGRA~1\BIET-O~1\Install.log
    Big Fish Games: Game Manager-->C:\Programme\bfgclient\Uninstall.exe
    Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{7E369B27-13E2-41A5-9879-358EE1C8B5AD}
    CCleaner (remove only)-->C:\Programme\CCleaner\uninst.exe
    DAEMON Tools Toolbar-->C:\Programme\DAEMON Tools Toolbar\uninst.exe
    Driver Genius Professional Edition-->C:\Programme\Driver-Soft\DriverGenius\unins000.exe
    Driver Robot 1.1.0.14-->C:\Programme\Driver Robot\1.1.0.14\unins000.exe
    DriverAgent by TouchStone Software-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
    Druids: Battle of Magic-->D:\Spiele\Druids - Battle of Magic\Uninstall.exe
    EVEREST Ultimate Edition v4.20-->C:\Programme\Lavalys\EVEREST Ultimate Edition\unins000.exe
    Falk Navi-Manager-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup C:\Programme\InstallShield Installation Information\{3222B0CE-59C5-4CA0-B545-2B88F200756B}\setup.exe -l0x7 -removeonly
    Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)-->C:\Programme\MAGIX\Common\Database\uninstall.exe
    FLV Player 2.0 (build 25)-->C:\Programme\FLV Player\uninst.exe
    Google Earth Pro-->MsiExec.exe /X{9578C0CD-8108-4379-9026-4601F59859A0}
    GPSoftware Directory Opus-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup C:\Programme\InstallShield Installation Information\{556DF27F-5B74-11D5-B876-004005E12EF1}\Setup.exe -l0x9 DentalFloss
    HijackThis 2.0.2-->Y:\HijackThis.....OK\HijackThis.exe /uninstall
    Hotfix for Windows XP (KB909394)-->C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe
    I8kfanGUI V3.1-->C:\Programme\I8kfanGUI\uninstall.exe
    Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
    Langenscheidt T1 7.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup C:\Programme\InstallShield Installation Information\{57EB87EF-23DF-4A76-9B90-FD7B53E1C6CE}\Setup.exe -l0x7 UNINSTALL
    MAGIX Online Druck Service 2.3.2.0 (D)-->C:\Programme\MAGIX\Online_Druck_Service\instslct.exe
    MAGIX Video deluxe 2007 e-version 6.5.0.24 (D)-->C:\Programme\MAGIX\Video_deluxe_2007_e-version\instslct.exe
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
    Mozilla Firefox (3.0.5)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
    Outpost Firewall Pro 2009-->C:\Programme\Agnitum\Outpost Firewall Pro\unins000.exe
    PowerQuest Drive Image 2002-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5F71EB81-C72E-4B28-8D90-FDEECFEBC2DE} 
    Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe -l0x7 -removeonly
    revoSleep-->MsiExec.exe /I{B76E8F60-D517-44B1-BFCD-B6C153A60F1B}
    RouterControl 1.92-->C:\WINDOWS\RCoUn2.exe /UnInst:C:\WINDOWS\RouterControl2_Uninstall.in
    SolSuite 2008 v8.3-->C:\Programme\SolSuite\unins000.exe
    SoundMAX-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup C:\Programme\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe -l0x7 -removeonly
    TeamViewer 4-->C:\Programme\TeamViewer\Version4\uninstall.exe
    TeraCopy 1.22-->C:\Programme\TeraCopy\unins000.exe
    The KMPlayer (remove only)-->C:\Programme\The KMPlayer\uninstall.exe
    TOSHIBA Benutzerhandbücher-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup C:\Programme\InstallShield Installation Information\{25DB99F1-4681-4391-931F-6F144E8B5F18}\Setup.exe -l0x7 
    TreeSize Professional 4.2.2-->C:\Programme\JAM Software\TreeSize Professional\unins000.exe
    TVR-->C:\Programme\TVR\Uninstal.EXE
    UltraVNC v1.0.2-->C:\Programme\UltraVNC\unins000.exe
    Unknown Device Identifier 7.00-->C:\Programme\Unknown Device Identifier\unins000.exe
    Virtual Earth 3D (Beta)-->MsiExec.exe /I{39CE3C17-846D-4D9B-8B3E-C01A4B90FB73}
    WinRAR-->C:\Programme\WinRAR\uninstall.exe
    Xilisoft 3GP Video Converter-->C:\Programme\Xilisoft\3GP Video Converter 3\Uninstall.exe
    XPclean-->MsiExec.exe /I{39EE2257-DA3C-4FBA-9D59-893104A1EB4F}
    
    =====HijackThis Backups=====
    
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll [2008-09-23]
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (file missing) [2008-09-23]
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2008-09-23]
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll [2008-10-25]
    O9 - Extra->Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll [2008-10-25]
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (file missing) [2008-10-25]
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2008-10-25]
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (file missing) [2008-10-30]
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2008-10-30]
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll [2008-10-30]
    O9 - Extra->Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll [2008-10-30]
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file) [2008-11-29]
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll [2008-11-29]
    O9 - Extra->Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll [2008-11-29]
    O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe [2008-11-29]
    O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe [2008-11-29]
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (file missing) [2009-01-31]
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2009-01-31]
    O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Programme\Dealio\kb127\Dealio.dll (file missing) [2009-01-31]
    O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Programme\Dealio\kb127\Dealio.dll (file missing) [2009-01-31]
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll (file missing) [2009-01-31]
    O9 - Extra->Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll (file missing) [2009-01-31]
    O4 - HKCU\..\Run: [PoliceAV] C:\Programme\XPPoliceAntivirus\xppolice.exe [2009-03-14]
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll [2009-03-14]
    O9 - Extra->Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll [2009-03-14]
    O20 - AppInit_DLLs: mqdvxg.dll [2009-03-14]
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll [2009-07-02]
    O9 - Extra->Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll [2009-07-02]
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9909D3AC-B70B-4B73-8002-AFFA50EDD9AA}: NameServer = 192.168.1.1 [2009-07-02]
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F8340909-60FE-4326-A2B0-9B1184C6678C}: NameServer = 192.168.1.1 [2009-07-02]
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll [2009-09-21]
    O9 - Extra->Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll [2009-09-21]
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2009-09-21]
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file) [2009-09-22]
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2009-09-22]
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll [2009-09-22]
    O9 - Extra->Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll [2009-09-22]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url] [2009-10-14]
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file) [2009-10-14]
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2009-10-14]
    O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file) [2009-10-14]
    O2 - BHO: D - {8D74111B-089D-39CA-B88C-364F55027973} - C:\WINDOWS\system32\xwr22607.dll [2009-10-14]
    O3 - Toolbar: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file) [2009-10-14]
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll [2009-10-14]
    O9 - Extra->Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll [2009-10-14]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://start.gametop.com/?utm_source=80Days&utm_medium=start[/url] [2009-10-14]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://search.conduit.com?SearchSource=10&ctid=CT2319825[/url] [2010-02-15]
    O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Programme\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t [2010-02-15]
    O4 - HKCU\..\Run: [sxdin] c:\dokumente und einstellungen\lutz\lokale einstellungen\anwendungsdaten\sxdin.exe sxdin [2010-02-15]
    
    ======Hosts File======
    
    127.0.0.1 mpa.one.microsoft.com
    
    ======Security center information======
    
    FW: Outpost Firewall Pro (disabled)
    
    ======System event log======
    
    Computer Name: JO-B71DBCF54530
    Event Code: 7036
    Message: Dienst Terminaldienste befindet sich jetzt im Status Ausgeführt.
    
    Record Number: 5
    Source Name: Service Control Manager
    Time Written: 20100127102453.000000+060
    Event Type: Informationen
    User: 
    
    Computer Name: JO-B71DBCF54530
    Event Code: 9
    Message: Broadcom NetXtreme 57xx Gigabit Controller: Network controller configured for 100Mb full-duplex link.
    
    Record Number: 4
    Source Name: b57w2k
    Time Written: 20100127102407.000000+060
    Event Type: Informationen
    User: 
    
    Computer Name: JO-B71DBCF54530
    Event Code: 15
    Message: Broadcom NetXtreme 57xx Gigabit Controller: Driver initialized successfully.
    
    Record Number: 3
    Source Name: b57w2k
    Time Written: 20100127102407.000000+060
    Event Type: Informationen
    User: 
    
    Computer Name: JO-B71DBCF54530
    Event Code: 6005
    Message: Der Ereignisprotokolldienst wurde gestartet.
    
    Record Number: 2
    Source Name: EventLog
    Time Written: 20100127102400.000000+060
    Event Type: Informationen
    User: 
    
    Computer Name: JO-B71DBCF54530
    Event Code: 6009
    Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Uniprocessor Free.
    
    Record Number: 1
    Source Name: EventLog
    Time Written: 20100127102400.000000+060
    Event Type: Informationen
    User: 
    
    =====Application event log=====
    
    Computer Name: JO-B71DBCF54530
    Event Code: 102
    Message: wuaueng.dll (996) SUS20ClientDataStore: Das Datenbankmodul hat eine neue Instanz gestartet (0).
    
    Record Number: 3057
    Source Name: ESENT
    Time Written: 20090618074239.000000+120
    Event Type: Informationen
    User: 
    
    Computer Name: JO-B71DBCF54530
    Event Code: 100
    Message: wuauclt (996) Das Datenbankmodul 5.01.2600.2180 ist gestartet.
    
    Record Number: 3056
    Source Name: ESENT
    Time Written: 20090618074239.000000+120
    Event Type: Informationen
    User: 
    
    Computer Name: JO-B71DBCF54530
    Event Code: 1800
    Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
    
    Record Number: 3055
    Source Name: SecurityCenter
    Time Written: 20090618074153.000000+120
    Event Type: Informationen
    User: 
    
    Computer Name: JO-B71DBCF54530
    Event Code: 101
    Message: wuauclt (420) Das Datenbankmodul wurde beendet.
    
    Record Number: 3054
    Source Name: ESENT
    Time Written: 20090617074057.000000+120
    Event Type: Informationen
    User: 
    
    Computer Name: JO-B71DBCF54530
    Event Code: 103
    Message: wuaueng.dll (420) SUS20ClientDataStore: Das Datenbankmodul hat die Instanz (0) beendet.
    
    Record Number: 3053
    Source Name: ESENT
    Time Written: 20090617074057.000000+120
    Event Type: Informationen
    User: 
    
    ======Environment variables======
    
    ComSpec=%SystemRoot%\system32\cmd.exe
    Path=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Programme\Gemeinsame Dateien\Acronis\SnapAPI\
    windir=%SystemRoot%
    FP_NO_HOST_CHECK=NO
    OS=Windows_NT
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_LEVEL=15
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
    PROCESSOR_REVISION=0401
    NUMBER_OF_PROCESSORS=1
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    TEMP=%SystemRoot%\TEMP
    TMP=%SystemRoot%\TEMP
    
    -----------------EOF-----------------
    
     
  4. Code:
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by jo at 2010-02-20 12:22:42
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 1 GB (16%) free of 7 GB
    Total RAM: 502 MB (43% free)
    
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:22:47, on 20.02.2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
    C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe
    C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE
    C:\Programme\Microsoft ActiveSync\Wcescomm.exe
    C:\Programme\TVR\TVR.exe
    C:\Programme\PC Uhr synchcronisieren\tclock.exe
    C:\PROGRA~1\MICROS~2\rapimgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programme\Internet Explorer\iexplore.exe
    C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
    C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
    C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
    C:\WINDOWS\system32\lvhidsvc.exe
    C:\Programme\UltraVNC\WinVNC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\GPSoftware\Directory Opus\DOpus.exe
    D:\Download\RSIT.exe
    C:\WINDOWS\system32\wuauclt.exe
    Y:\HijackThis.....OK\jo.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR[/url]
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR[/url]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.daemon-search.com/startpage[/url]
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR[/url]
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: D - {8D74111B-089D-39CA-B88C-364F55027973} - C:\WINDOWS\system32\xwr22607.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
    O4 - HKLM\..\Run: [TEMP-Terminator] C:\WINDOWS\cleartmp.bat
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
    O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
    O4 - HKCU\..\Run: [RouterControl] C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE
    O4 - HKCU\..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\Wcescomm.exe
    O4 - HKCU\..\Run: [ccleaner] C:\Programme\CCleaner\CCleaner.exe /AUTO
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->NETZWERKDIENST')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->Default user')
    O4 - Startup: TV Capture Card .lnk = C:\Programme\TVR\TVR.exe
    O4 - Startup: Biet-O-Matic.lnk = C:\Programme\Biet-O-Matic\Biet-O-Matic.exe
    O4 - Startup: Verknüpfung mit tclock.lnk = C:\Programme\PC Uhr synchcronisieren\tclock.exe
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra->Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Programme\Agnitum\Outpost Firewall Pro\ie_bar.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra->Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - [url]http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[/url]
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [url]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/url]
    O17 - HKLM\System\CCS\Services\Tcpip\..\{25AF9887-3994-4270-B106-D72F63A7D13A}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{79EFFE9A-E8C2-45AE-9D7B-7C47768BD91A}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{25AF9887-3994-4270-B106-D72F63A7D13A}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{25AF9887-3994-4270-B106-D72F63A7D13A}: NameServer = 192.168.1.1
    O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
    O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
    O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: Remote HID Service (LvHidSvc) - Philips - C:\WINDOWS\system32\lvhidsvc.exe
    O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Programme\UltraVNC\WinVNC.exe
    
    --
    End of file - 5476 bytes
    
    ======Scheduled tasks folder======
    
    C:\WINDOWS\tasks\Driver Robot.job
    
    ======Registry dump======
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D74111B-089D-39CA-B88C-364F55027973}]
    D - C:\WINDOWS\system32\xwr22607.dll [2009-10-05 233472]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    TEMP-Terminator=C:\WINDOWS\cleartmp.bat [2005-04-07 401]
    Acronis Scheduler2 Service=C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe [2009-10-31 362032]
    OutpostMonitor=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2010-02-09 2447488]
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    RouterControl=C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE [2008-11-18 3191296]
    H/PC Connection Agent=C:\Programme\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
    ccleaner=C:\Programme\CCleaner\CCleaner.exe [2009-03-24 1488112]
    ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe [2004-08-28 15360]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CryptLoad]
    C:\Programme\CryptLoad...0000000000000000000000\CryptLoad 1.1.0    ooooooooooooooooooo\CryptLoad_08.06.2008\RouterClient.exe [2007-10-26 143360]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    C:\Programme\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DOpus]
    C:\Programme\GPSoftware\Directory Opus\dopus.exe [2007-02-15 5277624]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\i8kfangui]
    C:\Programme\I8kfanGUI\I8kfanGUI.exe [2007-02-16 856064]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
    C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k []
     
  5. Code:
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    C:\Programme\Messenger\msmsgs.exe [2004-08-04 1667584]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]
    C:\Programme\Agnitum\Outpost Firewall Pro\feedback.exe [2010-02-09 439784]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostMonitor]
    C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2010-02-09 2447488]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecSche]
    C:\Programme\TVR\RecSche.exe [2004-05-10 454656]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RouterControl]
    C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE [2008-11-18 3191296]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    C:\Programme\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
    C:\Programme\MAGIX\Video_deluxe_2007_e-version\TrayServer.exe [2006-10-04 86016]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
    C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe [2009-10-31 5140952]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
    C:\Programme\UltraVNC\WinVNC.exe [2006-06-18 712704]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^jo.JO-B71DBCF54530^Startmenü^Programme^Autostart^Verknüpfung mit tclock.lnk]
    F:\Dowload\TClock Light\tclock.exe []
    
    C:\Dokumente und Einstellungen\jo.JO-B71DBCF54530\Startmenü\Programme\Autostart
    TV Capture Card .lnk - C:\Programme\TVR\TVR.exe
    Biet-O-Matic.lnk - C:\Programme\Biet-O-Matic\Biet-O-Matic.exe
    Verknüpfung mit tclock.lnk - C:\Programme\PC Uhr synchcronisieren\tclock.exe
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLS=c:\progra~1\agnitum\outpos~1\wl_hook.dll
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}=C:\Programme\GPSoftware\Directory Opus\dopuslib.dll [2007-02-15 489400]
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    dontdisplaylastusername=0
    legalnoticecaption=
    legalnoticetext=
    shutdownwithoutlogon=1
    undockwithoutlogon=1
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoDriveTypeAutoRun=145
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe=%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    K:\DOWNLOAD\Download-Manager_Router_Netgaer  OOOOOOOOOOOOOOOOOOOOOOOO00000000000\Routercontro 1.91_rc.zip + CryptLoad 1.09_______OK\CryptLoad 1.09\CryptLoad...0000000000000000000000\RouterClient.exe=K:\DOWNLOAD\Download-Manager_Router_Netgaer  OOOOOOOOOOOOOOOOOOOOOOOO00000000000\Routercontro 1.91_rc.zip + CryptLoad 1.09_______OK\CryptLoad 1.09\CryptLoad...0000000000000000000000\RouterClient.exe:*:Enabled:RouterClient
    C:\Programme\CryptLoad...0000000000000000000000\RouterClient.exe=C:\Programme\CryptLoad...0000000000000000000000\RouterClient.exe:*:Enabled:RouterClient
    C:\Programme\CryptLoad...0000000000000000000000\CryptLoad 1.1.0    ooooooooooooooooooo\CryptLoad_08.06.2008\RouterClient.exe=C:\Programme\CryptLoad...0000000000000000000000\CryptLoad 1.1.0    ooooooooooooooooooo\CryptLoad_08.06.2008\RouterClient.exe:*:Enabled:RouterClient
    C:\Programme\CryptLoad...0000000000000000000000\CryptLoad 1.1.0    ooooooooooooooooooo\CryptLoad_08.06.2008\CryptLoad_08.06.2008\CryptLoad.exe=C:\Programme\CryptLoad...0000000000000000000000\CryptLoad 1.1.0    ooooooooooooooooooo\CryptLoad_08.06.2008\CryptLoad_08.06.2008\CryptLoad.exe:*:Enabled:CryptLoad
    C:\Programme\Microsoft ActiveSync\rapimgr.exe=C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    C:\Programme\Microsoft ActiveSync\wcescomm.exe=C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    C:\Programme\Microsoft ActiveSync\WCESMgr.exe=C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    C:\Programme\TeamViewer\Version4\TeamViewer.exe=C:\Programme\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application
    Y:\Langenscheidt T1 Professional v.7.0.German-English\Langenscheidt T1 7_0\StdAlone\MT_Alone.exe=Y:\Langenscheidt T1 Professional v.7.0.German-English\Langenscheidt T1 7_0\StdAlone\MT_Alone.exe:*:Enabled:T1 Standalone
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe=%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Programme\Microsoft ActiveSync\rapimgr.exe=C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    C:\Programme\Microsoft ActiveSync\wcescomm.exe=C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    C:\Programme\Microsoft ActiveSync\WCESMgr.exe=C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    
    ======List of files/folders created in the last 1 months======
    
    2010-02-20 12:12:53 ----D---- C:\rsit
    2010-02-20 11:04:14 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Office Genuine Advantage
    2010-02-20 11:04:10 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Windows Genuine Advantage
    2010-02-18 20:41:52 ----HD---- C:\BJPrinter
    2010-02-12 12:36:17 ----D---- C:\WINDOWS\system32\Filt
    2010-02-12 12:36:17 ----D---- C:\Programme\Agnitum
    2010-02-12 12:35:57 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Agnitum
    2010-02-12 09:34:51 ----D---- C:\WINDOWS\WBEM
    2010-02-12 09:33:55 ----A---- C:\WINDOWS\system32\ieencode.dll
    2010-02-12 09:33:54 ----D---- C:\WINDOWS\system32\de-DE
    
    ======List of files/folders modified in the last 1 months======
    
    2010-02-20 12:21:44 ----A---- C:\WINDOWS\win.ini
    2010-02-20 12:20:34 ----N---- C:\WINDOWS\SchedLgU.Txt
    2010-02-20 11:06:20 ----A---- C:\WINDOWS\system32\WinVNC.log.bak
    2010-02-20 09:48:32 ----SH---- C:\boot.ini
    2010-02-20 09:48:32 ----A---- C:\WINDOWS\system.ini
    
    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    
    R1 fanio;FanIO driver; \??\C:\WINDOWS\system32\drivers\fanio.sys []
    R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-28 40192]
    R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
    R1 SandBox;SandBox; \??\C:\WINDOWS\system32\drivers\SandBox.sys []
    R2 vnccom;vnccom; C:\WINDOWS\System32\Drivers\vnccom.SYS [2004-06-26 6016]
    R3 afcdp;afcdp; C:\WINDOWS\system32\DRIVERS\afcdp.sys [2009-11-13 160288]
    R3 afw;Agnitum firewall driver; C:\WINDOWS\system32\DRIVERS\afw.sys [2009-02-18 31128]
    R3 afwcore;afwcore; C:\WINDOWS\system32\drivers\afwcore.sys [2009-11-02 257304]
    R3 ASWFilt;ASWFilt; \??\C:\WINDOWS\system32\Filt\ASWFilt.dll []
    R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-05-10 156160]
    R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-28 9600]
    R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
    R3 LVCap138;TV Card Capture Driver; C:\WINDOWS\system32\DRIVERS\tvcap.sys [2004-09-20 308736]
    R3 lvtuner;TV Card WDM TV Tuner; C:\WINDOWS\system32\DRIVERS\tvtuner.sys [2004-09-20 16512]
    R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
    R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
    R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-28 31616]
    R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-28 26624]
    R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-28 57600]
    R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-28 26496]
    R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-28 20480]
    R3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736]
    S2 AKEProtect;AKEProtect; \??\I:\Directlinks\Codari's Portable Softwaresammlung\@Security\Portable Anti-keylogger Elite 3.3.3\app\AKEProtect.sys []
    S3 ab2hpcs1;ab2hpcs1; C:\WINDOWS\system32\drivers\ab2hpcs1.sys []
    S3 ac97intc;Intel(r) 82801 Audiotreiber-Installationsdienst (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
    S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
    S3 AVHybrid;AVHybrid service; C:\WINDOWS\system32\DRIVERS\AVHybrid.sys [2007-01-31 834816]
    S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
    S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
    S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
    S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
    S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
    S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
    S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
    S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
    S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
    S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
    S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
    S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
    S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
    S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
    S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
    S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
    S3 MPE;BDA MPE-Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
    S3 ms_mpu401;Microsoft MPU-401 MIDI UART-Treiber; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
    S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-28 10880]
    S3 NtApm;Herkömmlicher NT APM-Schnittstellentreiber; C:\WINDOWS\system32\DRIVERS\NtApm.sys [2004-08-28 9472]
    S3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS []
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-28 11136]
    S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-28 15360]
    S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
    S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
    S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
    
    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    
    R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [2009-10-31 661072]
    R2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2010-02-09 1338160]
    R2 afcdpsrv;Acronis Nonstop Backup service; C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe [2009-11-13 2480048]
    R2 LvHidSvc;Remote HID Service; C:\WINDOWS\system32\lvhidsvc.exe [2004-03-25 32256]
    R2 winvnc;VNC Server; C:\Programme\UltraVNC\WinVNC.exe [2006-06-18 712704]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Programme\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
    
    -----------------EOF-----------------
    

    ich will hoffen das es so richtig ist
    musste den 2. log teilen

    Liebe Fee

    mache ich

    da kann ich nicht für :'(
    hat hijackthis so aus gespuckt
     
  6. bitteschön

    Code:
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D74111B-089D-39CA-B88C-364F55027973}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D74111B-089D-39CA-B88C-364F55027973}\ not found.
    ========== FILES ==========
    File/Folder C:\WINDOWS\system32\xwr22607.dll not found.
     
    OTM by OldTimer - Version 3.1.9.0 log created on 02202010_183311


    ich sehe gerade,das
    nicht gefunden wurde.


    diese hatte ich nach Fee's anweisung , gefixt
     
  7. HijackThis spuckt nur das aus, was du installiert hast

    Z.B.: Daemon Tools Lite
    Mit der Lite-Version von Daemon Tools können keine kopiergeschützten Medien kopiert werden, somit ist es mit dem deutschen Recht konform.

    pan_fee
     
  8. das hast du dann aber nach dem erstellen der rsit logs gemacht oder? poste bitte mal ein frisches rsit logfile.

    noch probleme mit dem rechner?
     
Die Seite wird geladen...

nervendes Fenster - Ähnliche Themen

Forum Datum
nervendes DFÜ-Verbindungsfenster Windows 95-2000 17. Aug. 2005
Unbekanntes nervendes PopUp-Symbol Sonstiges rund um den PC & Kaufberatung 23. März 2006
Taskleiste. Fenster "kleben" zusammen. Windows 7 Forum 31. Jan. 2016
Fensterfarben unter Windows ändern Windows 10 Forum 14. Jan. 2016
Fenster zucken Windows 7 Forum 23. Dez. 2015