nervendes Fenster

balsam60 · 20.02.2010

hallo,

seitdem ich FF 3 install.habe,geht dieses fenster ( Filmchen ) im regelmässigem abstand auf :|
auch wenn ich nicht online bin.

wer kann mir sagen,wo ich den schalter finde,um es auszuknipsen

habe ein hijackthis.log erstellt

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:41:23, on 20.02.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe
C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE
C:\Programme\Microsoft ActiveSync\Wcescomm.exe
C:\Programme\I8kfanGUI\I8kfanGUI.exe
C:\Programme\TVR\TVR.exe
C:\Programme\Biet-O-Matic\Biet-O-Matic.exe
C:\Programme\PC Uhr synchcronisieren\tclock.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\Programme\TVR\video.ex_
C:\Programme\UltraVNC\WinVNC.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\GPSoftware\Directory Opus\DOpus.exe
Y:\HijackThis.....OK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.daemon-search.com/startpage[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR[/url]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: D - {8D74111B-089D-39CA-B88C-364F55027973} - C:\WINDOWS\system32\xwr22607.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [TEMP-Terminator] C:\WINDOWS\cleartmp.bat
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programme\Agnitum\Outpost Firewall Pro\feedback.exe /dump:os_startup
O4 - HKCU\..\Run: [RouterControl] C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE
O4 - HKCU\..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\Wcescomm.exe
O4 - HKCU\..\Run: [ccleaner] C:\Programme\CCleaner\CCleaner.exe /AUTO
O4 - HKCU\..\Run: [i8kfangui] C:\Programme\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->Default user')
O4 - Startup: TV Capture Card .lnk = C:\Programme\TVR\TVR.exe
O4 - Startup: Biet-O-Matic.lnk = C:\Programme\Biet-O-Matic\Biet-O-Matic.exe
O4 - Startup: Verknüpfung mit tclock.lnk = C:\Programme\PC Uhr synchcronisieren\tclock.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra->Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Programme\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra->Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - [url]http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[/url]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [url]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{25AF9887-3994-4270-B106-D72F63A7D13A}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{79EFFE9A-E8C2-45AE-9D7B-7C47768BD91A}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{25AF9887-3994-4270-B106-D72F63A7D13A}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{25AF9887-3994-4270-B106-D72F63A7D13A}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Remote HID Service (LvHidSvc) - Philips - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Programme\UltraVNC\WinVNC.exe

--
End of file - 6053 bytes

PCDpan_fee · 20.02.2010

balsam60 schrieb:

Code:

MSIE: Internet Explorer v[color=red]6.00[/color] 

O2 - BHO: D - {8D74111B-089D-39CA-B88C-364F55027973} - C:\WINDOWS\system32\[color=red]xwr22607.dll[/color]
O3 - Toolbar: Daemon Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\Daemon Tools Toolbar\[color=red]DTToolbar.dll[/color]

Internet Explorer ist veraltet - Neue Version:
http://www.wintotal.de/softwarearchiv/?id=4980

xwr22607.dll
ist Adware XML Parser AIE/Crypt (Trojan.BHO) und wird für das Filmchen zuständig sein.

in deiner LOG ist zwar das eigentliche Tool Daemon-Tool (SPTD.sy s/daemon.exe) nicht zu finden, sondern nur eine Daemon-Tool-Toolbar (DTToolbar.dll) und die Startpage, deshalb drück ich mal ein Auge zu.

Den Hinweis hast du ja gesehen aber es betrifft ja nicht die Toolbar:
[sub]O3 - Toolbar: Daemon Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\Daemon Tools Toolbar\DTToolbar.dll[/sub]

pan_fee

schrauber · 20.02.2010

Hi,

http://www.wintotal-forum.de/index.php/topic,147847.0.html#post_rs

lass mal bitte rsit laufen und poste beide logfiles in codetags.

balsam60 · 20.02.2010

Code:

info.txt logfile of random's system information tool 1.06 2010-02-20 12:13:25

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee 10 Foto-Manager-->MsiExec.exe /I{F8B98EB6-FC06-45BF-87D4-9784E0408611}
AcronisTrueImageHome-->MsiExec.exe /X{67ED38A3-4882-448B-B44D-3428AB00D7D5}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A90000000001}
Around the World in 80 Days-->C:\Programme\Around the World in 80 Days\Uninstall.exe
Biet-O-Matic v2.4.1-->C:\PROGRA~1\BIET-O~1\UNWISE.EXE C:\PROGRA~1\BIET-O~1\Install.log
Big Fish Games: Game Manager-->C:\Programme\bfgclient\Uninstall.exe
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{7E369B27-13E2-41A5-9879-358EE1C8B5AD}
CCleaner (remove only)-->C:\Programme\CCleaner\uninst.exe
DAEMON Tools Toolbar-->C:\Programme\DAEMON Tools Toolbar\uninst.exe
Driver Genius Professional Edition-->C:\Programme\Driver-Soft\DriverGenius\unins000.exe
Driver Robot 1.1.0.14-->C:\Programme\Driver Robot\1.1.0.14\unins000.exe
DriverAgent by TouchStone Software-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
Druids: Battle of Magic-->D:\Spiele\Druids - Battle of Magic\Uninstall.exe
EVEREST Ultimate Edition v4.20-->C:\Programme\Lavalys\EVEREST Ultimate Edition\unins000.exe
Falk Navi-Manager-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup C:\Programme\InstallShield Installation Information\{3222B0CE-59C5-4CA0-B545-2B88F200756B}\setup.exe -l0x7 -removeonly
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)-->C:\Programme\MAGIX\Common\Database\uninstall.exe
FLV Player 2.0 (build 25)-->C:\Programme\FLV Player\uninst.exe
Google Earth Pro-->MsiExec.exe /X{9578C0CD-8108-4379-9026-4601F59859A0}
GPSoftware Directory Opus-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup C:\Programme\InstallShield Installation Information\{556DF27F-5B74-11D5-B876-004005E12EF1}\Setup.exe -l0x9 DentalFloss
HijackThis 2.0.2-->Y:\HijackThis.....OK\HijackThis.exe /uninstall
Hotfix for Windows XP (KB909394)-->C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe
I8kfanGUI V3.1-->C:\Programme\I8kfanGUI\uninstall.exe
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&amp;DEV_2782 PCI\VEN_8086&amp;DEV_2582
Langenscheidt T1 7.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup C:\Programme\InstallShield Installation Information\{57EB87EF-23DF-4A76-9B90-FD7B53E1C6CE}\Setup.exe -l0x7 UNINSTALL
MAGIX Online Druck Service 2.3.2.0 (D)-->C:\Programme\MAGIX\Online_Druck_Service\instslct.exe
MAGIX Video deluxe 2007 e-version 6.5.0.24 (D)-->C:\Programme\MAGIX\Video_deluxe_2007_e-version\instslct.exe
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.0.5)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
Outpost Firewall Pro 2009-->C:\Programme\Agnitum\Outpost Firewall Pro\unins000.exe
PowerQuest Drive Image 2002-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5F71EB81-C72E-4B28-8D90-FDEECFEBC2DE} 
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe -l0x7 -removeonly
revoSleep-->MsiExec.exe /I{B76E8F60-D517-44B1-BFCD-B6C153A60F1B}
RouterControl 1.92-->C:\WINDOWS\RCoUn2.exe /UnInst:C:\WINDOWS\RouterControl2_Uninstall.in
SolSuite 2008 v8.3-->C:\Programme\SolSuite\unins000.exe
SoundMAX-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup C:\Programme\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe -l0x7 -removeonly
TeamViewer 4-->C:\Programme\TeamViewer\Version4\uninstall.exe
TeraCopy 1.22-->C:\Programme\TeraCopy\unins000.exe
The KMPlayer (remove only)-->C:\Programme\The KMPlayer\uninstall.exe
TOSHIBA Benutzerhandbücher-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup C:\Programme\InstallShield Installation Information\{25DB99F1-4681-4391-931F-6F144E8B5F18}\Setup.exe -l0x7 
TreeSize Professional 4.2.2-->C:\Programme\JAM Software\TreeSize Professional\unins000.exe
TVR-->C:\Programme\TVR\Uninstal.EXE
UltraVNC v1.0.2-->C:\Programme\UltraVNC\unins000.exe
Unknown Device Identifier 7.00-->C:\Programme\Unknown Device Identifier\unins000.exe
Virtual Earth 3D (Beta)-->MsiExec.exe /I{39CE3C17-846D-4D9B-8B3E-C01A4B90FB73}
WinRAR-->C:\Programme\WinRAR\uninstall.exe
Xilisoft 3GP Video Converter-->C:\Programme\Xilisoft\3GP Video Converter 3\Uninstall.exe
XPclean-->MsiExec.exe /I{39EE2257-DA3C-4FBA-9D59-893104A1EB4F}

=====HijackThis Backups=====

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll [2008-09-23]
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (file missing) [2008-09-23]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2008-09-23]
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll [2008-10-25]
O9 - Extra->Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll [2008-10-25]
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (file missing) [2008-10-25]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2008-10-25]
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (file missing) [2008-10-30]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2008-10-30]
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll [2008-10-30]
O9 - Extra->Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll [2008-10-30]
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file) [2008-11-29]
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll [2008-11-29]
O9 - Extra->Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll [2008-11-29]
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe [2008-11-29]
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe [2008-11-29]
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (file missing) [2009-01-31]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2009-01-31]
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Programme\Dealio\kb127\Dealio.dll (file missing) [2009-01-31]
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Programme\Dealio\kb127\Dealio.dll (file missing) [2009-01-31]
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll (file missing) [2009-01-31]
O9 - Extra->Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll (file missing) [2009-01-31]
O4 - HKCU\..\Run: [PoliceAV] C:\Programme\XPPoliceAntivirus\xppolice.exe [2009-03-14]
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll [2009-03-14]
O9 - Extra->Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll [2009-03-14]
O20 - AppInit_DLLs: mqdvxg.dll [2009-03-14]
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll [2009-07-02]
O9 - Extra->Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll [2009-07-02]
O17 - HKLM\System\CCS\Services\Tcpip\..\{9909D3AC-B70B-4B73-8002-AFFA50EDD9AA}: NameServer = 192.168.1.1 [2009-07-02]
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8340909-60FE-4326-A2B0-9B1184C6678C}: NameServer = 192.168.1.1 [2009-07-02]
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll [2009-09-21]
O9 - Extra->Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll [2009-09-21]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2009-09-21]
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file) [2009-09-22]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2009-09-22]
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll [2009-09-22]
O9 - Extra->Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb127\Dealio.dll [2009-09-22]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url] [2009-10-14]
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file) [2009-10-14]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2009-10-14]
O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file) [2009-10-14]
O2 - BHO: D - {8D74111B-089D-39CA-B88C-364F55027973} - C:\WINDOWS\system32\xwr22607.dll [2009-10-14]
O3 - Toolbar: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - (no file) [2009-10-14]
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll [2009-10-14]
O9 - Extra->Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\WINDOWS\system32\shdocvw.dll [2009-10-14]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://start.gametop.com/?utm_source=80Days&amp;utm_medium=start[/url] [2009-10-14]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://search.conduit.com?SearchSource=10&amp;ctid=CT2319825[/url] [2010-02-15]
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Programme\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t [2010-02-15]
O4 - HKCU\..\Run: [sxdin] c:\dokumente und einstellungen\lutz\lokale einstellungen\anwendungsdaten\sxdin.exe sxdin [2010-02-15]

======Hosts File======

127.0.0.1 mpa.one.microsoft.com

======Security center information======

FW: Outpost Firewall Pro (disabled)

======System event log======

Computer Name: JO-B71DBCF54530
Event Code: 7036
Message: Dienst Terminaldienste befindet sich jetzt im Status Ausgeführt.

Record Number: 5
Source Name: Service Control Manager
Time Written: 20100127102453.000000+060
Event Type: Informationen
User: 

Computer Name: JO-B71DBCF54530
Event Code: 9
Message: Broadcom NetXtreme 57xx Gigabit Controller: Network controller configured for 100Mb full-duplex link.

Record Number: 4
Source Name: b57w2k
Time Written: 20100127102407.000000+060
Event Type: Informationen
User: 

Computer Name: JO-B71DBCF54530
Event Code: 15
Message: Broadcom NetXtreme 57xx Gigabit Controller: Driver initialized successfully.

Record Number: 3
Source Name: b57w2k
Time Written: 20100127102407.000000+060
Event Type: Informationen
User: 

Computer Name: JO-B71DBCF54530
Event Code: 6005
Message: Der Ereignisprotokolldienst wurde gestartet.

Record Number: 2
Source Name: EventLog
Time Written: 20100127102400.000000+060
Event Type: Informationen
User: 

Computer Name: JO-B71DBCF54530
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Uniprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20100127102400.000000+060
Event Type: Informationen
User: 

=====Application event log=====

Computer Name: JO-B71DBCF54530
Event Code: 102
Message: wuaueng.dll (996) SUS20ClientDataStore: Das Datenbankmodul hat eine neue Instanz gestartet (0).

Record Number: 3057
Source Name: ESENT
Time Written: 20090618074239.000000+120
Event Type: Informationen
User: 

Computer Name: JO-B71DBCF54530
Event Code: 100
Message: wuauclt (996) Das Datenbankmodul 5.01.2600.2180 ist gestartet.

Record Number: 3056
Source Name: ESENT
Time Written: 20090618074239.000000+120
Event Type: Informationen
User: 

Computer Name: JO-B71DBCF54530
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 3055
Source Name: SecurityCenter
Time Written: 20090618074153.000000+120
Event Type: Informationen
User: 

Computer Name: JO-B71DBCF54530
Event Code: 101
Message: wuauclt (420) Das Datenbankmodul wurde beendet.

Record Number: 3054
Source Name: ESENT
Time Written: 20090617074057.000000+120
Event Type: Informationen
User: 

Computer Name: JO-B71DBCF54530
Event Code: 103
Message: wuaueng.dll (420) SUS20ClientDataStore: Das Datenbankmodul hat die Instanz (0) beendet.

Record Number: 3053
Source Name: ESENT
Time Written: 20090617074057.000000+120
Event Type: Informationen
User: 

======Environment variables======

ComSpec=%SystemRoot%\system32\cmd.exe
Path=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Programme\Gemeinsame Dateien\Acronis\SnapAPI\
windir=%SystemRoot%
FP_NO_HOST_CHECK=NO
OS=Windows_NT
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_LEVEL=15
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_REVISION=0401
NUMBER_OF_PROCESSORS=1
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP=%SystemRoot%\TEMP
TMP=%SystemRoot%\TEMP

-----------------EOF-----------------

balsam60 · 20.02.2010

Code:

Logfile of random's system information tool 1.06 (written by random/random)
Run by jo at 2010-02-20 12:22:42
Microsoft Windows XP Professional Service Pack 2
System drive C: has 1 GB (16%) free of 7 GB
Total RAM: 502 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:47, on 20.02.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe
C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE
C:\Programme\Microsoft ActiveSync\Wcescomm.exe
C:\Programme\TVR\TVR.exe
C:\Programme\PC Uhr synchcronisieren\tclock.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\Programme\UltraVNC\WinVNC.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\GPSoftware\Directory Opus\DOpus.exe
D:\Download\RSIT.exe
C:\WINDOWS\system32\wuauclt.exe
Y:\HijackThis.....OK\jo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.daemon-search.com/startpage[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR[/url]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: D - {8D74111B-089D-39CA-B88C-364F55027973} - C:\WINDOWS\system32\xwr22607.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [TEMP-Terminator] C:\WINDOWS\cleartmp.bat
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKCU\..\Run: [RouterControl] C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE
O4 - HKCU\..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\Wcescomm.exe
O4 - HKCU\..\Run: [ccleaner] C:\Programme\CCleaner\CCleaner.exe /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->Default user')
O4 - Startup: TV Capture Card .lnk = C:\Programme\TVR\TVR.exe
O4 - Startup: Biet-O-Matic.lnk = C:\Programme\Biet-O-Matic\Biet-O-Matic.exe
O4 - Startup: Verknüpfung mit tclock.lnk = C:\Programme\PC Uhr synchcronisieren\tclock.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra->Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Programme\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra->Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - [url]http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[/url]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [url]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{25AF9887-3994-4270-B106-D72F63A7D13A}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{79EFFE9A-E8C2-45AE-9D7B-7C47768BD91A}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{25AF9887-3994-4270-B106-D72F63A7D13A}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{25AF9887-3994-4270-B106-D72F63A7D13A}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Remote HID Service (LvHidSvc) - Philips - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Programme\UltraVNC\WinVNC.exe

--
End of file - 5476 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Driver Robot.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D74111B-089D-39CA-B88C-364F55027973}]
D - C:\WINDOWS\system32\xwr22607.dll [2009-10-05 233472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
TEMP-Terminator=C:\WINDOWS\cleartmp.bat [2005-04-07 401]
Acronis Scheduler2 Service=C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe [2009-10-31 362032]
OutpostMonitor=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2010-02-09 2447488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
RouterControl=C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE [2008-11-18 3191296]
H/PC Connection Agent=C:\Programme\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
ccleaner=C:\Programme\CCleaner\CCleaner.exe [2009-03-24 1488112]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe [2004-08-28 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CryptLoad]
C:\Programme\CryptLoad...0000000000000000000000\CryptLoad 1.1.0    ooooooooooooooooooo\CryptLoad_08.06.2008\RouterClient.exe [2007-10-26 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Programme\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DOpus]
C:\Programme\GPSoftware\Directory Opus\dopus.exe [2007-02-15 5277624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\i8kfangui]
C:\Programme\I8kfanGUI\I8kfanGUI.exe [2007-02-16 856064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

balsam60 · 20.02.2010

Code:

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Programme\Messenger\msmsgs.exe [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]
C:\Programme\Agnitum\Outpost Firewall Pro\feedback.exe [2010-02-09 439784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostMonitor]
C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2010-02-09 2447488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecSche]
C:\Programme\TVR\RecSche.exe [2004-05-10 454656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RouterControl]
C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE [2008-11-18 3191296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Programme\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
C:\Programme\MAGIX\Video_deluxe_2007_e-version\TrayServer.exe [2006-10-04 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe [2009-10-31 5140952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
C:\Programme\UltraVNC\WinVNC.exe [2006-06-18 712704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^jo.JO-B71DBCF54530^Startmenü^Programme^Autostart^Verknüpfung mit tclock.lnk]
F:\Dowload\TClock Light\tclock.exe []

C:\Dokumente und Einstellungen\jo.JO-B71DBCF54530\Startmenü\Programme\Autostart
TV Capture Card .lnk - C:\Programme\TVR\TVR.exe
Biet-O-Matic.lnk - C:\Programme\Biet-O-Matic\Biet-O-Matic.exe
Verknüpfung mit tclock.lnk - C:\Programme\PC Uhr synchcronisieren\tclock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS=c:\progra~1\agnitum\outpos~1\wl_hook.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}=C:\Programme\GPSoftware\Directory Opus\dopuslib.dll [2007-02-15 489400]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername=0
legalnoticecaption=
legalnoticetext=
shutdownwithoutlogon=1
undockwithoutlogon=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe=%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
K:\DOWNLOAD\Download-Manager_Router_Netgaer  OOOOOOOOOOOOOOOOOOOOOOOO00000000000\Routercontro 1.91_rc.zip + CryptLoad 1.09_______OK\CryptLoad 1.09\CryptLoad...0000000000000000000000\RouterClient.exe=K:\DOWNLOAD\Download-Manager_Router_Netgaer  OOOOOOOOOOOOOOOOOOOOOOOO00000000000\Routercontro 1.91_rc.zip + CryptLoad 1.09_______OK\CryptLoad 1.09\CryptLoad...0000000000000000000000\RouterClient.exe:*:Enabled:RouterClient
C:\Programme\CryptLoad...0000000000000000000000\RouterClient.exe=C:\Programme\CryptLoad...0000000000000000000000\RouterClient.exe:*:Enabled:RouterClient
C:\Programme\CryptLoad...0000000000000000000000\CryptLoad 1.1.0    ooooooooooooooooooo\CryptLoad_08.06.2008\RouterClient.exe=C:\Programme\CryptLoad...0000000000000000000000\CryptLoad 1.1.0    ooooooooooooooooooo\CryptLoad_08.06.2008\RouterClient.exe:*:Enabled:RouterClient
C:\Programme\CryptLoad...0000000000000000000000\CryptLoad 1.1.0    ooooooooooooooooooo\CryptLoad_08.06.2008\CryptLoad_08.06.2008\CryptLoad.exe=C:\Programme\CryptLoad...0000000000000000000000\CryptLoad 1.1.0    ooooooooooooooooooo\CryptLoad_08.06.2008\CryptLoad_08.06.2008\CryptLoad.exe:*:Enabled:CryptLoad
C:\Programme\Microsoft ActiveSync\rapimgr.exe=C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
C:\Programme\Microsoft ActiveSync\wcescomm.exe=C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
C:\Programme\Microsoft ActiveSync\WCESMgr.exe=C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
C:\Programme\TeamViewer\Version4\TeamViewer.exe=C:\Programme\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application
Y:\Langenscheidt T1 Professional v.7.0.German-English\Langenscheidt T1 7_0\StdAlone\MT_Alone.exe=Y:\Langenscheidt T1 Professional v.7.0.German-English\Langenscheidt T1 7_0\StdAlone\MT_Alone.exe:*:Enabled:T1 Standalone

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe=%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Programme\Microsoft ActiveSync\rapimgr.exe=C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
C:\Programme\Microsoft ActiveSync\wcescomm.exe=C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
C:\Programme\Microsoft ActiveSync\WCESMgr.exe=C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

======List of files/folders created in the last 1 months======

2010-02-20 12:12:53 ----D---- C:\rsit
2010-02-20 11:04:14 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Office Genuine Advantage
2010-02-20 11:04:10 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Windows Genuine Advantage
2010-02-18 20:41:52 ----HD---- C:\BJPrinter
2010-02-12 12:36:17 ----D---- C:\WINDOWS\system32\Filt
2010-02-12 12:36:17 ----D---- C:\Programme\Agnitum
2010-02-12 12:35:57 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Agnitum
2010-02-12 09:34:51 ----D---- C:\WINDOWS\WBEM
2010-02-12 09:33:55 ----A---- C:\WINDOWS\system32\ieencode.dll
2010-02-12 09:33:54 ----D---- C:\WINDOWS\system32\de-DE

======List of files/folders modified in the last 1 months======

2010-02-20 12:21:44 ----A---- C:\WINDOWS\win.ini
2010-02-20 12:20:34 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-02-20 11:06:20 ----A---- C:\WINDOWS\system32\WinVNC.log.bak
2010-02-20 09:48:32 ----SH---- C:\boot.ini
2010-02-20 09:48:32 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 fanio;FanIO driver; \??\C:\WINDOWS\system32\drivers\fanio.sys []
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-28 40192]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 SandBox;SandBox; \??\C:\WINDOWS\system32\drivers\SandBox.sys []
R2 vnccom;vnccom; C:\WINDOWS\System32\Drivers\vnccom.SYS [2004-06-26 6016]
R3 afcdp;afcdp; C:\WINDOWS\system32\DRIVERS\afcdp.sys [2009-11-13 160288]
R3 afw;Agnitum firewall driver; C:\WINDOWS\system32\DRIVERS\afw.sys [2009-02-18 31128]
R3 afwcore;afwcore; C:\WINDOWS\system32\drivers\afwcore.sys [2009-11-02 257304]
R3 ASWFilt;ASWFilt; \??\C:\WINDOWS\system32\Filt\ASWFilt.dll []
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-05-10 156160]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-28 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 LVCap138;TV Card Capture Driver; C:\WINDOWS\system32\DRIVERS\tvcap.sys [2004-09-20 308736]
R3 lvtuner;TV Card WDM TV Tuner; C:\WINDOWS\system32\DRIVERS\tvtuner.sys [2004-09-20 16512]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-28 31616]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-28 26624]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-28 57600]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-28 26496]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-28 20480]
R3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736]
S2 AKEProtect;AKEProtect; \??\I:\Directlinks\Codari's Portable Softwaresammlung\@Security\Portable Anti-keylogger Elite 3.3.3\app\AKEProtect.sys []
S3 ab2hpcs1;ab2hpcs1; C:\WINDOWS\system32\drivers\ab2hpcs1.sys []
S3 ac97intc;Intel(r) 82801 Audiotreiber-Installationsdienst (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
S3 AVHybrid;AVHybrid service; C:\WINDOWS\system32\DRIVERS\AVHybrid.sys [2007-01-31 834816]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
S3 MPE;BDA MPE-Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART-Treiber; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-28 10880]
S3 NtApm;Herkömmlicher NT APM-Schnittstellentreiber; C:\WINDOWS\system32\DRIVERS\NtApm.sys [2004-08-28 9472]
S3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-28 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-28 15360]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [2009-10-31 661072]
R2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2010-02-09 1338160]
R2 afcdpsrv;Acronis Nonstop Backup service; C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe [2009-11-13 2480048]
R2 LvHidSvc;Remote HID Service; C:\WINDOWS\system32\lvhidsvc.exe [2004-03-25 32256]
R2 winvnc;VNC Server; C:\Programme\UltraVNC\WinVNC.exe [2006-06-18 712704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Programme\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]

-----------------EOF-----------------

ich will hoffen das es so richtig ist
musste den 2. log teilen

Liebe Fee

Internet Explorer ist veraltet - Neue Version:

mache ich

nicht zu finden, sondern nur eine Daemon-Tool-Toolbar (DTToolbar.dll) und die Startpage, deshalb drück ich mal ein Auge zu.

da kann ich nicht für :'(
hat hijackthis so aus gespuckt

schrauber · 20.02.2010

hi,

bitte lade OTM

http://www.wintotal-forum.de/index.php/topic,147847.0.html#post_otm

und lass es nach anweisung laufen, mit diesem script:

Code:

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D74111B-089D-39CA-B88C-364F55027973}]
:files
C:\WINDOWS\system32\xwr22607.dll

balsam60 · 20.02.2010

bitteschön

Code:

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D74111B-089D-39CA-B88C-364F55027973}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D74111B-089D-39CA-B88C-364F55027973}\ not found.
========== FILES ==========
File/Folder C:\WINDOWS\system32\xwr22607.dll not found.
 
OTM by OldTimer - Version 3.1.9.0 log created on 02202010_183311

PCDpan_fee schrieb:
balsam60 schrieb:

Code:

O2 - BHO: D - {8D74111B-089D-39CA-B88C-364F55027973} - C:\WINDOWS\system32\[color=red]xwr22607.dll[/color] O3 - Toolbar: Daemon Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\Daemon Tools Toolbar\[color=red]DTToolbar.dll[/color]

Zum Vergrößern anklicken....

xwr22607.dll
ist Adware XML Parser AIE/Crypt (Trojan.BHO) und wird für das Filmchen zuständig sein.

pan_fee

ich sehe gerade,das

File/Folder C:\WINDOWS\system32\xwr22607.dll not found.

nicht gefunden wurde.

diese hatte ich nach Fee's anweisung , gefixt

PCDpan_fee · 20.02.2010

balsam60 schrieb:
da kann ich nicht für :'(
hat hijackthis so aus gespuckt

HijackThis spuckt nur das aus, was du installiert hast

Z.B.: Daemon Tools Lite

balsam60 schrieb:

Code:

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Daemon Tools Lite]
C:\Programme\Daemon Tools Lite\[color=red]daemon.exe[/color] [2008-07-24 490952]

Mit der Lite-Version von Daemon Tools können keine kopiergeschützten Medien kopiert werden, somit ist es mit dem deutschen Recht konform.

pan_fee

schrauber · 20.02.2010

das hast du dann aber nach dem erstellen der rsit logs gemacht oder? poste bitte mal ein frisches rsit logfile.

noch probleme mit dem rechner?

balsam60 · 20.02.2010

noch probleme mit dem rechner?

das filmchen ist weg.

poste bitte mal ein frisches rsit logfile.

mache ich sofort.

Code:

Logfile of random's system information tool 1.06 (written by random/random)
Run by jo at 2010-02-20 23:29:51
Microsoft Windows XP Professional Service Pack 2
System drive C: has 1 GB (14%) free of 7 GB
Total RAM: 502 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:29:55, on 20.02.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe
C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE
C:\Programme\Microsoft ActiveSync\Wcescomm.exe
C:\Programme\TVR\TVR.exe
C:\Programme\PC Uhr synchcronisieren\tclock.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\lvhidsvc.exe
C:\Programme\UltraVNC\WinVNC.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\GPSoftware\Directory Opus\DOpus.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\jo.JO-B71DBCF54530\desktop\rsit.exe
Y:\HijackThis.....OK\jo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.daemon-search.com/startpage[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR[/url]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [TEMP-Terminator] C:\WINDOWS\cleartmp.bat
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [RouterControl] C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE
O4 - HKCU\..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\Wcescomm.exe
O4 - HKCU\..\Run: [ccleaner] C:\Programme\CCleaner\CCleaner.exe /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->Default user')
O4 - Startup: TV Capture Card .lnk = C:\Programme\TVR\TVR.exe
O4 - Startup: Biet-O-Matic.lnk = C:\Programme\Biet-O-Matic\Biet-O-Matic.exe
O4 - Startup: Verknüpfung mit tclock.lnk = C:\Programme\PC Uhr synchcronisieren\tclock.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra->Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Programme\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra->Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - [url]http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[/url]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [url]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{25AF9887-3994-4270-B106-D72F63A7D13A}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{79EFFE9A-E8C2-45AE-9D7B-7C47768BD91A}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{25AF9887-3994-4270-B106-D72F63A7D13A}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{25AF9887-3994-4270-B106-D72F63A7D13A}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Remote HID Service (LvHidSvc) - Philips - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Programme\UltraVNC\WinVNC.exe

--
End of file - 5935 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Driver Robot.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
TEMP-Terminator=C:\WINDOWS\cleartmp.bat [2005-04-07 401]
Acronis Scheduler2 Service=C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe [2009-10-31 362032]
OutpostMonitor=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2010-02-09 2447488]
MSConfig=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-08-28 160768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
RouterControl=C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE [2008-11-18 3191296]
H/PC Connection Agent=C:\Programme\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
ccleaner=C:\Programme\CCleaner\CCleaner.exe [2009-03-24 1488112]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe [2004-08-28 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CryptLoad]
C:\Programme\CryptLoad...0000000000000000000000\CryptLoad 1.1.0    ooooooooooooooooooo\CryptLoad_08.06.2008\RouterClient.exe [2007-10-26 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Programme\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DOpus]
C:\Programme\GPSoftware\Directory Opus\dopus.exe [2007-02-15 5277624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\i8kfangui]
C:\Programme\I8kfanGUI\I8kfanGUI.exe [2007-02-16 856064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Programme\Messenger\msmsgs.exe [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]
C:\Programme\Agnitum\Outpost Firewall Pro\feedback.exe [2010-02-09 439784]

balsam60 · 20.02.2010

Code:

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostMonitor]
C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe [2010-02-09 2447488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecSche]
C:\Programme\TVR\RecSche.exe [2004-05-10 454656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RouterControl]
C:\PROGRA~1\ROUTER~1\ROUTERCONTROL.EXE [2008-11-18 3191296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Programme\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
C:\Programme\MAGIX\Video_deluxe_2007_e-version\TrayServer.exe [2006-10-04 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe [2009-10-31 5140952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
C:\Programme\UltraVNC\WinVNC.exe [2006-06-18 712704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^jo.JO-B71DBCF54530^Startmenü^Programme^Autostart^Verknüpfung mit tclock.lnk]
F:\Dowload\TClock Light\tclock.exe []

C:\Dokumente und Einstellungen\jo.JO-B71DBCF54530\Startmenü\Programme\Autostart
TV Capture Card .lnk - C:\Programme\TVR\TVR.exe
Biet-O-Matic.lnk - C:\Programme\Biet-O-Matic\Biet-O-Matic.exe
Verknüpfung mit tclock.lnk - C:\Programme\PC Uhr synchcronisieren\tclock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS=c:\progra~1\agnitum\outpos~1\wl_hook.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}=C:\Programme\GPSoftware\Directory Opus\dopuslib.dll [2007-02-15 489400]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername=0
legalnoticecaption=
legalnoticetext=
shutdownwithoutlogon=1
undockwithoutlogon=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe=%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
K:\DOWNLOAD\Download-Manager_Router_Netgaer  OOOOOOOOOOOOOOOOOOOOOOOO00000000000\Routercontro 1.91_rc.zip + CryptLoad 1.09_______OK\CryptLoad 1.09\CryptLoad...0000000000000000000000\RouterClient.exe=K:\DOWNLOAD\Download-Manager_Router_Netgaer  OOOOOOOOOOOOOOOOOOOOOOOO00000000000\Routercontro 1.91_rc.zip + CryptLoad 1.09_______OK\CryptLoad 1.09\CryptLoad...0000000000000000000000\RouterClient.exe:*:Enabled:RouterClient
C:\Programme\CryptLoad...0000000000000000000000\RouterClient.exe=C:\Programme\CryptLoad...0000000000000000000000\RouterClient.exe:*:Enabled:RouterClient
C:\Programme\CryptLoad...0000000000000000000000\CryptLoad 1.1.0    ooooooooooooooooooo\CryptLoad_08.06.2008\RouterClient.exe=C:\Programme\CryptLoad...0000000000000000000000\CryptLoad 1.1.0    ooooooooooooooooooo\CryptLoad_08.06.2008\RouterClient.exe:*:Enabled:RouterClient
C:\Programme\CryptLoad...0000000000000000000000\CryptLoad 1.1.0    ooooooooooooooooooo\CryptLoad_08.06.2008\CryptLoad_08.06.2008\CryptLoad.exe=C:\Programme\CryptLoad...0000000000000000000000\CryptLoad 1.1.0    ooooooooooooooooooo\CryptLoad_08.06.2008\CryptLoad_08.06.2008\CryptLoad.exe:*:Enabled:CryptLoad
C:\Programme\Microsoft ActiveSync\rapimgr.exe=C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
C:\Programme\Microsoft ActiveSync\wcescomm.exe=C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
C:\Programme\Microsoft ActiveSync\WCESMgr.exe=C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
C:\Programme\TeamViewer\Version4\TeamViewer.exe=C:\Programme\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application
Y:\Langenscheidt T1 Professional v.7.0.German-English\Langenscheidt T1 7_0\StdAlone\MT_Alone.exe=Y:\Langenscheidt T1 Professional v.7.0.German-English\Langenscheidt T1 7_0\StdAlone\MT_Alone.exe:*:Enabled:T1 Standalone

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe=%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Programme\Microsoft ActiveSync\rapimgr.exe=C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
C:\Programme\Microsoft ActiveSync\wcescomm.exe=C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
C:\Programme\Microsoft ActiveSync\WCESMgr.exe=C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

======List of files/folders created in the last 1 months======

2010-02-20 18:33:11 ----D---- C:\_OTM
2010-02-20 13:00:58 ----HD---- C:\WINDOWS\ie8
2010-02-20 12:12:53 ----D---- C:\rsit
2010-02-20 11:04:14 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Office Genuine Advantage
2010-02-20 11:04:10 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Windows Genuine Advantage
2010-02-18 20:41:52 ----HD---- C:\BJPrinter
2010-02-12 12:36:17 ----D---- C:\WINDOWS\system32\Filt
2010-02-12 12:36:17 ----D---- C:\Programme\Agnitum
2010-02-12 12:35:57 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Agnitum
2010-02-12 09:34:51 ----D---- C:\WINDOWS\WBEM
2010-02-12 09:33:54 ----D---- C:\WINDOWS\system32\de-DE

======List of files/folders modified in the last 1 months======

2010-02-20 22:17:28 ----SH---- C:\boot.ini
2010-02-20 22:17:28 ----A---- C:\WINDOWS\win.ini
2010-02-20 22:17:28 ----A---- C:\WINDOWS\system.ini
2010-02-20 18:41:20 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-02-20 13:05:44 ----A---- C:\WINDOWS\system32\WinVNC.log.bak

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 fanio;FanIO driver; \??\C:\WINDOWS\system32\drivers\fanio.sys []
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-28 40192]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 SandBox;SandBox; \??\C:\WINDOWS\system32\drivers\SandBox.sys []
R2 vnccom;vnccom; C:\WINDOWS\System32\Drivers\vnccom.SYS [2004-06-26 6016]
R3 afcdp;afcdp; C:\WINDOWS\system32\DRIVERS\afcdp.sys [2009-11-13 160288]
R3 afw;Agnitum firewall driver; C:\WINDOWS\system32\DRIVERS\afw.sys [2009-02-18 31128]
R3 afwcore;afwcore; C:\WINDOWS\system32\drivers\afwcore.sys [2009-11-02 257304]
R3 ASWFilt;ASWFilt; \??\C:\WINDOWS\system32\Filt\ASWFilt.dll []
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-05-10 156160]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-28 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 LVCap138;TV Card Capture Driver; C:\WINDOWS\system32\DRIVERS\tvcap.sys [2004-09-20 308736]
R3 lvtuner;TV Card WDM TV Tuner; C:\WINDOWS\system32\DRIVERS\tvtuner.sys [2004-09-20 16512]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-28 31616]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-28 26624]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-28 57600]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-28 26496]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-28 20480]
R3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736]
S2 AKEProtect;AKEProtect; \??\I:\Directlinks\Codari's Portable Softwaresammlung\@Security\Portable Anti-keylogger Elite 3.3.3\app\AKEProtect.sys []
S3 a53npkh3;a53npkh3; C:\WINDOWS\system32\drivers\a53npkh3.sys []
S3 ac97intc;Intel(r) 82801 Audiotreiber-Installationsdienst (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
S3 AVHybrid;AVHybrid service; C:\WINDOWS\system32\DRIVERS\AVHybrid.sys [2007-01-31 834816]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
S3 MPE;BDA MPE-Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART-Treiber; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-28 10880]
S3 NtApm;Herkömmlicher NT APM-Schnittstellentreiber; C:\WINDOWS\system32\DRIVERS\NtApm.sys [2004-08-28 9472]
S3 pxtdqpog;pxtdqpog; \??\C:\DOKUME~1\JO9492~1.JO-\LOKALE~1\Temp\pxtdqpog.sys []
S3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-28 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-28 15360]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [2009-10-31 661072]
R2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2010-02-09 1338160]
R2 afcdpsrv;Acronis Nonstop Backup service; C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe [2009-11-13 2480048]
R2 LvHidSvc;Remote HID Service; C:\WINDOWS\system32\lvhidsvc.exe [2004-03-25 32256]
R2 winvnc;VNC Server; C:\Programme\UltraVNC\WinVNC.exe [2006-06-18 712704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Programme\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]

-----------------EOF-----------------

schrauber · 20.02.2010

http://www.wintotal-forum.de/index.php/topic,147847.0.html#post_oc

lass otc laufen um rsit zu entfernen.

wir haben fertig

balsam60 · 21.02.2010

mml ich danke euch beiden recht herzlich
:T

rost: :respect: :froehlich3:

balsam60 · 21.02.2010

eine frage hab ich noch
besteht die möglichkeit
RSIT selber auszuwerten
so wie es bei hijackthis der fall ist

schrauber · 21.02.2010

ehm, sorry für die frage, aber kannst du ein hijackthis-log auswerten? damit meine ich ohne es in die automatische auswertung zu geben.

wenn du das kannst und gelernt hast kannst du auch ein rsit log und jedes andere log auswerten

balsam60 · 21.02.2010

aber kannst du ein hijackthis-log auswerten?

nein,natürlich nicht.
sonst würde ich euch doch nicht belästigen.

mache es hiermit.
http://www.hijackthis.de/de
das war eigentlich das ziel meiner frage,

ob es für rsit solch eine autom. auswertung im netz gibt.

Trispac · 21.02.2010

Hallo Jochen,

hast Du Router und Antivirenprogramm im Einsatz?

Grüsse, Sylar

balsam60 · 21.02.2010

guten morgen
ja,beides.
warum ?

Trispac · 21.02.2010

Auch guten Morgen

Nur so, weil ich mich frage, wie Du Dir das eingefangen hast.

nervendes Fenster

balsam60

PCDpan_fee

schrauber

balsam60

balsam60

balsam60

schrauber

balsam60

PCDpan_fee

schrauber

balsam60

balsam60

schrauber

balsam60

balsam60

schrauber

balsam60

Trispac

balsam60

Trispac

nervendes Fenster

ANGEBOTE & SPONSOREN

Neueste Themen

Statistik des Forums