Virenscanner bleiben immer an gleicher Stelle hängen(system32\lphcn1fj0e383.exe)

HALLO!

Mein AntiVir Virenscanner LukeFilewalker bleibt nach einigem Scannen immer an der gleichen Stelle hängen. Er bleibt einfach stehen und unter letztes Objekt steht: C:\WINDOWS\system32\lphcn1fj0e383.exe.
Ich habe daraufhin auch mal ein anderes Programm (Spyware Doctor) durchlaufen lassen, und der bleibt auch an gleicher Stelle hängen. Geschockt hat mich, daß er vorher unzählige Infizierungen gefunden hat.
Ich befürchte nun, daß mein PC voller Viren ist und bitte sehr um Hilfe, da ich mich wenig auskenne!

Betriebssystem: Windows XP Home Edition
Hardware: Toshiba Satellite M50-182 (Notebook)

-Hijackhtis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:25:36, on 16.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Norton Internet Security\ISSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Spyware Doctor\pctsAuxs.exe
C:\Programme\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Spyware Doctor\pctsTray.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Apoint2K\Apoint.exe
C:\Programme\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\TOSHIBA\E-KEY\CeEKey.exe
C:\Programme\TOSHIBA\TouchPad\TPTray.exe
C:\Programme\TOSHIBA\Accessibility\FnKeyHook.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
C:\Programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe
C:\Programme\Apoint2K\Apntex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programme\Messenger\msmsgs.exe
C:\Dokumente und Einstellungen\lukas\Eigene Dateien\downloads\hijackthis\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.fh-luh.de/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = eumex.ip;*.local
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Tvs] C:\Programme\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Programme\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Programme\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Programme\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [HWSetup] C:\Programme\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Programme\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [avgnt] C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe /min
O4 - HKLM\..\Run: [Loader] C:\WINDOWS\System\loader.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [lphcn1fj0e383] C:\WINDOWS\system32\lphcn1fj0e383.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ISTray] C:\Programme\Spyware Doctor\pctsTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [NBJ] C:\Programme\Ahead\Nero BackItUp\NBJ.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Konni Symbol Autostart] C:\Programme\RagTime Privat\Konni\KonniSymbol.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->Default user')
O4 - Startup: Microsoft Office OneNote 2003 Schnellstart.lnk = C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk762YYDE
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: in/mit BitSpirit runterladen - C:\Programme\BitSpirit\bsurl.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra->Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra->Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra->Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: eBay - {E273BDCA-34FB-4D4A-9D50-15BBE81C70FD} - C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe (HKCU)
O15 - Trusted Zone: http://speed.travian.de
O15 - Trusted Zone: http://welt6.travian.de
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/no...ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 16053 bytes
[br][br]Erstellt am: 16.10.08 um 09:38:01

---

[br]-SilentRunners:
Silent Runners.vbs, revision 58, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by {++}


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe [MS]
TOSCDSPD = C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe [TOSHIBA]
NBJ = C:\Programme\Ahead\Nero BackItUp\NBJ.exe [Ahead Software AG]
SsAAD.exe = C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [null data]
MyWebSearch Email Plugin = C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [MyWebSearch.com]
Konni Symbol Autostart = C:\Programme\RagTime Privat\Konni\KonniSymbol.exe [RagTime GmbH]
SVCHOST.EXE = C:\WINDOWS\system32\drivers\svchost.exe [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe [Intel Corporation]
Apoint = C:\Programme\Apoint2K\Apoint.exe [Alps Electric Co., Ltd.]
Tvs = C:\Programme\TOSHIBA\Tvs\TvsTray.exe [TOSHIBA Corporation]
AGRSMMSG = AGRSMMSG.exe [Agere Systems]
CeEKEY = C:\Programme\TOSHIBA\E-KEY\CeEKey.exe [COMPAL ELECTRONIC INC.]
(Default) = (empty string) [file not found]
TPNF = C:\Programme\TOSHIBA\TouchPad\TPTray.exe [COMPAL ELECTRONIC INC.]
TOSHIBA Accessibility = C:\Programme\TOSHIBA\Accessibility\FnKeyHook.exe [TOSHIBA]
HWSetup = C:\Programme\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP [TOSHIBA CO.,LTD.]
SVPWUTIL = C:\Programme\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL [TOSHIBA]
Zooming = ZoomingHook.exe [TOSHIBA]
TCtryIOHook = TCtrlIOHook.exe [TOSHIBA]
TPSMain = TPSMain.exe [TOSHIBA Corporation]
SmoothView = C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe [TOSHIBA Corporation]
TFncKy = TFncKy.exe [TOSHIBA Corporation]
NDSTray.exe = NDSTray.exe [TOSHIBA CORPORATION]
PadTouch = C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe [TOSHIBA]
dla = C:\WINDOWS\system32\dla\tfswctrl.exe [Sonic Solutions]
ccApp = C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe [Symantec Corporation]
ATIPTA = C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [ATI Technologies, Inc.]
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe [Ahead Software Gmbh]
IMJPMIG8.1 = C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 [MS]
MSPY2002 = C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC [null data]
PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC [MS]
PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName [MS]
CFSServ.exe = CFSServ.exe -NoClient [TOSHIBA CORPORATION]
Logitech Utility = Logi_MwX.Exe [Logitech Inc.]
BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent [MS]
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer [Symantec Corporation]
Sony Ericsson PC Suite = C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions [Sony Ericsson Mobile Communications AB]
Easy-PrintToolBox = C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon [CANON INC.]
WinampAgent = C:\Programme\Winamp\winampa.exe [null data]
avgnt = C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe /min [Avira GmbH]
Loader = C:\WINDOWS\System\loader.exe [file not found]
My Web Search Bar Search Scope Monitor = C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe /m=0 [MyWebSearch.com]
MyWebSearch Email Plugin = C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [MyWebSearch.com]
KernelFaultCheck = C:\WINDOWS\system32\dumprep 0 -k
SunJavaUpdateSched = C:\Programme\Java\jre1.6.0_07\bin\jusched.exe [Sun Microsystems, Inc.]
lphcn1fj0e383 = C:\WINDOWS\system32\lphcn1fj0e383.exe [null data]
QuickTime Task = C:\Programme\QuickTime\qttask.exe -atboottime [Apple Inc.]
AppleSyncNotifier = C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [Apple Inc.]
iTunesHelper = C:\Programme\iTunes\iTunesHelper.exe [Apple Inc.]
ISTray = C:\Programme\Spyware Doctor\pctsTray.exe [PC Tools]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{00A6FAF1-072E-44cf-8957-5838F569A31D}\(Default) = MyWebSearch Search Assistant BHO
-> {HKLM...CLSID} = MyWebSearch Search Assistant BHO
\InProcServer32\(Default) = C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL [MyWebSearch.com]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = Adobe PDF Reader Link Helper
\InProcServer32\(Default) = C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe Systems Incorporated]
{07B18EA1-A523-4961-B6BB-170DE4475CCA}\(Default) = mwsBar BHO
-> {HKLM...CLSID} = mwsBar BHO
\InProcServer32\(Default) = C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL [MyWebSearch.com]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = *Z (unwritable string)
-> {HKLM...CLSID} = DriveLetterAccess
\InProcServer32\(Default) = C:\WINDOWS\system32\dla\tfswshx.dll [Sonic Solutions]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = SSVHelper Class
\InProcServer32\(Default) = C:\Programme\Java\jre1.6.0_07\bin\ssv.dll [Sun Microsystems, Inc.]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = Norton Internet Security
-> {HKLM...CLSID} = CNisExtBho Class
\InProcServer32\(Default) = C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll [Symantec Corporation]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = NAV Helper
-> {HKLM...CLSID} = CNavExtBho Class
\InProcServer32\(Default) = C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll [Symantec Corporation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{42071714-76d4-11d1-8b24-00a0c9068ff3} = CPL-Erweiterung für Anzeigeverschiebung
-> {HKLM...CLSID} = CPL-Erweiterung für Anzeigeverschiebung
\InProcServer32\(Default) = deskpan.dll [file not found]
{88895560-9AA2-1069-930E-00AA0030EBC8} = Erweiterung für HyperTerminal-Icons
-> {HKLM...CLSID} = HyperTerminal Icon Ext
\InProcServer32\(Default) = C:\WINDOWS\system32\hticons.dll [Hilgraeve, Inc.]
{9ED66769-A198-41FE-8615-601691C68846} = TouchPad Property Sheet
-> {HKLM...CLSID} = TouchPad PropSheet Class
\InProcServer32\(Default) = C:\WINDOWS\system32\TPprop.dll [COMPAL ELECTRONIC INC.]
{DEE12703-6333-4D4E-8F34-738C4DCC2E04} = RecordNow! SendToExt
-> {HKLM...CLSID} = RecordNow! SendToExt
\InProcServer32\(Default) = C:\Programme\Sonic\RecordNow!\shlext.dll [null data]
{5CA3D70E-1895-11CF-8E15-001234567890} = DriveLetterAccess
-> {HKLM...CLSID} = DriveLetterAccess
\InProcServer32\(Default) = C:\WINDOWS\system32\dla\tfswshx.dll [Sonic Solutions]
{A5110426-177D-4e08-AB3F-785F10B4439C} = Sony Ericsson Datei-Manager
-> {HKLM...CLSID} = Sony Ericsson Datei-Manager
\InProcServer32\(Default) = C:\Programme\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll [Sony Ericsson Mobile Communications AB]
{D0FAC080-AE1A-11ce-8016-CE90976DC901} = Picture Publisher Schnellansicht
-> {HKLM...CLSID} = Picture Publisher File Viewer
\InProcServer32\(Default) = ppiv30.dll [null data]
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = Shell Extension for Malware scanning
-> {HKLM...CLSID} = Shell Extension for Malware scanning
\InProcServer32\(Default) = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll [Avira GmbH]
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Programme\Microsoft Office\OFFICE11\msohev.dll [MS]
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} = Messenger Sharing Folders
-> {HKLM...CLSID} = Meine freigegebenen Ordner
\InProcServer32\(Default) = C:\Programme\MSN Messenger\fsshext.8.1.0178.00.dll [MS]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes
-> {HKLM...CLSID} = iTunes
\InProcServer32\(Default) = C:\Programme\iTunes\iTunesMiniPlayer.dll [Apple Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
WPDShServiceObj = {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
-> {HKLM...CLSID} = WPDShServiceObj Class
\InProcServer32\(Default) = C:\WINDOWS\system32\WPDShServiceObj.dll [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = Ati2evxx.dll [ATI Technologies Inc.]
<<!>> igfxcui\DLLName = igfxsrvc.dll [Intel Corporation]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = {807553E5-5146-11D5-A672-00B0D022E945}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
-> {HKLM...CLSID} = PDF Shell Extension
\InProcServer32\(Default) = C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Shell Extension for Malware scanning\(Default) = {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
-> {HKLM...CLSID} = Shell Extension for Malware scanning
\InProcServer32\(Default) = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll [Avira GmbH]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}
-> {HKLM...CLSID} = IEContextMenu Class
\InProcServer32\(Default) = C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll [Symantec Corporation]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Shell Extension for Malware scanning\(Default) = {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
-> {HKLM...CLSID} = Shell Extension for Malware scanning
\InProcServer32\(Default) = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll [Avira GmbH]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}
-> {HKLM...CLSID} = IEContextMenu Class
\InProcServer32\(Default) = C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll [Symantec Corporation]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

NoDispBackgroundPage = (REG_DWORD) dword:0x00000000
{Hide Desktop tab}

NoDispScrSavPage = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

shutdownwithoutlogon = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

undockwithoutlogon = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
Wallpaper = C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Dokumente und Einstellungen\lukas\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

CanonZB4PicturesOnArrival\
Provider = ZoomBrowser EX
InvokeProgID = Zb.AutoplayHandler
InvokeVerb = open
HKLM\SOFTWARE\Classes\Zb.AutoplayHandler\shell\open\command\(Default) = C:\Programme\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe /AUTOPLAY %1 [empty string]

iTunesBurnCDOnArrival\
Provider = iTunes
InvokeProgID = iTunes.BurnCD
InvokeVerb = burn
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = C:\Programme\iTunes\iTunes.exe /AutoPlayBurn %L [Apple Inc.]

iTunesImportSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ImportSongsOnCD
InvokeVerb = import
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = C:\Programme\iTunes\iTunes.exe /AutoPlayImportSongs %L [Apple Inc.]

iTunesPlaySongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.PlaySongsOnCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = C:\Programme\iTunes\iTunes.exe /playCD %L [Apple Inc.]

iTunesShowSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ShowSongsOnCD
InvokeVerb = showsongs
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = C:\Programme\iTunes\iTunes.exe /AutoPlayShowSongs %L [Apple Inc.]

IviDVDEventHandler\
Provider = InterVideo WinDVD
InvokeProgID = Ivi.MediaFile
InvokeVerb = play
HKLM\SOFTWARE\Classes\Ivi.MediaFile\shell\play\command\(Default) = C:\Programme\InterVideo\WinDVD\WinDVD.exe %1 [InterVideo Inc.]

MSWPDShellNamespaceHandler\
Provider = @%SystemRoot%\System32\WPDShextRes.dll,-501
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine =
-> {HKLM...CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS]

NeroAutoPlay2AudioToNeroDigital\
Provider = Nero Burning ROM
InvokeProgID = Nero.AutoPlay2
InvokeVerb = PlayCDAudioOnArrival_AudioToNeroDigital
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_AudioToNeroDigital\command\(Default) = C:\Programme\Ahead\nero\nero.exe /Dialog:SaveTracks /Drive:%L [Ahead Software AG]

NeroAutoPlay2CDAudio\
Provider = Nero Express
InvokeProgID = Nero.AutoPlay2
InvokeVerb = HandleCDBurningOnArrival_CDAudio
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = C:\Programme\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L [Ahead Software AG]

NeroAutoPlay2CopyCD\
Provider = Nero Express
InvokeProgID = Nero.AutoPlay2
InvokeVerb = PlayCDAudioOnArrival_CopyCD
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = C:\Programme\Ahead\nero\nero.exe /w /DialogiscCopy /Drive:%L [Ahead Software AG]

NeroAutoPlay2DataDisc\
Provider = Nero Express
InvokeProgID = Nero.AutoPlay2
InvokeVerb = HandleCDBurningOnArrival_DataDisc
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = C:\Programme\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L [Ahead Software AG]

NeroAutoPlay2DVDVideoToNeroDigital\
Provider = Nero Recode
InvokeProgID = Nero.AutoPlay2
InvokeVerb = PlayDVDMovieOnArrival_DVDVideoToNeroDigital
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayDVDMovieOnArrival_DVDVideoToNeroDigital\command\(Default) = C:\Programme\Ahead\Nero Recode\Recode.exe /New:ReAuthorNeroDigital /Drive:%L [Ahead Software AG]

NeroAutoPlay2LaunchNeroStartSmart\
Provider = Nero StartSmart
InvokeProgID = Nero.AutoPlay2
InvokeVerb = HandleCDBurningOnArrival_LaunchNeroStartSmart
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = C:\Programme\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L [Ahead Software AG]

NeroAutoPlay2PlayDVD\
Provider = Nero ShowTime
InvokeProgID = Nero.AutoPlay2
InvokeVerb = PlayVideoFilesOnArrival_PlayDVD
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayVideoFilesOnArrival_PlayDVD\command\(Default) = C:\Programme\Ahead\Nero ShowTime\ShowTime.exe /Play %L [Ahead software AG]

NeroAutoPlay2RipCD\
Provider = Nero Burning ROM
InvokeProgID = Nero.AutoPlay2
InvokeVerb = PlayCDAudioOnArrival_RipCD
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_RipCD\command\(Default) = C:\Programme\Ahead\nero\nero.exe /Dialog:SaveTracks /Drive:%L [Ahead Software AG]

NeroAutoPlay2TranscodeVideo\
Provider = Nero Recode
InvokeProgID = Nero.AutoPlay2
InvokeVerb = PlayDVDMovieOnArrival_TranscodeVideo
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayDVDMovieOnArrival_TranscodeVideo\command\(Default) = C:\Programme\Ahead\Nero Recode\Recode.exe /New:CopyDVDVideo /Drive:%L [Ahead Software AG]

NeroAutoPlay2VideoCapture\
Provider = NeroVision Express
InvokeProgID = Nero.AutoPlay2
InvokeVerb = VideoCameraArrival_VideoCapture
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\VideoCameraArrival_VideoCapture\command\(Default) = C:\Programme\Ahead\NeroVision\NeroVision.exe /New:VideoCapture /Drive:%L [Ahead Software AG]

NeroAutoPlay2ViewPhotos\
Provider = Nero PhotoSnap Viewer
InvokeProgID = Nero.AutoPlay2
InvokeVerb = ShowPicturesOnArrival_ViewPhotos
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\ShowPicturesOnArrival_ViewPhotos\command\(Default) = C:\Programme\Ahead\Nero PhotoSnap\PhotoSnapViewer.exe /Drive:%L [Ahead Software AG]

..fortsetzung folgt[br][br]Erstellt am: 16.10.08 um 09:40:16

---

[br]-Fortsetzung SilentRunners:
SonicRnAudioCD\
Provider = Sonic RecordNow!
InvokeProgID = Sonic.RecordNow
InvokeVerb = AudioCDJob
HKLM\SOFTWARE\Classes\Sonic.RecordNow\shell\AudioCDJob\Command\(Default) = C:\Programme\Sonic\RecordNow!\RecordNow.exe /AudioCDJob %L [null data]

SonicRnBurnAudioCD\
Provider = Sonic RecordNow!
InvokeProgID = Sonic.RecordNow
InvokeVerb = AudioCDTarget
HKLM\SOFTWARE\Classes\Sonic.RecordNow\shell\AudioCDTarget\Command\(Default) = C:\Programme\Sonic\RecordNow!\RecordNow.exe /AudioCDTarget %L [null data]

SonicRnBurnDataDisc\
Provider = Sonic RecordNow!
InvokeProgID = Sonic.RecordNow
InvokeVerb = DataDiscTarget
HKLM\SOFTWARE\Classes\Sonic.RecordNow\shell\DataDiscTarget\Command\(Default) = C:\Programme\Sonic\RecordNow!\RecordNow.exe /DataDiscTarget %L [null data]

SonicRnCopyCD\
Provider = Sonic RecordNow!
InvokeProgID = Sonic.RecordNow
InvokeVerb = CopyDiscJob
HKLM\SOFTWARE\Classes\Sonic.RecordNow\shell\CopyDiscJob\Command\(Default) = C:\Programme\Sonic\RecordNow!\RecordNow.exe /CopyDiscJob %L [null data]

SonicRnCopyDisc\
Provider = Sonic RecordNow!
InvokeProgID = Sonic.RecordNow
InvokeVerb = CopyDiscJob
HKLM\SOFTWARE\Classes\Sonic.RecordNow\shell\CopyDiscJob\Command\(Default) = C:\Programme\Sonic\RecordNow!\RecordNow.exe /CopyDiscJob %L [null data]

SonyPlayCDAudioSonicStage\
Provider = @C:\Programme\Sony\SonicStage\OmgjboxRes.dll,-57344
InvokeProgID = SonyAudioCDSonicStage
InvokeVerb = play
HKLM\SOFTWARE\Classes\SonyAudioCDSonicStage\shell\play\command\(Default) = C:\Programme\Sony\SonicStage\Omgjbox.exe /cdplay -%L [Sony Corporation]

SonyRecCDAudioSonicStage\
Provider = @C:\Programme\Sony\SonicStage\OmgjboxRes.dll,-57344
InvokeProgID = SonyAudioCDRecSonicStage
InvokeVerb = play
HKLM\SOFTWARE\Classes\SonyAudioCDRecSonicStage\shell\play\command\(Default) = C:\Programme\Sony\SonicStage\Omgjbox.exe /cdrecord -%L [Sony Corporation]

SonySonicStageBurnCDOnArrival\
Provider = @C:\Programme\Sony\SonicStage\OmgjboxRes.dll,-57344
InvokeProgID = SonyBurnCDSonicStage
InvokeVerb = open
HKLM\SOFTWARE\Classes\SonyBurnCDSonicStage\shell\open\command\(Default) = C:\Programme\Sony\SonicStage\Omgjbox.exe [Sony Corporation]


Startup items in lukas & All Users startup folders:
-------------------------------------------------------

C:\Dokumente und Einstellungen\lukas\Startmenü\Programme\Autostart
Microsoft Office OneNote 2003 Schnellstart -> shortcut to: C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE /tsr [MS]
<<!>> PowerReg Scheduler.exe [empty string]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Adobe Reader - Schnellstart -> shortcut to: C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [Adobe Systems Incorporated]
VPN Client -> shortcut to: C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico -user_logon [null data]


Enabled Scheduled Tasks:
------------------------

AppleSoftwareUpdate -> launches: C:\Programme\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.]
Norton AntiVirus - Meinen Computer prüfen - lukas -> launches: C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.EXE /task:C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Norton AntiVirus\Tasks\mycomp.sca [Symantec Corporation]
Symantec NetDetect -> launches: C:\Programme\Symantec\LiveUpdate\NDETECT.EXE [Symantec Corporation]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000002\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000003\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
000000000005\LibraryPath = C:\Programme\Bonjour\mdnsNSP.dll [Apple Inc.]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Programme\Gemeinsame Dateien\PC Tools\LSP\PCTLsp.dll [PC Tools Research Pty Ltd.], 01 - 03, 37
%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 09 - 36
%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}
-> {HKLM...CLSID} = Norton AntiVirus
\InProcServer32\(Default) = C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll [Symantec Corporation]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}
-> {HKLM...CLSID} = Norton Internet Security
\InProcServer32\(Default) = C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll [Symantec Corporation]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = Norton Internet Security
-> {HKLM...CLSID} = Norton Internet Security
\InProcServer32\(Default) = C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll [Symantec Corporation]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus
-> {HKLM...CLSID} = Norton AntiVirus
\InProcServer32\(Default) = C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll [Symantec Corporation]
{327C2873-E90D-4C37-AA9D-10AC9BABA46C} = Easy-WebPrint
-> {HKLM...CLSID} = Easy-WebPrint
\InProcServer32\(Default) = C:\Programme\Canon\Easy-WebPrint\Toolband.dll [null data]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} = (no title provided)
-> {HKLM...CLSID} = My Web Search
\InProcServer32\(Default) = C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL [MyWebSearch.com]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = Easy-WebPrint
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\Programme\Canon\Easy-WebPrint\Toolband.dll [null data]

HKLM\SOFTWARE\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}\(Default) = My Web Search Quick View
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\WINDOWS\system32\shdocvw.dll [MS]

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Recherchieren
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKCU\Software\Microsoft\Internet Explorer\Extensions\
{E273BDCA-34FB-4D4A-9D50-15BBE81C70FD}\
ButtonText = eBay
Exec = C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe [null data]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
MenuText = Sun Java Konsole
CLSIDExtension = {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}
-> {HKCU...CLSID} = Java Plug-in 1.6.0_07
\InProcServer32\(Default) = C:\Programme\Java\jre1.6.0_07\bin\ssv.dll [Sun Microsystems, Inc.]
-> {HKLM...CLSID} = Java Plug-in 1.6.0_07
\InProcServer32\(Default) = C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Microsystems, Inc.]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
ButtonText = Recherchieren

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
MenuText = @xpsp3res.dll,-20001
Exec = %windir%\Network Diagnostic\xpnetdiag.exe [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
ButtonText = Messenger
MenuText = Windows Messenger
Exec = C:\Programme\Messenger\msmsgs.exe [MS]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> {00A6FAF6-072E-44cf-8957-5838F569A31D} = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL [MyWebSearch.com]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir PersonalEdition Classic Guard, AntiVirService, C:\Programme\AntiVir PersonalEdition Classic\avguard.exe [Avira GmbH]
AntiVir PersonalEdition Classic Planer, AntiVirScheduler, C:\Programme\AntiVir PersonalEdition Classic\sched.exe [Avira GmbH]
Apple Mobile Device, Apple Mobile Device, C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [Apple Inc.]
Ati HotKey Poller, Ati HotKey Poller, C:\WINDOWS\system32\Ati2evxx.exe [ATI Technologies Inc.]
Bluetooth Support Service, BthServ, C:\WINDOWS\system32\svchost.exe -k bthsvcs {C:\WINDOWS\System32\bthserv.dll [MS]}
Bonjour-Dienst, Bonjour Service, C:\Programme\Bonjour\mDNSResponder.exe [Apple Inc.]
Cisco Systems, Inc. VPN Service, CVPND, C:\Programme\Cisco Systems\VPN Client\cvpnd.exe [Cisco Systems, Inc.]
ConfigFree Service, CFSvcs, C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe [TOSHIBA CORPORATION]
ISSvc, ISSVC, C:\Programme\Norton Internet Security\ISSVC.exe [Symantec Corporation]
Norton AntiVirus Auto-Protect-Dienst, navapsvc, C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe [Symantec Corporation]
PC Tools Auxiliary Service, sdAuxService, C:\Programme\Spyware Doctor\pctsAuxs.exe [PC Tools]
PC Tools Security Service, sdCoreService, C:\Programme\Spyware Doctor\pctsSvc.exe [PC Tools]
PnkBstrA, PnkBstrA, C:\WINDOWS\system32\PnkBstrA.exe [null data]
Symantec Event Manager, ccEvtMgr, C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe [Symantec Corporation]
Symantec Network Drivers Service, SNDSrvc, C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe [Symantec Corporation]
Symantec Network Proxy, ccProxy, C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe [Symantec Corporation]
Symantec Settings Manager, ccSetMgr, C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe [Symantec Corporation]
Symantec SPBBCSvc, SPBBCSvc, C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe [Symantec Corporation]
SymWMI Service, SymWSC, C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe [Symantec Corporation]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor iP4200\Driver = CNMLM78.DLL [CANON INC.]
Microsoft Document Imaging Writer Monitor\Driver = mdimon.dll [MS]
Toshiba Bluetooth Monitor\Driver = tbtmon.dll [Toshiba America Business Solutions, Inc.]


---------- (launch time: 2008-10-16 02:34:44)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 229 seconds.
---------- (total run time: 255 seconds)

[br][br]Erstellt am: 16.10.08 um 09:41:18

---

[br]-Uninstall list:
Adobe Flash Player ActiveX
Adobe Reader 7.0.8 - Deutsch
Adobe Shockwave Player
ALPS Touch Pad Driver
America's Army
Apple Mobile Device Support
Apple Software Update
ASAPI Update
ATI Control Panel
ATI Display Driver
Avira AntiVir Personal - Free Antivirus
BitSpirit v3.1.0.077 Stable Release
Bluetooth Stack for Windows by Toshiba
Bonjour
Canon Camera Window for ZoomBrowser EX
Canon iP4200
Canon PhotoRecord
Canon Setup Utility 2.0
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
Canon Utilities File Viewer Utility 1.2
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
CC_ccProxyExt
ccCommon
ccPxyCore
CD/DVD Drive Acoustic Silencer
CD-LabelPrint
Cisco Systems VPN Client 5.0.02.0090
Dark Konflict
Delta Force - Black Hawk Down
Delta Force: Xtreme
Disc2Phone
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Easy-WebPrint
eMusic - 50 Free MP3 offer
ffdshow [rev 1437] [2007-08-23]
floAt's Mobile Agent
Google Earth
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix für Windows Internet Explorer 7 (KB947864)
Hotfix für Windows Media Player 11 (KB939683)
Hotfix für Windows XP (KB914440)
Hotfix für Windows XP (KB952287)
InterVideo WinDVD for TOSHIBA
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 7
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Logitech MouseWare 9.79.1
Macromedia Flash Player
Mayday 1.1a
Micrografx Picture Publisher 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MSN
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
My Web Search (Smiley Central)
Nero 6 Ultra Edition
NeroVision Express 3
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton Security Center
Norton WMI Update
Norton WMI Update
OpenMG Secure Module 4.6.01
QuickTime
RagTime Privat
Realtek AC'97 Audio
Safari
SD Secure Module
Sicherheitsupdate für Step by Step Interactive Training (KB898458)
Sicherheitsupdate für Step by Step Interactive Training (KB923723)
Sicherheitsupdate für Windows Internet Explorer 7 (KB928090)
Sicherheitsupdate für Windows Internet Explorer 7 (KB929969)
Sicherheitsupdate für Windows Internet Explorer 7 (KB931768)
Sicherheitsupdate für Windows Internet Explorer 7 (KB933566)
Sicherheitsupdate für Windows Internet Explorer 7 (KB937143)
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)
Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)
Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)
Sicherheitsupdate für Windows Media Player (KB911564)
Sicherheitsupdate für Windows Media Player 10 (KB911565)
Sicherheitsupdate für Windows Media Player 10 (KB917734)
Sicherheitsupdate für Windows Media Player 11 (KB936782)
Sicherheitsupdate für Windows Media Player 11 (KB954154)
Sicherheitsupdate für Windows Media Player 6.4 (KB925398)
Sicherheitsupdate für Windows XP (KB890046)
Sicherheitsupdate für Windows XP (KB893066)
Sicherheitsupdate für Windows XP (KB893756)
Sicherheitsupdate für Windows XP (KB896358)
Sicherheitsupdate für Windows XP (KB896422)
Sicherheitsupdate für Windows XP (KB896423)
Sicherheitsupdate für Windows XP (KB896424)
Sicherheitsupdate für Windows XP (KB896428)
Sicherheitsupdate für Windows XP (KB899587)
Sicherheitsupdate für Windows XP (KB899591)
Sicherheitsupdate für Windows XP (KB900725)
Sicherheitsupdate für Windows XP (KB901017)
Sicherheitsupdate für Windows XP (KB901190)
Sicherheitsupdate für Windows XP (KB901214)
Sicherheitsupdate für Windows XP (KB902400)
Sicherheitsupdate für Windows XP (KB904706)
Sicherheitsupdate für Windows XP (KB905414)
Sicherheitsupdate für Windows XP (KB905749)
Sicherheitsupdate für Windows XP (KB905915)
Sicherheitsupdate für Windows XP (KB908519)
Sicherheitsupdate für Windows XP (KB908531)
Sicherheitsupdate für Windows XP (KB911280)
Sicherheitsupdate für Windows XP (KB911562)
Sicherheitsupdate für Windows XP (KB911567)
Sicherheitsupdate für Windows XP (KB911927)
Sicherheitsupdate für Windows XP (KB912812)
Sicherheitsupdate für Windows XP (KB912919)
Sicherheitsupdate für Windows XP (KB913446)
Sicherheitsupdate für Windows XP (KB913580)
Sicherheitsupdate für Windows XP (KB914388)
Sicherheitsupdate für Windows XP (KB914389)
Sicherheitsupdate für Windows XP (KB916281)
Sicherheitsupdate für Windows XP (KB917159)
Sicherheitsupdate für Windows XP (KB917344)
Sicherheitsupdate für Windows XP (KB917422)
Sicherheitsupdate für Windows XP (KB917953)
Sicherheitsupdate für Windows XP (KB918118)
Sicherheitsupdate für Windows XP (KB918439)
Sicherheitsupdate für Windows XP (KB918899)
Sicherheitsupdate für Windows XP (KB919007)
Sicherheitsupdate für Windows XP (KB920213)
Sicherheitsupdate für Windows XP (KB920214)
Sicherheitsupdate für Windows XP (KB920670)
Sicherheitsupdate für Windows XP (KB920683)
Sicherheitsupdate für Windows XP (KB920685)
Sicherheitsupdate für Windows XP (KB921398)
Sicherheitsupdate für Windows XP (KB921503)
Sicherheitsupdate für Windows XP (KB921883)
Sicherheitsupdate für Windows XP (KB922616)
Sicherheitsupdate für Windows XP (KB922760)
Sicherheitsupdate für Windows XP (KB922819)
Sicherheitsupdate für Windows XP (KB923191)
Sicherheitsupdate für Windows XP (KB923414)
Sicherheitsupdate für Windows XP (KB923689)
Sicherheitsupdate für Windows XP (KB923694)
Sicherheitsupdate für Windows XP (KB923980)
Sicherhe

hi,

http://www.wintotal-forum.de/index.php/topic,147847.0.html

von dieser seite die anleitungen zu sdfix und combofix abarbeiten, logs posten.

Hallo, habe nun combofix nach den genauen Anleitungen laufen lassen, sah auch ganz gut aus bis zum Schluss. Er hat mir den Log angezeigt(Vollbild), aber ich habe schon gesehen, daß dahinter keine Taskleiste war. Hab dann den Log vorsichtshalber mit meiner Digicam durchfotografiert (weiß nicht, ob das irgendwie sinnvoll war :-X ), ihn dann minimiert und feststellen müssen, daß dahinter nur mein Desktophintergrundbild ist, sonst nichts.
Ich schreibe jetzt von einem anderen, öffentlichen PC, meiner ist immer noch im gleichen Zustand wie beschrieben.
Was soll ich jetzt tun? :-\

lg

wurde der rechner neu gestartet? und combofix ist durch, also wirklich beendet?

dann drücke strg+alt+ent > neuer task > explorer.exe und drücke enter

wurde vorher sdfix abgearbeitet?[br][br]Erstellt am: 16.10.08 um 12:35:55

---

[br]nachtrag:

wenn es wieder funzt (wovon ich ausgehe): das log findest du unter c:\combofix.txt, bitte posten.

Ich bin nicht sicher, ob Combofix durch ist, aber gehe davon aus, weil der Log ja angezeigt wurde.
Der PC wurde nicht neu gestartet.

sdfix wurde nicht vorher durchgeführt, weil ich dachte, daß die Reihenfolge egal ist. War das falsch?

dann drücke strg+alt+ent > neuer task > explorer.exe und drücke enter
Ich probier das dann mal

lg

Ok, hat funktioniert. Nur mein Internet Explorer spinnt jetzt und hängt sich auf, wenn ich ihn öffne (das legt sich wahrscheinlich, wenn ich den PC neu starte, oder?). Bin jetzt mit Safari hier.

Jetzt werde ich sdfix abarbeiten, soll ich dafür den PC vorher neu starten?

Hier der Log von Combofix:
ComboFix 08-10-15.06 - lukas 2008-10-16 11:49:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.528 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\lukas\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\lukas\Anwendungsdaten\FunWebProducts
C:\Dokumente und Einstellungen\lukas\Anwendungsdaten\FunWebProducts\Data\lukas\avatar.dat
C:\Dokumente und Einstellungen\lukas\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Programme\FunWebProducts
C:\Programme\FunWebProducts\ScreenSaver\Images\008EA16D.urr
C:\Programme\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Programme\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Programme\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Programme\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Programme\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Programme\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Programme\FunWebProducts\Shared\Cache\res100.html
C:\Programme\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Programme\internet explorer\msimg32.dll
C:\Programme\MyWebSearch
C:\Programme\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Programme\MyWebSearch\bar\1.bin\F3BROVLY.DLL
C:\Programme\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Programme\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Programme\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Programme\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Programme\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Programme\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Programme\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Programme\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Programme\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Programme\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Programme\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Programme\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Programme\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
C:\Programme\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Programme\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Programme\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Programme\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Programme\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Programme\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Programme\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Programme\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Programme\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Programme\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Programme\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Programme\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Programme\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Programme\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Programme\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Programme\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Programme\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Programme\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Programme\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Programme\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Programme\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Programme\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Programme\MyWebSearch\bar\Cache\0011F941.bin
C:\Programme\MyWebSearch\bar\Cache\0011FC10.bin
C:\Programme\MyWebSearch\bar\Cache\00120094.bin
C:\Programme\MyWebSearch\bar\Cache\001204F9
C:\Programme\MyWebSearch\bar\Cache\008E5AEE
C:\Programme\MyWebSearch\bar\Cache\008E6908
C:\Programme\MyWebSearch\bar\Cache\008E6E95.bin
C:\Programme\MyWebSearch\bar\Cache\008E71C2.bin
C:\Programme\MyWebSearch\bar\Cache\008E74B0.bin
C:\Programme\MyWebSearch\bar\Cache\008E77CD.bin
C:\Programme\MyWebSearch\bar\Cache\0279C5BA.bin
C:\Programme\MyWebSearch\bar\Cache\0279C9A2
C:\Programme\MyWebSearch\bar\Cache\06DDA8D0.bin
C:\Programme\MyWebSearch\bar\Cache\06DDAC3B.bin
C:\Programme\MyWebSearch\bar\Cache\06DDC830.bin
C:\Programme\MyWebSearch\bar\Cache\06DDC9F5.bin
C:\Programme\MyWebSearch\bar\Cache\files.ini
C:\Programme\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Programme\MyWebSearch\bar\Game\CHESS.F3S
C:\Programme\MyWebSearch\bar\Game\REVERSI.F3S
C:\Programme\MyWebSearch\bar\History\search2
C:\Programme\MyWebSearch\bar\icons\CM.ICO
C:\Programme\MyWebSearch\bar\icons\MFC.ICO
C:\Programme\MyWebSearch\bar\icons\PSS.ICO
C:\Programme\MyWebSearch\bar\icons\SMILEY.ICO
C:\Programme\MyWebSearch\bar\icons\WB.ICO
C:\Programme\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Programme\MyWebSearch\bar\Message\COMMON.F3S
C:\Programme\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Programme\MyWebSearch\bar\Notifier\DOG.F3S
C:\Programme\MyWebSearch\bar\Notifier\FISH.F3S
C:\Programme\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Programme\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Programme\MyWebSearch\bar\Notifier\MAID.F3S
C:\Programme\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Programme\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Programme\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Programme\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Programme\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Programme\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Programme\MyWebSearch\bar\Settings\s_pid.dat
C:\Programme\MyWebSearch\bar\Settings\setting2.htm
C:\Programme\MyWebSearch\bar\Settings\settings.dat
C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\lphcn1fj0e383.exe
C:\WINDOWS\system32\phcn1fj0e383.bmp

.
((((((((((((((((((((((( Dateien erstellt von 2008-09-16 bis 2008-10-16 ))))))))))))))))))))))))))))))
.

2008-10-16 02:20 . 2008-10-16 02:20 244 --ah----- C:\sqmnoopt17.sqm
2008-10-16 02:20 . 2008-10-16 02:20 232 --ah----- C:\sqmdata17.sqm
2008-10-15 13:08 . 2008-10-15 13:08 <DIR> d-------- C:\7473d5f0d1aca7778cff66f629
2008-10-15 13:04 . 2008-10-15 13:04 0 --a------ C:\WINDOWS\TPTray.INI
2008-10-15 13:04 . 2008-10-15 13:04 0 --a------ C:\WINDOWS\CeEKey.INI
2008-10-15 12:27 . 2008-10-16 09:59 <DIR> d-------- C:\Programme\Spyware Doctor
2008-10-15 12:27 . 2008-10-15 12:29 <DIR> d-------- C:\Programme\Gemeinsame Dateien\PC Tools
2008-10-15 12:27 . 2008-10-15 12:27 <DIR> d-------- C:\Dokumente und Einstellungen\lukas\Anwendungsdaten\PC Tools
2008-10-15 12:27 . 2008-10-16 11:07 <DIR> d-a------ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-10-15 12:27 . 2008-10-15 12:27 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
2008-10-15 12:27 . 2008-07-28 12:29 160,792 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-10-15 12:27 . 2008-08-25 12:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-10-15 12:27 . 2008-08-25 12:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-10-15 12:27 . 2008-08-25 12:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-10-15 12:27 . 2008-06-02 16:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-10-08 22:57 . 2008-10-14 10:10 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-29 20:56 . 2008-09-29 20:56 <DIR> d-------- C:\Programme\iTunes
2008-09-29 20:56 . 2008-09-29 20:56 <DIR> d-------- C:\Programme\iPod
2008-09-29 20:56 . 2008-09-29 20:56 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-29 20:54 . 2008-09-29 20:54 <DIR> d-------- C:\Programme\Bonjour
2008-09-29 20:53 . 2008-09-29 20:53 <DIR> d-------- C:\Programme\QuickTime
2008-09-18 16:45 . 2008-09-18 16:45 <DIR> d-------- C:\b4c85086ef1690445fc40af11b

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-15 10:43 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
2008-10-15 09:13 --------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared
2008-10-13 10:10 --------- d-----w C:\Programme\TGeb
2008-09-21 14:08 --------- d-----w C:\Programme\DivX
2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 10:19 5,632 --sha-w C:\Programme\Thumbs.db
2008-08-26 08:57 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-08-26 08:57 --------- d-----w C:\Programme\Playboy - The Mansion
2008-08-26 08:36 --------- d-----w C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\AdobeUM
2008-08-26 07:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-17 12:45 --------- d-----w C:\Programme\Apple Software Update
2008-08-17 12:01 --------- d-----w C:\Programme\Safari
2008-08-14 13:42 2,182,656 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:42 2,060,032 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-12 23:14 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
TOSCDSPD=C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe [2005-04-12 65536]
NBJ=C:\Programme\Ahead\Nero BackItUp\NBJ.exe [2005-01-04 1937408]
SsAAD.exe=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [2006-11-02 472632]
Konni Symbol Autostart=C:\Programme\RagTime Privat\Konni\KonniSymbol.exe [2003-02-06 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
HotKeysCmds=C:\WINDOWS\system32\hkcmd.exe [2004-11-02 126976]
Apoint=C:\Programme\Apoint2K\Apoint.exe [2004-03-24 196608]
Tvs=C:\Programme\TOSHIBA\Tvs\TvsTray.exe [2005-04-05 73728]
CeEKEY=C:\Programme\TOSHIBA\E-KEY\CeEKey.exe [2005-05-10 675840]
TPNF=C:\Programme\TOSHIBA\TouchPad\TPTray.exe [2004-11-29 53248]
TOSHIBA Accessibility=C:\Programme\TOSHIBA\Accessibility\FnKeyHook.exe [2004-04-30 24576]
HWSetup=C:\Programme\TOSHIBA\TOSHIBA Applet\HWSetup.exe [2004-04-30 28672]
SVPWUTIL=C:\Programme\Toshiba\Windows Utilities\SVPWUTIL.exe [2005-02-25 65536]
SmoothView=C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe [2005-05-18 118784]
PadTouch=C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe [2004-11-17 1077327]
dla=C:\WINDOWS\system32\dla\tfswctrl.exe [2005-01-14 122939]
ccApp=C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe [2005-08-04 58992]
ATIPTA=C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-22 339968]
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
IMJPMIG8.1=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
MSPY2002=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
Symantec NetDriver Monitor=C:\PROGRA~1\SYMNET~1\SNDMon.exe [2006-04-10 100056]
Sony Ericsson PC Suite=C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
Easy-PrintToolBox=C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
WinampAgent=C:\Programme\Winamp\winampa.exe [2006-11-21 35328]
avgnt=C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-19 266497]
SunJavaUpdateSched=C:\Programme\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
QuickTime Task=C:\Programme\QuickTime\qttask.exe [2008-09-06 413696]
AppleSyncNotifier=C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
iTunesHelper=C:\Programme\iTunes\iTunesHelper.exe [2008-09-10 289576]
ISTray=C:\Programme\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]
AGRSMMSG=AGRSMMSG.exe [2004-12-22 C:\WINDOWS\agrsmmsg.exe]
Zooming=ZoomingHook.exe [2004-07-14 C:\WINDOWS\system32\ZoomingHook.exe]
TCtryIOHook=TCtrlIOHook.exe [2005-03-30 C:\WINDOWS\system32\TCtrlIOHook.exe]
TPSMain=TPSMain.exe [2005-01-21 C:\WINDOWS\system32\TPSMain.exe]
TFncKy=TFncKy.exe [BU]
NDSTray.exe=NDSTray.exe [BU]
CFSServ.exe=CFSServ.exe [BU]
Logitech Utility=Logi_MwX.Exe [2003-12-17 C:\WINDOWS\LOGI_MWX.EXE]
BluetoothAuthenticationAgent=bthprops.cpl [2004-08-04 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE=C:\WINDOWS\system32\CTFMON.EXE [2004-08-04 15360]

C:\Dokumente und Einstellungen\lukas\Startmen\Programme\Autostart\
Microsoft Office OneNote 2003 Schnellstart.lnk - C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-17 59080]
PowerReg Scheduler.exe [2007-03-02 256000]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
VPN Client.lnk - C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2008-02-14 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
AntiVirusDisableNotify=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
DisableMonitoring=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
DisableMonitoring=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
EnableFirewall= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
%windir%\\system32\\sessmgr.exe=
C:\\Programme\\Messenger\\msmsgs.exe=
%windir%\\Network Diagnostic\\xpnetdiag.exe=
C:\\Programme\\MSN Messenger\\msnmsgr.exe=
C:\\Programme\\MSN Messenger\\livecall.exe=
C:\\Programme\\Bonjour\\mDNSResponder.exe=
C:\\Programme\\iTunes\\iTunes.exe=

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-01-08 10240]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-07-28 160792]
S3 AVMUNET;Eumex 300 IP;C:\WINDOWS\system32\DRIVERS\avmunet.sys [2005-03-02 15104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d85f1ce4-0ef8-11dc-b761-ddb23f77d504}]
\Shell\AutoRun\command - E:\preinst.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3f451b0-0eed-11dc-b760-0013ce9464e2}]
\Shell\AutoRun\command - E:\preinst.exe

*Newly Created Service* - PROCEXP90
.
Inhalt des geplante Tasks Ordners

2008-08-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-08-22 C:\WINDOWS\Tasks\Norton AntiVirus - Meinen Computer prüfen - lukas.job
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.EXE [2006-01-18 14:26]

2008-10-16 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Programme\Symantec\LiveUpdate\NDETECT.EXE [2004-08-24 11:32]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-Loader - C:\WINDOWS\System\loader.exe
HKLM-Run-My Web Search Bar Search Scope Monitor - C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
HKLM-Run-lphcn1fj0e383 - C:\WINDOWS\system32\lphcn1fj0e383.exe


.
------- Zusätzlicher Suchlauf -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.de/
R1 -: HKCU-Internet Settings,ProxyOverride = eumex.ip;*.local
O8 -: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk762YYDE
O8 -: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 -: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 -: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 -: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 -: in/mit BitSpirit runterladen - C:\Programme\BitSpirit\bsurl.htm
O8 -: Nach Microsoft &Excel exportieren - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: ÓñÈÌؾ«ÁéÏÂÔØ(&B)

O16 -: RaptisoftGameLoader - hxxp://www.miniclip.com/haphazard/raptisoftgameloader.cab
C:\WINDOWS\Downloaded Program Files\OSD1479.OSD
C:\WINDOWS\Downloaded Program Files\RSGameLoader.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 11:54:09
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...


C:\DOKUME~1\lukas\LOKALE~1\Temp\RGI92.tmp 7116 bytes

Scan erfolgreich abgeschlossen
versteckte Dateien: 1

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

Prozess: C:\WINDOWS\Explorer.EXE
-> C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoestb.dll
.
Zeit der Fertigstellung: 2008-10-16 11:57:08
ComboFix-quarantined-files.txt 2008-10-16 09:56:41

Vor Suchlauf: 25 Verzeichnis(se), 19.125.956.608 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 20,276,912,128 Bytes frei

294 --- E O F --- 2008-10-16 07:21:12

Norton AntiVirus Auto-Protect-Dienst, navapsvc, C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe [Symantec Corporation]

Zum Vergrößern anklicken....

Warum hast Du Antivir und das auf dem Rechner??

MfG Nick

ja vorher neu starten.

Hallo,
Norton Internet Security ist alt und nicht mehr aktuell, deshalb hab ich AntiVir dazugenommen, weil das umsonst ist. Ich war mir aber nicht sicher, ob AntiVir alleine ausreichend ist, deshalb hab ich das vorinstallierte Norton noch drauf gelassen.

Hier der Log von sdfix:

SDFix: Version 1.235
Run by lukas on 16.10.2008 at 13:42

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 13:57:31
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001060a7ac76]
000e0775f4be=hex:bb,b4,4b,53,af,ad,43,63,2b,8d,12,b9,d4,13,d2,98
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060a7ac76]
0016b8532c85=hex:44,3b,f4,41,38,95,bd,23,7f,0f,87,e8,bb,6e,7a,48
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060a7ac76]
0016b8532c85=hex:44,3b,f4,41,38,95,bd,23,7f,0f,87,e8,bb,6e,7a,48

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\\system32\\sessmgr.exe=%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019
C:\\Programme\\Messenger\\msmsgs.exe=C:\\Programme\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger
%windir%\\Network Diagnostic\\xpnetdiag.exe=%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000
C:\\Programme\\MSN Messenger\\msnmsgr.exe=C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
C:\\Programme\\MSN Messenger\\livecall.exe=C:\\Programme\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
C:\\Programme\\Bonjour\\mDNSResponder.exe=C:\\Programme\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour
C:\\Programme\\iTunes\\iTunes.exe=C:\\Programme\\iTunes\\iTunes.exe:*:Enabled:iTunes

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\\system32\\sessmgr.exe=%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019
%windir%\\Network Diagnostic\\xpnetdiag.exe=%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000
C:\\Programme\\MSN Messenger\\msnmsgr.exe=C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
C:\\Programme\\MSN Messenger\\livecall.exe=C:\\Programme\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

Remaining Files :



Files with Hidden Attributes :

Sun 21 Jan 2007 4,348 A.SH. --- C:\Dokumente und Einstellungen\All Users\DRM\DRMv1.bak
Mon 4 Oct 2004 417,792 A..H. --- C:\Programme\Canon\Canon Setup Utility 2.0\Maint.exe
Thu 27 May 2004 61,440 A..H. --- C:\Programme\Canon\Canon Setup Utility 2.0\uinstrsc.dll
Sun 11 Feb 2007 0 A.SH. --- C:\Dokumente und Einstellungen\All Users\DRM\Cache\Indiv01.tmp
Mon 26 Feb 2007 19,456 ...H. --- C:\Dokumente und Einstellungen\lukas\Anwendungsdaten\Microsoft\Word\~WRL1994.tmp
Mon 26 Feb 2007 19,456 ...H. --- C:\Dokumente und Einstellungen\lukas\Anwendungsdaten\Microsoft\Word\~WRL2406.tmp
Mon 26 Feb 2007 69,632 ...H. --- C:\Dokumente und Einstellungen\lukas\Anwendungsdaten\Microsoft\Word\~WRL2449.tmp
Mon 26 Feb 2007 19,456 ...H. --- C:\Dokumente und Einstellungen\lukas\Anwendungsdaten\Microsoft\Word\~WRL3397.tmp
Mon 26 Feb 2007 70,144 ...H. --- C:\Dokumente und Einstellungen\lukas\Eigene Dateien\Dokumente\Stockhausen-Gesang der J￾nglinge\~WRL0002.tmp
Sat 24 Feb 2007 23,040 ...H. --- C:\Dokumente und Einstellungen\lukas\Eigene Dateien\Dokumente\Stockhausen-Gesang der J￾nglinge\~WRL0004.tmp
Mon 26 Feb 2007 68,096 ...H. --- C:\Dokumente und Einstellungen\lukas\Eigene Dateien\Dokumente\Stockhausen-Gesang der J￾nglinge\~WRL1265.tmp
Mon 26 Feb 2007 71,680 ...H. --- C:\Dokumente und Einstellungen\lukas\Eigene Dateien\Dokumente\Stockhausen-Gesang der J￾nglinge\~WRL3942.tmp
Tue 27 Jan 2004 78,848 A..H. --- C:\Dokumente und Einstellungen\lukas\Eigene Dateien\Dokumente\Dokumente vom Weilheimer PC\Lukas-Dok\~WRL0209.tmp

Finished!

lg, miukaru

Hi Auf ein neues!

Hatte Probleme mit dem ComboFix, weil nachdem er mein System neu gestartet hat, sind auch die Antiviren-Programme wieder aktiviert worden, und dieses blöde Norton AntiVirus hat Combofix als bösartiges script geblockt, und sich dann leider selbst aufgehängt. Kann/Soll ich Norton vielleicht deinstallieren?
Naja, hab aber dann letzendlich doch noch ComboFix zum Ende gebracht..hier ist der Log:

ComboFix 08-10-15.06 - lukas 2008-10-17 11:14:56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.522 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\lukas\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: C:\Dokumente und Einstellungen\lukas\Desktop\cfscript.txt
* Neuer Wiederherstellungspunkt wurde erstellt

FILE ::
C:\WINDOWS\CeEKey.INI
C:\WINDOWS\system32\drivers\pctfw2.sys
C:\WINDOWS\TPTray.INI
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\CeEKey.INI
C:\WINDOWS\system32\drivers\pctfw2.sys
C:\WINDOWS\TPTray.INI

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PCTFW2
-------\Service_pctfw2


((((((((((((((((((((((( Dateien erstellt von 2008-09-17 bis 2008-10-17 ))))))))))))))))))))))))))))))
.

2008-10-16 13:36 . 2008-10-16 13:36 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-16 13:24 . 2008-10-12 21:22 <DIR> d-------- C:\SDFix
2008-10-16 13:05 . 2008-10-16 13:05 40,332 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-10-16 02:20 . 2008-10-16 02:20 244 --ah----- C:\sqmnoopt17.sqm
2008-10-16 02:20 . 2008-10-16 02:20 232 --ah----- C:\sqmdata17.sqm
2008-10-15 13:08 . 2008-10-15 13:08 <DIR> d-------- C:\7473d5f0d1aca7778cff66f629
2008-10-15 12:27 . 2008-10-17 09:45 <DIR> d-------- C:\Programme\Spyware Doctor
2008-10-15 12:27 . 2008-10-15 12:29 <DIR> d-------- C:\Programme\Gemeinsame Dateien\PC Tools
2008-10-15 12:27 . 2008-10-15 12:27 <DIR> d-------- C:\Dokumente und Einstellungen\lukas\Anwendungsdaten\PC Tools
2008-10-15 12:27 . 2008-10-17 11:24 <DIR> d-a------ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-10-15 12:27 . 2008-10-15 12:27 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
2008-10-15 12:27 . 2008-08-25 12:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-10-15 12:27 . 2008-08-25 12:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-10-15 12:27 . 2008-08-25 12:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-10-15 12:27 . 2008-06-02 16:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-10-08 22:57 . 2008-10-14 10:10 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-29 20:56 . 2008-09-29 20:56 <DIR> d-------- C:\Programme\iTunes
2008-09-29 20:56 . 2008-09-29 20:56 <DIR> d-------- C:\Programme\iPod
2008-09-29 20:56 . 2008-09-29 20:56 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-29 20:54 . 2008-09-29 20:54 <DIR> d-------- C:\Programme\Bonjour
2008-09-29 20:53 . 2008-09-29 20:53 <DIR> d-------- C:\Programme\QuickTime
2008-09-18 16:45 . 2008-09-18 16:45 <DIR> d-------- C:\b4c85086ef1690445fc40af11b

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 10:43 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
2008-10-15 09:13 --------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared
2008-10-13 10:10 --------- d-----w C:\Programme\TGeb
2008-09-21 14:08 --------- d-----w C:\Programme\DivX
2008-09-15 15:37 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys
2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 10:19 5,632 --sha-w C:\Programme\Thumbs.db
2008-08-26 08:57 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-08-26 08:57 --------- d-----w C:\Programme\Playboy - The Mansion
2008-08-26 08:36 --------- d-----w C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\AdobeUM
2008-08-26 07:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-17 12:45 --------- d-----w C:\Programme\Apple Software Update
2008-08-17 12:01 --------- d-----w C:\Programme\Safari
2008-08-14 13:42 2,182,656 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:42 2,060,032 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-12 23:14 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
.

((((((((((((((((((((((((((((( snapshot@2008-10-16_11.55.56,10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
+ 2008-08-07 14:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-10-16 11:37:07 6,189,056 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-10-16 11:37:07 151,552 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 14:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-10-16 11:36:43 6,189,056 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-10-16 11:36:44 151,552 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2008-03-20 08:03:19 1,845,376 -c----w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-09-15 15:37:15 1,846,144 -c----w C:\WINDOWS\system32\dllcache\win32k.sys
- 2008-08-26 10:16:27 183,424 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-17 07:44:01 183,424 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-11-30 11:18:34 18,808 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:14 18,808 ------w C:\WINDOWS\system32\spmsg.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
TOSCDSPD=C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe [2005-04-12 65536]
NBJ=C:\Programme\Ahead\Nero BackItUp\NBJ.exe [2005-01-04 1937408]
SsAAD.exe=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [2006-11-02 472632]
Konni Symbol Autostart=C:\Programme\RagTime Privat\Konni\KonniSymbol.exe [2003-02-06 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
HotKeysCmds=C:\WINDOWS\system32\hkcmd.exe [2004-11-02 126976]
Apoint=C:\Programme\Apoint2K\Apoint.exe [2004-03-24 196608]
Tvs=C:\Programme\TOSHIBA\Tvs\TvsTray.exe [2005-04-05 73728]
CeEKEY=C:\Programme\TOSHIBA\E-KEY\CeEKey.exe [2005-05-10 675840]
TPNF=C:\Programme\TOSHIBA\TouchPad\TPTray.exe [2004-11-29 53248]
TOSHIBA Accessibility=C:\Programme\TOSHIBA\Accessibility\FnKeyHook.exe [2004-04-30 24576]
HWSetup=C:\Programme\TOSHIBA\TOSHIBA Applet\HWSetup.exe [2004-04-30 28672]
SVPWUTIL=C:\Programme\Toshiba\Windows Utilities\SVPWUTIL.exe [2005-02-25 65536]
SmoothView=C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe [2005-05-18 118784]
PadTouch=C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe [2004-11-17 1077327]
dla=C:\WINDOWS\system32\dla\tfswctrl.exe [2005-01-14 122939]
ccApp=C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe [2005-08-04 58992]
ATIPTA=C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-22 339968]
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
IMJPMIG8.1=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
MSPY2002=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
Symantec NetDriver Monitor=C:\PROGRA~1\SYMNET~1\SNDMon.exe [2006-04-10 100056]
Sony Ericsson PC Suite=C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
Easy-PrintToolBox=C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
WinampAgent=C:\Programme\Winamp\winampa.exe [2006-11-21 35328]
avgnt=C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-19 266497]
SunJavaUpdateSched=C:\Programme\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
QuickTime Task=C:\Programme\QuickTime\qttask.exe [2008-09-06 413696]
AppleSyncNotifier=C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
iTunesHelper=C:\Programme\iTunes\iTunesHelper.exe [2008-09-10 289576]
ISTray=C:\Programme\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]
AGRSMMSG=AGRSMMSG.exe [2004-12-22 C:\WINDOWS\agrsmmsg.exe]
Zooming=ZoomingHook.exe [2004-07-14 C:\WINDOWS\system32\ZoomingHook.exe]
TCtryIOHook=TCtrlIOHook.exe [2005-03-30 C:\WINDOWS\system32\TCtrlIOHook.exe]
TPSMain=TPSMain.exe [2005-01-21 C:\WINDOWS\system32\TPSMain.exe]
TFncKy=TFncKy.exe [BU]
NDSTray.exe=NDSTray.exe [BU]
CFSServ.exe=CFSServ.exe [BU]
Logitech Utility=Logi_MwX.Exe [2003-12-17 C:\WINDOWS\LOGI_MWX.EXE]
BluetoothAuthenticationAgent=bthprops.cpl [2004-08-04 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE=C:\WINDOWS\system32\CTFMON.EXE [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
AntiVirusDisableNotify=dword:00000001
FirewallDisableNotify=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
DisableMonitoring=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
DisableMonitoring=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
EnableFirewall= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
%windir%\\system32\\sessmgr.exe=
C:\\Programme\\Messenger\\msmsgs.exe=
%windir%\\Network Diagnostic\\xpnetdiag.exe=
C:\\Programme\\MSN Messenger\\msnmsgr.exe=
C:\\Programme\\MSN Messenger\\livecall.exe=
C:\\Programme\\Bonjour\\mDNSResponder.exe=
C:\\Programme\\iTunes\\iTunes.exe=

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-01-08 10240]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-07-28 160792]
S3 AVMUNET;Eumex 300 IP;C:\WINDOWS\system32\DRIVERS\avmunet.sys [2005-03-02 15104]

*Newly Created Service* - PCTFW2
.
Inhalt des geplante Tasks Ordners

2008-08-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-08-22 C:\WINDOWS\Tasks\Norton AntiVirus - Meinen Computer prüfen - lukas.job
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.EXE [2006-01-18 14:26]

2008-10-16 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Programme\Symantec\LiveUpdate\NDETECT.EXE [2004-08-24 11:32]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-17 11:23:21
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Weitere laufende Prozesse ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPROXY.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCSETMGR.EXE
C:\Programme\Norton Internet Security\ISSVC.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCEVTMGR.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programme\Spyware Doctor\pctsAuxs.exe
C:\Programme\Apoint2K\ApntEx.exe
C:\Programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programme\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Spyware Doctor\pctsSvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-10-17 12:17:24 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2008-10-17 10:17:17
ComboFix2.txt 2008-10-16 09:57:09

Vor Suchlauf: 26 Verzeichnis(se), 19.887.144.960 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 20,051,357,696 Bytes frei

221 --- E O F --- 2008-10-17 06:58:36

Deinstalliere alles von Norton und mach mit Malwarebytes weiter.

mbam - log (Teil1):

Malwarebytes' Anti-Malware 1.29
Datenbank Version: 1276
Windows 5.1.2600 Service Pack 2

17.10.2008 15:07:12
mbam-log-2008-10-17 (15-07-12).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 128190
Laufzeit: 1 hour(s), 2 minute(s), 6 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 100
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 74

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
[br][br]Erstellt am: 17.10.08 um 15:14:55

---

[br]Teil2:

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Programme\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\Internet Explorer\msimg32.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\bar\1.bin\F3BROVLY.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\bar\1.bin\F3SHLLVW.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\bar\1.bin\M3HTML.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\bar\1.bin\M3MSG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP409\A0059403.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP409\A0059416.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP411\A0059465.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP411\A0059485.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP412\A0059512.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP416\A0061461.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063449.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063450.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063451.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063452.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063453.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063454.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063455.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063456.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063457.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063458.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063459.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063460.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063461.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063462.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063463.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063464.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063467.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063468.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063469.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063471.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063472.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063473.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063474.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063475.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063476.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063477.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063478.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063479.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063480.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063481.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063489.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063491.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{42631A45-1861-433D-93CE-320070467497}\RP421\A0063466.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Wie schaut´s eigentlich aus mit meinem System-ist das voller Viren? Ich habe das Gefühl, daß einige Sachen jetzt schon schneller und besser funktionieren!
lg

wir nähern uns einem normalzustand

bitte von der seite mit den anleitungen kaspersky onlinescan machen, log posten.

..dann bin ich ja froh

hier der kasp-log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, October 18, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, October 18, 2008 07:38:53
Records in database: 1320399
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 119185
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:52:28


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\svchost.exe.vir Infected: Trojan-Downloader.Win32.Small.ackc 1

The selected area was scanned.

Nur ein Fund-das ist gut, oder?
lg, m

wer bezahlt mir jetzt eine neue ratsche für mein mausrad, miukaru.....?

...ich hab mich auch schon gewundert, wann wohl die neue Seite anfangen wird

wenn ihr hier durch seid, muss der aber'n paar jahre sauber bleiben.....
haste schon mal dein sicherungskonzept überdacht? zeit genug war ja inzwischen.....

..ich kenn mich wirklich nicht gut aus, wollt das aber noch besprechen, wenn wir hier fertig sind
hab vorerst nur alle Sicherheitsstufen in den Internetoptionen auf höchste Stufe gestellt und werd jetzt immer gefragt, welche cookies ich zulasse usw.
Aber ich bin sehr froh über alle Tips! Reicht eigentlich AntiVir oder brauche ich noch was zusätzlich (firewall?)
lg, m

Ein Router und durchdachtes Klickverhalten wären sehr gut.
Und schau doch mal, ob Dir NOD32 nicht gefällt:
https://www.eset.de/download