Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » Shut down Windows

[Fixed] Hijackthis! Logs - Shut down Windows posted in the Security & Safety forums; I'm sorry if there is any Thread like this, but I'm new. I' ve a problem in shutting down my system (XP). I have to conclude immediately otherwise my PC ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 2 1 2 >
  #1  
Old 12-27-2007
vermilion_varn's Avatar
Bronze Member
  
Join Date: Dec 2007
Posts: 5
PC Experience: Some Experience
vermilion_varn - See this Members User comments on their Profile page
Default Shut down Windows
I'm sorry if there is any Thread like this, but I'm new.

I' ve a problem in shutting down my system (XP).
I have to conclude immediately otherwise my PC is doing nothing.

Cowburn199 - Moved to HiJackThis! Log forum

I do have a copy of a hijack-data.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00:35, on 27.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AceGain\LiveUpdate\LiveUpdate.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\messenger\msmsgs.exe
C:\Programme\Xfire\Xfire.exe
C:\Programme\AceGain\LiveUpdate\aceagent.exe
C:\Programme\AntiVir PersonalEdition Premium\sched.exe
C:\Programme\AntiVir PersonalEdition Premium\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\AntiVir PersonalEdition Premium\avmailc.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ICQ.com Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Programme\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [roam slow curb balm] C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Bait cake roam slow\Copy multi.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [KIND POP] C:\DOKUME~1\MNEB54~1.MN-\ANWEND~1\AXISLESS\DEFAULT THIRD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1129449380796
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard Hilfsdienst (AVEService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOKUME~1/MNEB54~1.MN-/LOKALE~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 9287 bytes


Please help me.
THX.


Last edited by Cowburn199; 12-27-2007 at 06:04 PM.
  #2  
Old 12-28-2007
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 2,534
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Shut down Windows
Download NoLop.exe to your desktop from

http://www.greyknight17.com/spy/NoLop.exe

Close any other programs you have running as this will require a reboot.
Double-click NoLop.exe to run it.
Now click the button labeled Search and Destroy.
When scanning is finished you will be prompted to reboot only if infected. Click OK.
Now click the Reboot button. A message should pop up from NoLop. If not, double-click the program again and it will finish.
Post the contents of C:\NoLop.log here.

If you receive an error mscomctl.ocx or one of its dependencies are not correctly registered, then download the mscomctl.ocx file from http://www.boletrice.com/downloads/mscomctl.ocx to your system32 folder and then rerun the NoLop.

==========================

This will help to identify malware on your system.
Please download Combofix from any of these locations:

Here
or
Here
Save ComboFix to the desktop and please ensure that you disable realtime security/virus programs that monitors your PC while CF is running.
1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Copy and Paste the contents of that log in your next reply with a new hijackthis log. Do not use Code or html unless asked for.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
Caution...Never run and remove files using ComboFix without being supervised by a security analyst.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #3  
Old 12-30-2007
vermilion_varn's Avatar
Bronze Member
  
Join Date: Dec 2007
Posts: 5
PC Experience: Some Experience
vermilion_varn - See this Members User comments on their Profile page
Default Re: Shut down Windows
I ran the program and I got an infection first.
I clicked on reboot and next time there was no infection any more.

Here the editor data (I think this is the data you like to see, if not just answear me):

NoLop! Log by Skate_Punk_21

Fix running from: C:\Dokumente und Einstellungen\mn.MN-V73NRZTU2I9P\Desktop
[29.12.2007]
[17:24:26]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\AD73E75691849B16.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Dokumente und Einstellungen\Mn\Application Data\Microsoft
C:\Dokumente und Einstellungen\Mn.mn-v73nrztu2i9p\Application Data\Microsoft
  #4  
Old 12-30-2007
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 2,534
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Shut down Windows
So I take it you dont want run Combofix and carry on and clean the rest of the infection out....??


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #5  
Old 12-31-2007
vermilion_varn's Avatar
Bronze Member
  
Join Date: Dec 2007
Posts: 5
PC Experience: Some Experience
vermilion_varn - See this Members User comments on their Profile page
Default Re: Shut down Windows
Sorry, I didnt get the point.
I will get Combofix and try to abolish the infection, I need one day.
  #6  
Old 01-01-2008
vermilion_varn's Avatar
Bronze Member
  
Join Date: Dec 2007
Posts: 5
PC Experience: Some Experience
vermilion_varn - See this Members User comments on their Profile page
Default Re: Shut down Windows
Ok, I don't know what you exactly mean and which data or log.

There is an editor data from combofix (long):

ComboFix 07-12-31.4 - mn 2008-01-01 8:04:53.2 - NTFSx86
ausgeführt von:: C:\Dokumente und Einstellungen\mn.MN-V73NRZTU2I9P\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\_install.exe nicht gefunden
.
---- Previous Run -------
.
C:\_install.exe nicht gefunden
C:\Programme\FunWebProducts
C:\Programme\FunWebProducts\ScreenSaver\Images\00123D01.urr
C:\Programme\FunWebProducts\Shared\00127D08.dat
C:\Programme\FunWebProducts\Shared\004E6AF3.dat
C:\Programme\FunWebProducts\Shared\Cache\CursorMan iaBtn.html
C:\Programme\FunWebProducts\Shared\Cache\FunBuddyI conBtn.html
C:\Programme\FunWebProducts\Shared\Cache\MailStamp Btn.htmlx
C:\Programme\FunWebProducts\Shared\Cache\MyStation eryBtn.html
C:\Programme\FunWebProducts\Shared\Cache\SmileyCen tralBtn.html
C:\Programme\instant access
C:\Programme\instant access\Center\Icons\NoCreditCard.url
C:\Programme\instant access\Center\Icons\SexyGirl.lnk
C:\Programme\instant access\DesktopIcons\NoCreditCard.url
C:\Programme\instant access\Dialer\9059674917\Common\hits.php
C:\Programme\instant access\Dialer\9059674917\Common\module.php
C:\Programme\instant access\Dialer\9059674917\Common\show_module.php
C:\Programme\instant access\Dialer\9059674917\ExitTraffic\exit.php
C:\Programme\instant access\Dialer\9059674917\img\button1.bmp
C:\Programme\instant access\Dialer\9059674917\img\dialer.ico
C:\Programme\instant access\Dialer\9059674917\img\fondo_01.bmp
C:\Programme\instant access\Dialer\9059674917\img\hits_img.bmp
C:\Programme\instant access\Dialer\9059674917\img\index_01.bmp
C:\Programme\instant access\Dialer\9059674917\img\index_02.bmp
C:\Programme\instant access\Dialer\9059674917\img\index_03.bmp
C:\Programme\instant access\Dialer\9059674917\img\index_04.bmp
C:\Programme\instant access\Dialer\9059674917\img\index_07.bmp
C:\Programme\instant access\Dialer\9059674917\img\index_08.bmp
C:\Programme\instant access\Dialer\9059674917\img\index_09.bmp
C:\Programme\instant access\Dialer\9059674917\index.htm
C:\Programme\instant access\Dialer\9059674917\mainframe.php
C:\Programme\instant access\NoCreditCard.ico
C:\Programme\instant access\P2E\2146500520\Common\hits.php
C:\Programme\instant access\P2E\2146500520\Common\module.php
C:\Programme\instant access\P2E\2146500520\Common\show_module.php
C:\Programme\instant access\P2E\2146500520\ExitTraffic\exit.php
C:\Programme\instant access\P2E\2146500520\img\hits_img.bmp
C:\Programme\instant access\P2E\2146500520\img\p2e.ico
C:\Programme\instant access\P2E\2146500520\img\p2e_1_2.bmp
C:\Programme\instant access\P2E\2146500520\img\p2e_2_2.bmp
C:\Programme\instant access\P2E\2146500520\img\p2e_go_2.bmp
C:\Programme\instant access\P2E\2146500520\img\p2e_logo_2.bmp
C:\Programme\instant access\P2E\3160037039\Common\hits.php
C:\Programme\instant access\P2E\3160037039\Common\module.php
C:\Programme\instant access\P2E\3160037039\Common\show_module.php
C:\Programme\instant access\P2E\3160037039\ExitTraffic\exit.php
C:\Programme\instant access\P2E\3160037039\img\hits_img.bmp
C:\Programme\instant access\P2E\3160037039\img\p2e.ico
C:\Programme\instant access\P2E\3160037039\img\p2e_1_2.bmp
C:\Programme\instant access\P2E\3160037039\img\p2e_2_2.bmp
C:\Programme\instant access\P2E\3160037039\img\p2e_go_2.bmp
C:\Programme\instant access\P2E\3160037039\img\p2e_logo_2.bmp
C:\Programme\instant access\P2E\7652363497\Common\hits.php
C:\Programme\instant access\P2E\7652363497\Common\module.php
C:\Programme\instant access\P2E\7652363497\Common\show_module.php
C:\Programme\instant access\P2E\7652363497\ExitTraffic\exit.php
C:\Programme\instant access\P2E\7652363497\img\hits_img.bmp
C:\Programme\instant access\P2E\7652363497\img\p2e.ico
C:\Programme\instant access\P2E\7652363497\img\p2e_1_2.bmp
C:\Programme\instant access\P2E\7652363497\img\p2e_2_2.bmp
C:\Programme\instant access\P2E\7652363497\img\p2e_go_2.bmp
C:\Programme\instant access\P2E\7652363497\img\p2e_logo_2.bmp
C:\Programme\instant access\P2E\8939409544\Common\hits.php
C:\Programme\instant access\P2E\8939409544\Common\module.php
C:\Programme\instant access\P2E\8939409544\Common\show_module.php
C:\Programme\instant access\P2E\8939409544\ExitTraffic\exit.php
C:\Programme\instant access\P2E\8939409544\img\hits_img.bmp
C:\Programme\instant access\P2E\8939409544\img\index_01.bmp
C:\Programme\instant access\P2E\8939409544\img\index_02.bmp
C:\Programme\instant access\P2E\8939409544\img\index_03.bmp
C:\Programme\instant access\P2E\8939409544\img\index_05.bmp
C:\Programme\instant access\P2E\8939409544\img\p2e_logo_2.bmp
C:\Programme\instant access\P2E\8939409544\index.htm
C:\Programme\instant access\Thumbs.db
C:\Programme\MyWebSearch
C:\Programme\MyWebSearch\bar\Cache\00013C29
C:\Programme\MyWebSearch\bar\Cache\002D5DA5
C:\Programme\MyWebSearch\bar\Cache\004D5240.bin
C:\Programme\MyWebSearch\bar\Cache\004D559B.bin
C:\Programme\MyWebSearch\bar\Cache\004D5731.bin
C:\Programme\MyWebSearch\bar\Cache\0065A03C.bin
C:\Programme\MyWebSearch\bar\Cache\0065A29D.bin
C:\Programme\MyWebSearch\bar\Cache\00D3C2F0.bin
C:\Programme\MyWebSearch\bar\Cache\00FD8D1E.bin
C:\Programme\MyWebSearch\bar\Cache\00FD8F70.bin
C:\Programme\MyWebSearch\bar\Cache\00FD922F.bin
C:\Programme\MyWebSearch\bar\Cache\files.ini
C:\Programme\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Programme\MyWebSearch\bar\Game\CHESS.F3S
C:\Programme\MyWebSearch\bar\Game\REVERSI.F3S
C:\Programme\MyWebSearch\bar\History\search
C:\Programme\MyWebSearch\bar\Settings\prevcfg.htm
C:\Programme\MyWebSearch\bar\Settings\s_pid.dat
C:\Programme\MyWebSearch\bar\Settings\settings.dat
C:\Programme\MyWebSearch\bar\Settings\settings.htm

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF




((((((((((((((((((((((( Dateien erstellt von 2007-12-01 bis 2008-01-01 ))))))))))))))))))))))))))))))
.

2008-01-01 07:50 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-31 16:54 . 2007-12-31 16:54 <DIR> d----c--- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software
2007-12-31 16:48 . 2005-06-25 16:43 <DIR> d--h-c--- C:\Dokumente und Einstellungen\Administrator\Vorlagen
2007-12-31 16:48 . 2005-06-25 17:35 <DIR> dr---c--- C:\Dokumente und Einstellungen\Administrator\Startmenü
2007-12-31 16:48 . 2005-06-25 17:35 <DIR> d--h-c--- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung
2007-12-31 16:48 . 2005-06-25 17:35 <DIR> d--h-c--- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen
2007-12-31 16:48 . 2005-06-25 17:35 <DIR> d----c--- C:\Dokumente und Einstellungen\Administrator\Favoriten
2007-12-31 16:48 . 2005-06-25 17:35 <DIR> d--h-c--- C:\Dokumente und Einstellungen\Administrator\Druckumgebung
2007-12-31 16:48 . 2005-06-25 17:35 <DIR> dr-h-c--- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten
2007-12-31 16:35 . 2003-09-25 14:31 42,143 --a--c--- C:\AWFL826B.EXE
2007-12-31 16:17 . 2004-05-20 10:11 172,032 --a------ C:\WINDOWS\system32\nvuide.exe
2007-12-29 17:42 . 2007-12-29 17:42 106 --a--c--- C:\delete.bat
2007-12-29 17:26 . 2007-12-29 17:28 <DIR> d----c--- C:\NoLopBackups
2007-12-29 17:03 . 2007-12-29 17:03 <DIR> d-------- C:\Programme\MSI
2007-12-29 16:54 . 2007-12-29 16:54 <DIR> d-------- C:\Programme\Avira
2007-12-29 16:54 . 2007-12-29 16:54 <DIR> d-------- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Avira
2007-12-29 16:42 . 2006-05-12 08:26 208,896 -ra------ C:\WINDOWS\system32\nvusmb.exe
2007-12-29 16:42 . 2006-05-12 15:26 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-12-29 16:42 . 2006-02-20 06:00 1,864 -ra------ C:\WINDOWS\system32\nvsmb.nvu
2007-12-29 16:40 . 2007-12-29 16:40 <DIR> d-------- C:\Programme\DIFX
2007-12-29 16:35 . 2006-02-26 22:46 81,408 -ra------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
2007-12-27 16:48 . 2007-12-27 16:48 <DIR> d-------- C:\Programme\Trend Micro
2007-12-27 16:46 . 2007-12-27 16:46 <DIR> d-------- C:\Programme\AXISLESS
2007-12-22 17:27 . 2007-12-22 17:27 66,936 --ahs---- C:\WINDOWS\dlinfo_0.drv
2007-12-19 19:47 . 2007-12-19 19:47 <DIR> d-------- C:\Dokumente und Einstellungen\NetworkService.NT-AUTORITÄT.000\Anwendungsdaten\AXISLESS
2007-12-17 19:37 . 2007-12-27 16:46 <DIR> d-------- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Bait cake roam slow
2007-12-17 19:35 . 2007-12-29 17:19 <DIR> d-------- C:\Dokumente und Einstellungen\mn.MN-V73NRZTU2I9P\Anwendungsdaten\AXISLESS
2007-12-02 13:03 . 2007-12-02 13:03 <DIR> d-------- C:\Programme\Windows Live Favorites

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))) ))))
.
2008-01-01 06:58 --------- d-----w C:\Dokumente und Einstellungen\mn.MN-V73NRZTU2I9P\Anwendungsdaten\Xfire
2008-01-01 06:15 --------- d-----w C:\Dokumente und Einstellungen\mn.MN-V73NRZTU2I9P\Anwendungsdaten\Skype
2007-12-29 16:19 --------- d-----w C:\Programme\Warcraft 3
2007-12-22 12:17 --------- d-s---w C:\Programme\Xfire
2007-12-17 19:14 --------- d-----w C:\Programme\TuneUp Utilities 2007
2007-12-17 18:34 --------- d-----w C:\Programme\MSN Messenger
2007-12-17 18:34 --------- d-----w C:\Programme\Messenger Plus! Live
2007-12-10 20:07 --------- d-----w C:\Programme\Might and Magic VI
2007-12-02 12:03 --------- d-----w C:\Programme\Windows Live Toolbar
2007-11-24 16:31 --------- d-----w C:\Programme\WC3Banlist
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:42 1,293,312 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2006-12-03 15:18 144,198 ----a-w C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\firstlsp.reg.dat
2005-11-22 13:33 17,928 ----a-w C:\Dokumente und Einstellungen\mn.MN-V73NRZTU2I9P\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2005-07-02 18:30 774,144 ----a-w C:\Programme\RngInterstitial.dll
2004-07-22 08:51 3,432,656 ----a-w C:\Programme\ManagedDX.CAB
2004-07-19 20:58 1,156,363 ----a-w C:\Programme\BDANT.cab
2004-07-19 20:53 976,020 ----a-w C:\Programme\BDAXP.cab
2004-07-16 12:30 3,858 ----a-w C:\Programme\directx redist.txt
2004-07-09 12:17 13,265,040 ----a-w C:\Programme\dxnt.cab
2004-07-09 07:13 703,080 ----a-w C:\Programme\BDA.cab
2004-07-09 07:13 15,493,481 ----a-w C:\Programme\DirectX.cab
2004-07-09 02:08 472,576 ----a-w C:\Programme\dxsetup.exe
2004-07-09 02:08 2,242,560 ----a-w C:\Programme\dsetup32.dll
2004-07-09 01:03 62,976 ----a-w C:\Programme\DSETUP.dll
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:57 15360]
"KIND POP"="C:\DOKUME~1\MNEB54~1.MN-\ANWEND~1\AXISLESS\DEFAULT THIRD.exe" [2007-12-27 16:46 426496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AceGain LiveUpdate"="C:\Programme\AceGain\LiveUpdate\LiveU pdate.exe" [2004-01-01 02:12 417792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-09 20:06 7311360]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2005-12-09 20:06 86016]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_0 3\bin\jusched.exe" [2007-09-25 00:11 132496]
"roam slow curb balm"="C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Bait cake roam slow\Copy multi.exe" [2008-01-01 07:59 2364416]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-29 16:57 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:57 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Logite ch Desktop Messenger.lnk]
path=C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\Logite ch Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-23 20:33 57344 --a------ C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 02:06 40048 --a------ C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVK Mail Checker]
2004-10-07 14:04 364544 --a------ C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Programme\SlySoft\CloneCD\CloneCDTray.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Programme\DAEMON Tools\daemon.exe -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GIGA F-Tasten]
2005-07-24 13:12 627712 --a------ C:\Programme\GIGA F-Tasten\GIGA F-Tasten.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-06-28 08:14 270648 --a------ C:\Programme\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 --a------ C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\razer]
2005-09-06 10:52 155648 --a------ C:\Programme\Razer\Copperhead\razerhid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 20:24 32768 --a------ C:\Programme\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\roam slow curb balm]
C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Bait cake roam slow\ATOM EQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Programme\Skype\Phone\Skype.exe /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\autoplay.exe

.
Inhalt des "geplante Tasks" Ordners
"2007-12-28 16:15:00 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-07-11 12:33:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programme\Apple Software Update\SoftwareUpdate.exe
"2008-01-01 06:59:14 C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job"
- C:\Programme\Windows Live Toolbar\MSNTBUP.EXE
.
************************************************** ************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 08:06:07
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

************************************************** ************************
.
Zeit der Fertigstellung: 2008-01-01 8:06:53
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-01 07:06:36
.
2007-12-11 19:56:37 --- E O F ---



(((((((>>>>>>>>>>>>>>>>><<<<<<<<<<<

And here the new hijackthislog:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:18:44, on 01.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\AceGain\LiveUpdate\LiveUpdate.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\AceGain\LiveUpdate\aceagent.exe
C:\WINDOWS\explorer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = freenet.de - DSL Internet E-Mail Nachrichten Chat Shopping und alle aktuellen Themen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Programme\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [roam slow curb balm] C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Bait cake roam slow\Copy multi.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KIND POP] C:\DOKUME~1\MNEB54~1.MN-\ANWEND~1\AXISLESS\DEFAULT THIRD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - Add to Windows Live Favorites
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1129449380796
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOKUME~1/MNEB54~1.MN-/LOKALE~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 8101 bytes


I hope I did the right thing^^

Reply
New! Norton Internet Security 2008 – Download Now Click Here
Page 1 of 2 1 2 >

Bookmarks

« HJT Log | trojan.win32.gorshok.a *HELP PLEASE* »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Partition Hard Drives merlin Windows Tutorials 2 02-22-2008 09:05 AM