Il problema attuale è che all'avvio di windows mi esce un errore riferito al mio antivirus (che allego).I servizi dell'antivirus sembrano attivi ma non riesco ad aprire il control center tantomeno a disinstallare l'antivirus.
Tutto mi ha fatto pensare di nuovo a Bagle, però come ho scritto nell'oggetto neanche findykill rileva nulla.
Uso win xp e allego i risultati di tutte le scansioni fatte.
Ah dimenticavo ho provato anche con avira all'avvio del pc ma nulla.
Nessun programma rileva nulla.
Questo è Hijzckthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:22:59, on 17.02.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\Avira Premium Security Suite\sched.exe
C:\Programme\Avira\Avira Premium Security Suite\avguard.exe
C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Avira\Avira Premium Security Suite\avmailc.exe
C:\Programme\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\Wcescomm.exe
C:\Programme\DNA\btdna.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programme\SONY\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Dokumente und Einstellungen\boss.BOSS-75D5B46E66\Eigene Dateien\Download\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Babylon Client] C:\Programme\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_0 -reboot 1
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programme\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Utilità controllo supporti di Picture Motion Browser.lnk = C:\Programme\SONY\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Mozilla Sunbird.lnk = C:\Programme\Mozilla Sunbird\sunbird.exe
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {60E33102-59F1-44DA-BA3D-494BB9A80514} (Iphona) - http://www.inps.it/Servizi/ParlaConNoi/ ... Iphona.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Register ... lashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://fortunelounge.gameassists.co.uk ... ashAX2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16C8EBD5-7633-4CE1-8ED3-BC58E41C7CE5}: NameServer = 192.168.178.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{16C8EBD5-7633-4CE1-8ED3-BC58E41C7CE5}: NameServer = 192.168.178.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{16C8EBD5-7633-4CE1-8ED3-BC58E41C7CE5}: NameServer = 192.168.178.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Firewall Avira Premium Security Suite (AntiVirFirewallService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Scheduler Avira Premium Security Suite (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Servizio assistenza di Avira Premium Security Suite MailGuard (AVEService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
Scan saved at 09:22:59, on 17.02.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\Avira Premium Security Suite\sched.exe
C:\Programme\Avira\Avira Premium Security Suite\avguard.exe
C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Avira\Avira Premium Security Suite\avmailc.exe
C:\Programme\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\Wcescomm.exe
C:\Programme\DNA\btdna.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programme\SONY\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Dokumente und Einstellungen\boss.BOSS-75D5B46E66\Eigene Dateien\Download\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msupdte.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Babylon Client] C:\Programme\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_0 -reboot 1
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programme\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Utilità controllo supporti di Picture Motion Browser.lnk = C:\Programme\SONY\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: BlueSoleil.lnk = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: Mozilla Sunbird.lnk = C:\Programme\Mozilla Sunbird\sunbird.exe
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {60E33102-59F1-44DA-BA3D-494BB9A80514} (Iphona) - http://www.inps.it/Servizi/ParlaConNoi/ ... Iphona.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Register ... lashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://fortunelounge.gameassists.co.uk ... ashAX2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16C8EBD5-7633-4CE1-8ED3-BC58E41C7CE5}: NameServer = 192.168.178.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{16C8EBD5-7633-4CE1-8ED3-BC58E41C7CE5}: NameServer = 192.168.178.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{16C8EBD5-7633-4CE1-8ED3-BC58E41C7CE5}: NameServer = 192.168.178.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Firewall Avira Premium Security Suite (AntiVirFirewallService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Scheduler Avira Premium Security Suite (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Servizio assistenza di Avira Premium Security Suite MailGuard (AVEService) - Avira GmbH - C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
Questo è combofix:
ComboFix 09-02-15.01 - boss 2009-02-17 9:44:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1535.1163 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Desktop\123.exe.exe
AV: Avira Premium Security Suite *On-access scanning enabled* (Updated)
FW: Avira Firewall *enabled*
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_WinDriver
((((((((((((((((((((((( Dateien erstellt von 2009-01-17 bis 2009-02-17 ))))))))))))))))))))))))))))))
.
2009-02-16 14:54 . 2009-02-17 09:37 <DIR> d-------- c:\programme\FindyKill
2009-02-15 18:30 . 2009-02-16 15:13 <DIR> d-------- c:\programme\mp3DirectCut
2009-02-15 17:20 . 2009-02-15 17:20 <DIR> d-------- c:\dokumente und einstellungen\All Users.WINDOWS\Anwendungsdaten\DVD Shrink
2009-02-15 12:39 . 2009-02-15 12:39 <DIR> d-------- c:\programme\Enlight
2009-02-06 09:05 . 2009-02-06 09:05 13,489 --a------ c:\windows\Ascd_log.ini
2009-02-06 09:03 . 2009-02-06 09:03 <DIR> dr------- c:\windows\AsDmiHtm
2009-02-06 09:03 . 2009-02-06 09:03 13,451 --a------ c:\windows\Ascd_tmp.ini
2009-02-06 09:03 . 2007-12-28 08:22 10,296 --a------ c:\windows\system32\drivers\ASUSHWIO.SYS
2009-02-05 19:52 . 2009-02-17 09:53 <DIR> d-------- c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Anwendungsdaten\DNA
2009-02-04 18:20 . 2009-02-04 18:20 <DIR> d-------- c:\programme\Finson Live Update
2009-02-04 18:20 . 2004-12-16 17:14 717,824 --a------ c:\windows\system32\NextRG.exe
2009-02-04 18:20 . 2005-04-13 11:07 79,360 --a------ c:\windows\system32\FinsonLU.dll
2009-02-04 18:19 . 2009-02-04 18:20 61 --a------ c:\windows\FINSON.INI
2009-02-03 18:01 . 2003-11-17 20:24 208,896 --------- c:\windows\system32\SSRemove.exe
2009-02-03 18:01 . 2004-05-17 22:04 41,984 --------- c:\windows\system32\drivers\DGIVECP.SYS
2009-02-03 18:01 . 2003-07-21 20:50 8,478 --------- c:\windows\system32\SP119.ICO
2009-01-27 10:51 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe
2009-01-27 10:51 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf
2009-01-27 10:28 . 2002-04-24 12:07 19,928 --a------ c:\windows\system32\drivers\wbscr.sys
2009-01-26 17:43 . 2009-02-10 18:36 <DIR> d-------- c:\programme\TIS-Compact
2009-01-23 10:09 . 2009-01-23 10:09 <DIR> d-------- c:\programme\Microsoft Calculator Plus
2009-01-23 09:04 . 2008-03-19 16:46 118,784 --a------ c:\windows\system32\SVA_FlipCoInst.dll
2009-01-22 19:34 . 2009-01-22 19:34 <DIR> d-------- C:\IMG
2009-01-22 19:34 . 2009-01-25 09:54 <DIR> d-------- C:\DOWNLOAD
2009-01-22 19:34 . 2009-01-22 19:34 <DIR> d-------- C:\APPLET
2009-01-22 19:20 . 2009-01-23 10:12 <DIR> d-------- C:\TISCompact
2009-01-22 19:20 . 2009-01-22 19:33 102,305 --a------ C:\File0.ddd
2009-01-22 19:20 . 2009-01-22 19:33 92,292 --a------ C:\File764.ddd
2009-01-22 19:20 . 2009-01-22 19:33 2,382 --a------ C:\File763.ddd
2009-01-22 19:20 . 2009-01-22 19:33 768 --a------ C:\File765.ddd
2009-01-22 19:20 . 2009-01-22 19:33 752 --a------ C:\File761.ddd
2009-01-22 19:20 . 2009-01-22 19:33 295 --a------ C:\File762.ddd
2009-01-22 19:20 . 2009-01-22 19:33 0 --a------ C:\File2.ddd
2009-01-22 19:20 . 2009-01-22 19:33 0 --a------ C:\File1.ddd
2009-01-22 19:06 . 2009-01-26 17:43 <DIR> d-------- C:\jre
2009-01-20 12:45 . 2008-12-02 23:11 1,253,376 --a------ c:\windows\system32\NvPVEnc.ax
2009-01-20 12:45 . 2008-12-02 23:11 45,056 --a------ c:\windows\system32\nvmccsrs.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-17 08:53 17,408 ----a-w c:\windows\system32\drivers\USBCRFT.SYS
2009-02-17 08:53 --------- d-----w c:\programme\DNA
2009-02-17 08:39 --------- d-----w c:\programme\Mozilla Sunbird
2009-02-17 08:16 --------- d-----w c:\programme\Mozilla Thunderbird
2009-02-16 16:57 --------- d-----w c:\programme\WebSite X5 Evolution
2009-02-16 16:40 --------- d-----w c:\programme\SlySoft
2009-02-16 16:07 --------- d-----w c:\programme\CompeGPS
2009-02-16 14:13 --------- d-----w c:\programme\Picasa2
2009-02-16 14:13 --------- d-----w c:\programme\Google
2009-02-16 14:13 --------- d-----w c:\programme\DVD Shrink
2009-02-16 14:13 --------- d-----w c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Anwendungsdaten\Azureus
2009-02-16 09:05 --------- d-----w c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Anwendungsdaten\Babylon
2009-02-16 08:47 --------- d-----w c:\dokumente und einstellungen\All Users.WINDOWS\Anwendungsdaten\Babylon
2009-02-15 11:44 --------- d--h--w c:\programme\InstallShield Installation Information
2009-02-15 09:44 --------- d-----w c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Anwendungsdaten\VoipStunt
2009-02-15 09:19 --------- d-----w c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Anwendungsdaten\ZoomBrowser EX
2009-02-15 09:13 --------- d-----w c:\dokumente und einstellungen\All Users.WINDOWS\Anwendungsdaten\ZoomBrowser
2009-02-05 18:27 --------- d-----w c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Anwendungsdaten\dvdcss
2009-02-05 17:51 --------- d-----w c:\programme\Azureus
2009-02-03 18:17 --------- d-----w c:\programme\eMule
2009-01-23 08:21 --------- d-----w c:\dokumente und einstellungen\All Users.WINDOWS\Anwendungsdaten\Microsoft Help
2009-01-16 16:12 --------- d-----w c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Anwendungsdaten\Nero
2009-01-16 12:48 --------- d-----w c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Anwendungsdaten\Sony Corporation
2009-01-16 12:45 --------- d-----w c:\programme\SONY
2009-01-16 12:44 --------- d-----w c:\dokumente und einstellungen\All Users.WINDOWS\Anwendungsdaten\Sony Corporation
2009-01-13 13:17 --------- d-----w c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Anwendungsdaten\Avira
2009-01-13 13:10 --------- d-----w c:\programme\Avira
2009-01-13 13:10 --------- d-----w c:\dokumente und einstellungen\All Users.WINDOWS\Anwendungsdaten\Avira
2009-01-13 10:07 --------- d-----w c:\programme\Babylon
2009-01-06 10:03 --------- d-----w c:\programme\FDRLab
2009-01-04 20:35 --------- d-----w c:\programme\SPSS
2009-01-04 12:05 --------- d-----w c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Anwendungsdaten\NewSoft
2008-12-26 07:53 --------- d-----w c:\dokumente und einstellungen\All Users.WINDOWS\Anwendungsdaten\PIXELA
2008-12-25 15:51 --------- d-----w c:\programme\PIXELA
2008-12-23 18:13 --------- d-----w c:\programme\eToro
2008-12-23 09:43 --------- d-----w c:\programme\Yuza
2008-12-23 09:11 147 ----a-w c:\programme\_DEISREG.ISR
2008-12-23 09:05 --------- d-----w c:\programme\Info2000
2008-12-23 09:02 253,952 ------w c:\windows\Setup1.exe
2008-12-23 09:02 --------- d-----w c:\programme\GestionaleXP
2008-12-23 09:01 74,752 ----a-w c:\windows\ST6UNST.EXE
2008-12-20 18:16 --------- d-----w c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Anwendungsdaten\Skype
2008-12-20 18:13 --------- d-----w c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Anwendungsdaten\skypePM
2008-12-10 11:18 96,049 ----a-w c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Anwendungsdaten\mdbu.bin
2008-06-24 16:02 47,360 ----a-w c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Anwendungsdaten\pcouffin.sys
2008-04-04 12:00 1,104 ----a-w c:\dokumente und einstellungen\Boss\Anwendungsdaten\wklnhst.dat
2008-02-14 15:54 23,296 ----a-w c:\dokumente und einstellungen\MiriBiri\Anwendungsdaten\wklnhst.dat
2007-04-28 14:42 81,920 ----a-w c:\dokumente und einstellungen\Boss\Anwendungsdaten\ezpinst.exe
2007-04-28 14:42 47,360 ----a-w c:\dokumente und einstellungen\Boss\Anwendungsdaten\pcouffin.sys
1998-11-12 15:49 47,104 ----a-w c:\programme\_ISREG32.DLL
2008-09-23 11:55 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\MSHist012008092320080924\index.dat
.
------- Sigcheck -------
2008-04-14 03:22 1054208 523d4b1c5b7b975461d1a100c9fe34e0 c:\windows\explorer.exe
2007-06-13 14:10 1053696 eceeb67dedc24d6483fd24606f47e52b c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 14:21 1053696 b0a678cec5fce5e9c67ae41b851c82ca c:\windows\$NtServicePackUninstall$\explorer.exe
2004-08-04 13:00 1052672 2d87134b320a0075d7c697647d5be53a c:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-14 03:22 1053696 a3cbde38a661bdad7b1536d984663b2b c:\windows\ServicePackFiles\i386\explorer.exe
2004-08-04 13:00 32256 f0f5604016077628f911e0123bb2499a c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 03:22 32768 309535cc72cffc47d67e95cb228432c4 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 03:22 32256 0f9474615d53ccfd6879259c1c52657c c:\windows\system32\ctfmon.exe
2008-04-14 03:22 32256 2ab800bcac0a313792c5c8c5e22d51cc c:\windows\system32\dllcache\ctfmon.exe
2004-08-04 13:00 42496 beb9bc5c82305fa023ec7a210e260977 c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-14 03:23 43520 90a6e8e94118036a7ba29440fe8188bd c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-14 03:23 43520 bca092bcc24bc258582d5cb36a157d24 c:\windows\system32\userinit.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 32256]
"AlcoholAutomount"="c:\programme\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-04-18 22016]
"H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"BitTorrent DNA"="c:\programme\DNA\btdna.exe" [2009-02-05 342848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-02 13680640]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2008-10-05 144792]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 176128]
"Acrobat Assistant 8.0"="c:\programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"CanonSolutionMenu"="c:\programme\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"CloneCDTray"="c:\programme\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 77824]
"Babylon Client"="c:\programme\Babylon\Babylon-Pro\Babylon.exe" [2008-12-14 3960552]
"avgnt"="c:\programme\Avira\Avira Premium Security Suite\avgnt.exe" [2008-06-12 286977]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-02 86016]
"Dit"="Dit.exe" [2004-07-20 c:\windows\Dit.exe]
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 32256]
c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Startmen\Programme\Autostart\
Utilit… controllo supporti di Picture Motion Browser.lnk - c:\programme\SONY\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-01-16 405504]
c:\dokumente und einstellungen\All Users.WINDOWS\Startmen\Programme\Autostart\
Adobe Reader Speed Launch.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 46592]
Adobe Reader Synchronizer.lnk - c:\programme\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]
Avvio veloce di Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe [2008-06-09 295606]
BlueSoleil.lnk - c:\programme\IVT Corporation\BlueSoleil\BlueSoleil.exe [2004-10-17 1044480]
Mozilla Sunbird.lnk - c:\programme\Mozilla Sunbird\sunbird.exe [2008-11-01 6371436]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytoosl"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Dokumente und Einstellungen\\All Users.WINDOWS\\Anwendungsdaten\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Italian\\setup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\DNA\\btdna.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Programme\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Programme\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Mozilla Sunbird\\sunbird.exe"=
"c:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\verclsid.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R?2 AVEService;Servizio assistenza di Avira Premium Security Suite MailGuard;c:\programme\Avira\Avira Premium Security Suite\avesvc.exe [2009-01-13 61697]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2009-01-02 6097]
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2009-01-13 71592]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2008-04-08 945152]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2009-01-13 71464]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2004-10-10 1272000]
R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [2009-01-27 19928]
S2 AntiVirFirewallService;Firewall Avira Premium Security Suite;c:\programme\Avira\Avira Premium Security Suite\avfwsvc.exe [2009-01-13 364801]
S2 AntiVirMailService;Avira Premium Security Suite MailGuard;c:\programme\Avira\Avira Premium Security Suite\avmailc.exe [2009-01-13 164097]
S2 antivirwebservice;Avira Premium Security Suite WebGuard;c:\programme\Avira\Avira Premium Security Suite\avwebgrd.exe [2009-01-13 258305]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2008-04-08 17408]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2008-10-26 39048]
S3 SFC4;SFC4;c:\windows\system32\drivers\sfc4.sys [2008-04-10 41472]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2009-01-02 299923]
.
Inhalt des "geplante Tasks" Ordners
2009-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKCU-Run-updateMgr - c:\programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
HKLM-Run-Microsoft WinUpdate - c:\windows\system32\msupdte.exe
HKLM-Run-nwiz - nwiz.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.ask.com/?o=101764&l=dis
uInternet Settings,ProxyOverride = *.local
IE: Aggiungi a PDF esistente - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti destinazione link in Adobe PDF - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in Adobe PDF - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
LSP: avsda.dll
TCP: {16C8EBD5-7633-4CE1-8ED3-BC58E41C7CE5} = 192.168.178.1
DPF: {60E33102-59F1-44DA-BA3D-494BB9A80514} - hxxp://www.inps.it/Servizi/ParlaConNoi/ ... Iphona.CAB
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://fortunelounge.gameassists.co.uk ... ashAX2.cab
FF - ProfilePath - c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Anwendungsdaten\Mozilla\Firefox\Profiles\pu385dgs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.startup.homepage - hxxp://it.start2.mozilla.com/firefox?cl ... t:official
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - plugin: c:\programme\Picasa2\npPicasa2.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 09:53:17
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwOpenFile
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'lsass.exe'(1284)
c:\windows\system32\avsda.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\scardsvr.exe
c:\programme\Avira\Avira Premium Security Suite\sched.exe
c:\programme\IVT Corporation\BlueSoleil\BTNtService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\programme\Canon\CAL\CALMAIN.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\programme\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
c:\programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\locator.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-02-17 9:57:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-02-17 08:57:54
Vor Suchlauf: 29 Verzeichnis(se), 23.626.862.592 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 28,359,409,664 Bytes frei
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
276 --- E O F --- 2009-02-11 14:10:41
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1535.1163 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Desktop\123.exe.exe
AV: Avira Premium Security Suite *On-access scanning enabled* (Updated)
FW: Avira Firewall *enabled*
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_WinDriver
((((((((((((((((((((((( Dateien erstellt von 2009-01-17 bis 2009-02-17 ))))))))))))))))))))))))))))))
.
2009-02-16 14:54 . 2009-02-17 09:37 <DIR> d-------- c:\programme\FindyKill
2009-02-15 18:30 . 2009-02-16 15:13 <DIR> d-------- c:\programme\mp3DirectCut
2009-02-15 17:20 . 2009-02-15 17:20 <DIR> d-------- c:\dokumente und einstellungen\All Users.WINDOWS\Anwendungsdaten\DVD Shrink
2009-02-15 12:39 . 2009-02-15 12:39 <DIR> d-------- c:\programme\Enlight
2009-02-06 09:05 . 2009-02-06 09:05 13,489 --a------ c:\windows\Ascd_log.ini
2009-02-06 09:03 . 2009-02-06 09:03 <DIR> dr------- c:\windows\AsDmiHtm
2009-02-06 09:03 . 2009-02-06 09:03 13,451 --a------ c:\windows\Ascd_tmp.ini
2009-02-06 09:03 . 2007-12-28 08:22 10,296 --a------ c:\windows\system32\drivers\ASUSHWIO.SYS
2009-02-05 19:52 . 2009-02-17 09:53 <DIR> d-------- c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Anwendungsdaten\DNA
2009-02-04 18:20 . 2009-02-04 18:20 <DIR> d-------- c:\programme\Finson Live Update
2009-02-04 18:20 . 2004-12-16 17:14 717,824 --a------ c:\windows\system32\NextRG.exe
2009-02-04 18:20 . 2005-04-13 11:07 79,360 --a------ c:\windows\system32\FinsonLU.dll
2009-02-04 18:19 . 2009-02-04 18:20 61 --a------ c:\windows\FINSON.INI
2009-02-03 18:01 . 2003-11-17 20:24 208,896 --------- c:\windows\system32\SSRemove.exe
2009-02-03 18:01 . 2004-05-17 22:04 41,984 --------- c:\windows\system32\drivers\DGIVECP.SYS
2009-02-03 18:01 . 2003-07-21 20:50 8,478 --------- c:\windows\system32\SP119.ICO
2009-01-27 10:51 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe
2009-01-27 10:51 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf
2009-01-27 10:28 . 2002-04-24 12:07 19,928 --a------ c:\windows\system32\drivers\wbscr.sys
2009-01-26 17:43 . 2009-02-10 18:36 <DIR> d-------- c:\programme\TIS-Compact
2009-01-23 10:09 . 2009-01-23 10:09 <DIR> d-------- c:\programme\Microsoft Calculator Plus
2009-01-23 09:04 . 2008-03-19 16:46 118,784 --a------ c:\windows\system32\SVA_FlipCoInst.dll
2009-01-22 19:34 . 2009-01-22 19:34 <DIR> d-------- C:\IMG
2009-01-22 19:34 . 2009-01-25 09:54 <DIR> d-------- C:\DOWNLOAD
2009-01-22 19:34 . 2009-01-22 19:34 <DIR> d-------- C:\APPLET
2009-01-22 19:20 . 2009-01-23 10:12 <DIR> d-------- C:\TISCompact
2009-01-22 19:20 . 2009-01-22 19:33 102,305 --a------ C:\File0.ddd
2009-01-22 19:20 . 2009-01-22 19:33 92,292 --a------ C:\File764.ddd
2009-01-22 19:20 . 2009-01-22 19:33 2,382 --a------ C:\File763.ddd
2009-01-22 19:20 . 2009-01-22 19:33 768 --a------ C:\File765.ddd
2009-01-22 19:20 . 2009-01-22 19:33 752 --a------ C:\File761.ddd
2009-01-22 19:20 . 2009-01-22 19:33 295 --a------ C:\File762.ddd
2009-01-22 19:20 . 2009-01-22 19:33 0 --a------ C:\File2.ddd
2009-01-22 19:20 . 2009-01-22 19:33 0 --a------ C:\File1.ddd
2009-01-22 19:06 . 2009-01-26 17:43 <DIR> d-------- C:\jre
2009-01-20 12:45 . 2008-12-02 23:11 1,253,376 --a------ c:\windows\system32\NvPVEnc.ax
2009-01-20 12:45 . 2008-12-02 23:11 45,056 --a------ c:\windows\system32\nvmccsrs.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-17 08:53 17,408 ----a-w c:\windows\system32\drivers\USBCRFT.SYS
2009-02-17 08:53 --------- d-----w c:\programme\DNA
2009-02-17 08:39 --------- d-----w c:\programme\Mozilla Sunbird
2009-02-17 08:16 --------- d-----w c:\programme\Mozilla Thunderbird
2009-02-16 16:57 --------- d-----w c:\programme\WebSite X5 Evolution
2009-02-16 16:40 --------- d-----w c:\programme\SlySoft
2009-02-16 16:07 --------- d-----w c:\programme\CompeGPS
2009-02-16 14:13 --------- d-----w c:\programme\Picasa2
2009-02-16 14:13 --------- d-----w c:\programme\Google
2009-02-16 14:13 --------- d-----w c:\programme\DVD Shrink
2009-02-16 14:13 --------- d-----w c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Anwendungsdaten\Azureus
2009-02-16 09:05 --------- d-----w c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Anwendungsdaten\Babylon
2009-02-16 08:47 --------- d-----w c:\dokumente und einstellungen\All Users.WINDOWS\Anwendungsdaten\Babylon
2009-02-15 11:44 --------- d--h--w c:\programme\InstallShield Installation Information
2009-02-15 09:44 --------- d-----w c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Anwendungsdaten\VoipStunt
2009-02-15 09:19 --------- d-----w c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Anwendungsdaten\ZoomBrowser EX
2009-02-15 09:13 --------- d-----w c:\dokumente und einstellungen\All Users.WINDOWS\Anwendungsdaten\ZoomBrowser
2009-02-05 18:27 --------- d-----w c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Anwendungsdaten\dvdcss
2009-02-05 17:51 --------- d-----w c:\programme\Azureus
2009-02-03 18:17 --------- d-----w c:\programme\eMule
2009-01-23 08:21 --------- d-----w c:\dokumente und einstellungen\All Users.WINDOWS\Anwendungsdaten\Microsoft Help
2009-01-16 16:12 --------- d-----w c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Anwendungsdaten\Nero
2009-01-16 12:48 --------- d-----w c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Anwendungsdaten\Sony Corporation
2009-01-16 12:45 --------- d-----w c:\programme\SONY
2009-01-16 12:44 --------- d-----w c:\dokumente und einstellungen\All Users.WINDOWS\Anwendungsdaten\Sony Corporation
2009-01-13 13:17 --------- d-----w c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Anwendungsdaten\Avira
2009-01-13 13:10 --------- d-----w c:\programme\Avira
2009-01-13 13:10 --------- d-----w c:\dokumente und einstellungen\All Users.WINDOWS\Anwendungsdaten\Avira
2009-01-13 10:07 --------- d-----w c:\programme\Babylon
2009-01-06 10:03 --------- d-----w c:\programme\FDRLab
2009-01-04 20:35 --------- d-----w c:\programme\SPSS
2009-01-04 12:05 --------- d-----w c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Anwendungsdaten\NewSoft
2008-12-26 07:53 --------- d-----w c:\dokumente und einstellungen\All Users.WINDOWS\Anwendungsdaten\PIXELA
2008-12-25 15:51 --------- d-----w c:\programme\PIXELA
2008-12-23 18:13 --------- d-----w c:\programme\eToro
2008-12-23 09:43 --------- d-----w c:\programme\Yuza
2008-12-23 09:11 147 ----a-w c:\programme\_DEISREG.ISR
2008-12-23 09:05 --------- d-----w c:\programme\Info2000
2008-12-23 09:02 253,952 ------w c:\windows\Setup1.exe
2008-12-23 09:02 --------- d-----w c:\programme\GestionaleXP
2008-12-23 09:01 74,752 ----a-w c:\windows\ST6UNST.EXE
2008-12-20 18:16 --------- d-----w c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Anwendungsdaten\Skype
2008-12-20 18:13 --------- d-----w c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Anwendungsdaten\skypePM
2008-12-10 11:18 96,049 ----a-w c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Anwendungsdaten\mdbu.bin
2008-06-24 16:02 47,360 ----a-w c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Anwendungsdaten\pcouffin.sys
2008-04-04 12:00 1,104 ----a-w c:\dokumente und einstellungen\Boss\Anwendungsdaten\wklnhst.dat
2008-02-14 15:54 23,296 ----a-w c:\dokumente und einstellungen\MiriBiri\Anwendungsdaten\wklnhst.dat
2007-04-28 14:42 81,920 ----a-w c:\dokumente und einstellungen\Boss\Anwendungsdaten\ezpinst.exe
2007-04-28 14:42 47,360 ----a-w c:\dokumente und einstellungen\Boss\Anwendungsdaten\pcouffin.sys
1998-11-12 15:49 47,104 ----a-w c:\programme\_ISREG32.DLL
2008-09-23 11:55 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\MSHist012008092320080924\index.dat
.
------- Sigcheck -------
2008-04-14 03:22 1054208 523d4b1c5b7b975461d1a100c9fe34e0 c:\windows\explorer.exe
2007-06-13 14:10 1053696 eceeb67dedc24d6483fd24606f47e52b c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 14:21 1053696 b0a678cec5fce5e9c67ae41b851c82ca c:\windows\$NtServicePackUninstall$\explorer.exe
2004-08-04 13:00 1052672 2d87134b320a0075d7c697647d5be53a c:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-14 03:22 1053696 a3cbde38a661bdad7b1536d984663b2b c:\windows\ServicePackFiles\i386\explorer.exe
2004-08-04 13:00 32256 f0f5604016077628f911e0123bb2499a c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 03:22 32768 309535cc72cffc47d67e95cb228432c4 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 03:22 32256 0f9474615d53ccfd6879259c1c52657c c:\windows\system32\ctfmon.exe
2008-04-14 03:22 32256 2ab800bcac0a313792c5c8c5e22d51cc c:\windows\system32\dllcache\ctfmon.exe
2004-08-04 13:00 42496 beb9bc5c82305fa023ec7a210e260977 c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-14 03:23 43520 90a6e8e94118036a7ba29440fe8188bd c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-14 03:23 43520 bca092bcc24bc258582d5cb36a157d24 c:\windows\system32\userinit.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 32256]
"AlcoholAutomount"="c:\programme\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-04-18 22016]
"H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"BitTorrent DNA"="c:\programme\DNA\btdna.exe" [2009-02-05 342848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-02 13680640]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2008-10-05 144792]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 176128]
"Acrobat Assistant 8.0"="c:\programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"CanonSolutionMenu"="c:\programme\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"CloneCDTray"="c:\programme\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 77824]
"Babylon Client"="c:\programme\Babylon\Babylon-Pro\Babylon.exe" [2008-12-14 3960552]
"avgnt"="c:\programme\Avira\Avira Premium Security Suite\avgnt.exe" [2008-06-12 286977]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-02 86016]
"Dit"="Dit.exe" [2004-07-20 c:\windows\Dit.exe]
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 32256]
c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Startmen\Programme\Autostart\
Utilit… controllo supporti di Picture Motion Browser.lnk - c:\programme\SONY\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-01-16 405504]
c:\dokumente und einstellungen\All Users.WINDOWS\Startmen\Programme\Autostart\
Adobe Reader Speed Launch.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 46592]
Adobe Reader Synchronizer.lnk - c:\programme\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]
Avvio veloce di Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe [2008-06-09 295606]
BlueSoleil.lnk - c:\programme\IVT Corporation\BlueSoleil\BlueSoleil.exe [2004-10-17 1044480]
Mozilla Sunbird.lnk - c:\programme\Mozilla Sunbird\sunbird.exe [2008-11-01 6371436]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytoosl"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Dokumente und Einstellungen\\All Users.WINDOWS\\Anwendungsdaten\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Italian\\setup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\DNA\\btdna.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Programme\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Programme\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Mozilla Sunbird\\sunbird.exe"=
"c:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\verclsid.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R?2 AVEService;Servizio assistenza di Avira Premium Security Suite MailGuard;c:\programme\Avira\Avira Premium Security Suite\avesvc.exe [2009-01-13 61697]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2009-01-02 6097]
R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2009-01-13 71592]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2008-04-08 945152]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2009-01-13 71464]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2004-10-10 1272000]
R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [2009-01-27 19928]
S2 AntiVirFirewallService;Firewall Avira Premium Security Suite;c:\programme\Avira\Avira Premium Security Suite\avfwsvc.exe [2009-01-13 364801]
S2 AntiVirMailService;Avira Premium Security Suite MailGuard;c:\programme\Avira\Avira Premium Security Suite\avmailc.exe [2009-01-13 164097]
S2 antivirwebservice;Avira Premium Security Suite WebGuard;c:\programme\Avira\Avira Premium Security Suite\avwebgrd.exe [2009-01-13 258305]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2008-04-08 17408]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2008-10-26 39048]
S3 SFC4;SFC4;c:\windows\system32\drivers\sfc4.sys [2008-04-10 41472]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2009-01-02 299923]
.
Inhalt des "geplante Tasks" Ordners
2009-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKCU-Run-updateMgr - c:\programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
HKLM-Run-Microsoft WinUpdate - c:\windows\system32\msupdte.exe
HKLM-Run-nwiz - nwiz.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.ask.com/?o=101764&l=dis
uInternet Settings,ProxyOverride = *.local
IE: Aggiungi a PDF esistente - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti destinazione link in Adobe PDF - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in Adobe PDF - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
LSP: avsda.dll
TCP: {16C8EBD5-7633-4CE1-8ED3-BC58E41C7CE5} = 192.168.178.1
DPF: {60E33102-59F1-44DA-BA3D-494BB9A80514} - hxxp://www.inps.it/Servizi/ParlaConNoi/ ... Iphona.CAB
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://fortunelounge.gameassists.co.uk ... ashAX2.cab
FF - ProfilePath - c:\dokumente und einstellungen\boss.BOSS-75D5B46E66\Anwendungsdaten\Mozilla\Firefox\Profiles\pu385dgs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.startup.homepage - hxxp://it.start2.mozilla.com/firefox?cl ... t:official
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - plugin: c:\programme\Picasa2\npPicasa2.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 09:53:17
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwOpenFile
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'lsass.exe'(1284)
c:\windows\system32\avsda.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\scardsvr.exe
c:\programme\Avira\Avira Premium Security Suite\sched.exe
c:\programme\IVT Corporation\BlueSoleil\BTNtService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\programme\Canon\CAL\CALMAIN.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\programme\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
c:\programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\locator.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-02-17 9:57:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-02-17 08:57:54
Vor Suchlauf: 29 Verzeichnis(se), 23.626.862.592 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 28,359,409,664 Bytes frei
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
276 --- E O F --- 2009-02-11 14:10:41
Please, aiutatemi.