HiJack Log und mehr wegen Trojaner Warnung nach Antispyware2008 befall Ich hatte mir den antispyware2008 eingefangen und mit (suchfunktion sei dank) hilfe aus dem Forum entfernt. Nur spinnt jetzt SUPERantiSpywareprofessinal und AVZ spuckt auch komiche Sachen aus.
Also hier das log vom AVZ Code:
AVZ Antiviral Toolkit log; AVZ version is 4.30
Scanning started at 02.09.2008 18:06:04
Database loaded: signatures - 184416, NN profile(s) - 2, microprograms of healing - 56, signature database released 01.09.2008 22:46
Heuristic microprograms loaded: 370
SPV microprograms loaded: 9
Digital signatures of system files loaded: 73357
Heuristic analyzer mode: Maximum heuristics level
Healing mode: enabled
Windows version: 5.1.2600, Service Pack 3 ; AVZ is launched with administrator rights
System Restore: enabled
1. Searching for Rootkits and programs intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=08B520)
Kernel ntoskrnl.exe found in memory at address 804D7000
SDT = 80562520
KiST = 804E48A0 (284)
Function NtCreateThread (35) intercepted (80586C43->F7A772AC), hook not defined
Function NtOpenProcess (7A) intercepted (8058170A->F7A77298), hook not defined
Function NtOpenThread (80) intercepted (805E1939->F7A7729D), hook not defined
Function NtTerminateProcess (101) intercepted (8058E695->B7ABEF20), hook C:\Programme\SUPERAntiSpyware\SASKUTIL.sys
Function NtWriteVirtualMemory (115) intercepted (805885C2->F7A772A2), hook not defined
Functions checked: 284, intercepted: 5, restored: 0
1.3 Checking IDT and SYSENTER
Analysis for CPU 1
Analysis for CPU 2
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
Driver loaded successfully
1.5 Checking of IRP handlers
Checking - complete
2. Scanning memory
Number of processes found: 46
Analyzer: process under analysis is 1820 C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
Analyzer: process under analysis is 2028 C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
Analyzer: process under analysis is 1036 C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
Analyzer: process under analysis is 1744 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\binohgvq\pobcjadk.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Registered in autoruns !!
[ES]:Loads RASAPI DLL - may use dialing ?
Analyzer: process under analysis is 1320 C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[ES]:Application has no visible windows
[ES]:Registered in autoruns !!
Analyzer: process under analysis is 464 C:\WINDOWS\CTHELPER.EXE
[ES]:Application has no visible windows
[ES]:Located in system folder
[ES]:Registered in autoruns !!
Analyzer: process under analysis is 1168 C:\Programme\Winamp\winampa.exe
[ES]:Application has no visible windows
[ES]:Registered in autoruns !!
Analyzer: process under analysis is 1248 C:\Programme\Logitech\Gaming Software\LWEMon.exe
[ES]:Application has no visible windows
[ES]:Registered in autoruns !!
Analyzer: process under analysis is 2156 C:\Programme\Creative\Shared Files\CamTray.exe
[ES]:Registered in autoruns !!
Analyzer: process under analysis is 2216 C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
[ES]:Application has no visible windows
Analyzer: process under analysis is 2252 C:\Programme\ICQ6\ICQ.exe
[ES]:Contains network functionality
[ES]:Registered in autoruns !!
[ES]:Loads RASAPI DLL - may use dialing ?
Analyzer: process under analysis is 2360 C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
[ES]:Application has no visible windows
Analyzer: process under analysis is 2428 C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
Analyzer: process under analysis is 2468 C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
[ES]:Application has no visible windows
Analyzer: process under analysis is 2520 C:\Programme\Google\Google Updater\GoogleUpdater.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Registered in autoruns !!
[ES]:Loads RASAPI DLL - may use dialing ?
Analyzer: process under analysis is 2572 C:\Programme\Logitech\SetPoint\SetPoint.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Registered in autoruns !!
Analyzer: process under analysis is 2732 C:\Programme\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Registered in autoruns !!
Analyzer: process under analysis is 2756 C:\Programme\Secunia\PSI (RC3)\psi.exe
[ES]:Contains network functionality
[ES]:Capable of sending mail ?!
[ES]:Application has no visible windows
[ES]:Registered in autoruns !!
[ES]:Loads RASAPI DLL - may use dialing ?
Analyzer: process under analysis is 3480 C:\Programme\Skype\Plugin Manager\skypePM.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
Analyzer: process under analysis is 1900 C:\Programme\Mozilla Firefox\firefox.exe
[ES]:Contains network functionality
[ES]:Loads RASAPI DLL - may use dialing ?
Number of modules loaded: 470
Scanning memory - complete
3. Scanning disks
C:\Alte Programme\PowerQuest\PartitionMagic4\RESCUEME\RESCUE\Format.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)
File quarantined succesfully (C:\Alte Programme\PowerQuest\PartitionMagic4\RESCUEME\RESCUE\Format.com)
Direct reading C:\Dokumente und Einstellungen\Jannik\Lokale Einstellungen\Temp\~DF430A.tmp
Direct reading C:\Dokumente und Einstellungen\Jannik\Lokale Einstellungen\Temp\~DF5B89.tmp
C:\Programme\Nero\Nero 7\Nero Vision\VCDLib.dll >>> suspicion for Trojan-Downloader.Win32.Agent.ytu ( 08D09C58 00000000 0023A51B 002022DE 74752)
File quarantined succesfully (C:\Programme\Nero\Nero 7\Nero Vision\VCDLib.dll)
C:\System Volume Information\_restore{4491F64D-18F2-42B1-A8D0-62067D5211EC}\RP2\A0000048.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)
File quarantined succesfully (C:\System Volume Information\_restore{4491F64D-18F2-42B1-A8D0-62067D5211EC}\RP2\A0000048.com)
C:\WINDOWS\$NtServicePackUninstall$\format.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)
File quarantined succesfully (C:\WINDOWS\$NtServicePackUninstall$\format.com)
C:\WINDOWS\$NtServicePackUninstall$\more.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)
File quarantined succesfully (C:\WINDOWS\$NtServicePackUninstall$\more.com)
C:\WINDOWS\$NtServicePackUninstall$\tree.com - PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)
File quarantined succesfully (C:\WINDOWS\$NtServicePackUninstall$\tree.com)
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
C:\WINDOWS\system32\nview.dll --> Suspicion for Keylogger or Trojan DLL
C:\WINDOWS\system32\nview.dll>>> Behavioural analysis
1. Reacts to events: keyboard, all events
C:\WINDOWS\system32\nview.dll>>> Neural net: file with probability 0.22% like a typical keyboard/mouse events interceptor
File quarantined succesfully (C:\WINDOWS\system32\nview.dll)
C:\WINDOWS\system32\NVWRSDE.DLL --> Suspicion for Keylogger or Trojan DLL
C:\WINDOWS\system32\NVWRSDE.DLL>>> Behavioural analysis
Behaviour typical for keyloggers not detected
File quarantined succesfully (C:\WINDOWS\system32\NVWRSDE.DLL)
C:\Programme\Logitech\SetPoint\lgscroll.dll --> Suspicion for Keylogger or Trojan DLL
C:\Programme\Logitech\SetPoint\lgscroll.dll>>> Behavioural analysis
1. Reacts to events: keyboard, all events
C:\Programme\Logitech\SetPoint\lgscroll.dll>>> Neural net: file with probability 4.16% like a typical keyboard/mouse events interceptor
File quarantined succesfully (C:\Programme\Logitech\SetPoint\lgscroll.dll)
C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll --> Suspicion for Keylogger or Trojan DLL
C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll>>> Behavioural analysis
Behaviour typical for keyloggers not detected
File quarantined succesfully (C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll)
C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU --> Suspicion for Keylogger or Trojan DLL
C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU>>> Behavioural analysis
Behaviour typical for keyloggers not detected
File quarantined succesfully (C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU)
Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs
6. Searching for opened TCP/UDP ports used by malicious programs
Checking disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: RemoteRegistry (Remote-Registrierung)
>> Services: potentially dangerous service allowed: TermService (Terminaldienste)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP-Suchdienst)
>> Services: potentially dangerous service allowed: Schedule (Taskplaner)
>> Services: potentially dangerous service allowed: mnmsrvc (NetMeeting-Remotedesktop-Freigabe)
>> Services: potentially dangerous service allowed: RDSessMgr (Sitzungs-Manager für Remotedesktophilfe)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
>> Security: automatic logon is enabled
Checking - complete
9. Troubleshooting wizard
Checking - complete
Files scanned: 115226, extracted from archives: 73540, malicious software found 0, suspicions - 1
Scanning finished at 02.09.2008 18:55:37
Time of scanning: 00:49:34
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference cvs datei Code:
C:\Programme\SUPERAntiSpyware\SASKUTIL.sys;4;Kernel-mode hook
C:\Alte Programme\PowerQuest\PartitionMagic4\RESCUEME\RESCUE\Format.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)
C:\Programme\Nero\Nero 7\Nero Vision\VCDLib.dll;2;Suspicion for Trojan-Downloader.Win32.Agent.ytu ( 08D09C58 00000000 0023A51B 002022DE 74752)
C:\System Volume Information\_restore{4491F64D-18F2-42B1-A8D0-62067D5211EC}\RP2\A0000048.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)
C:\WINDOWS\$NtServicePackUninstall$\format.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)
C:\WINDOWS\$NtServicePackUninstall$\more.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)
C:\WINDOWS\$NtServicePackUninstall$\tree.com;3;PE file with modified extension, allowing its launch (often typical for viruses)(dangerousness level is 35%)
C:\WINDOWS\system32\nview.dll;5;Suspicion for Keylogger or Trojan DLL
C:\WINDOWS\system32\NVWRSDE.DLL;5;Suspicion for Keylogger or Trojan DLL
C:\Programme\Logitech\SetPoint\lgscroll.dll;5;Suspicion for Keylogger or Trojan DLL
C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll;5;Suspicion for Keylogger or Trojan DLL
C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU;5;Suspicion for Keylogger or Trojan DLL und zur kompletierung auch nochmal Hijack Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:00:06, on 02.09.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\binohgvq\pobcjadk.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Creative\Shared Files\CamTray.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Programme\ICQ6\ICQ.exe
C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Programme\Google\Google Updater\GoogleUpdater.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\Programme\Secunia\PSI (RC3)\psi.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Jannik\Desktop\Cleaner Saver\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Programme\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programme\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SB0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msgprocsh] C:\WINDOWS\system32\hcdgdevw.exe
O4 - HKLM\..\Policies\Explorer\Run: [djwMIyOGaQ] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\binohgvq\pobcjadk.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Secunia PSI (RC3).lnk = C:\Programme\Secunia\PSI (RC3)\psi.exe
O4 - Global Startup: Google Updater.lnk = C:\Programme\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: p6_19_erinnerung.lnk = D:\Programme\phase6\phase6_19\WinStart\p6erinnerung.exe
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Programme\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 8555 bytes Superantispyware nerft hiermit
Identification
Troja.Dropper/Gen.Process
Blocked Item
C:\WINDOWS\SYSTEM32\HCDGDEVW.EXE
Bin für Entwarnung oder Hilfe äusserst dankbar |