Internet Fenster gehen alleine auf

Begonnen von hjweit, 24. Dezember 2008, 11:28:19 Uhr

⏪ vorheriges - nächstes ⏩

0 Mitglieder und 1 Gast betrachten dieses Thema.

hjweit

Trotz Virenscaner ad aware usw. muß ich mir was eingefangen haben und kann das Problem als Laie nicht in den Griff bekommen deshalb bitte ich um Hilfe. Vielen Dank im Voraus hjweit. :'(

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:48, on 24.12.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\vsnp2std.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\rundll32.exe
C:\Windows\tsnp2std.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PhraseExpress\phraseexpress.exe
C:\Program Files\Comodo\CBOClean\BOC427.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Georg\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Users\Georg\AppData\Local\cawgkqm.exe
C:\Program Files\FRITZ!DSL\StCenter.exe
C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.BIN
C:\Users\Georg\firefox.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: TBSB04008 Class - {9C53F136-8DD5-4849-9008-0C4688FE357F} - C:\Program Files\PeterZahlt Toolbar\tbu00256\peterzahlt.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [PhraseExpress] C:\Program Files\PhraseExpress\PhraseExpress.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Uninstall_CToolbar] "C:\Users\ADMINI~1\AppData\Local\Temp\CUninst.exe" "/remove"
O4 - HKCU\..\Run: [ykufrcny] "c:\users\administrator\appdata\local\ykufrcny.exe" ykufrcny
O4 - HKCU\..\RunOnce: [RegistryDefrag Success Message] "C:\Program Files\TuneUp Utilities 2007\TUMessages.exe" /RegDefrag_Success
O4 - HKCU\..\RunOnce: [DeleteGrabPro] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Program Files\Orbitdownloader\GrabPro.dll"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-41683021-3020818943-1046066418-1004\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Georg')
O4 - HKUS\S-1-5-21-41683021-3020818943-1046066418-1004\..\Run: [ykufrcny] "c:\users\administrator\appdata\local\ykufrcny.exe" ykufrcny (User 'Georg')
O4 - HKUS\S-1-5-21-41683021-3020818943-1046066418-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Georg')
O4 - HKUS\S-1-5-21-41683021-3020818943-1046066418-1004\..\Run: [cawgkqm] "c:\users\georg\appdata\local\cawgkqm.exe" cawgkqm (User 'Georg')
O4 - S-1-5-21-41683021-3020818943-1046066418-1004 Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe (User 'Georg')
O4 - S-1-5-21-41683021-3020818943-1046066418-1004 User Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe (User 'Georg')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Timex Data Link USB Launcher.lnk = C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Google Desktop Manager 5.8.809.8522 (GoogleDesktopManager-090808-172447) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Haufe iDesk-Service in C:\Program Files\Haufe\iDesk\iDeskService\Zope (HRService) - Unknown owner - C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe (file missing)
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 11242 bytes

TMK

Würde folgende Einträge fixen:

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Users\Georg\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Users\Georg\AppData\Local\cawgkqm.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: TBSB04008 Class - {9C53F136-8DD5-4849-9008-0C4688FE357F} - C:\Program Files\PeterZahlt Toolbar\tbu00256\peterzahlt.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O4 - HKCU\..\Run: [Uninstall_CToolbar] "C:\Users\ADMINI~1\AppData\Local\Temp\CUninst.exe" "/remove"

O4 - HKCU\..\Run: [ykufrcny] "c:\users\administrator\appdata\local\ykufrcny.exe" ykufrcny

O4 - HKCU\..\RunOnce: [RegistryDefrag Success Message] "C:\Program Files\TuneUp Utilities 2007\TUMessages.exe" /RegDefrag_Success

O4 - HKCU\..\RunOnce: [DeleteGrabPro] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Program Files\Orbitdownloader\GrabPro.dll"

O4 - HKUS\S-1-5-21-41683021-3020818943-1046066418-1004\..\Run: [ykufrcny] "c:\users\administrator\appdata\local\ykufrcny.exe" ykufrcny (User 'Georg')

O4 - HKUS\S-1-5-21-41683021-3020818943-1046066418-1004\..\Run: [cawgkqm] "c:\users\georg\appdata\local\cawgkqm.exe" cawgkqm (User 'Georg')

O13 - Gopher Prefix:

O23 - Service: Haufe iDesk-Service in C:\Program Files\Haufe\iDesk\iDeskService\Zope (HRService) - Unknown owner - C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe

O23 - Service: ThreatFire - Unknown owner - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe (file missing)

O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

hjweit

Wirklich schnell und nach ersten Erkenntnissen richtig!!!

Vielen Dank und schöne Feiertage
hjweit

Masso

Geichfalls
Zur Sicherheit evtl nochmal den hijack posten...
Komplettscan vom System wäre auch noch ne idee
Welche Zahl nennt man die Unglückszahl? 218593! Weil: Wenn 2 sich 1 sind und nicht 8 geben, wissen sie spätestens in 5 Wochen, daß sie in 9 Monaten 3 sind...

hjweit

Klappt wieder ganz prima nochmal schönen Dank hjweit

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:48, on 24.12.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\vsnp2std.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\rundll32.exe
C:\Windows\tsnp2std.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PhraseExpress\phraseexpress.exe
C:\Program Files\Comodo\CBOClean\BOC427.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Georg\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Users\Georg\AppData\Local\cawgkqm.exe
C:\Program Files\FRITZ!DSL\StCenter.exe
C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.BIN
C:\Users\Georg\firefox.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://alice.aol.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: TBSB04008 Class - {9C53F136-8DD5-4849-9008-0C4688FE357F} - C:\Program Files\PeterZahlt Toolbar\tbu00256\peterzahlt.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [PhraseExpress] C:\Program Files\PhraseExpress\PhraseExpress.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Uninstall_CToolbar] "C:\Users\ADMINI~1\AppData\Local\Temp\CUninst.exe" "/remove"
O4 - HKCU\..\Run: [ykufrcny] "c:\users\administrator\appdata\local\ykufrcny.exe" ykufrcny
O4 - HKCU\..\RunOnce: [RegistryDefrag Success Message] "C:\Program Files\TuneUp Utilities 2007\TUMessages.exe" /RegDefrag_Success
O4 - HKCU\..\RunOnce: [DeleteGrabPro] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Program Files\Orbitdownloader\GrabPro.dll"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-41683021-3020818943-1046066418-1004\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Georg')
O4 - HKUS\S-1-5-21-41683021-3020818943-1046066418-1004\..\Run: [ykufrcny] "c:\users\administrator\appdata\local\ykufrcny.exe" ykufrcny (User 'Georg')
O4 - HKUS\S-1-5-21-41683021-3020818943-1046066418-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Georg')
O4 - HKUS\S-1-5-21-41683021-3020818943-1046066418-1004\..\Run: [cawgkqm] "c:\users\georg\appdata\local\cawgkqm.exe" cawgkqm (User 'Georg')
O4 - S-1-5-21-41683021-3020818943-1046066418-1004 Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe (User 'Georg')
O4 - S-1-5-21-41683021-3020818943-1046066418-1004 User Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe (User 'Georg')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Timex Data Link USB Launcher.lnk = C:\Program Files\Timex\Data Link USB\DataLinkLauncher.exe
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Google Desktop Manager 5.8.809.8522 (GoogleDesktopManager-090808-172447) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Haufe iDesk-Service in C:\Program Files\Haufe\iDesk\iDeskService\Zope (HRService) - Unknown owner - C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe (file missing)
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 11242 bytes

tychoalba

Da sind aber die meisten Kerlchen wieder!!!

ˆ\__/  this is Einkaufswagen.
.O.o  copy Einkaufswagen into your signature to help him on his way to world domination.

hjweit


tychoalba

C:\Users\Georg\AppData\Local\cawgkqm.exe

O4 - HKCU\..\Run: [Uninstall_CToolbar] "C:\Users\ADMINI~1\AppData\Local\Temp\CUninst.exe" "/remove"

O4 - HKCU\..\Run: [ykufrcny] "c:\users\administrator\appdata\local\ykufrcny.exe" ykufrcny
   
O4 - HKCU\..\RunOnce: [DeleteGrabPro] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Program Files\Orbitdownloader\GrabPro.dll"

O13 - Gopher Prefix:

O4 - HKUS\S-1-5-21-41683021-3020818943-1046066418-1004\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Georg')

O4 - HKUS\S-1-5-21-41683021-3020818943-1046066418-1004\..\Run: [ykufrcny] "c:\users\administrator\appdata\local\ykufrcny.exe" ykufrcny (User 'Georg')

...sauber ist was anderes.......es sei denn, Du kennst die Programme, die zu diesen Prozessen gehören.....

ˆ\__/  this is Einkaufswagen.
.O.o  copy Einkaufswagen into your signature to help him on his way to world domination.