This virus get activated by 1PM everyday, then again after 6-7 hours. Once get activated it starts writing the stars sign ******** an won't stop. Of course I can not write anything or log in, nothing. As soon as I click in a blank space it starts typing the "********". It won't allows me neither to turn of the computer. It will restart the computer over and over. The only solution I have found ist to take the power out the wall and wait some hours.. nothing else helped me out until now. :-(

Maybe we can help you find it. Please run this free online scan from Panda When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to the desktop, then copy/paste into the text editor and post it. Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified. Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop. Doubleclick on the HJTsetup.exe icon on your desktop. By default it will install to C:\Program Files\Hijack This. Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue. Put a check by "Create a desktop icon" then click "Next" again. Continue to follow the rest of the prompts from there. At the final dialogue box click "Finish" and it will launch Hijack This. Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread. Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly. Run Hijack This again, click the "open misc. tools section button">check both boxes to the right of "generate startuplist log"> then click "generate startuplist log">yes>copy that log and post it please.

HEy, thankyou very much for the fast answer. I did everything you told me. I'll Post it now as you said

Please post it in this thread, don't start a new one.

ok, sorry.. well here we go with what the scan found out: Incident Status Location Spyware:Cookie/2o7 Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@2o7[2].txt Spyware:Cookie/YieldManager Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@ad.yieldmanager[1].txt Spyware:Cookie/Hbmediapro Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@adopt.hbmediapro[2].txt Spyware:Cookie/PointRoll Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@ads.pointroll[1].txt Spyware:Cookie/Adtech Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@adtech[2].txt Spyware:Cookie/Advertising Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@advertising[2].txt Spyware:Cookie/Adviva Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@adviva[2].txt Spyware:Cookie/Apmebf Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@apmebf[2].txt Spyware:Cookie/Falkag Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@as-eu.falkag[2].txt Spyware:Cookie/Falkag Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@as-us.falkag[1].txt Spyware:Cookie/Falkag Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@as1.falkag[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@atdmt[2].txt Spyware:Cookie/Atwola Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@atwola[2].txt Spyware:Cookie/Belnk Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@belnk[1].txt Spyware:Cookie/Bluestreak Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@bluestreak[1].txt Spyware:Cookie/bravenetA Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@bravenet[1].txt Spyware:Cookie/BurstNet Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@burstnet[1].txt Spyware:Cookie/Casalemedia Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@casalemedia[2].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@cgi-bin[3].txt Spyware:Cookie/Com.com Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@com[2].txt Spyware:Cookie/Hitslink Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@counter.hitslink[2].txt Spyware:Cookie/Belnk Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@dist.belnk[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@doubleclick[1].txt Spyware:Cookie/FastClick Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@fastclick[2].txt Spyware:Cookie/fe.lea.lycos Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@fe.lea.lycos[1].txt Spyware:Cookie/Hitbox Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@hitbox[1].txt Spyware:Cookie/Maxserving Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@maxserving[1].txt Spyware:Cookie/FastClick Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@media.fastclick[2].txt Spyware:Cookie/Mediaplex Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@mediaplex[2].txt Spyware:Cookie/2o7 Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@microsofteup.112.2o7[1].txt Spyware:Cookie/Overture Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@overture[2].txt Spyware:Cookie/Paypopup Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@paypopup[1].txt Spyware:Cookie/Overture Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@perf.overture[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@questionmarket[2].txt Spyware:Cookie/RealMedia Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@realmedia[1].txt Spyware:Cookie/WUpd Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@revenue[1].txt Spyware:Cookie/Rn11 Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@rn11[2].txt Spyware:Cookie/Falkag Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@sel.as-eu.falkag[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@serving-sys[2].txt Spyware:Cookie/onestat.com Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@stat.onestat[2].txt Spyware:Cookie/Statcounter Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@statcounter[1].txt Spyware:Cookie/Tradedoubler Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@tradedoubler[1].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@trafficmp[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@tribalfusion[2].txt Spyware:Cookie/Com.com Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@uol.com[1].txt Spyware:Cookie/Weborama Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@weborama[1].txt Spyware:Cookie/Xiti Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@xiti[1].txt Spyware:Cookie/Zedo Not disinfected C:\Dokumente und Einstellungen\Carlos Diaz\Cookies\carlos diaz@zedo[2].txt Logfile of HijackThis v1.99.1 Scan saved at 14:30:28, on 25.06.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\MSN Messenger\MsnMsgr.exe C:\WINDOWS\system32\svchost.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Internet Explorer\IEXPLORE.exe C:\Programme\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.tiscali.de/web/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eluniversal.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.exe" /background O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.de O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133886247135 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133886449035 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{922D57DC-32B4-4947-8DEA-521390CC8380}: NameServer = 195.247.247.195 62.27.27.62 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: DVD-RAM_Service - Matsus---a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe StartupList report, 25.06.2006, 14:35:09 StartupList version: 1.52.2 Started from : C:\Programme\Hijackthis\HijackThis.exe Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\MSN Messenger\MsnMsgr.exe C:\WINDOWS\system32\svchost.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Internet Explorer\IEXPLORE.exe C:\Programme\Hijackthis\HijackThis.exe --------------------- Listing of startup folders: Shell folders Startup: [C:\Dokumente und Einstellungen\Carlos Diaz\Startmenü\Programme\Autostart] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart] Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* --------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* --------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run avgnt = "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min Adobe Photo Downloader = "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" TkBellExe = "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot --------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* --------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* --------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* --------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* --------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MsnMsgr = "C:\Programme\MSN Messenger\MsnMsgr.exe" /background --------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* --------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* --------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* --------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* --------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* --------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* --------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] *No values found* --------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* --------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* --------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* --------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* --------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* --------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* --------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* --------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* --------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* --------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* --------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* --------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* --------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* --------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* --------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* --------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S --------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\system32\mshta.exe "%1" %* --------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.exe %1 --------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install --------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* --------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= --------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=F:\ttlg.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* --------------------- Checking for EXPLORER.exe instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present --------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden --------------------- Verifying REGEDIT.exe integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Company name OK: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE' - File description: 'Registrierungs-Editor' Registry check passed --------------------- Enumerating Browser Helper Objects: (no name) - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} (no name) - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (no name) - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} --------------------- Enumerating Task Scheduler jobs: *No jobs found* --------------------- Enumerating Download Program Files: [MSN Photo Upload Tool] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll CODEBASE = http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab [WUWebControl Class] InProcServer32 = C:\WINDOWS\system32\wuweb.dll CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133886247135 [MUWebControl Class] InProcServer32 = C:\WINDOWS\system32\muweb.dll CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133886449035 [Java Plug-in] InProcServer32 = C:\Programme\Java\jre1.5.0_06\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab [ActiveScan Installer Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab [MsnMessengerSetupDownloadControl Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx CODEBASE = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab [Java Plug-in] InProcServer32 = C:\Programme\Java\jre1.5.0_06\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab [Java Plug-in 1.5.0_06] InProcServer32 = C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab --------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll NameSpace #4: C:\WINDOWS\System32\nwprovau.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\mswsock.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\rsvpsp.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll Protocol #16: C:\WINDOWS\system32\mswsock.dll Protocol #17: C:\WINDOWS\system32\mswsock.dll Protocol #18: C:\WINDOWS\system32\mswsock.dll Protocol #19: C:\WINDOWS\system32\mswsock.dll Protocol #20: C:\WINDOWS\system32\mswsock.dll Protocol #21: C:\WINDOWS\system32\mswsock.dll Protocol #22: C:\WINDOWS\system32\mswsock.dll Protocol #23: C:\WINDOWS\system32\mswsock.dll Protocol #24: C:\WINDOWS\system32\mswsock.dll Protocol #25: C:\WINDOWS\system32\mswsock.dll Protocol #26: C:\WINDOWS\system32\mswsock.dll Protocol #27: C:\WINDOWS\system32\mswsock.dll --------------------- Enumerating Windows NT/2000/XP services Microsoft ACPI-Treiber: system32\DRIVERS\ACPI.sys (system) Microsoft Kernel-Echounterdrückung: system32\drivers\aec.sys (manual start) AFD: \SystemRoot\System32\drivers\afd.sys (system) Warndienst: %SystemRoot%\system32\svchost.exe -k LocalService (disabled) Gatewaydienst auf Anwendungsebene: %SystemRoot%\System32\alg.exe (manual start) AMD K7-Prozessortreiber: system32\DRIVERS\amdk7.sys (system) AntiVir Scheduler: C:\Programme\AntiVir PersonalEdition Classic\sched.exe (autostart) AntiVir PersonalEdition Classic Service: C:\Programme\AntiVir PersonalEdition Classic\avguard.exe (autostart) Anwendungsverwaltung: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start) Asynchroner RAS -Medientreiber: system32\DRIVERS\asyncmac.sys (manual start) Standard-IDE/ESDI-Festplattencontroller: system32\DRIVERS\atapi.sys (system) Protokoll für ATM ARP-Client: system32\DRIVERS\atmarpc.sys (manual start) Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Audiostubtreiber: system32\DRIVERS\audstub.sys (manual start) avgio: \??\C:\Programme\AntiVir PersonalEdition Classic\avgio.sys (manual start) avgntflt: \??\C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys (manual start) Intelligenter Hintergrundübertragungsdienst: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Computerbrowser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Untertiteldecoder: system32\DRIVERS\CCDECODE.sys (manual start) CD-ROM-Laufwerktreiber: system32\DRIVERS\cdrom.sys (system) Indexdienst: %SystemRoot%\system32\cisvc.exe (manual start) Ablagemappe: %SystemRoot%\system32\clipsrv.exe (disabled) .NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start) COM+-Systemanwendung: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Kryptografiedienste: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) DCOM-Server-Prozessstart: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) DHCP-Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Laufwerktreiber: system32\DRIVERS\disk.sys (system) Verwaltungsdienst für die Verwaltung logischer Datenträger: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) Treiber für die Verwaltung logischer Datenträger: System32\drivers\dmio.sys (system) dmload: System32\drivers\dmload.sys (system) Verwaltung logischer Datenträger: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Microsoft Kernel-DLS-Synthesizer: system32\drivers\DMusic.sys (manual start) DNS-Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart) Microsoft Kernel-DRM-Audioentschlüsselung: system32\drivers\drmkaud.sys (manual start) DVD-RAM_Service: C:\WINDOWS\system32\DVDRAMSV.exe (autostart) Fehlerberichterstattungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Ereignisprotokoll: %SystemRoot%\system32\services.exe (autostart) COM+-Ereignissystem: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start) Kompatibilität für schnelle Benutzerumschaltung: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Diskettencontrollertreiber: system32\DRIVERS\fdc.sys (manual start) Diskettenlaufwerktreiber: system32\DRIVERS\flpydisk.sys (manual start) FltMgr: system32\DRIVERS\fltMgr.sys (system) Treiber für Volume-Manager: system32\DRIVERS\ftdisk.sys (system) Gameport-Enumerator: system32\DRIVERS\gameenum.sys (manual start) Standardpaketklassifizierung: system32\DRIVERS\msgpc.sys (manual start) Hilfe und Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Microsoft HID Class-Treiber: system32\DRIVERS\hidusb.sys (manual start) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP-SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) i8042-Tastatur- und PS/2-Mausanschluss-Treiber: system32\DRIVERS\i8042prt.sys (system) Filtertreiber für CD-Brennen: system32\DRIVERS\imapi.sys (system) IMAPI-CD-Brenn-COM-Dienste: C:\WINDOWS\system32\imapi.exe (manual start) IPv6-Windows-Firewalltreiber: system32\DRIVERS\Ip6Fw.sys (manual start) Filtertreiber für IP-Verkehr: system32\DRIVERS\ipfltdrv.sys (manual start) IP/IP-Tunneltreiber: system32\DRIVERS\ipinip.sys (manual start) Übersetzer für IP-Netzwerkadressen: system32\DRIVERS\ipnat.sys (manual start) IPSEC-Treiber: system32\DRIVERS\ipsec.sys (system) IrDA-Protokoll: system32\DRIVERS\irda.sys (autostart) IR-Enumeratordienst: system32\DRIVERS\irenum.sys (manual start) Infrarotüberwachung: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Microsoft serieller Infrarottreiber: system32\DRIVERS\irsir.sys (manual start) PnP-ISA/EISA-Bus-Treiber: system32\DRIVERS\isapnp.sys (system) Tastaturklassentreiber: system32\DRIVERS\kbdclass.sys (system) Tastatur-HID-Treiber: system32\DRIVERS\kbdhid.sys (system) Microsoft Kernel-Waveaudiomixer: system32\drivers\kmixer.sys (manual start) Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Arbeitsstationsdienst: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) TCP/IP-NetBIOS-Hilfsprogramm: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) meiudf: System32\Drivers\meiudf.sys (system) Nachrichtendienst: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) NetMeeting-Remotedesktop-Freigabe: C:\WINDOWS\system32\mnmsrvc.exe (manual start) Unimodem-Datenstromfiltergerät: system32\drivers\MODEMCSA.sys (manual start) Mausklassentreiber: system32\DRIVERS\mouclass.sys (system) Maus-HID-Treiber: system32\DRIVERS\mouhid.sys (manual start) Redirector für WebDav-Client: system32\DRIVERS\mrxdav.sys (manual start) MRXSMB: system32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start) Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start) Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start) Microsoft Proxy für Streaming Clock: system32\drivers\MSPCLOCK.sys (manual start) Microsoft Proxy für Streaming Quality Manager: system32\drivers\MSPQM.sys (manual start) Microsoft-Systemverwaltungs-BIOS-Treiber: system32\DRIVERS\mssmbios.sys (manual start) Microsoft Streaming Tee/Sink-to-Sink-Konvertierung: system32\drivers\MSTEE.sys (manual start) Microsoft MPU-401 MIDI UART-Treiber: system32\drivers\msmpu401.sys (manual start) NABTS/FEC VBI-Codec: system32\DRIVERS\NABTSFEC.sys (manual start) Microsoft TV-/Videoverbindung: system32\DRIVERS\NdisIP.sys (manual start) RAS-NDIS-TAPI-Treiber: system32\DRIVERS\ndistapi.sys (manual start) NDIS-Benutzermodus-E/A-Protokoll: system32\DRIVERS\ndisuio.sys (manual start) RAS-NDIS-WAN-Treiber: system32\DRIVERS\ndiswan.sys (manual start) NetBIOS-Schnittstelle: system32\DRIVERS\netbios.sys (system) NetBios über TCP/IP: system32\DRIVERS\netbt.sys (system) Netzwerk-DDE-Dienst: %SystemRoot%\system32\netdde.exe (disabled) Netzwerk-DDE-Serverdienst: %SystemRoot%\system32\netdde.exe (disabled) Anmeldedienst: %SystemRoot%\system32\lsass.exe (manual start) Netzwerkverbindungen: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) NLA (Network Location Awareness): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Nokia USB Generic: system32\drivers\nmwcdc.sys (manual start) Nokia USB Modem: system32\drivers\nmwcdcm.sys (manual start) Nokia USB Phone Parent: system32\drivers\nmwcd.sys (manual start) NT-LM-Sicherheitsdienst: %SystemRoot%\system32\lsass.exe (manual start) Wechselmedien: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Client Service für NetWare: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Filtertreiber für IPX-Verkehr: system32\DRIVERS\nwlnkflt.sys (manual start) Treiber für IPX-Verkehrsweiterleitung: system32\DRIVERS\nwlnkfwd.sys (manual start) NWLink IPX/SPX/NetBIOS-kompatibles Transportprotokoll: system32\DRIVERS\nwlnkipx.sys (autostart) NWLink-NetBIOS: system32\DRIVERS\nwlnknb.sys (autostart) NWLink SPX/SPXII-Protokoll: system32\DRIVERS\nwlnkspx.sys (autostart) NetWare Rdr: system32\DRIVERS\nwrdr.sys (manual start) Creative WebCam NX: system32\DRIVERS\P1110VID.sys (manual start) Treiber für parallelen Anschluss: system32\DRIVERS\parport.sys (manual start) PCI-Bus-Treiber: system32\DRIVERS\pci.sys (system) PCIIde: system32\DRIVERS\pciide.sys (system) Plug & Play: %SystemRoot%\system32\services.exe (autostart) IPSEC-Dienste: %SystemRoot%\system32\lsass.exe (autostart) WAN-Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start) Geschützter Speicher: %SystemRoot%\system32\lsass.exe (autostart) QoS-Paketplaner: system32\DRIVERS\psched.sys (manual start) Treiber für direkte Parallelverbindung: system32\DRIVERS\ptilink.sys (manual start) PxHelp20: System32\Drivers\PxHelp20.sys (system) Treiber für automatische RAS-Verbindung: system32\DRIVERS\rasacd.sys (system) Verwaltung für automatische RAS-Verbindung: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) WAN-Miniport (IrDA): system32\DRIVERS\rasirda.sys (manual start) WAN-Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start) RAS-Verbindungsverwaltung: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Remotezugriff-PPPOE-Treiber: system32\DRIVERS\raspppoe.sys (manual start) Parallelanschluss (direkt): system32\DRIVERS\raspti.sys (manual start) Rdbss: system32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Treiber für Terminalserver-Geräteumleitung: system32\DRIVERS\rdpdr.sys (manual start) Sitzungs-Manager für Remotedesktophilfe: C:\WINDOWS\system32\sessmgr.exe (manual start) Filtertreiber für digitale CD-Audiowiedergabe: system32\DRIVERS\redbook.sys (system) Routing und RAS: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) Remote-Registrierung: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start) RPC-Locator: %SystemRoot%\system32\locator.exe (manual start) Remoteprozeduraufruf (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS-RSVP: %SystemRoot%\system32\rsvp.exe (manual start) NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter: system32\DRIVERS\RTL8139.SYS (manual start) Sicherheitskontenverwaltung: %SystemRoot%\system32\lsass.exe (autostart) Smartcard: %SystemRoot%\System32\SCardSvr.exe (manual start) Taskplaner: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: system32\DRIVERS\secdrv.sys (manual start) Sekundäre Anmeldung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Systemereignisbenachrichtigung: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Serenum-Filtertreiber: system32\DRIVERS\serenum.sys (manual start) Treiber für seriellen Anschluss: system32\DRIVERS\serial.sys (system) High-Capacity-Diskettenlaufwerk: system32\DRIVERS\sfloppy.sys (manual start) Windows-Firewall/Gemeinsame Nutzung der Internetverbindung: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Shellhardwareerkennung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) SiS300i: system32\DRIVERS\sis300ip.sys (manual start) Dienst für AC'97-Beispieltreiber (WDM): system32\drivers\ac97sis.sys (manual start) SIS AGP-Bus-Filter: system32\DRIVERS\sisagp.sys (system) SiS-PCI-Fast Ethernet- Adaptertreiber: system32\DRIVERS\sisnic.sys (manual start) BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start) sonypvd2: system32\DRIVERS\sonypvd2.sys (system) Microsoft Kernel-Audiosplitter: system32\drivers\splitter.sys (manual start) Druckwarteschlange: %SystemRoot%\system32\spoolsv.exe (autostart) Filtertreiber für Systemwiederherstellung: system32\DRIVERS\sr.sys (system) Systemwiederherstellungsdienst: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Srv: system32\DRIVERS\srv.sys (manual start) SSDP-Suchdienst: %SystemRoot%\system32\svchost.exe -k LocalService (manual start) Windows-Bilderfassung (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart) BDA-IPSink: system32\DRIVERS\StreamIP.sys (manual start) Software-Bus-Treiber: system32\DRIVERS\swenum.sys (manual start) Microsoft Kernel GS Wavetablesynthesizer: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{F0C16C1A-4D5B-47E4-841B-642A8550B783} (manual start) Microsoft Kernel-Systemaudiogerät: system32\drivers\sysaudio.sys (manual start) Leistungsdatenprotokolle und Warnungen: %SystemRoot%\system32\smlogsvc.exe (manual start) Telefonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) TCP/IP-Protokolltreiber: system32\DRIVERS\tcpip.sys (system) Terminal-Gerätetreiber: system32\DRIVERS\termdd.sys (system) Terminaldienste: %SystemRoot%\System32\svchost -k DComLaunch (manual start) Designs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled) Überwachung verteilter Verknüpfungen (Client): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart) Microcode Updatetreiber: system32\DRIVERS\update.sys (manual start) Universeller Plug & Play-Gerätehost: %SystemRoot%\system32\svchost.exe -k LocalService (manual start) Unterbrechungsfreie Stromversorgung: %SystemRoot%\System32\ups.exe (manual start) Microsoft Standard-USB-Haupttreiber: system32\DRIVERS\usbccgp.sys (manual start) Microsoft USB-Standardhubtreiber: system32\DRIVERS\usbhub.sys (manual start) Miniporttreiber für Microsoft USB Open Host-Controller: system32\DRIVERS\usbohci.sys (manual start) Microsoft USB-Druckerklasse: system32\DRIVERS\usbprint.sys (manual start) USB-Scannertreiber: system32\DRIVERS\usbscan.sys (manual start) USB-Massenspeichertreiber: system32\DRIVERS\USBSTOR.SYS (manual start) Messenger Sharing USN Journal Reader service: C:\WINDOWS\system32\svchost.exe -k usnsvc (manual start) VgaSave: \SystemRoot\System32\drivers\vga.sys (system) Volumeschattenkopie: %SystemRoot%\System32\vssvc.exe (manual start) Windows-Zeitgeber: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) RAS-IP-ARP-Treiber: system32\DRIVERS\wanarp.sys (manual start) Treiber für Microsoft WINMM-WDM-Audiokompatibilität: system32\drivers\wdmaud.sys (manual start) Webclient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Windows-Verwaltungsinstrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Windows Media Connect-Dienst: C:\Programme\Windows Media Connect 2\wmccds.exe (manual start) Dienst für Seriennummern der tragbaren Medien: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Treibererweiterungen für Windows-Verwaltungsinstrumentation: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WMI-Leistungsadapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start) Sicherheitscenter: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) World Standard Teletext-Codec: system32\DRIVERS\WSTCODEC.SYS (manual start) Automatische Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Konfigurationsfreie drahtlose Verbindung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Netzwerkversorgungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) --------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic\TEMP\AVUPDATE_449e65f3\UPDENGVDFTEST|||i --------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll --------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* --------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* --------------------- End of report, 34.593 bytes Report generated in 0,351 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only

I see nothing. We can look a little more with this, please download SilentRunners from this link Please download SilentRunners from here: http://www.silentrunners.org/Silent%20Runners.zip. Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, it will create a logfile on the desktop. Please post the entire contents of this logfile in a reply to this post.. Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, it will create a logfile on the desktop. Please post the entire contents of this logfile in a reply to this post.

"Silent Runners.vbs", revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: ---- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "MsnMsgr" = ""C:\Programme\MSN Messenger\MsnMsgr.exe" /background" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "avgnt" = ""C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"] "Adobe Photo Downloader" = ""C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"] "TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Sign-in Helper" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS] {9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = (no title provided) -> {HKLM...CLSID} = "ST" \InProcServer32\(Default) = "C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll" [MS] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided) -> {HKLM...CLSID} = "MSNToolBandBHO" \InProcServer32\(Default) = "C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"] "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References" -> {HKLM...CLSID} = "ShellLink for Application References" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References" -> {HKLM...CLSID} = "Shell Icon Handler for Application References" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{A4DF5659-0801-4A60-9607-1C48695EFDA9}" = "Ordner HP Share-to-Web" -> {HKLM...CLSID} = "Ordner HP Share-to-Web" \InProcServer32\(Default) = "C:\Programme\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL" ["Hewlett-Packard"] "{40950107-FEA6-4d53-A65F-B2DCBA57DD58}" = "Nokia Phone Browser" -> {HKLM...CLSID} = "Nokia Phone Browser" \InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"] "{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View" -> {HKLM...CLSID} = "Contact View" \InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\ContactView.dll" ["Nokia"] "{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View" -> {HKLM...CLSID} = "Message View" \InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung" \InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{8e9d6600-f84a-11ce-8daa-00aa004a5691}" = "Shell extensions for NetWare" -> {HKLM...CLSID} = "NetWare Objects" \InProcServer32\(Default) = "nwprovau.dll" [MS] "{e3f2bac0-099f-11cf-8daa-00aa004a5691}" = "Shell extensions for NetWare" -> {HKLM...CLSID} = "NetWare UNC Folder Menu" \InProcServer32\(Default) = "nwprovau.dll" [MS] "{52c68510-09a0-11cf-8daa-00aa004a5691}" = "Shell extensions for NetWare" -> {HKLM...CLSID} = "NetWare Hood Verbs" \InProcServer32\(Default) = "nwprovau.dll" [MS] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "My Sharing Folders" \InProcServer32\(Default) = "C:\Programme\MSN Messenger\fsshext.8.0.0792.00.dll" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ NetWareUNCMenu\(Default) = "{e3f2bac0-099f-11cf-8daa-00aa004a5691}" -> {HKLM...CLSID} = "NetWare UNC Folder Menu" \InProcServer32\(Default) = "nwprovau.dll" [MS] Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"] Active Desktop and Wallpaper: Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\WINDOWS\web\wallpaper\Grüne Idylle.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "F:\ttlg.scr" ["Axialis Software"] Startup items in "Carlos Diaz" & "All Users" startup folders: --- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] Winsock2 Service Provider DLLs: -- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 27 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06 Toolbars, Explorer Bars, Extensions: ------- Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" -> {HKLM...CLSID} = "MSN" \InProcServer32\(Default) = "C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll" [MS] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0" -> {HKLM...CLSID} = "MSN" \InProcServer32\(Default) = "C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Programme\Messenger\msmsgs.exe" [file not found] Miscellaneous IE Hijack Points - C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [Strings]: START_PAGE_URL=http://www.tiscali.de Missing lines (compared with English-language version): [Strings]: 1 line Running Services (Display Name, Service Name, Path {Service DLL}): -------- AntiVir PersonalEdition Classic Service, AntiVirService, "C:\Programme\AntiVir PersonalEdition Classic\avguard.exe" ["AVIRA GmbH"] AntiVir Scheduler, AntiVirScheduler, "C:\Programme\AntiVir PersonalEdition Classic\sched.exe" ["Avira GmbH"] Client Service für NetWare, NWCWorkstation, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\nwwks.dll" [MS]} DVD-RAM_Service, DVD-RAM_Service, "C:\WINDOWS\system32\DVDRAMSV.exe" ["Matsus---a Electric Industrial Co., Ltd."] Messenger Sharing USN Journal Reader service, usnsvc, "C:\WINDOWS\system32\svchost.exe -k usnsvc" {"C:\Programme\MSN Messenger\usnsvc.dll" [MS]} Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzlnt09\Driver = "hpzlnt09.dll" ["HP"] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 269 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 63 seconds. ---------- (total run time: 410 seconds)