IE leitet seiten scheinbar zufällig um |
||
---|---|---|
#0
| ||
14.02.2007, 11:55
Member
Beiträge: 11 |
||
|
||
14.02.2007, 11:57
Ehrenmitglied
Beiträge: 29434 |
#17
sollte wieder eine Umleitung erfolgen - schreibe sofort
dann graben wir weiter __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.02.2007, 10:43
Member
Beiträge: 11 |
#18
Hallo Sabina,
ich hatte gestern Abend wieder unser altbekanntes Umleitungsproblem. Diesmal aber auf meinem anderen Benutzeraccount. Hätte unsere Clean-Up-Aktion gestern die Schädlinge auf 2 verschiedenen Windows-XP-Nutzerkonten killen müssen? Schon, oder? Wenn ja, würde ich dich bitten, mir nochmal alle Tools, die ich zur ersten Analyse nutzen soll, kurz zu listen. Dann warte ich, bis der Virus wieder aktiv ist und führe währenddessen dann die Analysetools aus. So haben wir dann vielleicht eher eine Chance ihn zu finden? Die Schwierigkeit ist nur, dass ich während das Ding aktiv ist, eben nicht hierher komme, weil ich umgeleitet werde... Aber wenn ich vorher alles vorbereite, müsste das ja zu machen sein... Danke dir nochmal und schonmal, Gruß Phil |
|
|
||
15.02.2007, 12:13
Ehrenmitglied
Beiträge: 29434 |
#19
poste mir mal bitte einen link von der Seite, auf die du umgeleitet wirst.
die Tools, mit denen wir gearbeitet haben: Hijackthis http://virus-protect.org/hjtkurz.html Combofix http://virus-protect.org/artikel/tools/combofix.html gmer http://virus-protect.org/artikel/tools/gmer.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.02.2007, 03:12
Member
Beiträge: 11 |
#20
Heute ist nix passiert, also gibt's im Moment keinen Screenshot oder so zu posten.
Hier nochmal das Problem: Ich geb die URL ein und schick sie mit Enter ab. Dann wird eine wahllose andere Seite geladen als die, die ich angefordert habe. Die URL der Seite, die mit angezeigt wird, bekomme ich überhaupt nicht zu sehen, sie erscheint nicht in der Browser-URL-Leiste. Oft ist die Seite, die dann ungewollterweise geladen wird eine, die einen Google-Error anzeigt oder simuliert, mit einem Text wie "Seite nicht gefunden", "existiert nicht", oder ähnliches. Wenn ich dann eine andere Seite in die URL-Leiste eingeb und per Enter abschick, wird wieder eine beliebige andere Seite geladen, oder dieselbe umgeleitete Seite oder manchmal erscheint dann auch die Seite, die ich das mal zuvor eigentlich sehen wollte. ipconfig /flushdns hilft nicht... Internetverbindung trennen und neu einwählen hilft nicht auch nix anderes hilft, nur ein kompletter Neustart schafft Abhilfe. Jemand eine Ahnung, was diese Symptome hervorrufen kann? [edit] neue PRobs: bin jetzt wieder in meinem anderen Win-XP-Account, und hab wieder Probleme. Hab aber glaub ich das Problem schonmal gefunden: %windir%\prefetch hat 2 verdächtige dateien: phones~2.exe und sphone~1.exe Die Originale dazu haben mehr als 8 Zeichen und liegen mit in meinem Siemens Mobile Phone Manager... Die Dateien scheinen in Zusammenhang mit searchprotocolhost.exe aktiv zu werden wenn das mgl. ist, muss aber nichts zwingend damit zu tun haben. ISt das nicht nur in Windows Indexer-Dienst oder so? Kann man den ganz ausstellen, der nervt eh nur... hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 03:42:14, on 16.02.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\Programme\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\xltCCam.exe C:\WINDOWS\system32\dllhost.exe C:\Programme\AntiVirenKit InternetSecurity\Firewall\GDFwSvc.exe C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\ehome\ehtray.exe C:\Programme\Apoint\Apoint.exe C:\WINDOWS\eHome\ehmsas.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\Programme\Apoint\Apntex.exe C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe C:\Programme\Axalto\Access Client\v5\xltSysTray.Exe C:\Programme\AntiVirenKit InternetSecurity\AVKTray\AVKTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Digital Line Detect\DLG.exe C:\Programme\AntiVirenKit InternetSecurity\Firewall\GDFirewallTray.exe C:\Programme\PSNLite\PsnLite.exe C:\PROGRA~1\PSNLite\PSNGive.exe C:\WINDOWS\ISW\alice\signup\alicecnn.exe C:\PROGRA~1\MOBILE~1\bin\DESProxy.exe C:\PROGRA~1\MOBILE~1\bin\SCfgSrv.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\PROGRA~1\MOBILE~1\bin\SPHONE~1.EXE C:\WINDOWS\explorer.exe C:\Dokumente und Einstellungen\Philip\Desktop\HijackThis.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\MOBILE~1\bin\PHONES~2.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/ O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\AntiVirenKit InternetSecurity\Webfilter\AvkWebIE.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar4.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Programme\TextAloud\TAForIE.dll O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\AntiVirenKit InternetSecurity\Webfilter\AvkWebIE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar4.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [xltSystemTray] C:\Programme\Axalto\Access Client\v5\xltSysTray.Exe O4 - HKLM\..\Run: [xltCertPropUI] C:\WINDOWS\system32\xltCertPropUI.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [AVKTray] "C:\Programme\AntiVirenKit InternetSecurity\AVKTray\AVKTray.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: G DATA Firewall Tray.lnk = ? O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programme\PSNLite\PsnLite.exe O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Programme\Citrix\ICA Client\pnagent.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: &Clean Traces - C:\Programme\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Programme\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Programme\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\OFFICE~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\OFFICE~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.alice-dsl.de O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} (Silverwire Image Uploader 3.0 Control) - http://www.fotowire.com/download/client/uploader/ImageUploader3.cab O16 - DPF: {96512D57-F751-4088-A689-5778FCC77F7A} (Photo Uploader Control) - http://www.studivz.net/lib/photouploader/PhotoUploader.cab O16 - DPF: {A58EA309-CE0A-49C4-A18C-31F77FE681E9} (GetInfo.MainClass) - https://www.bppassport.com/diligent/GetInfo.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{95A95914-C22A-417D-9500-E68445CFC005}: NameServer = 213.191.92.82 213.191.74.11 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = bp1.ad.bp.com,ad.bp.com,bp.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = bp1.ad.bp.com,ad.bp.com,bp.com O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: IntelWireless - C:\Programme\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O20 - Winlogon Notify: xltCamNotify - C:\WINDOWS\SYSTEM32\xltCamNotify.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVKProxy - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: G DATA Personal Firewall (GDFwSvc) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\Firewall\GDFwSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Axalto Smart Card CAM Service (xltCCam) - Axalto Inc. - C:\WINDOWS\system32\xltCCam.exe gmer: beim starten: GMER 1.0.12.12027 - http://www.gmer.net Rootkit scan 2007-02-16 03:43:03 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT sptd.sys ZwEnumerateKey SSDT sptd.sys ZwEnumerateValueKey ---- Devices - GMER 1.0.12 ---- Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 86FD21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 86FD21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 86FD21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 86FD21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 86FD21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 86FD21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 86FD21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 86FD21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 86FD21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 86FD21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 86FD21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 86FD21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 86FD21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 86FD21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 86FD21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 86FD21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 86FD21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 86FD21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 86FD21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 86FD21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 86FD21D8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 86FD21D8 Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F794BA7C] GDTdiIcpt.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F794BA7C] GDTdiIcpt.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F794BA7C] GDTdiIcpt.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F794BA7C] GDTdiIcpt.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F794BA7C] GDTdiIcpt.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F794BA7C] GDTdiIcpt.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F794BA7C] GDTdiIcpt.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F794BA7C] GDTdiIcpt.sys ---- EOF - GMER 1.0.12 ---- gmer scan: als datei drangehängt, ist zu groß zum posten... Gmer: windows\system32\drivers\HookCenter.sys Hört sich auch nicht gut an? Siehst du noch mehr? Wie werd' ich's los? Anhang: gmer full scan.txt Dieser Beitrag wurde am 16.02.2007 um 04:13 Uhr von Philip219 editiert.
|
|
|
||
16.02.2007, 10:32
Ehrenmitglied
Beiträge: 29434 |
#21
virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen http://www.virustotal.com/flash/index_en.html C:\WINDOWS\system32\drivers\HookCentre.sys C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\SearchProtocolHost.exe poste die reporte ---------- «« HijackThis (StartupListe) HijackThis starten, "Open the misc tools section" klicken, die beiden Kästchen "List also minor sections" und "List empty sections" markieren und dann "Generate StartupList log" klicken. -------------------------- Starte den Rechner bitte im abgesicherten Modus und erstelle dort ein Hijackthis log und ein Startuplist log, dazu bitte in die ms tools setion gehen, beide Dinge bei "generate statuplist log" anhaken und die liste erstellen lassen. *HijackThis - Config *List also minor sections (full) -- Häkchen setzen *List empty sections (complete) -- Häkchen setzen *HijackThis - Config - MiscTools -- Generate StartupListlog *(es öffnet sich das Notepad [Texteditor], nun das KOMPLETTE Log abkopieren und posten) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.02.2007, 18:50
Member
Beiträge: 11 |
#22
Das gibt's nicht, gerade war das verdammte Ding wieder aktiv!
Also, searchIndexer und SerchProtocolHost gehörten zum windows Desktop search, der mittlerweile deinstalliert ist. hookcentre.sys habe ich mit virustotal geprüft, wist virenfrei (un gehört auch laut meinem research zum system). Hier die aktuelle Hijackthis und Gmer Reporte von gerade, als das ding wieder aktiv war... Logfile of HijackThis v1.99.1 Scan saved at 18:36:14, on 20.02.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\Programme\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\Programme\AntiVirenKit InternetSecurity\Firewall\GDFwSvc.exe C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\ehome\ehtray.exe C:\Programme\Apoint\Apoint.exe C:\WINDOWS\eHome\ehmsas.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe C:\Programme\Apoint\Apntex.exe C:\Programme\AntiVirenKit InternetSecurity\AVKTray\AVKTray.exe C:\WINDOWS\system32\DrvMon.exe C:\Programme\Digital Line Detect\DLG.exe C:\Programme\AntiVirenKit InternetSecurity\Firewall\GDFirewallTray.exe C:\PROGRA~1\OFFICE~3\OFFICE11\OUTLOOK.EXE C:\WINDOWS\ISW\alice\signup\alicecnn.exe C:\WINDOWS\system32\WISPTIS.EXE C:\Programme\ICQLite\ICQLite.exe C:\Dokumente und Einstellungen\BP\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\AntiVirenKit InternetSecurity\Webfilter\AvkWebIE.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Programme\TextAloud\TAForIE.dll O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\AntiVirenKit InternetSecurity\Webfilter\AvkWebIE.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [AVKTray] "C:\Programme\AntiVirenKit InternetSecurity\AVKTray\AVKTray.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: G DATA Firewall Tray.lnk = ? O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programme\PSNLite\PsnLite.exe O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Programme\Citrix\ICA Client\pnagent.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\OFFICE~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O15 - Trusted Zone: *.bp.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} (Silverwire Image Uploader 3.0 Control) - http://www.fotowire.com/download/client/uploader/ImageUploader3.cab O16 - DPF: {96512D57-F751-4088-A689-5778FCC77F7A} (Photo Uploader Control) - http://www.studivz.net/lib/photouploader/PhotoUploader.cab O16 - DPF: {A58EA309-CE0A-49C4-A18C-31F77FE681E9} (GetInfo.MainClass) - https://www.bppassport.com/diligent/GetInfo.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{95A95914-C22A-417D-9500-E68445CFC005}: NameServer = 213.191.92.82 213.191.74.11 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = bp1.ad.bp.com,ad.bp.com,bp.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = bp1.ad.bp.com,ad.bp.com,bp.com O20 - Winlogon Notify: IntelWireless - C:\Programme\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVKProxy - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: G DATA Personal Firewall (GDFwSvc) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\Firewall\GDFwSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe Gmer im Anhang, weil so groß... Ich mach jetzt noch die Sache mit den zusätzlichen Haken im abgesicherten Modus... Kommt dann gleich Anhang: gmer 20.02.07.txt
|
|
|
||
20.02.2007, 18:55
Ehrenmitglied
Beiträge: 29434 |
#23
poste beide logs, die erscheinen
http://virus-protect.org/artikel/tools/comboscan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.02.2007, 19:17
Member
Beiträge: 11 |
#24
Hier die 4 Hijackthis logs, scan und startup, jeweils abgesichert und nicht... (Anhang)
Hier die Comboscans: Comboscan: ComboScan v20070212.14 run by BP on 2007-02-20 at 19:21:29 Computer is in Normal Mode. -------------------------------------------------------------------------------- System Restore was disabled; re-enabling. Failed to create restore point: System Restore is disabled (service is not running). Performed disk cleanup. -- HijackThis log (run as BP.com) ----------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 19:21:51, on 20.02.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\Programme\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Programme\Apoint\Apoint.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe C:\Programme\AntiVirenKit InternetSecurity\AVKTray\AVKTray.exe C:\WINDOWS\system32\DrvMon.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Programme\Digital Line Detect\DLG.exe C:\Programme\AntiVirenKit InternetSecurity\Firewall\GDFirewallTray.exe C:\Programme\Citrix\ICA Client\pnagent.exe C:\Programme\Apoint\Apntex.exe C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe C:\Programme\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\Programme\AntiVirenKit InternetSecurity\Firewall\GDFwSvc.exe C:\WINDOWS\eHome\ehmsas.exe C:\Programme\ICQLite\ICQLite.exe C:\WINDOWS\ISW\alice\signup\alicecnn.exe C:\Dokumente und Einstellungen\BP\Desktop\comboscan.exe C:\DOKUME~1\BP\LOKALE~1\Temp\~htbfuht.tmp\BP.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\AntiVirenKit InternetSecurity\Webfilter\AvkWebIE.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Programme\TextAloud\TAForIE.dll O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\AntiVirenKit InternetSecurity\Webfilter\AvkWebIE.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [AVKTray] "C:\Programme\AntiVirenKit InternetSecurity\AVKTray\AVKTray.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: G DATA Firewall Tray.lnk = ? O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programme\PSNLite\PsnLite.exe O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Programme\Citrix\ICA Client\pnagent.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\OFFICE~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O15 - Trusted Zone: *.bp.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} (Silverwire Image Uploader 3.0 Control) - http://www.fotowire.com/download/client/uploader/ImageUploader3.cab O16 - DPF: {96512D57-F751-4088-A689-5778FCC77F7A} (Photo Uploader Control) - http://www.studivz.net/lib/photouploader/PhotoUploader.cab O16 - DPF: {A58EA309-CE0A-49C4-A18C-31F77FE681E9} (GetInfo.MainClass) - https://www.bppassport.com/diligent/GetInfo.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{95A95914-C22A-417D-9500-E68445CFC005}: NameServer = 213.191.92.82 213.191.74.11 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = bp1.ad.bp.com,ad.bp.com,bp.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = bp1.ad.bp.com,ad.bp.com,bp.com O20 - Winlogon Notify: IntelWireless - C:\Programme\Intel\Wireless\Bin\LgNotify.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVKProxy - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: G DATA Personal Firewall (GDFwSvc) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\Firewall\GDFwSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe -- HijackThis Fixed Entries (C:\Dokumente und Einstellungen\BP\Desktop\backups\) backup-20070217-111835-961 O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime backup-20070217-113443-433 O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize backup-20070220-180809-324 O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe backup-20070220-180904-895 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL backup-20070220-183233-773 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar4.dll -- File Associations ------------------------------------------------------------ .bat - batfile - "%1" %* .chm - chm.file - "C:\WINDOWS\hh.exe" %1 .com - comfile - "%1" %* .exe - exefile - "%1" %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - "%1" %* .reg - regfile - regedit.exe "%1" .scr - scrfile - "%1" /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------- 4 abp480n5 - \SystemRoot\system32\DRIVERS\ABP480N5.SYS 3 actser - system32\drivers\actser.sys 2 ADILOADER (General Purpose USB Driver (adildr.sys)) - System32\Drivers\adildr.sys 3 adiusbaw (AT-AR215 USB ADSL Modem) - system32\DRIVERS\adiusbaw.sys 4 adpu160m - \SystemRoot\system32\DRIVERS\adpu160m.sys 2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - system32\DRIVERS\AegisP.sys 4 agpCPQ (Compaq AGP-Bus-Filter) - \SystemRoot\system32\DRIVERS\agpCPQ.sys 4 Aha154x - \SystemRoot\system32\DRIVERS\aha154x.sys 4 aic78u2 - \SystemRoot\system32\DRIVERS\aic78u2.sys 4 aic78xx - \SystemRoot\system32\DRIVERS\aic78xx.sys 4 AliIde - \SystemRoot\system32\DRIVERS\aliide.sys 4 alim1541 (ALI AGP-Bus-Filter) - \SystemRoot\system32\DRIVERS\alim1541.sys 4 amdagp (AMD AGP-Bus-Filtertreiber) - \SystemRoot\system32\DRIVERS\amdagp.sys 4 amsint - \SystemRoot\system32\DRIVERS\amsint.sys 3 ApfiltrService (Alps Touch Pad Filter Driver for Windows 2000/XP) - system32\DRIVERS\Apfiltr.sys 1 APPDRV - \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS 3 Arp1394 (1394-ARP-Clientprotokoll) - system32\DRIVERS\arp1394.sys 4 asc - \SystemRoot\system32\DRIVERS\asc.sys 4 asc3350p - \SystemRoot\system32\DRIVERS\asc3350p.sys 4 asc3550 - \SystemRoot\system32\DRIVERS\asc3550.sys 3 ati2mtag - system32\DRIVERS\ati2mtag.sys 3 bcm4sbxp (Broadcom 440x 10/100 Integrated Controller XP Driver) - system32\DRIVERS\bcm4sbxp.sys 4 cbidf - \SystemRoot\system32\DRIVERS\cbidf2k.sys 4 cd20xrnt - \SystemRoot\system32\DRIVERS\cd20xrnt.sys 4 CmdIde - \SystemRoot\system32\DRIVERS\cmdide.sys 4 Cpqarray - \SystemRoot\system32\DRIVERS\cpqarray.sys 3 CVirtA (Cisco Systems VPN Adapter) - system32\DRIVERS\CVirtA.sys 2 CVPNDRVA (Cisco Systems Inc. IPSec Driver) - \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys 4 dac2w2k - \SystemRoot\system32\DRIVERS\dac2w2k.sys 4 dac960nt - \SystemRoot\system32\DRIVERS\dac960nt.sys 3 DNE (Deterministic Network Enhancer Miniport) - system32\DRIVERS\dne2000.sys 3 dot4 (MS IEEE-1284.4-Treiber) - system32\DRIVERS\Dot4.sys 3 Dot4Print (Druckerklassentreiber für IEEE-1284.4) - system32\DRIVERS\Dot4Prt.sys 3 dot4usb (Dot4USB-Filter Dot4USB Filter) - system32\DRIVERS\dot4usb.sys 4 dpti2o - \SystemRoot\system32\DRIVERS\dpti2o.sys 3 E100B (Intel(R) PRO-Adaptertreiber) - system32\DRIVERS\e100b325.sys 3 Egatebus - system32\drivers\egatebus.sys 3 Egatecard - System32\Drivers\egate.sys 3 Egaterdr - system32\drivers\egaterdr.sys 3 GDInterceptor - \??\C:\WINDOWS\system32\interceptor.sys 0 GDNdisIc - system32\drivers\GDNdisIc.sys 2 GDTdiInterceptor - \??\C:\WINDOWS\system32\drivers\GDTdiIcpt.sys 3 gmer - System32\DRIVERS\gmer.sys 3 HidUsb (Microsoft HID Class-Treiber) - system32\DRIVERS\hidusb.sys 3 HookCentre - \??\C:\WINDOWS\system32\drivers\HookCentre.sys 4 hpn - \SystemRoot\system32\DRIVERS\hpn.sys 3 HSFHWICH - system32\DRIVERS\HSFHWICH.sys 3 HSF_DP - system32\DRIVERS\HSF_DP.sys 4 i2omp - \SystemRoot\system32\DRIVERS\i2omp.sys 4 InCDFs (InCD File System) - system32\drivers\InCDFs.sys 1 InCDPass - system32\drivers\InCDPass.sys 1 InCDRm (InCD Reader) - system32\drivers\InCDRm.sys 4 ini910u - \SystemRoot\system32\DRIVERS\ini910u.sys 1 intelppm (Intel-Prozessortreiber) - system32\DRIVERS\intelppm.sys 3 IWCA (Intel Wireless Connection Agent Miniport for Win XP) - system32\DRIVERS\iwca.sys 1 kbdhid (Tastatur-HID-Treiber) - system32\DRIVERS\kbdhid.sys 2 mdmxsdk - system32\DRIVERS\mdmxsdk.sys 3 MHNDRV (MHN-Treiber) - system32\DRIVERS\mhndrv.sys 3 mouhid (Maus-HID-Treiber) - system32\DRIVERS\mouhid.sys 4 mraid35x - \SystemRoot\system32\DRIVERS\mraid35x.sys 3 NIC1394 (1394-Netzwerktreiber) - system32\DRIVERS\nic1394.sys 3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - \??\C:\WINDOWS\system32\NSNDIS5.SYS 3 nv - system32\DRIVERS\nv4_mini.sys 0 ohci1394 (OHCI-konformer IEEE 1394-Hostcontroller) - system32\DRIVERS\ohci1394.sys 1 omci (OMCI WDM Device Driver) - system32\DRIVERS\omci.sys 3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - \??\C:\WINDOWS\system32\PCAMPR5.SYS 0 PCIIde - system32\DRIVERS\pciide.sys 0 Pcmcia - system32\DRIVERS\pcmcia.sys 3 PDDSLADP (ProDyne DSL Adapter) - system32\DRIVERS\PDDSLADP.SYS 3 PEEK5 (PEEK5 Protocol Driver) - \??\C:\PROGRA~1\WILDPA~1\AIROPE~1\PEEK5.SYS 4 perc2 - \SystemRoot\system32\DRIVERS\perc2.sys 4 perc2hib - \SystemRoot\system32\DRIVERS\perc2hib.sys 3 pfc (Padus ASPI Shell) - system32\drivers\pfc.sys 4 ql1080 - \SystemRoot\system32\DRIVERS\ql1080.sys 4 Ql10wnt - \SystemRoot\system32\DRIVERS\ql10wnt.sys 4 ql12160 - \SystemRoot\system32\DRIVERS\ql12160.sys 4 ql1240 - \SystemRoot\system32\DRIVERS\ql1240.sys 4 ql1280 - \SystemRoot\system32\DRIVERS\ql1280.sys 3 ROOTMODEM (Microsoft Legacy Modem Driver) - System32\Drivers\RootMdm.sys 2 s24trans (WLAN Transport) - system32\DRIVERS\s24trans.sys 3 sdbus - system32\DRIVERS\sdbus.sys 3 sffdisk (SFF-Speicherklassentreiber) - system32\DRIVERS\sffdisk.sys 3 sffp_sd (SFF-Speicherprotokolltreiber für SDBus) - system32\DRIVERS\sffp_sd.sys 3 Sfloppy (High-Capacity-Diskettenlaufwerk) - system32\DRIVERS\sfloppy.sys 4 sisagp (SIS AGP-Bus-Filter) - \SystemRoot\system32\DRIVERS\sisagp.sys 4 Sparrow - \SystemRoot\system32\DRIVERS\sparrow.sys 0 sptd - System32\Drivers\sptd.sys 3 STAC97 (SigmaTel C-Major Audio) - system32\drivers\STAC97.sys 4 symc810 - \SystemRoot\system32\DRIVERS\symc810.sys 4 symc8xx - \SystemRoot\system32\DRIVERS\symc8xx.sys 4 sym_hi - \SystemRoot\system32\DRIVERS\sym_hi.sys 4 sym_u3 - \SystemRoot\system32\DRIVERS\sym_u3.sys 3 toshidpt (TOSHIBA Bluetooth HID port driver) - system32\drivers\Toshidpt.sys 4 TosIde - \SystemRoot\system32\DRIVERS\toside.sys 3 tosporte (Bluetooth Port Driver from Toshiba) - system32\DRIVERS\tosporte.sys 3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - System32\Drivers\tosrfbd.sys 3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - System32\Drivers\tosrfbnp.sys 1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - System32\Drivers\tosrfcom.sys 3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - system32\DRIVERS\Tosrfhid.sys 3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - system32\DRIVERS\tosrfnds.sys 3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - system32\drivers\TosRfSnd.sys 3 Tosrfusb (Bluetooth USB Controller) - System32\Drivers\tosrfusb.sys 4 ultra - \SystemRoot\system32\DRIVERS\ultra.sys 3 usbaudio (USB-Audiotreiber (WDM)) - system32\drivers\usbaudio.sys 3 usbccgp (Microsoft Standard-USB-Haupttreiber) - system32\DRIVERS\usbccgp.sys 3 usbehci (Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller) - system32\DRIVERS\usbehci.sys 3 usbprint (Microsoft USB-Druckerklasse) - system32\DRIVERS\usbprint.sys 3 usbscan (USB-Scannertreiber) - system32\DRIVERS\usbscan.sys 3 USBSTOR (USB-Massenspeichertreiber) - system32\DRIVERS\USBSTOR.SYS 4 viaagp (VIA AGP-Bus-Filter) - \SystemRoot\system32\DRIVERS\viaagp.sys 4 ViaIde - \SystemRoot\system32\DRIVERS\viaide.sys 3 vsdatant - \??\C:\WINDOWS\system32\vsdatant.sys 3 w29n51 (Intel(R) PRO/Wireless 2200BG Netzwerkverbindungstreiber für Windows XP) - system32\DRIVERS\w29n51.sys 3 winachsf - system32\DRIVERS\HSF_CNXT.sys 3 WPSYM24 (WildPackets Symbol-OEM Wireless LAN Card Driver) - system32\DRIVERS\WPSYM24.sys 3 ZD1211U(X-Micro) (X-Micro WLAN 11g USB Adapter(X-Micro)) - system32\DRIVERS\zd1211u.sys 3 ZDBRGSYS (ZDBRGSYS NDIS Protocol Driver) - \??\C:\WINDOWS\system32\ZDBRGSYS.SYS 3 ZDPNDIS5 (ZDPNDIS5 NDIS Protocol Driver) - \??\C:\WINDOWS\system32\ZDPNDIS5.SYS -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 4 Adobe LM Service - "C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe" 3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 2 Ati HotKey Poller - %SystemRoot%\system32\Ati2evxx.exe 2 Automatisches LiveUpdate - Scheduler - "C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe" 2 AVKProxy - "C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe" 2 AVKService (AVK Service) - "C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe" 2 AVKWCtl (AVK Wächter) - "C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe" 3 clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 2 CLTNetCnService (Symantec Lic NetConnect service) - "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon 2 CVPND (Cisco Systems, Inc. VPN Service) - "C:\Programme\Cisco Systems\VPN Client\cvpnd.exe" 2 ehRecvr (Media Center Receiver Service) - C:\WINDOWS\eHome\ehRecvr.exe 2 ehSched (Media Center-Planerdienst) - C:\WINDOWS\eHome\ehSched.exe 2 EvtEng - C:\Programme\Intel\Wireless\Bin\EvtEng.exe 2 Fax - %systemroot%\system32\fxssvc.exe 3 GDFwSvc (G DATA Personal Firewall) - C:\Programme\AntiVirenKit InternetSecurity\Firewall\GDFwSvc.exe 3 IDriverT (InstallDriver Table Manager) - "C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe" 3 LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" 2 McrdSvc (Media Center Extender Service) - C:\WINDOWS\ehome\mcrdsvc.exe 3 MHN - %SystemRoot%\System32\svchost.exe -k netsvcs 2 NICCONFIGSVC - C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe 3 ose (Office Source Engine) - "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE" 3 Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe 2 RegSrvc - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe 2 S24EventMonitor (Spectrum24 Event Monitor) - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe 3 UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe 2 WLANKEEPER - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe -- Scheduled Tasks -------------------------------------------------------------- 2007-02-20 19:20:00 350 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job<SYMANT~1.JOB> 2005-11-16 22:00:11 258 --a------ C:\WINDOWS\Tasks\ISP-Anmeldungserinnerung 1.job<ISP-AN~1.JOB> -- Files created between 2007-01-20 and 2007-02-20 ------------------------------ 2007-02-17 02:59:30 0 d-------- C:\Programme\Azureus 2007-02-14 11:18:58 0 d-------- C:\fixwareout<FIXWAR~1> 2007-02-14 00:17:02 0 d-------- C:\aproposfix<APROPO~1> 2007-02-13 15:31:19 80 --a------ C:\WINDOWS\gmer_uninstall.cmd<GMER_U~1.CMD> 2007-02-04 00:16:08 115200 --a------ C:\WINDOWS\system32\proppage.dll<Unsigned: Microsoft Corporation> 2007-02-04 00:16:07 0 d-------- C:\Programme\Tsunami-Filter-Pack<TSUNAM~1> 2007-02-01 11:21:29 0 d-------- C:\WINDOWS\5DF3D1BB894E4DCD8275159AC9829B43.TMP<5DF3D1~1.TMP> 2007-01-29 14:37:02 0 d-------- C:\Programme\Citrix 2007-01-21 18:16:20 1025 --a------ C:\WINDOWS\system32\sysprs7.dll<Unsigned: n/a> 2007-01-21 18:16:20 341 --a------ C:\WINDOWS\system32\lsprst7.dll<Unsigned: n/a> -- Find3M Report ---------------------------------------------------------------- 2007-02-20 18:08:01 0 d-------- C:\Programme\Gemeinsame Dateien<GEMEIN~1> 2007-02-20 17:58:23 0 d-------- C:\Programme\Mozilla Firefox<MOZILL~1> 2007-02-20 16:46:11 0 d-------- C:\Programme\SPSS 2007-02-18 14:10:28 0 d-------- C:\Programme\ICQLite 2007-02-17 12:56:34 420404 --a------ C:\WINDOWS\system32\perfh007.dat 2007-02-17 12:56:34 77062 --a------ C:\WINDOWS\system32\perfc007.dat 2007-02-17 02:50:50 0 d--h----- C:\Programme\eMule 2007-02-17 00:10:19 0 d-------- C:\Programme\Gemeinsame Dateien\AVSMedia 2007-02-16 18:06:44 0 d-------- C:\Dokumente und Einstellungen\BP\Anwendungsdaten\AdobeUM 2007-02-16 09:44:31 0 d-------- C:\Programme\Windows Desktop Search<WI459E~1> 2007-02-16 04:28:17 0 d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared<MICROS~1> 2007-02-16 04:22:24 0 d-------- C:\Programme\Microsoft.NET<MICROS~1.NET> 2007-02-16 04:18:58 0 d--h----- C:\Programme\InstallShield Installation Information<INSTAL~1> 2007-02-15 16:18:14 0 d-------- C:\Dokumente und Einstellungen\BP\Anwendungsdaten\Apple Computer<APPLEC~1> 2007-02-09 14:31:05 0 d-------- C:\Dokumente und Einstellungen\BP\Anwendungsdaten\Skype 2007-02-01 14:13:01 0 d-------- C:\Dokumente und Einstellungen\BP\Anwendungsdaten\ICAClient<ICACLI~1> 2007-01-29 09:49:16 0 d-------- C:\Programme\audiograbber<AUDIOG~1> 2007-01-25 17:22:06 0 d---s---- C:\Dokumente und Einstellungen\BP\Anwendungsdaten\Microsoft<MICROS~1> 2007-01-19 16:33:51 0 --a------ C:\WINDOWS\system32\ssprs.dll<Unsigned: n/a> 2007-01-19 16:33:51 0 --a------ C:\WINDOWS\system32\serauth2.dll<Unsigned: n/a> 2007-01-19 16:33:51 0 --a------ C:\WINDOWS\system32\serauth1.dll<Unsigned: n/a> 2007-01-19 16:33:51 0 --a------ C:\WINDOWS\system32\nsprs.dll<Unsigned: n/a> 2007-01-19 16:33:51 1024 --a------ C:\WINDOWS\system32\clauth2.dll<Unsigned: n/a> 2007-01-19 16:33:51 1024 --a------ C:\WINDOWS\system32\clauth1.dll<Unsigned: n/a> 2007-01-14 15:05:38 0 d-------- C:\Programme\IBP 9<IBP9~1> 2007-01-12 21:06:14 0 d-------- C:\Programme\Gemeinsame Dateien\System 2007-01-12 21:00:20 0 d-------- C:\Programme\MSXML 4.0<MSXML4~1.0> 2007-01-02 08:55:22 0 d-------- C:\Dokumente und Einstellungen\BP\Anwendungsdaten\Adobe 2006-12-30 17:53:12 0 d-------- C:\Programme\Gemeinsame Dateien\ACD Systems<ACDSYS~1> 2006-12-30 17:52:56 0 d-------- C:\Programme\ACD Systems<ACDSYS~1> 2006-12-30 17:52:49 10368 --a------ C:\WINDOWS\system32\drivers\pfc.sys<Unsigned: Padus, Inc.> 2006-12-27 17:10:25 0 d-------- C:\Programme\Gemeinsame Dateien\Adobe 2006-12-27 09:47:25 0 d-------- C:\Programme\Gemeinsame Dateien\Deterministic Networks<DETERM~1> 2006-12-27 09:47:21 0 d-------- C:\Programme\Cisco Systems<CISCOS~1> 2006-12-24 13:45:52 0 d-------- C:\Programme\Exif Viewer<EXIFVI~1> 2006-12-23 18:06:27 0 d-------- C:\Programme\DAP 2006-12-21 15:03:29 0 d-------- C:\Programme\AUDIOEXTRACTOR<AUDIOE~1> 2006-12-20 11:26:00 0 d-------- C:\Programme\Microsoft Works<MICROS~2> 2006-12-20 11:03:44 0 d-------- C:\Programme\Microsoft ActiveSync<MICROS~4> 2006-12-20 11:03:23 0 d-------- C:\Programme\Office 2003<OFFICE~3> 2006-12-20 11:03:06 0 d-------- C:\Dokumente und Einstellungen\BP\Anwendungsdaten\Mozilla -- Registry Dump ---------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" "DrvMon.exe"="C:\\WINDOWS\\system32\\DrvMon.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "Apoint"="C:\\Programme\\Apoint\\Apoint.exe" "SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe" "ATIPTA"="\"C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\"" @="" "IntelWireless"="C:\\Programme\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless" "ISUSPM Startup"="C:\\PROGRA~1\\GEMEIN~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup" "ISUSScheduler"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\issch.exe\" -start" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "adiras"="adiras.exe" "AVKTray"="\"C:\\Programme\\AntiVirenKit InternetSecurity\\AVKTray\\AVKTray.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"=dword:00000000 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7514d17-a6ca-11db-937d-0013ceaa994c}] Shell\AutoRun\command F:\loader.exe -- End of ComboScan: finished at 2007-02-20 at 19:22:36 ------------------------- Supplementary: ComboScan v20070212.14 run by BP on 2007-02-20 at 19:21:29 Supplementary logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ----------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: German CPU 0: Intel(R) Pentium(R) M processor 1.60GHz Percentage of Memory in Use: 49% Physical Memory (total/avail): 1023.37 MiB / 521.34 MiB Pagefile Memory (total/avail): 2460.3 MiB / 2087.68 MiB Virtual Memory (total/avail): 2047.88 MiB / 1997.78 MiB C: is Fixed (NTFS) - 69.79 GiB total, 1.55 GiB free. D: is CDROM (No Media) E: is CDROM (Unformatted) -- Security Center -------------------------------------------------------------- AUOptions is set to notify before download. Windows Internal Firewall is disabled. FirstRunDisabled is set. FW: G DATA Personal Firewall v1.0 (G DATA Software AG) AV: G DATA AntiVirenKit 2006 v16.0 (G DATA) -- Environment Variables -------------------------------------------------------- ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users APPDATA=C:\Dokumente und Einstellungen\BP\Anwendungsdaten CLASSPATH=.;C:\Programme\Java\j2re1.4.2_03\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Programme\Gemeinsame Dateien COMPUTERNAME=MEDIALABOR1 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Dokumente und Einstellungen\BP LOGONSERVER=\\MEDIALABOR1 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programme\ATI Technologies\ATI Control Panel;C:\Programme\QuickTime\QTSystem\;C:\Programme\Gemeinsame Dateien\Adobe\AGL PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0d08 ProgramFiles=C:\Programme PROMPT=$P$G QTJAVA=C:\Programme\Java\j2re1.4.2_03\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOKUME~1\BP\LOKALE~1\Temp TMP=C:\DOKUME~1\BP\LOKALE~1\Temp USERDOMAIN=MEDIALABOR1 USERNAME=BP USERPROFILE=C:\Dokumente und Einstellungen\BP windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI -- User Profiles ---------------------------------------------------------------- Philip (admin) BP (admin) Administrator (admin) -- Add/Remove Programs ---------------------------------------------------------- --> "C:\Programme\ViaVoice\Bin\vunGR.exe" ProdRunDictate Dc Gr_GR 'IBM ViaVoice™ Dictation Runtime' C:\WINDOWS\IsUn0407.exe -fC:\Programme\ViaVoice\RtDict_GR.isu --> "C:\Programme\ViaVoice\Bin\vunGR.exe" ProdRunDictate Dc Gr_GR 'IBM ViaVoice™ Dictation Runtime' C:\WINDOWS\IsUn0407.exe -fC:\Programme\ViaVoice\RtDict_GR.isu --> C:\WINDOWS\IsUn0407.exe -fC:\Programme\ViaVoice\tts\vvol50Gr_GR.isu -c"C:\Programme\ViaVoice\tts\\vo50u_GR.dll" --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ACDSee 9 Foto-Manager --> MsiExec.exe /I{7AE25201-3E12-4FA2-9E65-67CD475D9263} Adobe Acrobat 6.0 Professional --> MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001} Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001} Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002} Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001} Alice-Installationsdateien entfernen --> C:\WINDOWS\ISW\alice\iswdel.exe ALPS Touch Pad Driver --> C:\Programme\Apoint\Uninstap.exe ADDREMOVE AntiVirenKit InternetSecurity --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9128E393-0013-4B04-BD72-73287A25B28C}\setup.exe" -l0x7 -removeonly Ares 1.9.0 --> "C:\Programme\Ares\uninstall.exe" ARTEuro --> MsiExec.exe /I{1D3C662A-F6C6-4767-A788-7AA43A9A1317} AT-AR215 USB ADSL WAN Adapter --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\SETUP.EXE" -l0x7 ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean ATI Systemsteuerung --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" AudioExtractor --> "C:\Programme\AUDIOEXTRACTOR\unins000.exe" Audiograbber 1.83 SE --> C:\WINDOWS\uninstall\Audiograbber\setup.exe Azureus --> C:\Programme\Azureus\Uninstall.exe Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6} Broadcom Management Programs 2 --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64A77F14-0E08-4A97-A859-E93CFF428756} /l1031 Cisco Systems VPN Client 4.8.00.0440 --> MsiExec.exe /X{24C67B54-0718-445E-B663-3138D9246BD1} CleanUp! --> C:\Programme\CleanUp!\uninstall.exe Codec Pack - All In 1 6.0.3.0 --> C:\WINDOWS\iun6002.exe "C:\Programme\Codec Pack - All In 1\irunin.ini" Conexant D110 MDC V.9x Modem --> C:\Programme\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf dBpowerAMP Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat dBpowerAMP Ogg Vorbis Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Ogg Vorbis Codec.dat Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76} Digital Line Detect --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x7 ControlPanel Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE DVD Decrypter (Remove Only) --> "C:\Programme\DVD Decrypter\uninstall.exe" DVD Shrink 3.2 --> "C:\Programme\DVD Shrink\unins000.exe" eMule --> "C:\Programme\eMule\Uninstall.exe" Energieverwaltung der internen Netzwerkkarte --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x7 UNINSTALL APPDRVNT4 Exif-Viewer 2.44 --> C:\WINDOWS\uninstall\Exif-Viewer\setup.exe Exifer --> C:\Programme\Exifer\unins000.exe FinePixViewer Resource --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE" -l0x7 FinePixViewer Ver.5.0 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE" -l0x7 FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE" Gabler Wirtschafts-Lexikon --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{37F7DBA7-13EA-45EA-B20C-EE41E8822831}\setup.exe" GemMaster Mystic --> "C:\Programme\GemMasterGerman\uninstallgemmaster.exe" Google Earth --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly HijackThis 1.99.1 --> C:\Dokumente und Einstellungen\BP\Desktop\HijackThis.exe /uninstall Hotfix für Windows XP (KB888795) --> "C:\WINDOWS\$NtUninstallKB888795$\spuninst\spuninst.exe" Hotfix für Windows XP (KB891593) --> "C:\WINDOWS\$NtUninstallKB891593$\spuninst\spuninst.exe" Hotfix für Windows XP (KB899337) --> "C:\WINDOWS\$NtUninstallKB899337$\spuninst\spuninst.exe" Hotfix für Windows XP (KB899510) --> "C:\WINDOWS\$NtUninstallKB899510$\spuninst\spuninst.exe" Hotfix für Windows XP (KB902841) --> "C:\WINDOWS\$NtUninstallKB902841$\spuninst\spuninst.exe" Hotfix für Windows XP (KB928388) --> "C:\WINDOWS\$NtUninstallKB928388$\spuninst\spuninst.exe" IBM ViaVoice Pro 10.0 - Deutsch --> "C:\Programme\ViaVoice\Bin\uninst_GR.exe" DeleteProdVVFW100Full_GR IBP & ARELIS 9.5.1 --> "C:\Programme\IBP 9\unins000.exe" ICQ 5.1 --> C:\Programme\ICQLite\ICQLiteUninstall.EXE Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030} Joe --> MsiExec.exe /X{36A1E3D6-288A-4EEE-A081-30D9808B2BE3} LiveUpdate 3.1 (Symantec Corporation) --> "C:\Programme\Symantec\LiveUpdate\LSETUP.EXE" /U mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A} mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49} MetaFrame Presentation Server Client --> MsiExec.exe /I{7A1FB67F-A340-472A-97C3-A6AFFE078AAE} mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B} Microsoft Office Live Meeting 2005 --> MsiExec.exe /I{A364D5AA-6C50-4493-9D0A-68D86380134E} Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{90120409-6000-11D3-8CFE-0150048383C9} mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F} mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626} mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7} mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} MONDO SHOP 3 deinstallieren --> "C:\Programme\Mondo Media\Mondo Shop 3\Uninstall\unins000.exe" Mozilla Firefox (1.5.0.9) --> C:\Programme\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.9 (de)" mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9} mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83} mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB} mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC} mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401} mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023} Nero 7 Ultra Edition --> MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031} Nikon FotoShare --> C:\Programme\Nikon\FotoShare\Uninstal.exe C:\PROGRA~1\Nikon\FOTOSH~1\INSTALL.LOG Nikon Message Center --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x7 UNINSTALL PantsOff 2.0 --> C:\Programme\PantsOff\unins000.exe PictureProject --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x7 UNINSTALL Post-it® Software Notes Lite --> "C:\Programme\PSNLite\Uninstall.exe" -Prog"C:\Programme\PSNLite\PsnLite.exe" -INI"C:\Programme\PSNLite\uninst.ini" PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall QuickSet --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x7 UNINSTALL APPDRVNT4 - ALL QuickTime --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1031 RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x7 Remove Hidden Data Tool --> MsiExec.exe /X{90F80409-6000-11D3-8CFE-0150048383C9} SFT Loader 2006 --> C:\Programme\SFT Loader\uninstall.exe Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Sicherheitsupdate für Windows XP (KB883939) --> Sicherheitsupdate für Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB893066) --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896422) --> Sicherheitsupdate für Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe" Skype 3.0 --> "C:\Programme\Skype\Phone\unins000.exe" Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03} SMAC 1.2 --> C:\PROGRA~1\SMAC\UNWISE.EXE C:\PROGRA~1\SMAC\INSTALL.LOG Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011} SPSS 14.0 für Windows --> MsiExec.exe /X{B136F351-BF1E-4948-9557-FA6524302ACA} TextAloud --> C:\Programme\TextAloud\unins000.exe TrekStor i.Beat organix --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{82506EA6-C6BB-46AB-AB97-E76C31E92BEB}\setup.exe" -l0x7 Tsunami-Filter-Pack --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DCFF9230-22DC-40ED-BBCC-0F260B85734C}\setup.exe" -l0x9 tulox Freeware-Wörterbuch (Englisch) --> C:\PROGRA~1\WRTERB~2\UNWISE32 C:\PROGRA~1\WRTERB~2\INSTALL.LOG tulox Freeware-Wörterbuch (Spanisch) --> C:\PROGRA~1\WRTERB~1\UNWISE32 C:\PROGRA~1\WRTERB~1\INSTALL.LOG Update für Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update für Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Update für Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Update für Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Update für Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Update für Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Update für Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Update für Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Update für Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe" Update Rollup 2 für Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe WEB.DE SmartSurfer3.1 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3B64983B-A039-11D4-8B5A-0050DA45E354}\setup.exe" -l0x7 Wecker 2.2 2.2 --> C:\WINDOWS\uninstall\Wecker 2.2\setup.exe Winamp (remove only) --> "C:\Programme\Winamp\UninstWA.exe" Windows XP-Hotfix - KB873339 --> Windows XP-Hotfix - KB885250 --> Windows XP-Hotfix - KB885835 --> Windows XP-Hotfix - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Windows XP-Hotfix - KB885855 --> Windows XP-Hotfix - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe Windows XP-Hotfix - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Windows XP-Hotfix - KB887472 --> Windows XP-Hotfix - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe Windows XP-Hotfix - KB888113 --> Windows XP-Hotfix - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Windows XP-Hotfix - KB888310 --> Windows XP-Hotfix - KB890175 --> Windows XP-Hotfix - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Windows XP-Hotfix - KB891781 --> Windows XP-Hotfix - KB892627 --> Windows XP-Hotfix - KB893056 --> Windows XP-Hotfix - KB895961 --> "C:\WINDOWS\$NtUninstallKB895961$\spuninst\spuninst.exe" Windows XP Media Center Edition 2005 KB908250 --> "C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe" WinRAR Archivierer --> C:\Programme\WinRAR\uninstall.exe Yahoo! Messenger --> C:\PROGRA~1\YAHOOM~1\MESSEN~1\UNWISE.EXE C:\PROGRA~1\YAHOOM~1\MESSEN~1\INSTALL.LOG -- End of ComboScan: finished at 2007-02-20 at 19:22:36 ------------------------- Dankeschön! Anhang: Hijackthis 4 Logs.txt Dieser Beitrag wurde am 20.02.2007 um 19:22 Uhr von Philip219 editiert.
|
|
|
||
20.02.2007, 21:12
Ehrenmitglied
Beiträge: 29434 |
#25
HijackThis
HOSTFILE: *öffne das HijackThis *Do a system scan only *Config *Misc Tools *Open Hosts file Manager kopiere ab, was du findest __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.02.2007, 23:40
Member
Beiträge: 11 |
#26
127.0.0.1 localhost
|
|
|
||
21.02.2007, 11:44
Ehrenmitglied
Beiträge: 29434 |
#27
scanne (kann eine Weile dauern) und poste das log, was erscheint
http://virus-protect.org/artikel/tools/winpfind3.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
21.02.2007, 12:52
Member
Beiträge: 11 |
#28
WinPFind3 logfile created on: 21.02.2007 12:38:33
WinPFind3U by OldTimer - Version 1.0.18 Folder = C:\Dokumente und Einstellungen\BP\Desktop\WinPFind3u\ Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) Internet Explorer (Version = 6.0.2900.2180) 1047932 Kb Total Physical Memory | 318548 Kb Available Physical Memory | 30,40% Memory free 2519288 Kb Paging File | 1930740 Kb Available in Paging File | 76,64% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 73176072 Kb Total Space | 1417984 Kb Free Space | 1,94% Space Free D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded [Processes - Non-Microsoft Only] 1xconfig.exe -> %ProgramFiles%\Intel\Wireless\Bin\1XConfig.exe -> Intel [Ver = 9, 0, 1, 33 | Size = 245760 bytes | Modified Date = 07.09.2004 17:03:40 | Attr = ] alicecnn.exe -> %SystemRoot%\ISW\alice\signup\alicecnn.exe -> ProDyne [Ver = 3, 0, 1, 9 | Size = 285184 bytes | Modified Date = 09.10.2005 16:13:50 | Attr = ] aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.1.0.99 | Size = 198336 bytes | Modified Date = 08.09.2006 14:47:28 | Attr = ] apntex.exe -> %ProgramFiles%\Apoint\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 5.5.1.19 | Size = 45056 bytes | Modified Date = 19.08.2004 15:40:08 | Attr = ] apoint.exe -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.141 | Size = 155648 bytes | Modified Date = 13.09.2004 17:33:20 | Attr = ] ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 04.08.2005 05:02:58 | Attr = ] ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 04.08.2005 05:02:58 | Attr = ] atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5160 | Size = 344064 bytes | Modified Date = 05.08.2005 22:05:00 | Attr = ] avkproxy.exe -> %CommonProgramFiles%\G DATA\AVKProxy\AVKProxy.exe -> G DATA Software AG [Ver = 1, 2, 5, 0 | Size = 499712 bytes | Modified Date = 15.05.2006 15:12:20 | Attr = ] avkservice.exe -> %ProgramFiles%\AntiVirenKit InternetSecurity\AVK\AVKService.exe -> [Ver = 1, 0, 1, 5 | Size = 299008 bytes | Modified Date = 28.09.2004 10:59:06 | Attr = ] avktray.exe -> %ProgramFiles%\AntiVirenKit InternetSecurity\AVKTray\AVKTray.exe -> G DATA Software AG [Ver = 1, 0, 8, 0 | Size = 208896 bytes | Modified Date = 28.02.2006 09:46:42 | Attr = ] avkwctl.exe -> %ProgramFiles%\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe -> [Ver = 21, 0, 0, 9 | Size = 602112 bytes | Modified Date = 15.08.2005 17:09:02 | Attr = ] cvpnd.exe -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 4.8.00.0440 | Size = 1516584 bytes | Modified Date = 04.11.2005 10:21:28 | Attr = ] dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 29.10.2003 04:06:00 | Attr = ] drvmon.exe -> %System32%\DrvMon.exe -> Alcor Micro, Corp. [Ver = 1, 0, 0, 9 | Size = 53248 bytes | Modified Date = 10.09.2004 03:16:58 | Attr = ] evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 1, 12 | Size = 86016 bytes | Modified Date = 07.09.2004 17:02:40 | Attr = ] gdfirewalltray.exe -> %ProgramFiles%\AntiVirenKit InternetSecurity\Firewall\GDFirewallTray.exe -> [Ver = 1, 0, 0, 8 | Size = 827392 bytes | Modified Date = 29.03.2006 14:04:44 | Attr = ] gdfwsvc.exe -> %ProgramFiles%\AntiVirenKit InternetSecurity\Firewall\GDFwSvc.exe -> [Ver = 1, 0, 2, 0 | Size = 1073152 bytes | Modified Date = 03.04.2006 09:24:14 | Attr = ] ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 9, 0, 1, 19 | Size = 385024 bytes | Modified Date = 30.10.2004 15:59:54 | Attr = ] issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 27.07.2004 17:50:18 | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 10.11.2005 12:03:52 | Attr = ] nicconfigsvc.exe -> %ProgramFiles%\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -> Dell Inc. [Ver = 1, 0, 0, 1 | Size = 356352 bytes | Modified Date = 04.03.2005 00:29:02 | Attr = ] regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 1, 10 | Size = 139264 bytes | Modified Date = 07.09.2004 17:02:04 | Attr = ] s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 1, 41 | Size = 360521 bytes | Modified Date = 07.09.2004 17:05:10 | Attr = ] spsswin.exe -> %ProgramFiles%\SPSS\spsswin.exe -> SPSS Inc [Ver = 14.0.1.340 | Size = 5292032 bytes | Modified Date = 30.12.2005 15:33:44 | Attr = ] winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.18.0 | Size = 308736 bytes | Modified Date = 12.02.2007 21:39:14 | Attr = ] wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 9, 0, 1, 14 | Size = 225353 bytes | Modified Date = 07.09.2004 17:12:32 | Attr = ] zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 9, 0, 1, 45 | Size = 389120 bytes | Modified Date = 07.09.2004 17:08:02 | Attr = ] [Win32 Services - Non-Microsoft Only] (Adobe LM Service) Adobe LM Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> File not found (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 04.08.2005 05:02:58 | Attr = ] (Automatisches LiveUpdate - Scheduler) Automatisches LiveUpdate - Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.1.0.99 | Size = 198336 bytes | Modified Date = 08.09.2006 14:47:28 | Attr = ] (AVKProxy) AVKProxy [Win32_Own | Auto | Running] -> %CommonProgramFiles%\G DATA\AVKProxy\AVKProxy.exe -> G DATA Software AG [Ver = 1, 2, 5, 0 | Size = 499712 bytes | Modified Date = 15.05.2006 15:12:20 | Attr = ] (AVKService) AVK Service [Win32_Own | Auto | Running] -> %ProgramFiles%\AntiVirenKit InternetSecurity\AVK\AVKService.exe -> [Ver = 1, 0, 1, 5 | Size = 299008 bytes | Modified Date = 28.09.2004 10:59:06 | Attr = ] (AVKWCtl) AVK Wächter [Win32_Own | Auto | Running] -> %ProgramFiles%\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe -> [Ver = 21, 0, 0, 9 | Size = 602112 bytes | Modified Date = 15.08.2005 17:09:02 | Attr = ] (CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> File not found (CVPND) Cisco Systems, Inc. VPN Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 4.8.00.0440 | Size = 1516584 bytes | Modified Date = 04.11.2005 10:21:28 | Attr = ] (dmadmin) Verwaltungsdienst für die Verwaltung logischer Datenträger [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 10.08.2004 15:00:00 | Attr = ] (EvtEng) EvtEng [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 1, 12 | Size = 86016 bytes | Modified Date = 07.09.2004 17:02:40 | Attr = ] (GDFwSvc) G DATA Personal Firewall [Win32_Own | On_Demand | Running] -> %ProgramFiles%\AntiVirenKit InternetSecurity\Firewall\GDFwSvc.exe -> [Ver = 1, 0, 2, 0 | Size = 1073152 bytes | Modified Date = 03.04.2006 09:24:14 | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04.04.2005 00:41:10 | Attr = ] (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_1.EXE -> Symantec Corporation [Ver = 3.1.0.99 | Size = 2528960 bytes | Modified Date = 08.09.2006 14:47:28 | Attr = ] (NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -> Dell Inc. [Ver = 1, 0, 0, 1 | Size = 356352 bytes | Modified Date = 04.03.2005 00:29:02 | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 7, 0, 5, 0 | Size = 65536 bytes | Modified Date = 22.10.2003 10:19:22 | Attr = ] (RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 1, 10 | Size = 139264 bytes | Modified Date = 07.09.2004 17:02:04 | Attr = ] (S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 1, 41 | Size = 360521 bytes | Modified Date = 07.09.2004 17:05:10 | Attr = ] (WLANKEEPER) WLANKEEPER [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 9, 0, 1, 14 | Size = 225353 bytes | Modified Date = 07.09.2004 17:12:32 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> File not found adiras -> adiras.exe -> File not found Apoint -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.141 | Size = 155648 bytes | Modified Date = 13.09.2004 17:33:20 | Attr = ] ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5160 | Size = 344064 bytes | Modified Date = 05.08.2005 22:05:00 | Attr = ] AVKTray -> %ProgramFiles%\AntiVirenKit InternetSecurity\AVKTray\AVKTray.exe -> G DATA Software AG [Ver = 1, 0, 8, 0 | Size = 208896 bytes | Modified Date = 28.02.2006 09:46:42 | Attr = ] IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 9, 0, 1, 19 | Size = 385024 bytes | Modified Date = 30.10.2004 15:59:54 | Attr = ] ISUSPM Startup -> %SystemDrive%\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -> File not found ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 27.07.2004 17:50:18 | Attr = ] NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 25.09.2005 19:11:20 | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 20.08.2006 23:18:08 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 10.11.2005 12:03:52 | Attr = ] < OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ IMAIL -> Installed = 1 -> MAPI -> Installed = 1 -> MSFS -> Installed = 1 -> < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DrvMon.exe -> %System32%\DrvMon.exe -> Alcor Micro, Corp. [Ver = 1, 0, 0, 9 | Size = 53248 bytes | Modified Date = 10.09.2004 03:16:58 | Attr = ] < Common Startup > -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart %AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 23.10.2006 01:48:20 | Attr = ] %AllUsersStartup%\Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe -> [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 23.10.2006 00:01:50 | Attr = ] %AllUsersStartup%\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 29.10.2003 04:06:00 | Attr = ] %AllUsersStartup%\G DATA Firewall Tray.lnk -> %ProgramFiles%\AntiVirenKit InternetSecurity\Firewall\GDFirewallTray.exe -> [Ver = 1, 0, 0, 8 | Size = 827392 bytes | Modified Date = 29.03.2006 14:04:44 | Attr = ] %AllUsersStartup%\Post-it® Software Notes Lite.lnk -> %ProgramFiles%\PSNLite\PsnLite.exe -> 3M [Ver = 3, 0, 1, 1070 | Size = 1622016 bytes | Modified Date = 02.06.2004 13:04:58 | Attr = ] %AllUsersStartup%\Program Neighborhood Agent.lnk -> %ProgramFiles%\Citrix\ICA Client\pnagent.exe -> Citrix Systems, Inc. [Ver = 9.230.50211 | Size = 233744 bytes | Modified Date = 08.11.2006 18:33:12 | Attr = ] %AllUsersStartup%\VPN Client.lnk -> %SystemRoot%\Installer\{24C67B54-0718-445E-B663-3138D9246BD1}\Icon3E5562ED7.ico -> [Ver = | Size = 6144 bytes | Modified Date = 02.01.2007 18:09:30 | Attr = R ] < Registry Shell Spawning > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command regfile [merge] -> Reg Data - Key not found -> scrfile [open] -> "%1" /S -> scrfile [config] -> "%1" -> Directory [ACDBrowse] -> %ProgramFiles%\ACD Systems\ACDSee\9.0\ACDSeeQV.exe -> ACD Systems Ltd. [Ver = 1,0,69,2 | Size = 512000 bytes | Modified Date = 08.09.2006 11:18:36 | Attr = ] Directory [FinePix] -> %ProgramFiles%\FinePixViewer\FinePixViewer.exe -> FUJI PHOTO FILM CO.,LTD. [Ver = 5, 0, 1, 0 | Size = 950272 bytes | Modified Date = 27.05.2005 11:49:00 | Attr = ] Directory [Winamp.Bookmark] -> %ProgramFiles%\Winamp\winamp.exe -> Nullsoft [Ver = 5,1,1,168 | Size = 1162240 bytes | Modified Date = 15.11.2005 20:32:26 | Attr = ] Directory [Winamp.Enqueue] -> %ProgramFiles%\Winamp\winamp.exe -> Nullsoft [Ver = 5,1,1,168 | Size = 1162240 bytes | Modified Date = 15.11.2005 20:32:26 | Attr = ] Directory [Winamp.Play] -> %ProgramFiles%\Winamp\winamp.exe -> Nullsoft [Ver = 5,1,1,168 | Size = 1162240 bytes | Modified Date = 15.11.2005 20:32:26 | Attr = ] CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> %programfiles%\internet explorer\iexplore.exe -> File not found *Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\ShellNew\\Command -> NewLinkHere -> -> File not found %1 -> -> File not found *Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bfc\ShellNew\\Command -> Briefcase_Create -> -> File not found %2!d! -> -> File not found %1 -> -> File not found < ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> -> {22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> -> {2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll -> {407408d4-94ed-4d86-ab69-a7f649d112ee} -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf -> {44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install -> {44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT -> {5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser -> {6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub -> {73FA19D0-2D75-11D2-995D-00C04F98BBC9} -> -> {7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install -> {89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll -> {89820200-ECBD-11cf-8B85-00AA005B4383} -> %SystemRoot%\system32\ie4uinit.exe -> {89B4C1CD-B018-4511-B0A1-5476DBF70820} -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -> {8b15971b-5355-4c82-8c07-7e181ea07608} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser -> {94de52c8-2d59-4f1b-883e-79663d2d9a8c} -> -> >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP -> >{26923b43-4d38-484f-9b9e-de460746276c} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE -> >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP -> >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE -> KB910393 -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall -> < WOW Command Line [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW *wowcmdline* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW\\wowcmdline -> -a -> -> File not found < Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager BootExecute -> autocheck autochk *; -> < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> Control_RunDLL -> -> File not found < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon < Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 46080 bytes | Modified Date = 04.08.2005 05:04:18 | Attr = ] IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\LgNotify.dll -> Intel Corporation [Ver = 9, 0, 1, 0 | Size = 110592 bytes | Modified Date = 07.09.2004 17:08:06 | Attr = ] < Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles -> < Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoViewOnDrive -> 0 -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. -> < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ 0 -> [Key] -> 0 -> FriendlyName = Die derzeitige Homepage -> 0 -> Source = About:Home -> 0 -> SubscribedURL = About:Home -> < HOSTS File > (23 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts 127.0.0.1 localhost -> -> < Internet Explorer Settings > -> HKLM: Default_Page_URL -> http://www.euro.dell.com -> HKLM: Main\\Default_Search_URL -> http://www.google.com/ie -> HKLM: Local Page -> %SystemRoot%\system32\blank.htm -> HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKLM: Start Page -> about:blank -> HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKLM: Search\\Default_Search_URL -> http://www.google.com/ie -> HKLM: SearchAssistant -> http://www.google.com/ie -> HKCU: Local Page -> C:\WINDOWS\system32\blank.htm -> HKCU: Search Bar -> http://www.google.com/ie -> HKCU: Search Page -> http://www.google.com -> HKCU: Start Page -> http://www.google.de/ -> HKCU: SearchAssistant -> http://www.google.com/ie -> HKCU: ProxyEnable -> 0 -> < Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ msn.com [ - ] -> -> < Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ bp.com • -> -> < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {0124123D-61B4-456f-AF86-78C53A0790C5} [HKLM] -> %ProgramFiles%\AntiVirenKit InternetSecurity\Webfilter\AvkWebIE.dll [G DATA WebFilter] -> G DATA Software AG [Ver = 1, 0, 0, 2 | Size = 208896 bytes | Modified Date = 04.04.2006 10:31:00 | Attr = ] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22.10.2006 23:08:42 | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 10.11.2005 12:22:12 | Attr = ] {AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> %ProgramFiles%\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll [AcroIEToolbarHelper Class] -> [Ver = | Size = 147456 bytes | Modified Date = 15.05.2003 01:03:46 | Attr = ] < Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ {182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKLM] -> %ProgramFiles%\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [Ver = | Size = 147456 bytes | Modified Date = 15.05.2003 01:03:46 | Attr = ] < Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar {0124123D-61B4-456f-AF86-78C53A0790C5} [HKLM] -> %ProgramFiles%\AntiVirenKit InternetSecurity\Webfilter\AvkWebIE.dll [G DATA WebFilter] -> G DATA Software AG [Ver = 1, 0, 0, 2 | Size = 208896 bytes | Modified Date = 04.04.2006 10:31:00 | Attr = ] {47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [Ver = | Size = 147456 bytes | Modified Date = 15.05.2003 01:03:46 | Attr = ] {F053C368-5458-45B2-9B4D-D8914BDDDBFF} [HKLM] -> %ProgramFiles%\TextAloud\TAForIE.dll [TextAloud] -> [Ver = | Size = 505344 bytes | Modified Date = 05.07.2004 16:01:02 | Attr = ] < Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Konsole -> {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8197 - Reg Data - Value does not exist -> {9455301C-CF6B-11D3-A266-00C04F689C50} -> 8193 - Reg Data - Key not found -> {B863453A-26C3-4e1f-A54D-A2CD196348E9} -> 8194 - ICQ Lite -> {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -> 8195 - Reg Data - Key not found -> {FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8196 - Windows Messenger -> NextId -> 8198 -> < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\npjpi150_06.dll [MenuText: Sun Java Konsole] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 10.11.2005 12:22:12 | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [MenuText: Sun Java Konsole] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 10.11.2005 12:22:12 | Attr = ] {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found {B863453A-26C3-4e1f-A54D-A2CD196348E9} -> %ProgramFiles%\ICQLite\ICQLite.exe [ButtonText: ICQ Lite] -> ICQ Ltd. [Ver = 20, 52, 2573, 0 | Size = 3144800 bytes | Modified Date = 11.07.2006 11:06:40 | Attr = ] < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ E&xport to Microsoft Excel -> -> File not found < Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found {0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskleiste und Startmenü] -> File not found {2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} [HKLM] -> %ProgramFiles%\dBpowerAMP\dMCShell.dll [dBpowerAMP Music Converter] -> [Ver = 6, 4, 0, 0 | Size = 118784 bytes | Modified Date = 23.07.2006 23:27:32 | Attr = ] {42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [CPL-Erweiterung für Anzeigeverschiebung] -> File not found {4FED14EE-8086-4b0c-A0DE-C27042ED1296} [HKLM] -> Reg Data - Key not found [PDFTransformer2ContextMenu] -> File not found {73B24247-042E-4EF5-ADC2-42F62E6FD654} [HKLM] -> %ProgramFiles%\ICQLite\ICQLiteShell.dll [ICQ Lite Shell Extension] -> [Ver = 20, 52, 2573, 0 | Size = 57451 bytes | Modified Date = 07.05.2006 17:28:48 | Attr = ] {764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shellerweiterungen für die Dateikomprimierung] -> File not found {7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [Benutzerkonten] -> File not found {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Kontextmenü für die Verschlüsselung] -> File not found {88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [Erweiterung für HyperTerminal-Icons] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 10.08.2004 15:00:00 | Attr = ] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} [HKLM] -> Reg Data - Key not found [Microsoft Office Metadata Handler] -> File not found {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} [HKLM] -> Reg Data - Key not found [Microsoft Office Thumbnail Handler] -> File not found {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} [HKLM] -> %ProgramFiles%\Adobe Acrobat 6.0\Acrobat Elements\ContextMenu.dll [Adobe.Acrobat.ContextMenu] -> Adobe Systems Inc. [Ver = 1.0.0.2003051500 | Size = 409687 bytes | Modified Date = 15.05.2003 01:41:08 | Attr = ] {ED65AC21-B24F-11d3-BA80-00C0CA16AA37} [HKLM] -> Reg Data - Key not found [Siemens Device] -> File not found {ED65AC22-B24F-11d3-BA80-00C0CA16AA37} [HKLM] -> Reg Data - Key not found [Siemens Device ContextMenuHandler] -> File not found {ED65AC23-B24F-11d3-BA80-00C0CA16AA37} [HKLM] -> Reg Data - Key not found [Siemens SX1 PropertySheetHandler] -> File not found {FCF608CF-5716-47C3-A1A8-991D873AF72B} [HKLM] -> %ProgramFiles%\Exifer\exifershellext.dll [Delphi Context Menu Shell Extension Example] -> [Ver = | Size = 180224 bytes | Modified Date = 18.09.2002 01:27:30 | Attr = ] {FED7043D-346A-414D-ACD7-550D052499A7} [HKLM] -> %ProgramFiles%\dBpowerAMP\dBShell.dll [dBpowerAMP Music Converter 1] -> [Ver = 6, 4, 0, 1 | Size = 110592 bytes | Modified Date = 23.07.2006 23:27:32 | Attr = ] < ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\ {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} [HKLM] -> %ProgramFiles%\Adobe Acrobat 6.0\Acrobat Elements\ContextMenu.dll [Adobe.Acrobat.ContextMenu] -> Adobe Systems Inc. [Ver = 1.0.0.2003051500 | Size = 409687 bytes | Modified Date = 15.05.2003 01:41:08 | Attr = ] {CAF4C320-32F5-11D3-A222-004095200FF2} [HKLM] -> %ProgramFiles%\AntiVirenKit InternetSecurity\AVK\ShellExt.dll [AVK9CM] -> [Ver = 9, 0, 0, 0 | Size = 86016 bytes | Modified Date = 11.06.2003 15:48:30 | Attr = ] {BED4C38B-F765-45AC-8C56-613F76BBF43E} [HKLM] -> %ProgramFiles%\DAP\Privacy Package\DAPCtxMenuShell.dll [DAP_ShredMenu] -> Speedbit Ltd. [Ver = 8, 0, 0, 2 | Size = 53339 bytes | Modified Date = 29.10.2006 00:25:56 | Attr = ] {73B24247-042E-4EF5-ADC2-42F62E6FD654} [HKLM] -> %ProgramFiles%\ICQLite\ICQLiteShell.dll [ICQLiteMenu] -> [Ver = 20, 52, 2573, 0 | Size = 57451 bytes | Modified Date = 07.05.2006 17:28:48 | Attr = ] < ContextMenuHandlers - AllFilesystemObjects [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ {7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> %SystemDrive%\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll [SpySweeper] -> File not found < ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\ {BED4C38B-F765-45AC-8C56-613F76BBF43E} [HKLM] -> %ProgramFiles%\DAP\Privacy Package\DAPCtxMenuShell.dll [DAP_ShredMenu] -> Speedbit Ltd. [Ver = 8, 0, 0, 2 | Size = 53339 bytes | Modified Date = 29.10.2006 00:25:56 | Attr = ] {73B24247-042E-4EF5-ADC2-42F62E6FD654} [HKLM] -> %ProgramFiles%\ICQLite\ICQLiteShell.dll [ICQLiteMenu] -> [Ver = 20, 52, 2573, 0 | Size = 57451 bytes | Modified Date = 07.05.2006 17:28:48 | Attr = ] < ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\ {CAF4C320-32F5-11D3-A222-004095200FF2} [HKLM] -> %ProgramFiles%\AntiVirenKit InternetSecurity\AVK\ShellExt.dll [AVK9CM] -> [Ver = 9, 0, 0, 0 | Size = 86016 bytes | Modified Date = 11.06.2003 15:48:30 | Attr = ] {FCF608CF-5716-47C3-A1A8-991D873AF72B} [HKLM] -> %ProgramFiles%\Exifer\exifershellext.dll [ContMenu] -> [Ver = | Size = 180224 bytes | Modified Date = 18.09.2002 01:27:30 | Attr = ] {7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> %SystemDrive%\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll [SpySweeper] -> File not found < ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 8.0.0.0 | Size = 372736 bytes | Modified Date = 22.10.2006 23:28:04 | Attr = ] {FED7043D-346A-414D-ACD7-550D052499A7} [HKLM] -> %ProgramFiles%\dBpowerAMP\dBShell.dll [dBpShell Class] -> [Ver = 6, 4, 0, 1 | Size = 110592 bytes | Modified Date = 23.07.2006 23:27:32 | Attr = ] < User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform SV1 -> -> < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ {52F743E5-4926-43A5-8F85-062E2B7E05FB} -> () -> {775AF23C-485E-45D7-BFAB-25CBA12F04CD} -> () -> {7EEC3A3A-C0E3-424D-A221-81312D2EAD72} -> (1394-Netzwerkadapter) -> {ACA5E75F-02B9-43D9-A82D-BD5B9FFA5115} -> (Intel(R) PRO/Wireless 2200BG Network Connection) -> {FF872A65-BDC7-4676-A5D8-E1126CB188AC} -> (Broadcom 440x 10/100 Integrated Controller) -> < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ipp -> Reg Data - Key not found -> File not found msdaipp -> Reg Data - Key not found -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab -> {17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 -> {4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} -> Silverwire Image Uploader 3.0 Control - CodeBase = http://www.fotowire.com/download/client/uploader/ImageUploader3.cab -> {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab -> {96512D57-F751-4088-A689-5778FCC77F7A} -> Photo Uploader Control - CodeBase = http://www.studivz.net/lib/photouploader/PhotoUploader.cab -> {A58EA309-CE0A-49C4-A18C-31F77FE681E9} -> GetInfo.MainClass - CodeBase = https://www.bppassport.com/diligent/GetInfo.cab -> {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab -> [Files - Created Within 30 days] Australien2004_komprimiert.jpg -> %SystemDrive%\Australien2004_komprimiert.jpg -> [Ver = | Size = 4170142 bytes | Created Date = 13.02.2007 22:15:50 | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1073152000 bytes | Created Date = 02.01.1601 23:00:00 | Attr = HS] IE leitet seiten scheinbar zufällig um - Security Forum (2).url -> %SystemDrive%\IE leitet seiten scheinbar zufällig um - Security Forum (2).url -> [Ver = | Size = 219 bytes | Created Date = 20.02.2007 18:14:53 | Attr = ] Thumbs.db -> %SystemDrive%\Thumbs.db -> [Ver = | Size = 13824 bytes | Created Date = 18.02.2007 23:41:57 | Attr = HS] @Alternate Data Stream - 0 bytes -> %SystemDrive%\Thumbs.db:encryptable -> emails.csv -> %UserDocuments%\emails.csv -> [Ver = | Size = 2264 bytes | Created Date = 31.01.2007 17:51:57 | Attr = ] Citrix Program Neighborhood.lnk2 -> %AllUsersDesktop%\Citrix Program Neighborhood.lnk2 -> [Ver = | Size = 2343 bytes | Created Date = 29.01.2007 14:37:06 | Attr = ] 20764195.pdf -> %UserDesktop%\20764195.pdf -> [Ver = | Size = 2719344 bytes | Created Date = 02.02.2007 11:36:06 | Attr = ] 7jYg3M3-5858325.jpg -> %UserDesktop%\7jYg3M3-5858325.jpg -> [Ver = | Size = 61169 bytes | Created Date = 07.02.2007 22:02:44 | Attr = ] Alice Einwahl.lnk -> %UserDesktop%\Alice Einwahl.lnk -> [Ver = | Size = 1702 bytes | Created Date = 05.02.2007 17:29:44 | Attr = ] artikel.zip -> %UserDesktop%\artikel.zip -> [Ver = | Size = 358118 bytes | Created Date = 14.02.2007 18:00:45 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\artikel.zip:Zone.Identifier -> Australien2004_komprimiert.jpg -> %UserDesktop%\Australien2004_komprimiert.jpg -> [Ver = | Size = 4170142 bytes | Created Date = 13.02.2007 22:15:50 | Attr = ] Baker_panel_report.pdf -> %UserDesktop%\Baker_panel_report.pdf -> [Ver = | Size = 2408676 bytes | Created Date = 26.01.2007 09:41:49 | Attr = ] comboscan.exe -> %UserDesktop%\comboscan.exe -> [Ver = 3, 2, 2, 0 | Size = 672889 bytes | Created Date = 20.02.2007 19:20:28 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\comboscan.exe:Zone.Identifier -> Configuration Program Neighborhood COE_WTS_BOC - english Version 2.0.pdf -> %UserDesktop%\Configuration Program Neighborhood COE_WTS_BOC - english Version 2.0.pdf -> [Ver = | Size = 345772 bytes | Created Date = 01.02.2007 13:44:46 | Attr = ] DSC03976.JPG -> %UserDesktop%\DSC03976.JPG -> [Ver = | Size = 1284019 bytes | Created Date = 24.01.2007 09:04:01 | Attr = ] export.xls -> %UserDesktop%\export.xls -> [Ver = | Size = 341504 bytes | Created Date = 14.02.2007 19:36:30 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\export.xls:Zone.Identifier -> Fehler-WinPFind.jpg -> %UserDesktop%\Fehler-WinPFind.jpg -> [Ver = | Size = 11575 bytes | Created Date = 14.02.2007 00:42:48 | Attr = ] Fragebogen Solarstromanlagen für PV-Forum.doc -> %UserDesktop%\Fragebogen Solarstromanlagen für PV-Forum.doc -> [Ver = | Size = 112640 bytes | Created Date = 01.02.2007 15:28:09 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\Fragebogen Solarstromanlagen für PV-Forum.doc:Zone.Identifier -> frau tasche.jpg -> %UserDesktop%\frau tasche.jpg -> [Ver = | Size = 22827 bytes | Created Date = 13.02.2007 21:27:58 | Attr = ] gmer.exe -> %UserDesktop%\gmer.exe -> [Ver = 1, 0, 12, 12011 | Size = 573440 bytes | Created Date = 17.02.2007 11:19:30 | Attr = ] gmer.zip -> %UserDesktop%\gmer.zip -> [Ver = | Size = 490698 bytes | Created Date = 16.02.2007 03:10:14 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\gmer.zip:Zone.Identifier -> HijackThis.exe -> %UserDesktop%\HijackThis.exe -> Soeperman Enterprises Ltd. [Ver = 1.99.0001 | Size = 218112 bytes | Created Date = 07.02.2007 16:07:28 | Attr = ] hijackthis_199.zip -> %UserDesktop%\hijackthis_199.zip -> [Ver = | Size = 212843 bytes | Created Date = 07.02.2007 16:07:13 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\hijackthis_199.zip:Zone.Identifier -> lame-3.97.zip -> %UserDesktop%\lame-3.97.zip -> [Ver = | Size = 434316 bytes | Created Date = 29.01.2007 09:43:22 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\lame-3.97.zip:Zone.Identifier -> Leo Dict.url -> %UserDesktop%\Leo Dict.url -> [Ver = | Size = 108 bytes | Created Date = 07.02.2007 15:54:23 | Attr = ] mann schubkarre.jpg -> %UserDesktop%\mann schubkarre.jpg -> [Ver = | Size = 31756 bytes | Created Date = 13.02.2007 21:27:47 | Attr = ] SPSS 14[1].0 for Windows - VUCKO!!!.zip -> %UserDesktop%\SPSS 14[1].0 for Windows - VUCKO!!!.zip -> [Ver = | Size = 830382 bytes | Created Date = 13.02.2007 18:49:01 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\SPSS 14[1].0 for Windows - VUCKO!!!.zip:Zone.Identifier -> SPSS[1].v14.0.WORKING-EQUiNOX.rar -> %UserDesktop%\SPSS[1].v14.0.WORKING-EQUiNOX.rar -> [Ver = | Size = 834218 bytes | Created Date = 13.02.2007 19:01:38 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\SPSS[1].v14.0.WORKING-EQUiNOX.rar:Zone.Identifier -> ys.wmv -> %UserDesktop%\ys.wmv -> [Ver = | Size = 165058728 bytes | Created Date = 20.02.2007 23:10:16 | Attr = ] ~flNlc3Np.pdf -> %UserDesktop%\~flNlc3Np.pdf -> [Ver = | Size = 13766 bytes | Created Date = 16.02.2007 16:03:30 | Attr = ] Program Neighborhood Agent.lnk -> %AllUsersStartup%\Program Neighborhood Agent.lnk -> [Ver = | Size = 1792 bytes | Created Date = 29.01.2007 14:37:07 | Attr = ] gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 12, 12011 | Size = 565311 bytes | Created Date = 13.02.2007 15:31:19 | Attr = ] gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 12, 12011 | Size = 573440 bytes | Created Date = 13.02.2007 15:31:19 | Attr = ] gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Created Date = 13.02.2007 15:31:19 | Attr = ] gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Created Date = 13.02.2007 15:31:19 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 30.01.2007 23:49:32 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 30.01.2007 23:49:32 | Attr = H ] System.ini.backup -> %SystemRoot%\System.ini.backup -> [Ver = | Size = 264 bytes | Created Date = 04.02.2007 00:14:59 | Attr = ] gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3721 | Size = 68961 bytes | Created Date = 13.02.2007 15:31:19 | Attr = ] [Files - Modified Within 30 days] Australien2004_komprimiert.jpg -> %SystemDrive%\Australien2004_komprimiert.jpg -> [Ver = | Size = 4170142 bytes | Modified Date = 13.02.2007 22:15:52 | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1073152000 bytes | Modified Date = 21.02.2007 10:00:38 | Attr = HS] IE leitet seiten scheinbar zufällig um - Security Forum (2).url -> %SystemDrive%\IE leitet seiten scheinbar zufällig um - Security Forum (2).url -> [Ver = | Size = 219 bytes | Modified Date = 20.02.2007 18:15:16 | Attr = ] Thumbs.db -> %SystemDrive%\Thumbs.db -> [Ver = | Size = 13824 bytes | Modified Date = 18.02.2007 23:42:00 | Attr = HS] @Alternate Data Stream - 0 bytes -> %SystemDrive%\Thumbs.db:encryptable -> DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 14336 bytes | Modified Date = 18.02.2007 23:41:56 | Attr = ] GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 92840 bytes | Modified Date = 23.01.2007 09:25:58 | Attr = ] IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 3759498 bytes | Modified Date = 21.02.2007 01:16:24 | Attr = H ] emails.csv -> %UserDocuments%\emails.csv -> [Ver = | Size = 2264 bytes | Modified Date = 31.01.2007 17:52:02 | Attr = ] Citrix Program Neighborhood.lnk2 -> %AllUsersDesktop%\Citrix Program Neighborhood.lnk2 -> [Ver = | Size = 2343 bytes | Modified Date = 02.02.2007 13:57:32 | Attr = ] 20764195.pdf -> %UserDesktop%\20764195.pdf -> [Ver = | Size = 2719344 bytes | Modified Date = 02.02.2007 11:36:46 | Attr = ] 7jYg3M3-5858325.jpg -> %UserDesktop%\7jYg3M3-5858325.jpg -> [Ver = | Size = 61169 bytes | Modified Date = 07.02.2007 22:02:46 | Attr = ] artikel.zip -> %UserDesktop%\artikel.zip -> [Ver = | Size = 358118 bytes | Modified Date = 14.02.2007 18:00:48 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\artikel.zip:Zone.Identifier -> Australien2004_komprimiert.jpg -> %UserDesktop%\Australien2004_komprimiert.jpg -> [Ver = | Size = 4170142 bytes | Modified Date = 13.02.2007 22:15:52 | Attr = ] Baker_panel_report.pdf -> %UserDesktop%\Baker_panel_report.pdf -> [Ver = | Size = 2408676 bytes | Modified Date = 26.01.2007 09:41:50 | Attr = ] comboscan.exe -> %UserDesktop%\comboscan.exe -> [Ver = 3, 2, 2, 0 | Size = 672889 bytes | Modified Date = 20.02.2007 19:20:30 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\comboscan.exe:Zone.Identifier -> Configuration Program Neighborhood COE_WTS_BOC - english Version 2.0.pdf -> %UserDesktop%\Configuration Program Neighborhood COE_WTS_BOC - english Version 2.0.pdf -> [Ver = | Size = 345772 bytes | Modified Date = 01.02.2007 13:44:48 | Attr = ] export.xls -> %UserDesktop%\export.xls -> [Ver = | Size = 341504 bytes | Modified Date = 14.02.2007 19:36:32 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\export.xls:Zone.Identifier -> Fehler-WinPFind.jpg -> %UserDesktop%\Fehler-WinPFind.jpg -> [Ver = | Size = 11575 bytes | Modified Date = 14.02.2007 00:42:50 | Attr = ] Fragebogen Solarstromanlagen für PV-Forum.doc -> %UserDesktop%\Fragebogen Solarstromanlagen für PV-Forum.doc -> [Ver = | Size = 112640 bytes | Modified Date = 01.02.2007 15:28:14 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\Fragebogen Solarstromanlagen für PV-Forum.doc:Zone.Identifier -> frau tasche.jpg -> %UserDesktop%\frau tasche.jpg -> [Ver = | Size = 22827 bytes | Modified Date = 13.02.2007 21:27:30 | Attr = ] gmer.zip -> %UserDesktop%\gmer.zip -> [Ver = | Size = 490698 bytes | Modified Date = 16.02.2007 03:10:16 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\gmer.zip:Zone.Identifier -> hijackthis_199.zip -> %UserDesktop%\hijackthis_199.zip -> [Ver = | Size = 212843 bytes | Modified Date = 07.02.2007 16:07:16 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\hijackthis_199.zip:Zone.Identifier -> lame-3.97.zip -> %UserDesktop%\lame-3.97.zip -> [Ver = | Size = 434316 bytes | Modified Date = 29.01.2007 09:43:26 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\lame-3.97.zip:Zone.Identifier -> Leo Dict.url -> %UserDesktop%\Leo Dict.url -> [Ver = | Size = 108 bytes | Modified Date = 07.02.2007 15:54:46 | Attr = ] SPSS 14[1].0 for Windows - VUCKO!!!.zip -> %UserDesktop%\SPSS 14[1].0 for Windows - VUCKO!!!.zip -> [Ver = | Size = 830382 bytes | Modified Date = 13.02.2007 18:49:04 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\SPSS 14[1].0 for Windows - VUCKO!!!.zip:Zone.Identifier -> SPSS[1].v14.0.WORKING-EQUiNOX.rar -> %UserDesktop%\SPSS[1].v14.0.WORKING-EQUiNOX.rar -> [Ver = | Size = 834218 bytes | Modified Date = 13.02.2007 19:01:40 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\SPSS[1].v14.0.WORKING-EQUiNOX.rar:Zone.Identifier -> Thumbs.db -> %UserDesktop%\Thumbs.db -> [Ver = | Size = 24576 bytes | Modified Date = 20.02.2007 17:42:04 | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserDesktop%\Thumbs.db:encryptable -> ~flNlc3Np.pdf -> %UserDesktop%\~flNlc3Np.pdf -> [Ver = | Size = 13766 bytes | Modified Date = 16.02.2007 16:03:42 | Attr = ] Program Neighborhood Agent.lnk -> %AllUsersStartup%\Program Neighborhood Agent.lnk -> [Ver = | Size = 1792 bytes | Modified Date = 29.01.2007 14:37:08 | Attr = ] VPN Client.lnk -> %AllUsersStartup%\VPN Client.lnk -> [Ver = | Size = 2423 bytes | Modified Date = 21.02.2007 10:02:28 | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 21.02.2007 10:00:42 | Attr = S] cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 333 bytes | Modified Date = 29.01.2007 09:47:46 | Attr = ] gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 12, 12011 | Size = 565311 bytes | Modified Date = 17.02.2007 11:19:36 | Attr = ] gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Modified Date = 20.02.2007 18:10:42 | Attr = ] gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Modified Date = 13.02.2007 15:31:20 | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 17.02.2007 10:50:36 | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 20.02.2007 20:17:58 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 30.01.2007 23:49:34 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 21.02.2007 00:17:16 | Attr = H ] Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 7680 bytes | Modified Date = 18.02.2007 23:41:58 | Attr = HS] @Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable -> win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 925 bytes | Modified Date = 17.02.2007 10:43:40 | Attr = ] lsprst7.dll -> %System32%\lsprst7.dll -> [Ver = | Size = 341 bytes | Modified Date = 21.02.2007 12:24:40 | Attr = ] lsprst7.tgz -> %System32%\lsprst7.tgz -> [Ver = | Size = 355 bytes | Modified Date = 21.02.2007 12:24:40 | Attr = ] mapisvc.inf -> %System32%\mapisvc.inf -> [Ver = | Size = 2086 bytes | Modified Date = 21.02.2007 10:04:52 | Attr = ] perfc007.dat -> %System32%\perfc007.dat -> [Ver = | Size = 77062 bytes | Modified Date = 17.02.2007 12:56:36 | Attr = ] perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 64194 bytes | Modified Date = 17.02.2007 12:56:36 | Attr = ] perfh007.dat -> %System32%\perfh007.dat -> [Ver = | Size = 420404 bytes | Modified Date = 17.02.2007 12:56:36 | Attr = ] perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 405644 bytes | Modified Date = 17.02.2007 12:56:36 | Attr = ] PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 973482 bytes | Modified Date = 17.02.2007 12:56:36 | Attr = ] servdat.slm -> %System32%\servdat.slm -> [Ver = | Size = 16 bytes | Modified Date = 21.02.2007 12:24:40 | Attr = H ] ssprs.tgz -> %System32%\ssprs.tgz -> [Ver = | Size = 14 bytes | Modified Date = 21.02.2007 12:24:40 | Attr = ] TC.HLP -> %System32%\TC.HLP -> [Ver = | Size = 19601 bytes | Modified Date = 21.02.2007 10:04:50 | Attr = ] TCFAX.HLP -> %System32%\TCFAX.HLP -> [Ver = | Size = 19601 bytes | Modified Date = 21.02.2007 10:04:44 | Attr = ] TCFREE.HLP -> %System32%\TCFREE.HLP -> [Ver = | Size = 19601 bytes | Modified Date = 21.02.2007 10:04:44 | Attr = ] TCSTORE.HLP -> %System32%\TCSTORE.HLP -> [Ver = | Size = 19601 bytes | Modified Date = 21.02.2007 10:04:42 | Attr = ] TCTX.HLP -> %System32%\TCTX.HLP -> [Ver = | Size = 19601 bytes | Modified Date = 21.02.2007 10:04:52 | Attr = ] wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 10.02.2007 20:32:18 | Attr = ] gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3721 | Size = 68961 bytes | Modified Date = 17.02.2007 11:19:36 | Attr = ] [File String Scan - Non-Microsoft Only] @Alternate Data Stream - 0 bytes -> %SystemDrive%\Thumbs.db:encryptable -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\artikel.zip:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\Azubi-Telefonumstellung.ppt:Zone.Identifier -> UPX0 , -> %UserDesktop%\Azubi-Telefonumstellung.ppt -> [Ver = | Size = 1422848 bytes | Modified Date = 15.01.2007 09:24:56 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\comboscan.exe:Zone.Identifier -> UPX! , UPX0 , -> %UserDesktop%\comboscan.exe -> [Ver = 3, 2, 2, 0 | Size = 672889 bytes | Modified Date = 20.02.2007 19:20:30 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\export.xls:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\Fragebogen Solarstromanlagen für PV-Forum.doc:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\gbi.rtf:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\gmer.zip:Zone.Identifier -> UPX! , UPX0 , -> %UserDesktop%\HijackThis.exe -> Soeperman Enterprises Ltd. [Ver = 1.99.0001 | Size = 218112 bytes | Modified Date = 16.02.2005 11:06:00 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserDesktop%\hijackthis_199.zip:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\lame-3.97.zip:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\SPSS 14[1].0 for Windows - VUCKO!!!.zip:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\SPSS14DE_Eval.exe:Zone.Identifier -> File scan skipped for file %UserDesktop%\SPSS14DE_Eval.exe -> File size too big (181269445 bytes) -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\SPSS[1].v14.0.WORKING-EQUiNOX.rar:Zone.Identifier -> @Alternate Data Stream - 0 bytes -> %UserDesktop%\Thumbs.db:encryptable -> @Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable -> UPX! , UPX0 , -> %System32%\CDRip.dll -> Albert L Faber [Ver = 117 | Size = 83456 bytes | Modified Date = 24.06.2006 00:01:56 | Attr = ] Thawte Consulting , -> %System32%\CSGina.dll -> [Ver = | Size = 193584 bytes | Modified Date = 20.04.2006 07:34:24 | Attr = ] PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41118 bytes | Modified Date = 10.08.2004 15:00:00 | Attr = ] Thawte Consulting , -> %System32%\InstHelper.dll -> [Ver = | Size = 29752 bytes | Modified Date = 20.04.2006 07:34:38 | Attr = ] UPX! , UPX0 , -> %System32%\l3codeca.acm -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 1, 9, 0, 0305 | Size = 136704 bytes | Modified Date = 29.08.2002 03:39:20 | Attr = ] UPX! , UPX0 , -> %System32%\l3codecx.ax -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 1, 9, 0, 0311 | Size = 42496 bytes | Modified Date = 08.06.2000 17:00:00 | Attr = ] Thawte Consulting , -> %System32%\vpnapi.dll -> [Ver = | Size = 197672 bytes | Modified Date = 04.11.2005 10:21:48 | Attr = ] winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 10.08.2004 15:00:00 | Attr = ] < End of report > Dieser Beitrag wurde am 21.02.2007 um 13:29 Uhr von Philip219 editiert.
|
|
|
||
21.02.2007, 13:59
Ehrenmitglied
Beiträge: 29434 |
#29
es ist wirklich schwer, hier was zu finden, was nicht hingehoert
1. Oeffne den Texteditor (Notepad) und kopiere diesen Text rein. mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. abspeichern als: 018.bat Doppeltklicken und kopiere den Text ab, der angezeigt wird. - c:\key4.txt Zitat regedit /e c:\key4.txt "HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer"----------- 2. http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) {52F743E5-4926-43A5-8F85-062E2B7E05FB} {775AF23C-485E-45D7-BFAB-25CBA12F04CD} in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. ------------ ist fuer mich Zitat < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\@Alternate Data Stream - 26 bytes -> %UserDesktop%\SPSS 14[1].0 for Windows - VUCKO!!!.zip:Zone.Identifier -> SPSS[1].v14.0.WORKING-EQUiNOX.rar -> %UserDesktop%\SPSS[1].v14.0.WORKING-EQUiNOX.rar @Alternate Data Stream - 26 bytes -> %UserDesktop%\SPSS 14[1].0 for Windows - VUCKO!!!.zip:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\SPSS14DE_Eval.exe:Zone.Identifier -> __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
21.02.2007, 14:30
Member
Beiträge: 11 |
#30
1.) die .bat öffnet beim ausführen ein leeres .txt. ist auch richtig so, denn in der registry hat der ordner "mircosoft" keinen unterordner "internet explorer"...
2.) die Reports als anhang, sind zu groß zum kopieren. zu deinem "ist fuer mich" teil: das hier kenn ich, ist unbednklich! @Alternate Data Stream - 26 bytes -> %UserDesktop%\SPSS 14[1].0 for Windows - VUCKO!!!.zip:Zone.Identifier -> SPSS[1].v14.0.WORKING-EQUiNOX.rar -> %UserDesktop%\SPSS[1].v14.0.WORKING-EQUiNOX.rar @Alternate Data Stream - 26 bytes -> %UserDesktop%\SPSS 14[1].0 for Windows - VUCKO!!!.zip:Zone.Identifier -> @Alternate Data Stream - 26 bytes -> %UserDesktop%\SPSS14DE_Eval.exe:Zone.Identifier -> Anhang: RegSearch forum.txt
|
|
|
||
Ich warte also mal ab und schau, ob's wieder passiert. Melde mic dann nochmal.
Und gaaaanz lieben Dank für deine Hilfe. Echt bemerkenswert, wie schnell du hilfst.