IE leitet seiten scheinbar zufällig um

#0
14.02.2007, 11:55
Member

Beiträge: 11
#16 So Devolutions ToolBar auch deinstalliert.

Ich warte also mal ab und schau, ob's wieder passiert. Melde mic dann nochmal.

Und gaaaanz lieben Dank für deine Hilfe. Echt bemerkenswert, wie schnell du hilfst.
Seitenanfang Seitenende
14.02.2007, 11:57
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#17 sollte wieder eine Umleitung erfolgen - schreibe sofort ;)
dann graben wir weiter ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
15.02.2007, 10:43
Member

Beiträge: 11
#18 Hallo Sabina,

ich hatte gestern Abend wieder unser altbekanntes Umleitungsproblem. Diesmal aber auf meinem anderen Benutzeraccount. Hätte unsere Clean-Up-Aktion gestern die Schädlinge auf 2 verschiedenen Windows-XP-Nutzerkonten killen müssen? Schon, oder? Wenn ja, würde ich dich bitten, mir nochmal alle Tools, die ich zur ersten Analyse nutzen soll, kurz zu listen. Dann warte ich, bis der Virus wieder aktiv ist und führe währenddessen dann die Analysetools aus. So haben wir dann vielleicht eher eine Chance ihn zu finden? Die Schwierigkeit ist nur, dass ich während das Ding aktiv ist, eben nicht hierher komme, weil ich umgeleitet werde... Aber wenn ich vorher alles vorbereite, müsste das ja zu machen sein...

Danke dir nochmal und schonmal, Gruß
Phil
Seitenanfang Seitenende
15.02.2007, 12:13
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#19 poste mir mal bitte einen link von der Seite, auf die du umgeleitet wirst.
die Tools, mit denen wir gearbeitet haben:

Hijackthis
http://virus-protect.org/hjtkurz.html

Combofix
http://virus-protect.org/artikel/tools/combofix.html

gmer
http://virus-protect.org/artikel/tools/gmer.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
16.02.2007, 03:12
Member

Beiträge: 11
#20 Heute ist nix passiert, also gibt's im Moment keinen Screenshot oder so zu posten.

Hier nochmal das Problem: Ich geb die URL ein und schick sie mit Enter ab. Dann wird eine wahllose andere Seite geladen als die, die ich angefordert habe. Die URL der Seite, die mit angezeigt wird, bekomme ich überhaupt nicht zu sehen, sie erscheint nicht in der Browser-URL-Leiste.
Oft ist die Seite, die dann ungewollterweise geladen wird eine, die einen Google-Error anzeigt oder simuliert, mit einem Text wie "Seite nicht gefunden", "existiert nicht", oder ähnliches. Wenn ich dann eine andere Seite in die URL-Leiste eingeb und per Enter abschick, wird wieder eine beliebige andere Seite geladen, oder dieselbe umgeleitete Seite oder manchmal erscheint dann auch die Seite, die ich das mal zuvor eigentlich sehen wollte.

ipconfig /flushdns hilft nicht...
Internetverbindung trennen und neu einwählen hilft nicht
auch nix anderes hilft, nur ein kompletter Neustart schafft Abhilfe.

Jemand eine Ahnung, was diese Symptome hervorrufen kann?

[edit]
neue PRobs:

bin jetzt wieder in meinem anderen Win-XP-Account, und hab wieder Probleme.

Hab aber glaub ich das Problem schonmal gefunden:

%windir%\prefetch
hat 2 verdächtige dateien:
phones~2.exe
und
sphone~1.exe

Die Originale dazu haben mehr als 8 Zeichen und liegen mit in meinem Siemens Mobile Phone Manager...

Die Dateien scheinen in Zusammenhang mit searchprotocolhost.exe aktiv zu werden wenn das mgl. ist, muss aber nichts zwingend damit zu tun haben. ISt das nicht nur in Windows Indexer-Dienst oder so? Kann man den ganz ausstellen, der nervt eh nur...

hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 03:42:14, on 16.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe
C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\xltCCam.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programme\AntiVirenKit InternetSecurity\Firewall\GDFwSvc.exe
C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programme\Apoint\Apoint.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Apoint\Apntex.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Axalto\Access Client\v5\xltSysTray.Exe
C:\Programme\AntiVirenKit InternetSecurity\AVKTray\AVKTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Digital Line Detect\DLG.exe
C:\Programme\AntiVirenKit InternetSecurity\Firewall\GDFirewallTray.exe
C:\Programme\PSNLite\PsnLite.exe
C:\PROGRA~1\PSNLite\PSNGive.exe
C:\WINDOWS\ISW\alice\signup\alicecnn.exe
C:\PROGRA~1\MOBILE~1\bin\DESProxy.exe
C:\PROGRA~1\MOBILE~1\bin\SCfgSrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\PROGRA~1\MOBILE~1\bin\SPHONE~1.EXE
C:\WINDOWS\explorer.exe
C:\Dokumente und Einstellungen\Philip\Desktop\HijackThis.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\MOBILE~1\bin\PHONES~2.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\AntiVirenKit InternetSecurity\Webfilter\AvkWebIE.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Programme\TextAloud\TAForIE.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\AntiVirenKit InternetSecurity\Webfilter\AvkWebIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [xltSystemTray] C:\Programme\Axalto\Access Client\v5\xltSysTray.Exe
O4 - HKLM\..\Run: [xltCertPropUI] C:\WINDOWS\system32\xltCertPropUI.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [AVKTray] "C:\Programme\AntiVirenKit InternetSecurity\AVKTray\AVKTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: G DATA Firewall Tray.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programme\PSNLite\PsnLite.exe
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Programme\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Programme\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programme\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programme\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\OFFICE~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\OFFICE~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.alice-dsl.de
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} (Silverwire Image Uploader 3.0 Control) - http://www.fotowire.com/download/client/uploader/ImageUploader3.cab
O16 - DPF: {96512D57-F751-4088-A689-5778FCC77F7A} (Photo Uploader Control) - http://www.studivz.net/lib/photouploader/PhotoUploader.cab
O16 - DPF: {A58EA309-CE0A-49C4-A18C-31F77FE681E9} (GetInfo.MainClass) - https://www.bppassport.com/diligent/GetInfo.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95A95914-C22A-417D-9500-E68445CFC005}: NameServer = 213.191.92.82 213.191.74.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = bp1.ad.bp.com,ad.bp.com,bp.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = bp1.ad.bp.com,ad.bp.com,bp.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: IntelWireless - C:\Programme\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O20 - Winlogon Notify: xltCamNotify - C:\WINDOWS\SYSTEM32\xltCamNotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: G DATA Personal Firewall (GDFwSvc) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\Firewall\GDFwSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Axalto Smart Card CAM Service (xltCCam) - Axalto Inc. - C:\WINDOWS\system32\xltCCam.exe

gmer:
beim starten:
GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-02-16 03:43:03
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 86FD21D8
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F794BA7C] GDTdiIcpt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F794BA7C] GDTdiIcpt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F794BA7C] GDTdiIcpt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F794BA7C] GDTdiIcpt.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F794BA7C] GDTdiIcpt.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F794BA7C] GDTdiIcpt.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F794BA7C] GDTdiIcpt.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F794BA7C] GDTdiIcpt.sys

---- EOF - GMER 1.0.12 ----


gmer scan:
als datei drangehängt, ist zu groß zum posten...

Gmer:
windows\system32\drivers\HookCenter.sys
Hört sich auch nicht gut an?

Siehst du noch mehr? Wie werd' ich's los?

Dieser Beitrag wurde am 16.02.2007 um 04:13 Uhr von Philip219 editiert.
Seitenanfang Seitenende
16.02.2007, 10:32
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#21 virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen
http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\system32\drivers\HookCentre.sys
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

poste die reporte


----------
««
HijackThis (StartupListe)
HijackThis starten, "Open the misc tools section" klicken, die beiden Kästchen "List also minor sections" und "List empty sections" markieren und dann "Generate StartupList log" klicken.
--------------------------

Starte den Rechner bitte im abgesicherten Modus und erstelle dort ein Hijackthis log und ein Startuplist log, dazu bitte in die ms tools setion gehen, beide Dinge bei "generate statuplist log" anhaken und die liste erstellen lassen.

*HijackThis - Config
*List also minor sections (full) -- Häkchen setzen
*List empty sections (complete) -- Häkchen setzen
*HijackThis - Config - MiscTools -- Generate StartupListlog
*(es öffnet sich das Notepad [Texteditor], nun das KOMPLETTE Log abkopieren und posten)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
20.02.2007, 18:50
Member

Beiträge: 11
#22 Das gibt's nicht, gerade war das verdammte Ding wieder aktiv!

Also, searchIndexer und SerchProtocolHost gehörten zum windows Desktop search, der mittlerweile deinstalliert ist. hookcentre.sys habe ich mit virustotal geprüft, wist virenfrei (un gehört auch laut meinem research zum system).

Hier die aktuelle Hijackthis und Gmer Reporte von gerade, als das ding wieder aktiv war...

Logfile of HijackThis v1.99.1
Scan saved at 18:36:14, on 20.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe
C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programme\AntiVirenKit InternetSecurity\Firewall\GDFwSvc.exe
C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programme\Apoint\Apoint.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Apoint\Apntex.exe
C:\Programme\AntiVirenKit InternetSecurity\AVKTray\AVKTray.exe
C:\WINDOWS\system32\DrvMon.exe
C:\Programme\Digital Line Detect\DLG.exe
C:\Programme\AntiVirenKit InternetSecurity\Firewall\GDFirewallTray.exe
C:\PROGRA~1\OFFICE~3\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\ISW\alice\signup\alicecnn.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Programme\ICQLite\ICQLite.exe
C:\Dokumente und Einstellungen\BP\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\AntiVirenKit InternetSecurity\Webfilter\AvkWebIE.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Programme\TextAloud\TAForIE.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\AntiVirenKit InternetSecurity\Webfilter\AvkWebIE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [AVKTray] "C:\Programme\AntiVirenKit InternetSecurity\AVKTray\AVKTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: G DATA Firewall Tray.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programme\PSNLite\PsnLite.exe
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Programme\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\OFFICE~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: *.bp.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} (Silverwire Image Uploader 3.0 Control) - http://www.fotowire.com/download/client/uploader/ImageUploader3.cab
O16 - DPF: {96512D57-F751-4088-A689-5778FCC77F7A} (Photo Uploader Control) - http://www.studivz.net/lib/photouploader/PhotoUploader.cab
O16 - DPF: {A58EA309-CE0A-49C4-A18C-31F77FE681E9} (GetInfo.MainClass) - https://www.bppassport.com/diligent/GetInfo.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95A95914-C22A-417D-9500-E68445CFC005}: NameServer = 213.191.92.82 213.191.74.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = bp1.ad.bp.com,ad.bp.com,bp.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = bp1.ad.bp.com,ad.bp.com,bp.com
O20 - Winlogon Notify: IntelWireless - C:\Programme\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: G DATA Personal Firewall (GDFwSvc) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\Firewall\GDFwSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe

Gmer im Anhang, weil so groß...

Ich mach jetzt noch die Sache mit den zusätzlichen Haken im abgesicherten Modus... Kommt dann gleich

Seitenanfang Seitenende
20.02.2007, 18:55
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#23 poste beide logs, die erscheinen
http://virus-protect.org/artikel/tools/comboscan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
20.02.2007, 19:17
Member

Beiträge: 11
#24 Hier die 4 Hijackthis logs, scan und startup, jeweils abgesichert und nicht... (Anhang)

Hier die Comboscans:



Comboscan:

ComboScan v20070212.14 run by BP on 2007-02-20 at 19:21:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Restore was disabled; re-enabling.
Failed to create restore point: System Restore is disabled (service is not running).
Performed disk cleanup.


-- HijackThis log (run as BP.com) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 19:21:51, on 20.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Programme\Apoint\Apoint.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\AntiVirenKit InternetSecurity\AVKTray\AVKTray.exe
C:\WINDOWS\system32\DrvMon.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Programme\Digital Line Detect\DLG.exe
C:\Programme\AntiVirenKit InternetSecurity\Firewall\GDFirewallTray.exe
C:\Programme\Citrix\ICA Client\pnagent.exe
C:\Programme\Apoint\Apntex.exe
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe
C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programme\AntiVirenKit InternetSecurity\Firewall\GDFwSvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\ISW\alice\signup\alicecnn.exe
C:\Dokumente und Einstellungen\BP\Desktop\comboscan.exe
C:\DOKUME~1\BP\LOKALE~1\Temp\~htbfuht.tmp\BP.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\AntiVirenKit InternetSecurity\Webfilter\AvkWebIE.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Programme\TextAloud\TAForIE.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\AntiVirenKit InternetSecurity\Webfilter\AvkWebIE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [AVKTray] "C:\Programme\AntiVirenKit InternetSecurity\AVKTray\AVKTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: G DATA Firewall Tray.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Programme\PSNLite\PsnLite.exe
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Programme\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\OFFICE~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: *.bp.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} (Silverwire Image Uploader 3.0 Control) - http://www.fotowire.com/download/client/uploader/ImageUploader3.cab
O16 - DPF: {96512D57-F751-4088-A689-5778FCC77F7A} (Photo Uploader Control) - http://www.studivz.net/lib/photouploader/PhotoUploader.cab
O16 - DPF: {A58EA309-CE0A-49C4-A18C-31F77FE681E9} (GetInfo.MainClass) - https://www.bppassport.com/diligent/GetInfo.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95A95914-C22A-417D-9500-E68445CFC005}: NameServer = 213.191.92.82 213.191.74.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = bp1.ad.bp.com,ad.bp.com,bp.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = bp1.ad.bp.com,ad.bp.com,bp.com
O20 - Winlogon Notify: IntelWireless - C:\Programme\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: G DATA Personal Firewall (GDFwSvc) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\Firewall\GDFwSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe


-- HijackThis Fixed Entries (C:\Dokumente und Einstellungen\BP\Desktop\backups\)

backup-20070217-111835-961 O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
backup-20070217-113443-433 O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
backup-20070220-180809-324 O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
backup-20070220-180904-895 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
backup-20070220-183233-773 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar4.dll


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

4 abp480n5 - \SystemRoot\system32\DRIVERS\ABP480N5.SYS
3 actser - system32\drivers\actser.sys
2 ADILOADER (General Purpose USB Driver (adildr.sys)) - System32\Drivers\adildr.sys
3 adiusbaw (AT-AR215 USB ADSL Modem) - system32\DRIVERS\adiusbaw.sys
4 adpu160m - \SystemRoot\system32\DRIVERS\adpu160m.sys
2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - system32\DRIVERS\AegisP.sys
4 agpCPQ (Compaq AGP-Bus-Filter) - \SystemRoot\system32\DRIVERS\agpCPQ.sys
4 Aha154x - \SystemRoot\system32\DRIVERS\aha154x.sys
4 aic78u2 - \SystemRoot\system32\DRIVERS\aic78u2.sys
4 aic78xx - \SystemRoot\system32\DRIVERS\aic78xx.sys
4 AliIde - \SystemRoot\system32\DRIVERS\aliide.sys
4 alim1541 (ALI AGP-Bus-Filter) - \SystemRoot\system32\DRIVERS\alim1541.sys
4 amdagp (AMD AGP-Bus-Filtertreiber) - \SystemRoot\system32\DRIVERS\amdagp.sys
4 amsint - \SystemRoot\system32\DRIVERS\amsint.sys
3 ApfiltrService (Alps Touch Pad Filter Driver for Windows 2000/XP) - system32\DRIVERS\Apfiltr.sys
1 APPDRV - \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
3 Arp1394 (1394-ARP-Clientprotokoll) - system32\DRIVERS\arp1394.sys
4 asc - \SystemRoot\system32\DRIVERS\asc.sys
4 asc3350p - \SystemRoot\system32\DRIVERS\asc3350p.sys
4 asc3550 - \SystemRoot\system32\DRIVERS\asc3550.sys
3 ati2mtag - system32\DRIVERS\ati2mtag.sys
3 bcm4sbxp (Broadcom 440x 10/100 Integrated Controller XP Driver) - system32\DRIVERS\bcm4sbxp.sys
4 cbidf - \SystemRoot\system32\DRIVERS\cbidf2k.sys
4 cd20xrnt - \SystemRoot\system32\DRIVERS\cd20xrnt.sys
4 CmdIde - \SystemRoot\system32\DRIVERS\cmdide.sys
4 Cpqarray - \SystemRoot\system32\DRIVERS\cpqarray.sys
3 CVirtA (Cisco Systems VPN Adapter) - system32\DRIVERS\CVirtA.sys
2 CVPNDRVA (Cisco Systems Inc. IPSec Driver) - \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
4 dac2w2k - \SystemRoot\system32\DRIVERS\dac2w2k.sys
4 dac960nt - \SystemRoot\system32\DRIVERS\dac960nt.sys
3 DNE (Deterministic Network Enhancer Miniport) - system32\DRIVERS\dne2000.sys
3 dot4 (MS IEEE-1284.4-Treiber) - system32\DRIVERS\Dot4.sys
3 Dot4Print (Druckerklassentreiber für IEEE-1284.4) - system32\DRIVERS\Dot4Prt.sys
3 dot4usb (Dot4USB-Filter Dot4USB Filter) - system32\DRIVERS\dot4usb.sys
4 dpti2o - \SystemRoot\system32\DRIVERS\dpti2o.sys
3 E100B (Intel(R) PRO-Adaptertreiber) - system32\DRIVERS\e100b325.sys
3 Egatebus - system32\drivers\egatebus.sys
3 Egatecard - System32\Drivers\egate.sys
3 Egaterdr - system32\drivers\egaterdr.sys
3 GDInterceptor - \??\C:\WINDOWS\system32\interceptor.sys
0 GDNdisIc - system32\drivers\GDNdisIc.sys
2 GDTdiInterceptor - \??\C:\WINDOWS\system32\drivers\GDTdiIcpt.sys
3 gmer - System32\DRIVERS\gmer.sys
3 HidUsb (Microsoft HID Class-Treiber) - system32\DRIVERS\hidusb.sys
3 HookCentre - \??\C:\WINDOWS\system32\drivers\HookCentre.sys
4 hpn - \SystemRoot\system32\DRIVERS\hpn.sys
3 HSFHWICH - system32\DRIVERS\HSFHWICH.sys
3 HSF_DP - system32\DRIVERS\HSF_DP.sys
4 i2omp - \SystemRoot\system32\DRIVERS\i2omp.sys
4 InCDFs (InCD File System) - system32\drivers\InCDFs.sys
1 InCDPass - system32\drivers\InCDPass.sys
1 InCDRm (InCD Reader) - system32\drivers\InCDRm.sys
4 ini910u - \SystemRoot\system32\DRIVERS\ini910u.sys
1 intelppm (Intel-Prozessortreiber) - system32\DRIVERS\intelppm.sys
3 IWCA (Intel Wireless Connection Agent Miniport for Win XP) - system32\DRIVERS\iwca.sys
1 kbdhid (Tastatur-HID-Treiber) - system32\DRIVERS\kbdhid.sys
2 mdmxsdk - system32\DRIVERS\mdmxsdk.sys
3 MHNDRV (MHN-Treiber) - system32\DRIVERS\mhndrv.sys
3 mouhid (Maus-HID-Treiber) - system32\DRIVERS\mouhid.sys
4 mraid35x - \SystemRoot\system32\DRIVERS\mraid35x.sys
3 NIC1394 (1394-Netzwerktreiber) - system32\DRIVERS\nic1394.sys
3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - \??\C:\WINDOWS\system32\NSNDIS5.SYS
3 nv - system32\DRIVERS\nv4_mini.sys
0 ohci1394 (OHCI-konformer IEEE 1394-Hostcontroller) - system32\DRIVERS\ohci1394.sys
1 omci (OMCI WDM Device Driver) - system32\DRIVERS\omci.sys
3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - \??\C:\WINDOWS\system32\PCAMPR5.SYS
0 PCIIde - system32\DRIVERS\pciide.sys
0 Pcmcia - system32\DRIVERS\pcmcia.sys
3 PDDSLADP (ProDyne DSL Adapter) - system32\DRIVERS\PDDSLADP.SYS
3 PEEK5 (PEEK5 Protocol Driver) - \??\C:\PROGRA~1\WILDPA~1\AIROPE~1\PEEK5.SYS
4 perc2 - \SystemRoot\system32\DRIVERS\perc2.sys
4 perc2hib - \SystemRoot\system32\DRIVERS\perc2hib.sys
3 pfc (Padus ASPI Shell) - system32\drivers\pfc.sys
4 ql1080 - \SystemRoot\system32\DRIVERS\ql1080.sys
4 Ql10wnt - \SystemRoot\system32\DRIVERS\ql10wnt.sys
4 ql12160 - \SystemRoot\system32\DRIVERS\ql12160.sys
4 ql1240 - \SystemRoot\system32\DRIVERS\ql1240.sys
4 ql1280 - \SystemRoot\system32\DRIVERS\ql1280.sys
3 ROOTMODEM (Microsoft Legacy Modem Driver) - System32\Drivers\RootMdm.sys
2 s24trans (WLAN Transport) - system32\DRIVERS\s24trans.sys
3 sdbus - system32\DRIVERS\sdbus.sys
3 sffdisk (SFF-Speicherklassentreiber) - system32\DRIVERS\sffdisk.sys
3 sffp_sd (SFF-Speicherprotokolltreiber für SDBus) - system32\DRIVERS\sffp_sd.sys
3 Sfloppy (High-Capacity-Diskettenlaufwerk) - system32\DRIVERS\sfloppy.sys
4 sisagp (SIS AGP-Bus-Filter) - \SystemRoot\system32\DRIVERS\sisagp.sys
4 Sparrow - \SystemRoot\system32\DRIVERS\sparrow.sys
0 sptd - System32\Drivers\sptd.sys
3 STAC97 (SigmaTel C-Major Audio) - system32\drivers\STAC97.sys
4 symc810 - \SystemRoot\system32\DRIVERS\symc810.sys
4 symc8xx - \SystemRoot\system32\DRIVERS\symc8xx.sys
4 sym_hi - \SystemRoot\system32\DRIVERS\sym_hi.sys
4 sym_u3 - \SystemRoot\system32\DRIVERS\sym_u3.sys
3 toshidpt (TOSHIBA Bluetooth HID port driver) - system32\drivers\Toshidpt.sys
4 TosIde - \SystemRoot\system32\DRIVERS\toside.sys
3 tosporte (Bluetooth Port Driver from Toshiba) - system32\DRIVERS\tosporte.sys
3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - System32\Drivers\tosrfbd.sys
3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - System32\Drivers\tosrfbnp.sys
1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - System32\Drivers\tosrfcom.sys
3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - system32\DRIVERS\Tosrfhid.sys
3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - system32\DRIVERS\tosrfnds.sys
3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - system32\drivers\TosRfSnd.sys
3 Tosrfusb (Bluetooth USB Controller) - System32\Drivers\tosrfusb.sys
4 ultra - \SystemRoot\system32\DRIVERS\ultra.sys
3 usbaudio (USB-Audiotreiber (WDM)) - system32\drivers\usbaudio.sys
3 usbccgp (Microsoft Standard-USB-Haupttreiber) - system32\DRIVERS\usbccgp.sys
3 usbehci (Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller) - system32\DRIVERS\usbehci.sys
3 usbprint (Microsoft USB-Druckerklasse) - system32\DRIVERS\usbprint.sys
3 usbscan (USB-Scannertreiber) - system32\DRIVERS\usbscan.sys
3 USBSTOR (USB-Massenspeichertreiber) - system32\DRIVERS\USBSTOR.SYS
4 viaagp (VIA AGP-Bus-Filter) - \SystemRoot\system32\DRIVERS\viaagp.sys
4 ViaIde - \SystemRoot\system32\DRIVERS\viaide.sys
3 vsdatant - \??\C:\WINDOWS\system32\vsdatant.sys
3 w29n51 (Intel(R) PRO/Wireless 2200BG Netzwerkverbindungstreiber für Windows XP) - system32\DRIVERS\w29n51.sys
3 winachsf - system32\DRIVERS\HSF_CNXT.sys
3 WPSYM24 (WildPackets Symbol-OEM Wireless LAN Card Driver) - system32\DRIVERS\WPSYM24.sys
3 ZD1211U(X-Micro) (X-Micro WLAN 11g USB Adapter(X-Micro)) - system32\DRIVERS\zd1211u.sys
3 ZDBRGSYS (ZDBRGSYS NDIS Protocol Driver) - \??\C:\WINDOWS\system32\ZDBRGSYS.SYS
3 ZDPNDIS5 (ZDPNDIS5 NDIS Protocol Driver) - \??\C:\WINDOWS\system32\ZDPNDIS5.SYS


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

4 Adobe LM Service - "C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe"
3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2 Ati HotKey Poller - %SystemRoot%\system32\Ati2evxx.exe
2 Automatisches LiveUpdate - Scheduler - "C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
2 AVKProxy - "C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe"
2 AVKService (AVK Service) - "C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe"
2 AVKWCtl (AVK Wächter) - "C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe"
3 clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
2 CLTNetCnService (Symantec Lic NetConnect service) - "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon
2 CVPND (Cisco Systems, Inc. VPN Service) - "C:\Programme\Cisco Systems\VPN Client\cvpnd.exe"
2 ehRecvr (Media Center Receiver Service) - C:\WINDOWS\eHome\ehRecvr.exe
2 ehSched (Media Center-Planerdienst) - C:\WINDOWS\eHome\ehSched.exe
2 EvtEng - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
2 Fax - %systemroot%\system32\fxssvc.exe
3 GDFwSvc (G DATA Personal Firewall) - C:\Programme\AntiVirenKit InternetSecurity\Firewall\GDFwSvc.exe
3 IDriverT (InstallDriver Table Manager) - "C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3 LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
2 McrdSvc (Media Center Extender Service) - C:\WINDOWS\ehome\mcrdsvc.exe
3 MHN - %SystemRoot%\System32\svchost.exe -k netsvcs
2 NICCONFIGSVC - C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
3 ose (Office Source Engine) - "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE"
3 Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe
2 RegSrvc - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
2 S24EventMonitor (Spectrum24 Event Monitor) - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
3 UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
2 WLANKEEPER - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe


-- Scheduled Tasks --------------------------------------------------------------

2007-02-20 19:20:00 350 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job<SYMANT~1.JOB>
2005-11-16 22:00:11 258 --a------ C:\WINDOWS\Tasks\ISP-Anmeldungserinnerung 1.job<ISP-AN~1.JOB>


-- Files created between 2007-01-20 and 2007-02-20 ------------------------------

2007-02-17 02:59:30 0 d-------- C:\Programme\Azureus
2007-02-14 11:18:58 0 d-------- C:\fixwareout<FIXWAR~1>
2007-02-14 00:17:02 0 d-------- C:\aproposfix<APROPO~1>
2007-02-13 15:31:19 80 --a------ C:\WINDOWS\gmer_uninstall.cmd<GMER_U~1.CMD>
2007-02-04 00:16:08 115200 --a------ C:\WINDOWS\system32\proppage.dll<Unsigned: Microsoft Corporation>
2007-02-04 00:16:07 0 d-------- C:\Programme\Tsunami-Filter-Pack<TSUNAM~1>
2007-02-01 11:21:29 0 d-------- C:\WINDOWS\5DF3D1BB894E4DCD8275159AC9829B43.TMP<5DF3D1~1.TMP>
2007-01-29 14:37:02 0 d-------- C:\Programme\Citrix
2007-01-21 18:16:20 1025 --a------ C:\WINDOWS\system32\sysprs7.dll<Unsigned: n/a>
2007-01-21 18:16:20 341 --a------ C:\WINDOWS\system32\lsprst7.dll<Unsigned: n/a>


-- Find3M Report ----------------------------------------------------------------

2007-02-20 18:08:01 0 d-------- C:\Programme\Gemeinsame Dateien<GEMEIN~1>
2007-02-20 17:58:23 0 d-------- C:\Programme\Mozilla Firefox<MOZILL~1>
2007-02-20 16:46:11 0 d-------- C:\Programme\SPSS
2007-02-18 14:10:28 0 d-------- C:\Programme\ICQLite
2007-02-17 12:56:34 420404 --a------ C:\WINDOWS\system32\perfh007.dat
2007-02-17 12:56:34 77062 --a------ C:\WINDOWS\system32\perfc007.dat
2007-02-17 02:50:50 0 d--h----- C:\Programme\eMule
2007-02-17 00:10:19 0 d-------- C:\Programme\Gemeinsame Dateien\AVSMedia
2007-02-16 18:06:44 0 d-------- C:\Dokumente und Einstellungen\BP\Anwendungsdaten\AdobeUM
2007-02-16 09:44:31 0 d-------- C:\Programme\Windows Desktop Search<WI459E~1>
2007-02-16 04:28:17 0 d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared<MICROS~1>
2007-02-16 04:22:24 0 d-------- C:\Programme\Microsoft.NET<MICROS~1.NET>
2007-02-16 04:18:58 0 d--h----- C:\Programme\InstallShield Installation Information<INSTAL~1>
2007-02-15 16:18:14 0 d-------- C:\Dokumente und Einstellungen\BP\Anwendungsdaten\Apple Computer<APPLEC~1>
2007-02-09 14:31:05 0 d-------- C:\Dokumente und Einstellungen\BP\Anwendungsdaten\Skype
2007-02-01 14:13:01 0 d-------- C:\Dokumente und Einstellungen\BP\Anwendungsdaten\ICAClient<ICACLI~1>
2007-01-29 09:49:16 0 d-------- C:\Programme\audiograbber<AUDIOG~1>
2007-01-25 17:22:06 0 d---s---- C:\Dokumente und Einstellungen\BP\Anwendungsdaten\Microsoft<MICROS~1>
2007-01-19 16:33:51 0 --a------ C:\WINDOWS\system32\ssprs.dll<Unsigned: n/a>
2007-01-19 16:33:51 0 --a------ C:\WINDOWS\system32\serauth2.dll<Unsigned: n/a>
2007-01-19 16:33:51 0 --a------ C:\WINDOWS\system32\serauth1.dll<Unsigned: n/a>
2007-01-19 16:33:51 0 --a------ C:\WINDOWS\system32\nsprs.dll<Unsigned: n/a>
2007-01-19 16:33:51 1024 --a------ C:\WINDOWS\system32\clauth2.dll<Unsigned: n/a>
2007-01-19 16:33:51 1024 --a------ C:\WINDOWS\system32\clauth1.dll<Unsigned: n/a>
2007-01-14 15:05:38 0 d-------- C:\Programme\IBP 9<IBP9~1>
2007-01-12 21:06:14 0 d-------- C:\Programme\Gemeinsame Dateien\System
2007-01-12 21:00:20 0 d-------- C:\Programme\MSXML 4.0<MSXML4~1.0>
2007-01-02 08:55:22 0 d-------- C:\Dokumente und Einstellungen\BP\Anwendungsdaten\Adobe
2006-12-30 17:53:12 0 d-------- C:\Programme\Gemeinsame Dateien\ACD Systems<ACDSYS~1>
2006-12-30 17:52:56 0 d-------- C:\Programme\ACD Systems<ACDSYS~1>
2006-12-30 17:52:49 10368 --a------ C:\WINDOWS\system32\drivers\pfc.sys<Unsigned: Padus, Inc.>
2006-12-27 17:10:25 0 d-------- C:\Programme\Gemeinsame Dateien\Adobe
2006-12-27 09:47:25 0 d-------- C:\Programme\Gemeinsame Dateien\Deterministic Networks<DETERM~1>
2006-12-27 09:47:21 0 d-------- C:\Programme\Cisco Systems<CISCOS~1>
2006-12-24 13:45:52 0 d-------- C:\Programme\Exif Viewer<EXIFVI~1>
2006-12-23 18:06:27 0 d-------- C:\Programme\DAP
2006-12-21 15:03:29 0 d-------- C:\Programme\AUDIOEXTRACTOR<AUDIOE~1>
2006-12-20 11:26:00 0 d-------- C:\Programme\Microsoft Works<MICROS~2>
2006-12-20 11:03:44 0 d-------- C:\Programme\Microsoft ActiveSync<MICROS~4>
2006-12-20 11:03:23 0 d-------- C:\Programme\Office 2003<OFFICE~3>
2006-12-20 11:03:06 0 d-------- C:\Dokumente und Einstellungen\BP\Anwendungsdaten\Mozilla


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"DrvMon.exe"="C:\\WINDOWS\\system32\\DrvMon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"Apoint"="C:\\Programme\\Apoint\\Apoint.exe"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"ATIPTA"="\"C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
@=""
"IntelWireless"="C:\\Programme\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
"ISUSPM Startup"="C:\\PROGRA~1\\GEMEIN~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\issch.exe\" -start"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"adiras"="adiras.exe"
"AVKTray"="\"C:\\Programme\\AntiVirenKit InternetSecurity\\AVKTray\\AVKTray.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=dword:00000000

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7514d17-a6ca-11db-937d-0013ceaa994c}]
Shell\AutoRun\command F:\loader.exe


-- End of ComboScan: finished at 2007-02-20 at 19:22:36 -------------------------




Supplementary:

ComboScan v20070212.14 run by BP on 2007-02-20 at 19:21:29
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: German

CPU 0: Intel(R) Pentium(R) M processor 1.60GHz
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 1023.37 MiB / 521.34 MiB
Pagefile Memory (total/avail): 2460.3 MiB / 2087.68 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1997.78 MiB

C: is Fixed (NTFS) - 69.79 GiB total, 1.55 GiB free.
D: is CDROM (No Media)
E: is CDROM (Unformatted)


-- Security Center --------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: G DATA Personal Firewall v1.0 (G DATA Software AG)
AV: G DATA AntiVirenKit 2006 v16.0 (G DATA)


-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users
APPDATA=C:\Dokumente und Einstellungen\BP\Anwendungsdaten
CLASSPATH=.;C:\Programme\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Programme\Gemeinsame Dateien
COMPUTERNAME=MEDIALABOR1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Dokumente und Einstellungen\BP
LOGONSERVER=\\MEDIALABOR1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programme\ATI Technologies\ATI Control Panel;C:\Programme\QuickTime\QTSystem\;C:\Programme\Gemeinsame Dateien\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Programme
PROMPT=$P$G
QTJAVA=C:\Programme\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOKUME~1\BP\LOKALE~1\Temp
TMP=C:\DOKUME~1\BP\LOKALE~1\Temp
USERDOMAIN=MEDIALABOR1
USERNAME=BP
USERPROFILE=C:\Dokumente und Einstellungen\BP
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ----------------------------------------------------------------

Philip (admin)
BP (admin)
Administrator (admin)


-- Add/Remove Programs ----------------------------------------------------------

--> "C:\Programme\ViaVoice\Bin\vunGR.exe" ProdRunDictate Dc Gr_GR 'IBM ViaVoice™ Dictation Runtime' C:\WINDOWS\IsUn0407.exe -fC:\Programme\ViaVoice\RtDict_GR.isu
--> "C:\Programme\ViaVoice\Bin\vunGR.exe" ProdRunDictate Dc Gr_GR 'IBM ViaVoice™ Dictation Runtime' C:\WINDOWS\IsUn0407.exe -fC:\Programme\ViaVoice\RtDict_GR.isu
--> C:\WINDOWS\IsUn0407.exe -fC:\Programme\ViaVoice\tts\vvol50Gr_GR.isu -c"C:\Programme\ViaVoice\tts\\vo50u_GR.dll"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee 9 Foto-Manager --> MsiExec.exe /I{7AE25201-3E12-4FA2-9E65-67CD475D9263}
Adobe Acrobat 6.0 Professional --> MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Alice-Installationsdateien entfernen --> C:\WINDOWS\ISW\alice\iswdel.exe
ALPS Touch Pad Driver --> C:\Programme\Apoint\Uninstap.exe ADDREMOVE
AntiVirenKit InternetSecurity --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9128E393-0013-4B04-BD72-73287A25B28C}\setup.exe" -l0x7 -removeonly
Ares 1.9.0 --> "C:\Programme\Ares\uninstall.exe"
ARTEuro --> MsiExec.exe /I{1D3C662A-F6C6-4767-A788-7AA43A9A1317}
AT-AR215 USB ADSL WAN Adapter --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\SETUP.EXE" -l0x7
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class;)ISPLAY -clean
ATI Systemsteuerung --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
AudioExtractor --> "C:\Programme\AUDIOEXTRACTOR\unins000.exe"
Audiograbber 1.83 SE --> C:\WINDOWS\uninstall\Audiograbber\setup.exe
Azureus --> C:\Programme\Azureus\Uninstall.exe
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Broadcom Management Programs 2 --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64A77F14-0E08-4A97-A859-E93CFF428756} /l1031
Cisco Systems VPN Client 4.8.00.0440 --> MsiExec.exe /X{24C67B54-0718-445E-B663-3138D9246BD1}
CleanUp! --> C:\Programme\CleanUp!\uninstall.exe
Codec Pack - All In 1 6.0.3.0 --> C:\WINDOWS\iun6002.exe "C:\Programme\Codec Pack - All In 1\irunin.ini"
Conexant D110 MDC V.9x Modem --> C:\Programme\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
dBpowerAMP Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
dBpowerAMP Ogg Vorbis Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Ogg Vorbis Codec.dat
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Digital Line Detect --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x7 ControlPanel
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
DVD Decrypter (Remove Only) --> "C:\Programme\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Programme\DVD Shrink\unins000.exe"
eMule --> "C:\Programme\eMule\Uninstall.exe"
Energieverwaltung der internen Netzwerkkarte --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x7 UNINSTALL APPDRVNT4
Exif-Viewer 2.44 --> C:\WINDOWS\uninstall\Exif-Viewer\setup.exe
Exifer --> C:\Programme\Exifer\unins000.exe
FinePixViewer Resource --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE" -l0x7
FinePixViewer Ver.5.0 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE" -l0x7
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Gabler Wirtschafts-Lexikon --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{37F7DBA7-13EA-45EA-B20C-EE41E8822831}\setup.exe"
GemMaster Mystic --> "C:\Programme\GemMasterGerman\uninstallgemmaster.exe"
Google Earth --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
HijackThis 1.99.1 --> C:\Dokumente und Einstellungen\BP\Desktop\HijackThis.exe /uninstall
Hotfix für Windows XP (KB888795) --> "C:\WINDOWS\$NtUninstallKB888795$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB891593) --> "C:\WINDOWS\$NtUninstallKB891593$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB899337) --> "C:\WINDOWS\$NtUninstallKB899337$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB899510) --> "C:\WINDOWS\$NtUninstallKB899510$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB902841) --> "C:\WINDOWS\$NtUninstallKB902841$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB928388) --> "C:\WINDOWS\$NtUninstallKB928388$\spuninst\spuninst.exe"
IBM ViaVoice Pro 10.0 - Deutsch --> "C:\Programme\ViaVoice\Bin\uninst_GR.exe" DeleteProdVVFW100Full_GR
IBP & ARELIS 9.5.1 --> "C:\Programme\IBP 9\unins000.exe"
ICQ 5.1 --> C:\Programme\ICQLite\ICQLiteUninstall.EXE
Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Joe --> MsiExec.exe /X{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Programme\Symantec\LiveUpdate\LSETUP.EXE" /U
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
MetaFrame Presentation Server Client --> MsiExec.exe /I{7A1FB67F-A340-472A-97C3-A6AFFE078AAE}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Office Live Meeting 2005 --> MsiExec.exe /I{A364D5AA-6C50-4493-9D0A-68D86380134E}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{90120409-6000-11D3-8CFE-0150048383C9}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
MONDO SHOP 3 deinstallieren --> "C:\Programme\Mondo Media\Mondo Shop 3\Uninstall\unins000.exe"
Mozilla Firefox (1.5.0.9) --> C:\Programme\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5.0.9 (de)"
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero 7 Ultra Edition --> MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
Nikon FotoShare --> C:\Programme\Nikon\FotoShare\Uninstal.exe C:\PROGRA~1\Nikon\FOTOSH~1\INSTALL.LOG
Nikon Message Center --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x7 UNINSTALL
PantsOff 2.0 --> C:\Programme\PantsOff\unins000.exe
PictureProject --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x7 UNINSTALL
Post-it® Software Notes Lite --> "C:\Programme\PSNLite\Uninstall.exe" -Prog"C:\Programme\PSNLite\PsnLite.exe" -INI"C:\Programme\PSNLite\uninst.ini"
PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x7 UNINSTALL APPDRVNT4 - ALL
QuickTime --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1031
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x7
Remove Hidden Data Tool --> MsiExec.exe /X{90F80409-6000-11D3-8CFE-0150048383C9}
SFT Loader 2006 --> C:\Programme\SFT Loader\uninstall.exe
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sicherheitsupdate für Windows XP (KB883939) -->
Sicherheitsupdate für Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB893066) --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896422) -->
Sicherheitsupdate für Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Skype 3.0 --> "C:\Programme\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SMAC 1.2 --> C:\PROGRA~1\SMAC\UNWISE.EXE C:\PROGRA~1\SMAC\INSTALL.LOG
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
SPSS 14.0 für Windows --> MsiExec.exe /X{B136F351-BF1E-4948-9557-FA6524302ACA}
TextAloud --> C:\Programme\TextAloud\unins000.exe
TrekStor i.Beat organix --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{82506EA6-C6BB-46AB-AB97-E76C31E92BEB}\setup.exe" -l0x7
Tsunami-Filter-Pack --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DCFF9230-22DC-40ED-BBCC-0F260B85734C}\setup.exe" -l0x9
tulox Freeware-Wörterbuch (Englisch) --> C:\PROGRA~1\WRTERB~2\UNWISE32 C:\PROGRA~1\WRTERB~2\INSTALL.LOG
tulox Freeware-Wörterbuch (Spanisch) --> C:\PROGRA~1\WRTERB~1\UNWISE32 C:\PROGRA~1\WRTERB~1\INSTALL.LOG
Update für Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update für Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update für Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update für Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update für Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update für Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update für Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update für Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update Rollup 2 für Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
WEB.DE SmartSurfer3.1 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3B64983B-A039-11D4-8B5A-0050DA45E354}\setup.exe" -l0x7
Wecker 2.2 2.2 --> C:\WINDOWS\uninstall\Wecker 2.2\setup.exe
Winamp (remove only) --> "C:\Programme\Winamp\UninstWA.exe"
Windows XP-Hotfix - KB873339 -->
Windows XP-Hotfix - KB885250 -->
Windows XP-Hotfix - KB885835 -->
Windows XP-Hotfix - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885855 -->
Windows XP-Hotfix - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP-Hotfix - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887472 -->
Windows XP-Hotfix - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888113 -->
Windows XP-Hotfix - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888310 -->
Windows XP-Hotfix - KB890175 -->
Windows XP-Hotfix - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB891781 -->
Windows XP-Hotfix - KB892627 -->
Windows XP-Hotfix - KB893056 -->
Windows XP-Hotfix - KB895961 --> "C:\WINDOWS\$NtUninstallKB895961$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908250 --> "C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"
WinRAR Archivierer --> C:\Programme\WinRAR\uninstall.exe
Yahoo! Messenger --> C:\PROGRA~1\YAHOOM~1\MESSEN~1\UNWISE.EXE C:\PROGRA~1\YAHOOM~1\MESSEN~1\INSTALL.LOG


-- End of ComboScan: finished at 2007-02-20 at 19:22:36 -------------------------

Dankeschön!

Dieser Beitrag wurde am 20.02.2007 um 19:22 Uhr von Philip219 editiert.
Seitenanfang Seitenende
20.02.2007, 21:12
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#25 HijackThis
HOSTFILE:

*öffne das HijackThis
*Do a system scan only
*Config
*Misc Tools
*Open Hosts file Manager

kopiere ab, was du findest
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
20.02.2007, 23:40
Member

Beiträge: 11
#26 127.0.0.1 localhost
Seitenanfang Seitenende
21.02.2007, 11:44
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#27 scanne (kann eine Weile dauern) und poste das log, was erscheint
http://virus-protect.org/artikel/tools/winpfind3.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
21.02.2007, 12:52
Member

Beiträge: 11
#28 WinPFind3 logfile created on: 21.02.2007 12:38:33
WinPFind3U by OldTimer - Version 1.0.18 Folder = C:\Dokumente und Einstellungen\BP\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

1047932 Kb Total Physical Memory | 318548 Kb Available Physical Memory | 30,40% Memory free
2519288 Kb Paging File | 1930740 Kb Available in Paging File | 76,64% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 73176072 Kb Total Space | 1417984 Kb Free Space | 1,94% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded


[Processes - Non-Microsoft Only]
1xconfig.exe -> %ProgramFiles%\Intel\Wireless\Bin\1XConfig.exe -> Intel [Ver = 9, 0, 1, 33 | Size = 245760 bytes | Modified Date = 07.09.2004 17:03:40 | Attr = ]
alicecnn.exe -> %SystemRoot%\ISW\alice\signup\alicecnn.exe -> ProDyne [Ver = 3, 0, 1, 9 | Size = 285184 bytes | Modified Date = 09.10.2005 16:13:50 | Attr = ]
aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.1.0.99 | Size = 198336 bytes | Modified Date = 08.09.2006 14:47:28 | Attr = ]
apntex.exe -> %ProgramFiles%\Apoint\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 5.5.1.19 | Size = 45056 bytes | Modified Date = 19.08.2004 15:40:08 | Attr = ]
apoint.exe -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.141 | Size = 155648 bytes | Modified Date = 13.09.2004 17:33:20 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 04.08.2005 05:02:58 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 04.08.2005 05:02:58 | Attr = ]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5160 | Size = 344064 bytes | Modified Date = 05.08.2005 22:05:00 | Attr = ]
avkproxy.exe -> %CommonProgramFiles%\G DATA\AVKProxy\AVKProxy.exe -> G DATA Software AG [Ver = 1, 2, 5, 0 | Size = 499712 bytes | Modified Date = 15.05.2006 15:12:20 | Attr = ]
avkservice.exe -> %ProgramFiles%\AntiVirenKit InternetSecurity\AVK\AVKService.exe -> [Ver = 1, 0, 1, 5 | Size = 299008 bytes | Modified Date = 28.09.2004 10:59:06 | Attr = ]
avktray.exe -> %ProgramFiles%\AntiVirenKit InternetSecurity\AVKTray\AVKTray.exe -> G DATA Software AG [Ver = 1, 0, 8, 0 | Size = 208896 bytes | Modified Date = 28.02.2006 09:46:42 | Attr = ]
avkwctl.exe -> %ProgramFiles%\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe -> [Ver = 21, 0, 0, 9 | Size = 602112 bytes | Modified Date = 15.08.2005 17:09:02 | Attr = ]
cvpnd.exe -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 4.8.00.0440 | Size = 1516584 bytes | Modified Date = 04.11.2005 10:21:28 | Attr = ]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 29.10.2003 04:06:00 | Attr = ]
drvmon.exe -> %System32%\DrvMon.exe -> Alcor Micro, Corp. [Ver = 1, 0, 0, 9 | Size = 53248 bytes | Modified Date = 10.09.2004 03:16:58 | Attr = ]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 1, 12 | Size = 86016 bytes | Modified Date = 07.09.2004 17:02:40 | Attr = ]
gdfirewalltray.exe -> %ProgramFiles%\AntiVirenKit InternetSecurity\Firewall\GDFirewallTray.exe -> [Ver = 1, 0, 0, 8 | Size = 827392 bytes | Modified Date = 29.03.2006 14:04:44 | Attr = ]
gdfwsvc.exe -> %ProgramFiles%\AntiVirenKit InternetSecurity\Firewall\GDFwSvc.exe -> [Ver = 1, 0, 2, 0 | Size = 1073152 bytes | Modified Date = 03.04.2006 09:24:14 | Attr = ]
ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 9, 0, 1, 19 | Size = 385024 bytes | Modified Date = 30.10.2004 15:59:54 | Attr = ]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 27.07.2004 17:50:18 | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 10.11.2005 12:03:52 | Attr = ]
nicconfigsvc.exe -> %ProgramFiles%\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -> Dell Inc. [Ver = 1, 0, 0, 1 | Size = 356352 bytes | Modified Date = 04.03.2005 00:29:02 | Attr = ]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 1, 10 | Size = 139264 bytes | Modified Date = 07.09.2004 17:02:04 | Attr = ]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 1, 41 | Size = 360521 bytes | Modified Date = 07.09.2004 17:05:10 | Attr = ]
spsswin.exe -> %ProgramFiles%\SPSS\spsswin.exe -> SPSS Inc [Ver = 14.0.1.340 | Size = 5292032 bytes | Modified Date = 30.12.2005 15:33:44 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.18.0 | Size = 308736 bytes | Modified Date = 12.02.2007 21:39:14 | Attr = ]
wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 9, 0, 1, 14 | Size = 225353 bytes | Modified Date = 07.09.2004 17:12:32 | Attr = ]
zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 9, 0, 1, 45 | Size = 389120 bytes | Modified Date = 07.09.2004 17:08:02 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Adobe LM Service) Adobe LM Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> File not found
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 380928 bytes | Modified Date = 04.08.2005 05:02:58 | Attr = ]
(Automatisches LiveUpdate - Scheduler) Automatisches LiveUpdate - Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> Symantec Corporation [Ver = 3.1.0.99 | Size = 198336 bytes | Modified Date = 08.09.2006 14:47:28 | Attr = ]
(AVKProxy) AVKProxy [Win32_Own | Auto | Running] -> %CommonProgramFiles%\G DATA\AVKProxy\AVKProxy.exe -> G DATA Software AG [Ver = 1, 2, 5, 0 | Size = 499712 bytes | Modified Date = 15.05.2006 15:12:20 | Attr = ]
(AVKService) AVK Service [Win32_Own | Auto | Running] -> %ProgramFiles%\AntiVirenKit InternetSecurity\AVK\AVKService.exe -> [Ver = 1, 0, 1, 5 | Size = 299008 bytes | Modified Date = 28.09.2004 10:59:06 | Attr = ]
(AVKWCtl) AVK Wächter [Win32_Own | Auto | Running] -> %ProgramFiles%\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe -> [Ver = 21, 0, 0, 9 | Size = 602112 bytes | Modified Date = 15.08.2005 17:09:02 | Attr = ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> File not found
(CVPND) Cisco Systems, Inc. VPN Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 4.8.00.0440 | Size = 1516584 bytes | Modified Date = 04.11.2005 10:21:28 | Attr = ]
(dmadmin) Verwaltungsdienst für die Verwaltung logischer Datenträger [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 10.08.2004 15:00:00 | Attr = ]
(EvtEng) EvtEng [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 1, 12 | Size = 86016 bytes | Modified Date = 07.09.2004 17:02:40 | Attr = ]
(GDFwSvc) G DATA Personal Firewall [Win32_Own | On_Demand | Running] -> %ProgramFiles%\AntiVirenKit InternetSecurity\Firewall\GDFwSvc.exe -> [Ver = 1, 0, 2, 0 | Size = 1073152 bytes | Modified Date = 03.04.2006 09:24:14 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04.04.2005 00:41:10 | Attr = ]
(LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_1.EXE -> Symantec Corporation [Ver = 3.1.0.99 | Size = 2528960 bytes | Modified Date = 08.09.2006 14:47:28 | Attr = ]
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -> Dell Inc. [Ver = 1, 0, 0, 1 | Size = 356352 bytes | Modified Date = 04.03.2005 00:29:02 | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 7, 0, 5, 0 | Size = 65536 bytes | Modified Date = 22.10.2003 10:19:22 | Attr = ]
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 1, 10 | Size = 139264 bytes | Modified Date = 07.09.2004 17:02:04 | Attr = ]
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 1, 41 | Size = 360521 bytes | Modified Date = 07.09.2004 17:05:10 | Attr = ]
(WLANKEEPER) WLANKEEPER [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 9, 0, 1, 14 | Size = 225353 bytes | Modified Date = 07.09.2004 17:12:32 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> -> File not found
adiras -> adiras.exe -> File not found
Apoint -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.5.101.141 | Size = 155648 bytes | Modified Date = 13.09.2004 17:33:20 | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5160 | Size = 344064 bytes | Modified Date = 05.08.2005 22:05:00 | Attr = ]
AVKTray -> %ProgramFiles%\AntiVirenKit InternetSecurity\AVKTray\AVKTray.exe -> G DATA Software AG [Ver = 1, 0, 8, 0 | Size = 208896 bytes | Modified Date = 28.02.2006 09:46:42 | Attr = ]
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 9, 0, 1, 19 | Size = 385024 bytes | Modified Date = 30.10.2004 15:59:54 | Attr = ]
ISUSPM Startup -> %SystemDrive%\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -> File not found
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 27.07.2004 17:50:18 | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 25.09.2005 19:11:20 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 20.08.2006 23:18:08 | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 10.11.2005 12:03:52 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DrvMon.exe -> %System32%\DrvMon.exe -> Alcor Micro, Corp. [Ver = 1, 0, 0, 9 | Size = 53248 bytes | Modified Date = 10.09.2004 03:16:58 | Attr = ]
< Common Startup > -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 23.10.2006 01:48:20 | Attr = ]
%AllUsersStartup%\Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe -> [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 23.10.2006 00:01:50 | Attr = ]
%AllUsersStartup%\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 29.10.2003 04:06:00 | Attr = ]
%AllUsersStartup%\G DATA Firewall Tray.lnk -> %ProgramFiles%\AntiVirenKit InternetSecurity\Firewall\GDFirewallTray.exe -> [Ver = 1, 0, 0, 8 | Size = 827392 bytes | Modified Date = 29.03.2006 14:04:44 | Attr = ]
%AllUsersStartup%\Post-it® Software Notes Lite.lnk -> %ProgramFiles%\PSNLite\PsnLite.exe -> 3M [Ver = 3, 0, 1, 1070 | Size = 1622016 bytes | Modified Date = 02.06.2004 13:04:58 | Attr = ]
%AllUsersStartup%\Program Neighborhood Agent.lnk -> %ProgramFiles%\Citrix\ICA Client\pnagent.exe -> Citrix Systems, Inc. [Ver = 9.230.50211 | Size = 233744 bytes | Modified Date = 08.11.2006 18:33:12 | Attr = ]
%AllUsersStartup%\VPN Client.lnk -> %SystemRoot%\Installer\{24C67B54-0718-445E-B663-3138D9246BD1}\Icon3E5562ED7.ico -> [Ver = | Size = 6144 bytes | Modified Date = 02.01.2007 18:09:30 | Attr = R ]
< Registry Shell Spawning > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command
regfile [merge] -> Reg Data - Key not found ->
scrfile [open] -> "%1" /S ->
scrfile [config] -> "%1" ->
Directory [ACDBrowse] -> %ProgramFiles%\ACD Systems\ACDSee\9.0\ACDSeeQV.exe -> ACD Systems Ltd. [Ver = 1,0,69,2 | Size = 512000 bytes | Modified Date = 08.09.2006 11:18:36 | Attr = ]
Directory [FinePix] -> %ProgramFiles%\FinePixViewer\FinePixViewer.exe -> FUJI PHOTO FILM CO.,LTD. [Ver = 5, 0, 1, 0 | Size = 950272 bytes | Modified Date = 27.05.2005 11:49:00 | Attr = ]
Directory [Winamp.Bookmark] -> %ProgramFiles%\Winamp\winamp.exe -> Nullsoft [Ver = 5,1,1,168 | Size = 1162240 bytes | Modified Date = 15.11.2005 20:32:26 | Attr = ]
Directory [Winamp.Enqueue] -> %ProgramFiles%\Winamp\winamp.exe -> Nullsoft [Ver = 5,1,1,168 | Size = 1162240 bytes | Modified Date = 15.11.2005 20:32:26 | Attr = ]
Directory [Winamp.Play] -> %ProgramFiles%\Winamp\winamp.exe -> Nullsoft [Ver = 5,1,1,168 | Size = 1162240 bytes | Modified Date = 15.11.2005 20:32:26 | Attr = ]
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> %programfiles%\internet explorer\iexplore.exe -> File not found
*Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\ShellNew\\Command ->
NewLinkHere -> -> File not found
%1 -> -> File not found
*Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bfc\ShellNew\\Command ->
Briefcase_Create -> -> File not found
%2!d! -> -> File not found
%1 -> -> File not found
< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->
{407408d4-94ed-4d86-ab69-a7f649d112ee} -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf ->
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->
{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->
{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub ->
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} -> ->
{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->
{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->
{89820200-ECBD-11cf-8B85-00AA005B4383} -> %SystemRoot%\system32\ie4uinit.exe ->
{89B4C1CD-B018-4511-B0A1-5476DBF70820} -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ->
{8b15971b-5355-4c82-8c07-7e181ea07608} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ->
{94de52c8-2d59-4f1b-883e-79663d2d9a8c} -> ->
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP ->
>{26923b43-4d38-484f-9b9e-de460746276c} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->
KB910393 -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall ->
< WOW Command Line [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
*wowcmdline* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW\\wowcmdline ->
-a -> -> File not found
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute -> autocheck autochk *; ->
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4118 | Size = 46080 bytes | Modified Date = 04.08.2005 05:04:18 | Attr = ]
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\LgNotify.dll -> Intel Corporation [Ver = 9, 0, 1, 0 | Size = 110592 bytes | Modified Date = 07.09.2004 17:08:06 | Attr = ]
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoViewOnDrive -> 0 ->
-> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = Die derzeitige Homepage ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > (23 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.euro.dell.com ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.google.de/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< Trusted Sites > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
bp.com • -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{0124123D-61B4-456f-AF86-78C53A0790C5} [HKLM] -> %ProgramFiles%\AntiVirenKit InternetSecurity\Webfilter\AvkWebIE.dll [G DATA WebFilter] -> G DATA Software AG [Ver = 1, 0, 0, 2 | Size = 208896 bytes | Modified Date = 04.04.2006 10:31:00 | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22.10.2006 23:08:42 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 10.11.2005 12:22:12 | Attr = ]
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> %ProgramFiles%\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll [AcroIEToolbarHelper Class] -> [Ver = | Size = 147456 bytes | Modified Date = 15.05.2003 01:03:46 | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKLM] -> %ProgramFiles%\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [Ver = | Size = 147456 bytes | Modified Date = 15.05.2003 01:03:46 | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{0124123D-61B4-456f-AF86-78C53A0790C5} [HKLM] -> %ProgramFiles%\AntiVirenKit InternetSecurity\Webfilter\AvkWebIE.dll [G DATA WebFilter] -> G DATA Software AG [Ver = 1, 0, 0, 2 | Size = 208896 bytes | Modified Date = 04.04.2006 10:31:00 | Attr = ]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [Ver = | Size = 147456 bytes | Modified Date = 15.05.2003 01:03:46 | Attr = ]
{F053C368-5458-45B2-9B4D-D8914BDDDBFF} [HKLM] -> %ProgramFiles%\TextAloud\TAForIE.dll [TextAloud] -> [Ver = | Size = 505344 bytes | Modified Date = 05.07.2004 16:01:02 | Attr = ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Konsole ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8197 - Reg Data - Value does not exist ->
{9455301C-CF6B-11D3-A266-00C04F689C50} -> 8193 - Reg Data - Key not found ->
{B863453A-26C3-4e1f-A54D-A2CD196348E9} -> 8194 - ICQ Lite ->
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -> 8195 - Reg Data - Key not found ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8196 - Windows Messenger ->
NextId -> 8198 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\npjpi150_06.dll [MenuText: Sun Java Konsole] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 10.11.2005 12:22:12 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [MenuText: Sun Java Konsole] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 10.11.2005 12:22:12 | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{B863453A-26C3-4e1f-A54D-A2CD196348E9} -> %ProgramFiles%\ICQLite\ICQLite.exe [ButtonText: ICQ Lite] -> ICQ Ltd. [Ver = 20, 52, 2573, 0 | Size = 3144800 bytes | Modified Date = 11.07.2006 11:06:40 | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&xport to Microsoft Excel -> -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskleiste und Startmenü] -> File not found
{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} [HKLM] -> %ProgramFiles%\dBpowerAMP\dMCShell.dll [dBpowerAMP Music Converter] -> [Ver = 6, 4, 0, 0 | Size = 118784 bytes | Modified Date = 23.07.2006 23:27:32 | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [CPL-Erweiterung für Anzeigeverschiebung] -> File not found
{4FED14EE-8086-4b0c-A0DE-C27042ED1296} [HKLM] -> Reg Data - Key not found [PDFTransformer2ContextMenu] -> File not found
{73B24247-042E-4EF5-ADC2-42F62E6FD654} [HKLM] -> %ProgramFiles%\ICQLite\ICQLiteShell.dll [ICQ Lite Shell Extension] -> [Ver = 20, 52, 2573, 0 | Size = 57451 bytes | Modified Date = 07.05.2006 17:28:48 | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shellerweiterungen für die Dateikomprimierung] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [Benutzerkonten] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Kontextmenü für die Verschlüsselung] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [Erweiterung für HyperTerminal-Icons] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 10.08.2004 15:00:00 | Attr = ]
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} [HKLM] -> Reg Data - Key not found [Microsoft Office Metadata Handler] -> File not found
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} [HKLM] -> Reg Data - Key not found [Microsoft Office Thumbnail Handler] -> File not found
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} [HKLM] -> %ProgramFiles%\Adobe Acrobat 6.0\Acrobat Elements\ContextMenu.dll [Adobe.Acrobat.ContextMenu] -> Adobe Systems Inc. [Ver = 1.0.0.2003051500 | Size = 409687 bytes | Modified Date = 15.05.2003 01:41:08 | Attr = ]
{ED65AC21-B24F-11d3-BA80-00C0CA16AA37} [HKLM] -> Reg Data - Key not found [Siemens Device] -> File not found
{ED65AC22-B24F-11d3-BA80-00C0CA16AA37} [HKLM] -> Reg Data - Key not found [Siemens Device ContextMenuHandler] -> File not found
{ED65AC23-B24F-11d3-BA80-00C0CA16AA37} [HKLM] -> Reg Data - Key not found [Siemens SX1 PropertySheetHandler] -> File not found
{FCF608CF-5716-47C3-A1A8-991D873AF72B} [HKLM] -> %ProgramFiles%\Exifer\exifershellext.dll [Delphi Context Menu Shell Extension Example] -> [Ver = | Size = 180224 bytes | Modified Date = 18.09.2002 01:27:30 | Attr = ]
{FED7043D-346A-414D-ACD7-550D052499A7} [HKLM] -> %ProgramFiles%\dBpowerAMP\dBShell.dll [dBpowerAMP Music Converter 1] -> [Ver = 6, 4, 0, 1 | Size = 110592 bytes | Modified Date = 23.07.2006 23:27:32 | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} [HKLM] -> %ProgramFiles%\Adobe Acrobat 6.0\Acrobat Elements\ContextMenu.dll [Adobe.Acrobat.ContextMenu] -> Adobe Systems Inc. [Ver = 1.0.0.2003051500 | Size = 409687 bytes | Modified Date = 15.05.2003 01:41:08 | Attr = ]
{CAF4C320-32F5-11D3-A222-004095200FF2} [HKLM] -> %ProgramFiles%\AntiVirenKit InternetSecurity\AVK\ShellExt.dll [AVK9CM] -> [Ver = 9, 0, 0, 0 | Size = 86016 bytes | Modified Date = 11.06.2003 15:48:30 | Attr = ]
{BED4C38B-F765-45AC-8C56-613F76BBF43E} [HKLM] -> %ProgramFiles%\DAP\Privacy Package\DAPCtxMenuShell.dll [DAP_ShredMenu] -> Speedbit Ltd. [Ver = 8, 0, 0, 2 | Size = 53339 bytes | Modified Date = 29.10.2006 00:25:56 | Attr = ]
{73B24247-042E-4EF5-ADC2-42F62E6FD654} [HKLM] -> %ProgramFiles%\ICQLite\ICQLiteShell.dll [ICQLiteMenu] -> [Ver = 20, 52, 2573, 0 | Size = 57451 bytes | Modified Date = 07.05.2006 17:28:48 | Attr = ]
< ContextMenuHandlers - AllFilesystemObjects [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> %SystemDrive%\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll [SpySweeper] -> File not found
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{BED4C38B-F765-45AC-8C56-613F76BBF43E} [HKLM] -> %ProgramFiles%\DAP\Privacy Package\DAPCtxMenuShell.dll [DAP_ShredMenu] -> Speedbit Ltd. [Ver = 8, 0, 0, 2 | Size = 53339 bytes | Modified Date = 29.10.2006 00:25:56 | Attr = ]
{73B24247-042E-4EF5-ADC2-42F62E6FD654} [HKLM] -> %ProgramFiles%\ICQLite\ICQLiteShell.dll [ICQLiteMenu] -> [Ver = 20, 52, 2573, 0 | Size = 57451 bytes | Modified Date = 07.05.2006 17:28:48 | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{CAF4C320-32F5-11D3-A222-004095200FF2} [HKLM] -> %ProgramFiles%\AntiVirenKit InternetSecurity\AVK\ShellExt.dll [AVK9CM] -> [Ver = 9, 0, 0, 0 | Size = 86016 bytes | Modified Date = 11.06.2003 15:48:30 | Attr = ]
{FCF608CF-5716-47C3-A1A8-991D873AF72B} [HKLM] -> %ProgramFiles%\Exifer\exifershellext.dll [ContMenu] -> [Ver = | Size = 180224 bytes | Modified Date = 18.09.2002 01:27:30 | Attr = ]
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} [HKLM] -> %SystemDrive%\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll [SpySweeper] -> File not found
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 8.0.0.0 | Size = 372736 bytes | Modified Date = 22.10.2006 23:28:04 | Attr = ]
{FED7043D-346A-414D-ACD7-550D052499A7} [HKLM] -> %ProgramFiles%\dBpowerAMP\dBShell.dll [dBpShell Class] -> [Ver = 6, 4, 0, 1 | Size = 110592 bytes | Modified Date = 23.07.2006 23:27:32 | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{52F743E5-4926-43A5-8F85-062E2B7E05FB} -> () ->
{775AF23C-485E-45D7-BFAB-25CBA12F04CD} -> () ->
{7EEC3A3A-C0E3-424D-A221-81312D2EAD72} -> (1394-Netzwerkadapter) ->
{ACA5E75F-02B9-43D9-A82D-BD5B9FFA5115} -> (Intel(R) PRO/Wireless 2200BG Network Connection) ->
{FF872A65-BDC7-4676-A5D8-E1126CB188AC} -> (Broadcom 440x 10/100 Integrated Controller) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab ->
{17492023-C23A-453E-A040-C7C580BBF700} -> Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204 ->
{4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} -> Silverwire Image Uploader 3.0 Control - CodeBase = http://www.fotowire.com/download/client/uploader/ImageUploader3.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
{96512D57-F751-4088-A689-5778FCC77F7A} -> Photo Uploader Control - CodeBase = http://www.studivz.net/lib/photouploader/PhotoUploader.cab ->
{A58EA309-CE0A-49C4-A18C-31F77FE681E9} -> GetInfo.MainClass - CodeBase = https://www.bppassport.com/diligent/GetInfo.cab ->
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_03 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->


[Files - Created Within 30 days]
Australien2004_komprimiert.jpg -> %SystemDrive%\Australien2004_komprimiert.jpg -> [Ver = | Size = 4170142 bytes | Created Date = 13.02.2007 22:15:50 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1073152000 bytes | Created Date = 02.01.1601 23:00:00 | Attr = HS]
IE leitet seiten scheinbar zufällig um - Security Forum (2).url -> %SystemDrive%\IE leitet seiten scheinbar zufällig um - Security Forum (2).url -> [Ver = | Size = 219 bytes | Created Date = 20.02.2007 18:14:53 | Attr = ]
Thumbs.db -> %SystemDrive%\Thumbs.db -> [Ver = | Size = 13824 bytes | Created Date = 18.02.2007 23:41:57 | Attr = HS]
@Alternate Data Stream - 0 bytes -> %SystemDrive%\Thumbs.db:encryptable ->
emails.csv -> %UserDocuments%\emails.csv -> [Ver = | Size = 2264 bytes | Created Date = 31.01.2007 17:51:57 | Attr = ]
Citrix Program Neighborhood.lnk2 -> %AllUsersDesktop%\Citrix Program Neighborhood.lnk2 -> [Ver = | Size = 2343 bytes | Created Date = 29.01.2007 14:37:06 | Attr = ]
20764195.pdf -> %UserDesktop%\20764195.pdf -> [Ver = | Size = 2719344 bytes | Created Date = 02.02.2007 11:36:06 | Attr = ]
7jYg3M3-5858325.jpg -> %UserDesktop%\7jYg3M3-5858325.jpg -> [Ver = | Size = 61169 bytes | Created Date = 07.02.2007 22:02:44 | Attr = ]
Alice Einwahl.lnk -> %UserDesktop%\Alice Einwahl.lnk -> [Ver = | Size = 1702 bytes | Created Date = 05.02.2007 17:29:44 | Attr = ]
artikel.zip -> %UserDesktop%\artikel.zip -> [Ver = | Size = 358118 bytes | Created Date = 14.02.2007 18:00:45 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\artikel.zip:Zone.Identifier ->
Australien2004_komprimiert.jpg -> %UserDesktop%\Australien2004_komprimiert.jpg -> [Ver = | Size = 4170142 bytes | Created Date = 13.02.2007 22:15:50 | Attr = ]
Baker_panel_report.pdf -> %UserDesktop%\Baker_panel_report.pdf -> [Ver = | Size = 2408676 bytes | Created Date = 26.01.2007 09:41:49 | Attr = ]
comboscan.exe -> %UserDesktop%\comboscan.exe -> [Ver = 3, 2, 2, 0 | Size = 672889 bytes | Created Date = 20.02.2007 19:20:28 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\comboscan.exe:Zone.Identifier ->
Configuration Program Neighborhood COE_WTS_BOC - english Version 2.0.pdf -> %UserDesktop%\Configuration Program Neighborhood COE_WTS_BOC - english Version 2.0.pdf -> [Ver = | Size = 345772 bytes | Created Date = 01.02.2007 13:44:46 | Attr = ]
DSC03976.JPG -> %UserDesktop%\DSC03976.JPG -> [Ver = | Size = 1284019 bytes | Created Date = 24.01.2007 09:04:01 | Attr = ]
export.xls -> %UserDesktop%\export.xls -> [Ver = | Size = 341504 bytes | Created Date = 14.02.2007 19:36:30 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\export.xls:Zone.Identifier ->
Fehler-WinPFind.jpg -> %UserDesktop%\Fehler-WinPFind.jpg -> [Ver = | Size = 11575 bytes | Created Date = 14.02.2007 00:42:48 | Attr = ]
Fragebogen Solarstromanlagen für PV-Forum.doc -> %UserDesktop%\Fragebogen Solarstromanlagen für PV-Forum.doc -> [Ver = | Size = 112640 bytes | Created Date = 01.02.2007 15:28:09 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Fragebogen Solarstromanlagen für PV-Forum.doc:Zone.Identifier ->
frau tasche.jpg -> %UserDesktop%\frau tasche.jpg -> [Ver = | Size = 22827 bytes | Created Date = 13.02.2007 21:27:58 | Attr = ]
gmer.exe -> %UserDesktop%\gmer.exe -> [Ver = 1, 0, 12, 12011 | Size = 573440 bytes | Created Date = 17.02.2007 11:19:30 | Attr = ]
gmer.zip -> %UserDesktop%\gmer.zip -> [Ver = | Size = 490698 bytes | Created Date = 16.02.2007 03:10:14 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\gmer.zip:Zone.Identifier ->
HijackThis.exe -> %UserDesktop%\HijackThis.exe -> Soeperman Enterprises Ltd. [Ver = 1.99.0001 | Size = 218112 bytes | Created Date = 07.02.2007 16:07:28 | Attr = ]
hijackthis_199.zip -> %UserDesktop%\hijackthis_199.zip -> [Ver = | Size = 212843 bytes | Created Date = 07.02.2007 16:07:13 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\hijackthis_199.zip:Zone.Identifier ->
lame-3.97.zip -> %UserDesktop%\lame-3.97.zip -> [Ver = | Size = 434316 bytes | Created Date = 29.01.2007 09:43:22 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\lame-3.97.zip:Zone.Identifier ->
Leo Dict.url -> %UserDesktop%\Leo Dict.url -> [Ver = | Size = 108 bytes | Created Date = 07.02.2007 15:54:23 | Attr = ]
mann schubkarre.jpg -> %UserDesktop%\mann schubkarre.jpg -> [Ver = | Size = 31756 bytes | Created Date = 13.02.2007 21:27:47 | Attr = ]
SPSS 14[1].0 for Windows - VUCKO!!!.zip -> %UserDesktop%\SPSS 14[1].0 for Windows - VUCKO!!!.zip -> [Ver = | Size = 830382 bytes | Created Date = 13.02.2007 18:49:01 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SPSS 14[1].0 for Windows - VUCKO!!!.zip:Zone.Identifier ->
SPSS[1].v14.0.WORKING-EQUiNOX.rar -> %UserDesktop%\SPSS[1].v14.0.WORKING-EQUiNOX.rar -> [Ver = | Size = 834218 bytes | Created Date = 13.02.2007 19:01:38 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SPSS[1].v14.0.WORKING-EQUiNOX.rar:Zone.Identifier ->
ys.wmv -> %UserDesktop%\ys.wmv -> [Ver = | Size = 165058728 bytes | Created Date = 20.02.2007 23:10:16 | Attr = ]
~flNlc3Np.pdf -> %UserDesktop%\~flNlc3Np.pdf -> [Ver = | Size = 13766 bytes | Created Date = 16.02.2007 16:03:30 | Attr = ]
Program Neighborhood Agent.lnk -> %AllUsersStartup%\Program Neighborhood Agent.lnk -> [Ver = | Size = 1792 bytes | Created Date = 29.01.2007 14:37:07 | Attr = ]
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 12, 12011 | Size = 565311 bytes | Created Date = 13.02.2007 15:31:19 | Attr = ]
gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 12, 12011 | Size = 573440 bytes | Created Date = 13.02.2007 15:31:19 | Attr = ]
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Created Date = 13.02.2007 15:31:19 | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Created Date = 13.02.2007 15:31:19 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 30.01.2007 23:49:32 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 30.01.2007 23:49:32 | Attr = H ]
System.ini.backup -> %SystemRoot%\System.ini.backup -> [Ver = | Size = 264 bytes | Created Date = 04.02.2007 00:14:59 | Attr = ]
gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3721 | Size = 68961 bytes | Created Date = 13.02.2007 15:31:19 | Attr = ]

[Files - Modified Within 30 days]
Australien2004_komprimiert.jpg -> %SystemDrive%\Australien2004_komprimiert.jpg -> [Ver = | Size = 4170142 bytes | Modified Date = 13.02.2007 22:15:52 | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1073152000 bytes | Modified Date = 21.02.2007 10:00:38 | Attr = HS]
IE leitet seiten scheinbar zufällig um - Security Forum (2).url -> %SystemDrive%\IE leitet seiten scheinbar zufällig um - Security Forum (2).url -> [Ver = | Size = 219 bytes | Modified Date = 20.02.2007 18:15:16 | Attr = ]
Thumbs.db -> %SystemDrive%\Thumbs.db -> [Ver = | Size = 13824 bytes | Modified Date = 18.02.2007 23:42:00 | Attr = HS]
@Alternate Data Stream - 0 bytes -> %SystemDrive%\Thumbs.db:encryptable ->
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 14336 bytes | Modified Date = 18.02.2007 23:41:56 | Attr = ]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 92840 bytes | Modified Date = 23.01.2007 09:25:58 | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 3759498 bytes | Modified Date = 21.02.2007 01:16:24 | Attr = H ]
emails.csv -> %UserDocuments%\emails.csv -> [Ver = | Size = 2264 bytes | Modified Date = 31.01.2007 17:52:02 | Attr = ]
Citrix Program Neighborhood.lnk2 -> %AllUsersDesktop%\Citrix Program Neighborhood.lnk2 -> [Ver = | Size = 2343 bytes | Modified Date = 02.02.2007 13:57:32 | Attr = ]
20764195.pdf -> %UserDesktop%\20764195.pdf -> [Ver = | Size = 2719344 bytes | Modified Date = 02.02.2007 11:36:46 | Attr = ]
7jYg3M3-5858325.jpg -> %UserDesktop%\7jYg3M3-5858325.jpg -> [Ver = | Size = 61169 bytes | Modified Date = 07.02.2007 22:02:46 | Attr = ]
artikel.zip -> %UserDesktop%\artikel.zip -> [Ver = | Size = 358118 bytes | Modified Date = 14.02.2007 18:00:48 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\artikel.zip:Zone.Identifier ->
Australien2004_komprimiert.jpg -> %UserDesktop%\Australien2004_komprimiert.jpg -> [Ver = | Size = 4170142 bytes | Modified Date = 13.02.2007 22:15:52 | Attr = ]
Baker_panel_report.pdf -> %UserDesktop%\Baker_panel_report.pdf -> [Ver = | Size = 2408676 bytes | Modified Date = 26.01.2007 09:41:50 | Attr = ]
comboscan.exe -> %UserDesktop%\comboscan.exe -> [Ver = 3, 2, 2, 0 | Size = 672889 bytes | Modified Date = 20.02.2007 19:20:30 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\comboscan.exe:Zone.Identifier ->
Configuration Program Neighborhood COE_WTS_BOC - english Version 2.0.pdf -> %UserDesktop%\Configuration Program Neighborhood COE_WTS_BOC - english Version 2.0.pdf -> [Ver = | Size = 345772 bytes | Modified Date = 01.02.2007 13:44:48 | Attr = ]
export.xls -> %UserDesktop%\export.xls -> [Ver = | Size = 341504 bytes | Modified Date = 14.02.2007 19:36:32 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\export.xls:Zone.Identifier ->
Fehler-WinPFind.jpg -> %UserDesktop%\Fehler-WinPFind.jpg -> [Ver = | Size = 11575 bytes | Modified Date = 14.02.2007 00:42:50 | Attr = ]
Fragebogen Solarstromanlagen für PV-Forum.doc -> %UserDesktop%\Fragebogen Solarstromanlagen für PV-Forum.doc -> [Ver = | Size = 112640 bytes | Modified Date = 01.02.2007 15:28:14 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Fragebogen Solarstromanlagen für PV-Forum.doc:Zone.Identifier ->
frau tasche.jpg -> %UserDesktop%\frau tasche.jpg -> [Ver = | Size = 22827 bytes | Modified Date = 13.02.2007 21:27:30 | Attr = ]
gmer.zip -> %UserDesktop%\gmer.zip -> [Ver = | Size = 490698 bytes | Modified Date = 16.02.2007 03:10:16 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\gmer.zip:Zone.Identifier ->
hijackthis_199.zip -> %UserDesktop%\hijackthis_199.zip -> [Ver = | Size = 212843 bytes | Modified Date = 07.02.2007 16:07:16 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\hijackthis_199.zip:Zone.Identifier ->
lame-3.97.zip -> %UserDesktop%\lame-3.97.zip -> [Ver = | Size = 434316 bytes | Modified Date = 29.01.2007 09:43:26 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\lame-3.97.zip:Zone.Identifier ->
Leo Dict.url -> %UserDesktop%\Leo Dict.url -> [Ver = | Size = 108 bytes | Modified Date = 07.02.2007 15:54:46 | Attr = ]
SPSS 14[1].0 for Windows - VUCKO!!!.zip -> %UserDesktop%\SPSS 14[1].0 for Windows - VUCKO!!!.zip -> [Ver = | Size = 830382 bytes | Modified Date = 13.02.2007 18:49:04 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SPSS 14[1].0 for Windows - VUCKO!!!.zip:Zone.Identifier ->
SPSS[1].v14.0.WORKING-EQUiNOX.rar -> %UserDesktop%\SPSS[1].v14.0.WORKING-EQUiNOX.rar -> [Ver = | Size = 834218 bytes | Modified Date = 13.02.2007 19:01:40 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SPSS[1].v14.0.WORKING-EQUiNOX.rar:Zone.Identifier ->
Thumbs.db -> %UserDesktop%\Thumbs.db -> [Ver = | Size = 24576 bytes | Modified Date = 20.02.2007 17:42:04 | Attr = HS]
@Alternate Data Stream - 0 bytes -> %UserDesktop%\Thumbs.db:encryptable ->
~flNlc3Np.pdf -> %UserDesktop%\~flNlc3Np.pdf -> [Ver = | Size = 13766 bytes | Modified Date = 16.02.2007 16:03:42 | Attr = ]
Program Neighborhood Agent.lnk -> %AllUsersStartup%\Program Neighborhood Agent.lnk -> [Ver = | Size = 1792 bytes | Modified Date = 29.01.2007 14:37:08 | Attr = ]
VPN Client.lnk -> %AllUsersStartup%\VPN Client.lnk -> [Ver = | Size = 2423 bytes | Modified Date = 21.02.2007 10:02:28 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 21.02.2007 10:00:42 | Attr = S]
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 333 bytes | Modified Date = 29.01.2007 09:47:46 | Attr = ]
gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 12, 12011 | Size = 565311 bytes | Modified Date = 17.02.2007 11:19:36 | Attr = ]
gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Modified Date = 20.02.2007 18:10:42 | Attr = ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Modified Date = 13.02.2007 15:31:20 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 17.02.2007 10:50:36 | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 20.02.2007 20:17:58 | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 30.01.2007 23:49:34 | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 21.02.2007 00:17:16 | Attr = H ]
Thumbs.db -> %SystemRoot%\Thumbs.db -> [Ver = | Size = 7680 bytes | Modified Date = 18.02.2007 23:41:58 | Attr = HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 925 bytes | Modified Date = 17.02.2007 10:43:40 | Attr = ]
lsprst7.dll -> %System32%\lsprst7.dll -> [Ver = | Size = 341 bytes | Modified Date = 21.02.2007 12:24:40 | Attr = ]
lsprst7.tgz -> %System32%\lsprst7.tgz -> [Ver = | Size = 355 bytes | Modified Date = 21.02.2007 12:24:40 | Attr = ]
mapisvc.inf -> %System32%\mapisvc.inf -> [Ver = | Size = 2086 bytes | Modified Date = 21.02.2007 10:04:52 | Attr = ]
perfc007.dat -> %System32%\perfc007.dat -> [Ver = | Size = 77062 bytes | Modified Date = 17.02.2007 12:56:36 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 64194 bytes | Modified Date = 17.02.2007 12:56:36 | Attr = ]
perfh007.dat -> %System32%\perfh007.dat -> [Ver = | Size = 420404 bytes | Modified Date = 17.02.2007 12:56:36 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 405644 bytes | Modified Date = 17.02.2007 12:56:36 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 973482 bytes | Modified Date = 17.02.2007 12:56:36 | Attr = ]
servdat.slm -> %System32%\servdat.slm -> [Ver = | Size = 16 bytes | Modified Date = 21.02.2007 12:24:40 | Attr = H ]
ssprs.tgz -> %System32%\ssprs.tgz -> [Ver = | Size = 14 bytes | Modified Date = 21.02.2007 12:24:40 | Attr = ]
TC.HLP -> %System32%\TC.HLP -> [Ver = | Size = 19601 bytes | Modified Date = 21.02.2007 10:04:50 | Attr = ]
TCFAX.HLP -> %System32%\TCFAX.HLP -> [Ver = | Size = 19601 bytes | Modified Date = 21.02.2007 10:04:44 | Attr = ]
TCFREE.HLP -> %System32%\TCFREE.HLP -> [Ver = | Size = 19601 bytes | Modified Date = 21.02.2007 10:04:44 | Attr = ]
TCSTORE.HLP -> %System32%\TCSTORE.HLP -> [Ver = | Size = 19601 bytes | Modified Date = 21.02.2007 10:04:42 | Attr = ]
TCTX.HLP -> %System32%\TCTX.HLP -> [Ver = | Size = 19601 bytes | Modified Date = 21.02.2007 10:04:52 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 10.02.2007 20:32:18 | Attr = ]
gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3721 | Size = 68961 bytes | Modified Date = 17.02.2007 11:19:36 | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 0 bytes -> %SystemDrive%\Thumbs.db:encryptable ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\artikel.zip:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Azubi-Telefonumstellung.ppt:Zone.Identifier ->
UPX0 , -> %UserDesktop%\Azubi-Telefonumstellung.ppt -> [Ver = | Size = 1422848 bytes | Modified Date = 15.01.2007 09:24:56 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\comboscan.exe:Zone.Identifier ->
UPX! , UPX0 , -> %UserDesktop%\comboscan.exe -> [Ver = 3, 2, 2, 0 | Size = 672889 bytes | Modified Date = 20.02.2007 19:20:30 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\export.xls:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Fragebogen Solarstromanlagen für PV-Forum.doc:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\gbi.rtf:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\gmer.zip:Zone.Identifier ->
UPX! , UPX0 , -> %UserDesktop%\HijackThis.exe -> Soeperman Enterprises Ltd. [Ver = 1.99.0001 | Size = 218112 bytes | Modified Date = 16.02.2005 11:06:00 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\hijackthis_199.zip:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\lame-3.97.zip:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SPSS 14[1].0 for Windows - VUCKO!!!.zip:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SPSS14DE_Eval.exe:Zone.Identifier ->
File scan skipped for file %UserDesktop%\SPSS14DE_Eval.exe -> File size too big (181269445 bytes) ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SPSS[1].v14.0.WORKING-EQUiNOX.rar:Zone.Identifier ->
@Alternate Data Stream - 0 bytes -> %UserDesktop%\Thumbs.db:encryptable ->
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
UPX! , UPX0 , -> %System32%\CDRip.dll -> Albert L Faber [Ver = 117 | Size = 83456 bytes | Modified Date = 24.06.2006 00:01:56 | Attr = ]
Thawte Consulting , -> %System32%\CSGina.dll -> [Ver = | Size = 193584 bytes | Modified Date = 20.04.2006 07:34:24 | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41118 bytes | Modified Date = 10.08.2004 15:00:00 | Attr = ]
Thawte Consulting , -> %System32%\InstHelper.dll -> [Ver = | Size = 29752 bytes | Modified Date = 20.04.2006 07:34:38 | Attr = ]
UPX! , UPX0 , -> %System32%\l3codeca.acm -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 1, 9, 0, 0305 | Size = 136704 bytes | Modified Date = 29.08.2002 03:39:20 | Attr = ]
UPX! , UPX0 , -> %System32%\l3codecx.ax -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 1, 9, 0, 0311 | Size = 42496 bytes | Modified Date = 08.06.2000 17:00:00 | Attr = ]
Thawte Consulting , -> %System32%\vpnapi.dll -> [Ver = | Size = 197672 bytes | Modified Date = 04.11.2005 10:21:48 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 10.08.2004 15:00:00 | Attr = ]

< End of report >
Dieser Beitrag wurde am 21.02.2007 um 13:29 Uhr von Philip219 editiert.
Seitenanfang Seitenende
21.02.2007, 13:59
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#29 es ist wirklich schwer, hier was zu finden, was nicht hingehoert ;)

1.
Oeffne den Texteditor (Notepad) und kopiere diesen Text rein. mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. abspeichern als: 018.bat
Doppeltklicken und kopiere den Text ab, der angezeigt wird. - c:\key4.txt

Zitat

regedit /e c:\key4.txt "HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer"
start notepad.exe c:\key4.txt
exit
-----------

2.
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten.
in: "Enter search strings" (reinschreiben oder reinkopieren)

{52F743E5-4926-43A5-8F85-062E2B7E05FB}

{775AF23C-485E-45D7-BFAB-25CBA12F04CD}

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

------------

ist fuer mich

Zitat

< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{52F743E5-4926-43A5-8F85-062E2B7E05FB} -> () ->
{775AF23C-485E-45D7-BFAB-25CBA12F04CD} -> () ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SPSS 14[1].0 for Windows - VUCKO!!!.zip:Zone.Identifier ->
SPSS[1].v14.0.WORKING-EQUiNOX.rar -> %UserDesktop%\SPSS[1].v14.0.WORKING-EQUiNOX.rar

@Alternate Data Stream - 26 bytes -> %UserDesktop%\SPSS 14[1].0 for Windows - VUCKO!!!.zip:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SPSS14DE_Eval.exe:Zone.Identifier ->


__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
21.02.2007, 14:30
Member

Beiträge: 11
#30 1.) die .bat öffnet beim ausführen ein leeres .txt. ist auch richtig so, denn in der registry hat der ordner "mircosoft" keinen unterordner "internet explorer"...

2.) die Reports als anhang, sind zu groß zum kopieren.



zu deinem "ist fuer mich" teil: das hier kenn ich, ist unbednklich!

@Alternate Data Stream - 26 bytes -> %UserDesktop%\SPSS 14[1].0 for Windows - VUCKO!!!.zip:Zone.Identifier ->
SPSS[1].v14.0.WORKING-EQUiNOX.rar -> %UserDesktop%\SPSS[1].v14.0.WORKING-EQUiNOX.rar

@Alternate Data Stream - 26 bytes -> %UserDesktop%\SPSS 14[1].0 for Windows - VUCKO!!!.zip:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SPSS14DE_Eval.exe:Zone.Identifier ->

Seitenanfang Seitenende