easy search startseite |
||
---|---|---|
#0
| ||
09.07.2004, 20:45
...neu hier
Beiträge: 4 |
||
|
||
10.07.2004, 03:53
Member
Beiträge: 1095 |
#2
@Mark79
geh mal bitte nach dieser Anweisung vor http://www.rokop-security.de/main/article.php?sid=746&mode=thread&order=0 Ausserdem Fixe bitte dieses in HiJackThis O2 - BHO: (no name) - {F687BCAC-761B-452D-BB39-CD805D453928} - C:\WINDOWS\System32\mfplay.dll O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\nosuch.mht!http://195.225.177.8/count/chm/cool.chm::/cool.exe O18 - Filter: text/html - {EE219200-2288-4E9F-A22A-7D89136C5ECA} - C:\WINDOWS\System32\mfplay.dll O18 - Filter: text/plain - {EE219200-2288-4E9F-A22A-7D89136C5ECA} - C:\WINDOWS\System32\mfplay.dll O21 - SSODL: System - {0667452E-10DB-4F4F-B325-EFF3C243FEC4} - C:\WINDOWS\system32\system32.dll Wenn das nicht klappt Lade mwav.exe http://www.rokop-security.de/board/index.php?showtopic=3867 Dann geh in den Safemode von XP http://www.bsi.de/av/texte/winsave.htm lösche C:\WINDOWS\system32\system32.dll plus C:\WINDOWS\System32\mfplay.dll Diese Datei kann einen anderen Namen haben Starte einfach HiJackThis und schau was bei O18 steht scanne mit mwav.exe Dann neustart und Logfile posten Gruß paff P.S. Bei Fragen einfach posten. Halt uns bitte auf dem laufenden, interessiert uns ob's geklappt hat. __________ http://www.downclockers.com/ourforum/index.php?board=71.0 Reverse Engineering Malware Dieser Beitrag wurde am 10.07.2004 um 04:15 Uhr von paff editiert.
|
|
|
||
10.07.2004, 15:05
...neu hier
Themenstarter Beiträge: 4 |
#3
Vielen dank!
Hab gelöscht: C:\WINDOWS\system32\system32.dll plus C:\WINDOWS\System32\mfplay.dll Dann mit mwav.exe im abgeicherten modus gescannt. Zumindest im moment ist die seite weg! Logfile of HijackThis v1.98.0 Scan saved at 15:02:53, on 10.07.2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\Programme\Norton Internet Security\NISUM.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\CAPRPCSK.EXE C:\WINDOWS\htpatch.exe C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Norton Internet Security\ccPxySvc.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Microsoft Office\Office\WINWORD.EXE C:\WINDOWS\msagent\AgentSvr.exe C:\WINDOWS\System32\wuauclt.exe C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Temp\Temporäres Verzeichnis 6 für hijackthis_198.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank F0 - system.ini: Shell= F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {85CBFDE0-B26B-4EE5-BD3C-4DE111DE763E} - C:\WINDOWS\System32\winnet.dll (file missing) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {E85A8C09-952F-4BF1-A27F-FAC89A53EE76} - C:\WINDOWS\System32\mfplay.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAPONN.EXE O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\spydoctor.exe" /Q O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Canon LBP-800 Statusfönster.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O18 - Filter: text/html - {D4BDF97E-5009-4A1B-B269-56E7D66C207E} - C:\WINDOWS\System32\mfplay.dll O18 - Filter: text/plain - {D4BDF97E-5009-4A1B-B269-56E7D66C207E} - C:\WINDOWS\System32\mfplay.dll danke nochmal, lg |
|
|
||
10.07.2004, 16:24
Ehrenmitglied
Beiträge: 29434 |
#4
mark79
fixe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no name) - {85CBFDE0-B26B-4EE5-BD3C-4DE111DE763E} - C:\WINDOWS\System32\winnet.dll (file missing) O2 - BHO: (no name) - {E85A8C09-952F-4BF1-A27F-FAC89A53EE76} - C:\WINDOWS\System32\mfplay.dll (file missing) O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe O18 - Filter: text/html - {D4BDF97E-5009-4A1B-B269-56E7D66C207E} - C:\WINDOWS\System32\mfplay.dll O18 - Filter: text/plain - {D4BDF97E-5009-4A1B-B269-56E7D66C207E} - C:\WINDOWS\System32\mfplay.dll neustarten Deaktiviere kurz deinen Virenscanner Lade Antivirus http://www.free-av.de/ Konfiguriere Antivirus-Einstellungen : Automatischen Scan stoppen, Internetupdate von Antivir starten, Einstellungen hochschrauben (Suchen: ALLE DATEIN, Reperatur: OHNE RÜCKFRAGEN, Löschen bei fehlgeschlagener Reperatur: LÖSCHEN OHNE RÜCKFRAGEN, Unerwünschte Programme: ALLE ausser spiele, Heuristik: Win32 Heuristik Priorität hoch) Gehe in den abgesicherten Modus http://www.bsi.de/av/texte/winsave.htm #Mache einen Vollscann normal neustarten #Loesche unter \InternetOptionen die Temporaryinternetfiles und stelle eine neue Startseie ein. Dann post das Log noch mal. MfG Sabina __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 10.07.2004 um 16:26 Uhr von Sabina editiert.
|
|
|
||
10.07.2004, 17:53
...neu hier
Beiträge: 6 |
#5
Ich brauche ebenfalls HILFE. Bei mir hat sich ganz viel Schmutz in die Favoriten geschrieben.......
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\RunDll32.exe C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\System32\sistray.EXE C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\System32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Spybot - Search & Destroy\SpybotSD.exe C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe C:\Programme\AVPersonal\AVWIN.EXE F:\Dateien von Jens\download\mo\mozilla-win32-1.8a1-de-AT\mozilla\mozilla.exe F:\Dateien von Jens\download\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://weba.directwebsearch.net/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weba.directwebsearch.net/index.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://weba.directwebsearch.net/search.html R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://weba.directwebsearch.net/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://weba.directwebsearch.net/index.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://weba.directwebsearch.net/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://weba.directwebsearch.net/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://weba.directwebsearch.net/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://weba.directwebsearch.net/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://weba.directwebsearch.net/search.html R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://weba.directwebsearch.net/search.html F1 - win.ini: run=C:\WINDOWS\system32\services\wmplayer.exe O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [winupd] C:\WINDOWS\System32\winupd.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM) O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{3473BC2E-BD34-4FE3-BDE2-69B84DD1F107}: NameServer = 195.50.140.250 145.253.2.203 Dieser Beitrag wurde am 10.07.2004 um 17:55 Uhr von Jens0123 editiert.
|
|
|
||
10.07.2004, 18:24
Ehrenmitglied
Beiträge: 29434 |
#6
Jens0123
Fixe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://weba.directwebsearch.net/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://weba.directwebsearch.net/index.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://weba.directwebsearch.net/search.html R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://weba.directwebsearch.net/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://weba.directwebsearch.net/index.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://weba.directwebsearch.net/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://weba.directwebsearch.net/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://weba.directwebsearch.net/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://weba.directwebsearch.net/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://weba.directwebsearch.net/search.html R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://weba.directwebsearch.net/search.html F1 - win.ini: run=C:\WINDOWS\system32\services\wmplayer.exe O4 - HKLM\..\Run: [winupd] C:\WINDOWS\System32\winupd.exe ist das dein korrekter Servereintrag ??? O17 - HKLM\System\CCS\Services\Tcpip\..\{3473BC2E-BD34-4FE3-BDE2-69B84DD1F107}: NameServer = 195.50.140.250 145.253.2.203 wenn nicht, fixen und dann neu einstellen neustarten und in den abgesicherten Modus gehen http://www.bsi.de/av/texte/winsave.htm Konfiguriere Antivirus-Einstellungen : Automatischen Scan stoppen, Einstellungen hochschrauben (Suchen: ALLE DATEIN, Reperatur: OHNE RÜCKFRAGEN, Löschen bei fehlgeschlagener Reperatur: LÖSCHEN OHNE RÜCKFRAGEN, Unerwünschte Programme: ALLE ausser spiele, Heuristik: Win32 Heuristik Priorität hoch) scanne mit deinem Antivirus #gehe in die Registry Start<Ausfuehren<regedit HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL loesche diesen Eintrag:http://weba.directwebsearch. suche dann noch nach anderen Eintraegen vom Hijacker (siehe R1-Eintraege) #Start<Systemsteuerung<Verwaltung<Dienste sieh, ob sich bei den Diensten ein wmplayer.exe eingeschlichen hat ...und deaktiviere das, wenn es existiert #loesche C:\WINDOWS\system32\services\wmplayer.exe normal neustarten #Lade mwav.exe scanne <alle Dateien< http://www.mwti.net/antivirus/free_utilities.asp Poste dann das Endlog vom Scann #loesche unter <InternetOptionen < die TemporaryInternetFiles , stelle eine neue Startseite ein und poste das Log noch mal. MfG Sabina __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 10.07.2004 um 18:32 Uhr von Sabina editiert.
|
|
|
||
10.07.2004, 18:48
...neu hier
Themenstarter Beiträge: 4 |
#7
hallo!
hier das neue log: Logfile of HijackThis v1.98.0 Scan saved at 18:44:56, on 10.07.2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\Programme\Norton Internet Security\NISUM.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\AVPersonal\AVGUARD.EXE C:\WINDOWS\System32\CAPRPCSK.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Norton Internet Security\ccPxySvc.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\WINDOWS\htpatch.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\System32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Temp\Temporäres Verzeichnis 9 für hijackthis_198.zip\HijackThis.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\System32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/ F0 - system.ini: Shell= F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAPONN.EXE O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Canon LBP-800 Statusfönster.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab MfG Wolfgang |
|
|
||
10.07.2004, 18:54
Ehrenmitglied
Beiträge: 29434 |
#8
mark79
Wunderbar... ,) Jetzt lade noch den Firefox als Alternativbrowser...stelle eine Startseite ein und surfe nur mit ihm. http://www.firebird-browser.de/ und entscheide dich fuer einen Virenscanner...den anderen deaktiviere. MfG Sabina __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 10.07.2004 um 18:55 Uhr von Sabina editiert.
|
|
|
||
10.07.2004, 20:12
...neu hier
Themenstarter Beiträge: 4 |
#9
besten dank nochmal!
ach ja, sorry, hätte da nochwas... IE läuft da normal, spybot findet aber immer wieder u.a. DSO Exploit. Logfile of HijackThis v1.98.0 Scan saved at 20:06:52, on 10.07.2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\Programme\Norton Internet Security\NISUM.EXE C:\Programme\Norton Internet Security\ccPxySvc.exe C:\WINDOWS\System32\gearsec.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WFXSVC.EXE C:\Programme\Symantec\WinFax\WFXMOD32.EXE C:\WINDOWS\Explorer.EXE C:\Programme\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe C:\WINDOWS\Mixer.exe C:\Programme\Iomega\DriveIcons\ImgIcon.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\System32\wfxsnt40.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe C:\Programme\Gemeinsame Dateien\Nokia\Tools\NclTray.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\QuickTime\qttask.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\EinAus.exe C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe C:\Programme\WinRAR\WinRAR.exe C:\WINDOWS\System32\wuauclt.exe C:\DOKUME~1\Wolfgang\LOKALE~1\Temp\Rar$EX00.969\HijackThis.exe F0 - system.ini: Shell= F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [HP Lamp] "C:\Programme\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe" O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] C:\Programme\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe" O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programme\Gemeinsame Dateien\Nokia\Tools\NclTray.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: EinAus.lnk = C:\EinAus.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file) O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file) O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file) O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROProj.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://01.sharedsource.org/html/UDConn_5.2.0.8.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://axis.retea.se/activex/AxisCamControl.ocx O16 - DPF: {CAA9A7B8-5D54-4D74-B135-CAC498364EB4} (GIS2 WebGISLight Viewer) - http://www.austrianmap.at/bevportal/webgislight.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify305.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll O18 - Protocol: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\msero.dll MfG Wolfgang |
|
|
||
10.07.2004, 21:43
...neu hier
Beiträge: 6 |
#10
Hi. Hier das Endlog vom Scann durch mwav.exe
habe schritt für schritt befolgt, trete aber irgentwie auf der stelle.... Sat Jul 10 21:35:19 2004 => ********************************************************** Sat Jul 10 21:35:19 2004 => eScan AntiVirus Toolkit Utility. Sat Jul 10 21:35:19 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc. Sat Jul 10 21:35:19 2004 => ********************************************************** Sat Jul 10 21:35:19 2004 => Version 4.2.6 Sat Jul 10 21:35:19 2004 => Log File: C:\DOKUME~1\Jens\LOKALE~1\Temp\mwav.log Sat Jul 10 21:35:19 2004 => Latest Date of files inside MWAV: 09 Jul 2004 12:06:55. Sat Jul 10 21:35:19 2004 => AV Library Loaded... Sat Jul 10 21:35:19 2004 => Scanning File C:\DOKUME~1\Jens\LOKALE~1\Temp\kavss.exe Sat Jul 10 21:35:19 2004 => Scanning File C:\DOKUME~1\Jens\LOKALE~1\Temp\Getvlist.exe Sat Jul 10 21:35:19 2004 => Scanning File C:\DOKUME~1\Jens\LOKALE~1\Temp\kavss.dll Sat Jul 10 21:35:20 2004 => Scanning File C:\DOKUME~1\Jens\LOKALE~1\Temp\kavssdi.dll Sat Jul 10 21:35:20 2004 => Scanning File C:\DOKUME~1\Jens\LOKALE~1\Temp\kavssi.dll Sat Jul 10 21:35:20 2004 => Scanning File C:\DOKUME~1\Jens\LOKALE~1\Temp\kavvlg.dll Sat Jul 10 21:35:20 2004 => Scanning File C:\DOKUME~1\Jens\LOKALE~1\Temp\msvlclnt.dll Sat Jul 10 21:35:20 2004 => Scanning File C:\DOKUME~1\Jens\LOKALE~1\Temp\ipc.dll Sat Jul 10 21:35:20 2004 => Scanning File C:\DOKUME~1\Jens\LOKALE~1\Temp\main.avi Sat Jul 10 21:35:20 2004 => Scanning File C:\DOKUME~1\Jens\LOKALE~1\Temp\virus.avi Sat Jul 10 21:35:20 2004 => Virus Database Date: 2004/07/09 Sat Jul 10 21:35:20 2004 => Virus Database Count: 96426 Sat Jul 10 21:36:05 2004 => ********************************************************** Sat Jul 10 21:36:05 2004 => eScan AntiVirus Toolkit Utility. Sat Jul 10 21:36:05 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc. Sat Jul 10 21:36:05 2004 => Sat Jul 10 21:36:05 2004 => Support: support@mwti.net Sat Jul 10 21:36:05 2004 => Web: http://www.mwti.net Sat Jul 10 21:36:05 2004 => ********************************************************** Sat Jul 10 21:36:05 2004 => Version 4.2.6 Sat Jul 10 21:36:05 2004 => Log File: C:\DOKUME~1\Jens\LOKALE~1\Temp\mwav.log Sat Jul 10 21:36:05 2004 => Latest Date of files inside MWAV: 09 Jul 2004 12:06:55. Sat Jul 10 21:36:05 2004 => Options Selected by User: Sat Jul 10 21:36:05 2004 => Memory Check: Enabled Sat Jul 10 21:36:05 2004 => Registry Check: Enabled Sat Jul 10 21:36:05 2004 => StartUp Folder Check: Enabled Sat Jul 10 21:36:05 2004 => System Folder Check: Disabled Sat Jul 10 21:36:05 2004 => System Area Check: Disabled Sat Jul 10 21:36:05 2004 => Services Check: Enabled Sat Jul 10 21:36:05 2004 => Drive Check Option Disabled Sat Jul 10 21:36:05 2004 => Scanning Type: Scan And Clean Sat Jul 10 21:36:05 2004 => Folder Check: Disabled Sat Jul 10 21:36:05 2004 => ***** Scanning Memory Files ***** Sat Jul 10 21:36:05 2004 => Scanning File C:\WINDOWS\system32\services.exe Sat Jul 10 21:36:05 2004 => Scanning File C:\WINDOWS\system32\lsass.exe Sat Jul 10 21:36:05 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Sat Jul 10 21:36:05 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:05 2004 => Scanning File C:\WINDOWS\system32\spoolsv.exe Sat Jul 10 21:36:05 2004 => Scanning File C:\WINDOWS\Explorer.EXE Sat Jul 10 21:36:05 2004 => Scanning File C:\Programme\AVPersonal\AVGUARD.EXE Sat Jul 10 21:36:05 2004 => Scanning File C:\Programme\AVPersonal\AVWUPSRV.EXE Sat Jul 10 21:36:06 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\MICROS~1\VS7Debug\mdm.exe Sat Jul 10 21:36:06 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:06 2004 => Scanning File C:\WINDOWS\system32\ZoneLabs\vsmon.exe Sat Jul 10 21:36:06 2004 => Scanning File C:\WINDOWS\System32\RunDll32.exe Sat Jul 10 21:36:06 2004 => Scanning File C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe Sat Jul 10 21:36:06 2004 => Scanning File C:\WINDOWS\System32\sistray.EXE Sat Jul 10 21:36:06 2004 => Scanning File C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe Sat Jul 10 21:36:06 2004 => Scanning File C:\WINDOWS\System32\ctfmon.exe Sat Jul 10 21:36:06 2004 => Scanning File C:\Programme\Messenger\msmsgs.exe Sat Jul 10 21:36:06 2004 => Scanning File F:\DATEIE~1\download\mo\MOZILL~1.8A1\mozilla\mozilla.exe Sat Jul 10 21:36:07 2004 => Scanning File C:\WINDOWS\regedit.exe Sat Jul 10 21:36:07 2004 => Scanning File C:\DOKUME~1\Jens\LOKALE~1\Temp\mwavscan.com Sat Jul 10 21:36:07 2004 => Scanning File C:\DOKUME~1\Jens\LOKALE~1\Temp\kavss.exe Sat Jul 10 21:36:07 2004 => ***** Scanning Registry Files ***** Sat Jul 10 21:36:07 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Sat Jul 10 21:36:07 2004 => Scanning File C:\WINDOWS\Explorer.exe Sat Jul 10 21:36:07 2004 => Scanning File C:\WINDOWS\system32\userinit.exe Sat Jul 10 21:36:07 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Sat Jul 10 21:36:07 2004 => Scanning File C:\WINDOWS\system32\RunDll32.exe Sat Jul 10 21:36:07 2004 => Scanning File C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe Sat Jul 10 21:36:07 2004 => Scanning File C:\WINDOWS\System32\sistray.EXE Sat Jul 10 21:36:07 2004 => Scanning File C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe Sat Jul 10 21:36:07 2004 => Scanning File C:\WINDOWS\System32\winupd.exe Sat Jul 10 21:36:07 2004 => File C:\WINDOWS\System32\winupd.exe infected by "TrojanDropper.Win32.Small.ig" Virus. Action Taken: File Deleted. Sat Jul 10 21:36:08 2004 => *** SOFTWARE\Microsoft\Windows\CurrentVersion\Run has RunningProcess defined as C:\WINDOWS\System32\winupd.exe (which is infected)! Sat Jul 10 21:36:08 2004 => *** Reg Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupd deleted because it is infected by a Virus Sat Jul 10 21:36:08 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Sat Jul 10 21:36:08 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx Sat Jul 10 21:36:08 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Sat Jul 10 21:36:08 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\ctfmon.exe Sat Jul 10 21:36:08 2004 => Scanning File C:\Programme\Messenger\msmsgs.exe Sat Jul 10 21:36:08 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Sat Jul 10 21:36:08 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx Sat Jul 10 21:36:08 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Sat Jul 10 21:36:08 2004 => Scanning HKCR\txtfile\shell\open\command Sat Jul 10 21:36:08 2004 => Scanning HKCR\comfile\shell\open\command Sat Jul 10 21:36:08 2004 => Scanning HKCR\exefile\shell\open\command Sat Jul 10 21:36:08 2004 => Scanning HKCR\dllfile\shell\open\command Sat Jul 10 21:36:08 2004 => Scanning HKCR\batfile\shell\open\command Sat Jul 10 21:36:08 2004 => Scanning HKCR\piffile\shell\open\command Sat Jul 10 21:36:08 2004 => Scanning HKCR\scrfile\shell\open\command Sat Jul 10 21:36:08 2004 => Scanning HKCR\scrfile\shell\config\command Sat Jul 10 21:36:08 2004 => Scanning HKCR\regfile\shell\open\command Sat Jul 10 21:36:08 2004 => ***** Scanning StartUp Folders ***** Sat Jul 10 21:36:08 2004 => ***** Scanning C:\Dokumente und Einstellungen\Jens\Startmenü\Programme\Zubehör\Autostart Folder ***** Sat Jul 10 21:36:08 2004 => Scanning Folder: C:\Dokumente und Einstellungen\Jens\Startmenü\Programme\Zubehör\Autostart\*.* Sat Jul 10 21:36:08 2004 => Scanning File C:\Dokumente und Einstellungen\Jens\Startmenü\Programme\Zubehör\Autostart\desktop.ini Sat Jul 10 21:36:08 2004 => ***** Scanning C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Folder ***** Sat Jul 10 21:36:08 2004 => Scanning Folder: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\*.* Sat Jul 10 21:36:08 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini Sat Jul 10 21:36:08 2004 => ***** Scanning Service Files ***** Sat Jul 10 21:36:08 2004 => Scanning HKLM\SYSTEM\CurrentControlSet\Services Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ACPI.sys Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\drivers\aec.sys Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\drivers\afd.sys Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\alg.exe Sat Jul 10 21:36:08 2004 => Scanning File C:\Programme\AVPersonal\AVGUARD.EXE Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\asyncmac.sys Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atapi.sys Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atmarpc.sys Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\audstub.sys Sat Jul 10 21:36:08 2004 => Scanning File C:\PROGRAMME\AVPERSONAL\AVGNTDD.SYS Sat Jul 10 21:36:08 2004 => Scanning File C:\Programme\AVPersonal\AVWUPSRV.EXE Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\cdrom.sys Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\cisvc.exe Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\system32\clipsrv.exe Sat Jul 10 21:36:08 2004 => Scanning File C:\WINDOWS\System32\drivers\cmuda.sys Sat Jul 10 21:36:09 2004 => Scanning File C:\WINDOWS\System32\dllhost.exe Sat Jul 10 21:36:09 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Sat Jul 10 21:36:09 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:09 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\DISDN\capi20.sys Sat Jul 10 21:36:09 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\DISDN\dimaint.sys Sat Jul 10 21:36:09 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\disk.sys Sat Jul 10 21:36:09 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\DISDN\Diwan.sys Sat Jul 10 21:36:09 2004 => Scanning File C:\WINDOWS\System32\dmadmin.exe Sat Jul 10 21:36:09 2004 => Scanning File C:\WINDOWS\System32\drivers\dmboot.sys Sat Jul 10 21:36:09 2004 => Scanning File C:\WINDOWS\System32\drivers\dmio.sys Sat Jul 10 21:36:09 2004 => Scanning File C:\WINDOWS\System32\drivers\dmload.sys Sat Jul 10 21:36:09 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:09 2004 => Scanning File C:\WINDOWS\System32\drivers\DMusic.sys Sat Jul 10 21:36:09 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\drivers\drmkaud.sys Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\system32\services.exe Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\fdc.sys Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\flpydisk.sys Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ftdisk.sys Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\gameenum.sys Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\msgpc.sys Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\hidusb.sys Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\i8042prt.sys Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\imapi.exe Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipinip.sys Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipnat.sys Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipsec.sys Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\irenum.sys Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\isapnp.sys Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\kbdclass.sys Sat Jul 10 21:36:10 2004 => Scanning File C:\WINDOWS\System32\drivers\kmixer.sys Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:11 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\MICROS~1\VS7Debug\mdm.exe Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\mnmsrvc.exe Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mouclass.sys Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mouhid.sys Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxdav.sys Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxsmb.sys Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\msdtc.exe Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\msiexec.exe Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\drivers\MSKSSRV.sys Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\drivers\MSPCLOCK.sys Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\drivers\MSPQM.sys Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\drivers\msmpu401.sys Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndistapi.sys Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndisuio.sys Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndiswan.sys Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\netbios.sys Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\netbt.sys Sat Jul 10 21:36:11 2004 => Scanning File C:\WINDOWS\system32\netdde.exe Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\system32\netdde.exe Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\lsass.exe Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\lsass.exe Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\parport.sys Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\pci.sys Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\pciide.sys Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\system32\services.exe Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\lsass.exe Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspptp.sys Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\processr.sys Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\system32\lsass.exe Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\psched.sys Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ptilink.sys Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rasacd.sys Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rasl2tp.sys Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspppoe.sys Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspti.sys Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rdbss.sys Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\RDPCDD.sys Sat Jul 10 21:36:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rdpdr.sys Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\system32\sessmgr.exe Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\redbook.sys Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\locator.exe Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\rsvp.exe Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\system32\lsass.exe Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\SCardSvr.exe Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\SCardSvr.exe Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\secdrv.sys Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\serenum.sys Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\Ser*hier nicht!*.sys Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\sisgrp.sys Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\SISAGPX.sys Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\drivers\srvkp.sys Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\sisnic.sys Sat Jul 10 21:36:13 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\drivers\splitter.sys Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\system32\spoolsv.exe Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\sr.sys Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\srv.sys Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\swenum.sys Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\drivers\swmidi.sys Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\dllhost.exe Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\drivers\sysaudio.sys Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\system32\smlogsvc.exe Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\tcpip.sys Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\termdd.sys Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\tlntsvr.exe Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\update.sys Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:14 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:15 2004 => Scanning File C:\WINDOWS\System32\ups.exe Sat Jul 10 21:36:15 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbhub.sys Sat Jul 10 21:36:15 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbohci.sys Sat Jul 10 21:36:15 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbscan.sys Sat Jul 10 21:36:15 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS Sat Jul 10 21:36:15 2004 => Scanning File C:\WINDOWS\System32\drivers\vga.sys Sat Jul 10 21:36:15 2004 => Scanning File C:\WINDOWS\SYSTEM32\VSDATANT.SYS Sat Jul 10 21:36:15 2004 => Scanning File C:\WINDOWS\system32\ZoneLabs\vsmon.exe Sat Jul 10 21:36:15 2004 => Scanning File C:\WINDOWS\System32\vssvc.exe Sat Jul 10 21:36:15 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:15 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\wanarp.sys Sat Jul 10 21:36:15 2004 => Scanning File C:\WINDOWS\System32\drivers\wdmaud.sys Sat Jul 10 21:36:15 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:15 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Sat Jul 10 21:36:16 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:16 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:16 2004 => Scanning File C:\WINDOWS\System32\wbem\wmiapsrv.exe Sat Jul 10 21:36:16 2004 => Scanning File C:\WINDOWS\system32\svchost.exe Sat Jul 10 21:36:16 2004 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Jul 10 21:36:16 2004 => ***** Scanning Important System Files ***** Sat Jul 10 21:36:16 2004 => Scanning File C:\WINDOWS\System32\winsock.dll Sat Jul 10 21:36:16 2004 => Scanning File C:\WINDOWS\System32\ws2help.dll Sat Jul 10 21:36:16 2004 => Scanning File C:\WINDOWS\System32\ws2_32.dll Sat Jul 10 21:36:16 2004 => Scanning File C:\WINDOWS\System32\wscript.exe Sat Jul 10 21:36:16 2004 => Scanning File C:\WINDOWS\System32\wsecedit.dll Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\System32\wshatm.dll Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\System32\wshcon.dll Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\System32\wshde.dll Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\System32\wshext.dll Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\System32\wship6.dll Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\System32\wshisn.dll Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\System32\wshnetbs.dll Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\System32\wshom.ocx Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\System32\WshRm.dll Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\System32\wshtcpip.dll Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\System32\wsnmp32.dll Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\System32\wsock32.dll Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\System32\wstdecod.dll Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\dl.html [**] Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\dlm.html [**] Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\explorer.exe Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\explorer.scf Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\NOTEPAD.EXE Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\System32\notepad.exe Sat Jul 10 21:36:17 2004 => Scanning File C:\WINDOWS\System32\cmd.exe Sat Jul 10 21:36:18 2004 => Scanning File C:\WINDOWS\System32\kernel32.dll Sat Jul 10 21:36:18 2004 => Scanning File C:\WINDOWS\System32\ntoskrnl.exe Sat Jul 10 21:36:18 2004 => Scanning File C:\WINDOWS\System32\ntkrnlpa.exe Sat Jul 10 21:36:18 2004 => Scanning File C:\WINDOWS\System32\hal.dll Sat Jul 10 21:36:18 2004 => Scanning File C:\WINDOWS\System32\win32k.sys Sat Jul 10 21:36:18 2004 => Scanning File C:\WINDOWS\System32\ntdll.dll Sat Jul 10 21:36:18 2004 => Scanning File C:\WINDOWS\System32\advapi32.dll Sat Jul 10 21:36:18 2004 => Scanning File C:\WINDOWS\System32\user32.dll Sat Jul 10 21:36:18 2004 => Scanning File C:\WINDOWS\System32\gdi32.dll Sat Jul 10 21:36:18 2004 => Scanning File C:\WINDOWS\System32\bootvid.dll Sat Jul 10 21:36:18 2004 => Scanning File C:\WINDOWS\System32\command.com Sat Jul 10 21:36:19 2004 => ***** Checking for specific ITW Viruses ***** Sat Jul 10 21:36:19 2004 => Checking for Welchia Virus... Sat Jul 10 21:36:19 2004 => Checking for LovGate Virus... Sat Jul 10 21:36:19 2004 => Checking for CodeRed Virus... Sat Jul 10 21:36:19 2004 => Checking for OpaServ Virus... Sat Jul 10 21:36:19 2004 => Checking for Sobig.e Virus... Sat Jul 10 21:36:19 2004 => Checking for Winupie Virus... Sat Jul 10 21:36:19 2004 => Checking for Swen Virus... Sat Jul 10 21:36:19 2004 => Checking for JS.Fortnight Virus... Sat Jul 10 21:36:19 2004 => Checking for Novarg Virus... Sat Jul 10 21:36:19 2004 => Checking for Pagabot Virus... Sat Jul 10 21:36:19 2004 => ***** Scanning complete. ***** Sat Jul 10 21:36:19 2004 => Total Number of Files Scanned: 238 Sat Jul 10 21:36:19 2004 => Total Number of Virus(es) Found: 1 Sat Jul 10 21:36:19 2004 => Total Number of Disinfected Files: 0 Sat Jul 10 21:36:19 2004 => Total Number of Files Renamed: 0 Sat Jul 10 21:36:19 2004 => Total Number of Deleted Files: 1 Sat Jul 10 21:36:19 2004 => Total Number of Errors: 0 Sat Jul 10 21:36:19 2004 => Time Elapsed: 00:00:13 Sat Jul 10 21:36:19 2004 => Virus Database Date: 2004/07/09 Sat Jul 10 21:36:19 2004 => Virus Database Count: 96426 Sat Jul 10 21:36:19 2004 => Scan Completed. Sat Jul 10 21:40:08 2004 => Virus Database Date: 2004/07/09 Sat Jul 10 21:40:08 2004 => Virus Database Count: 96426 |
|
|
||
11.07.2004, 14:36
Ehrenmitglied
Beiträge: 29434 |
#11
mark79
die Exploids von Spybot sind ein Bug...ein Fehler...also keine Sorgen machen. MfG Sabina __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 11.07.2004 um 14:42 Uhr von Sabina editiert.
|
|
|
||
11.07.2004, 14:45
Ehrenmitglied
Beiträge: 29434 |
#12
@Jens0123
Logfile of HijackThis v1.97.7 Scan saved at 21:46:42, on 10.07.2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\RunDll32.exe C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\System32\sistray.EXE C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe F:\Dateien von Jens\download\mo\mozilla-win32-1.8a1-de-AT\mozilla\mozilla.exe C:\WINDOWS\regedit.exe C:\DOKUME~1\Jens\LOKALE~1\Temp\mwavscan.com C:\DOKUME~1\Jens\LOKALE~1\Temp\kavss.exe F:\Dateien von Jens\download\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://weba.directwebsearch.net/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://weba.directwebsearch.net/search.html R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://weba.directwebsearch.net/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://weba.directwebsearch.net/index.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://weba.directwebsearch.net/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://weba.directwebsearch.net/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://weba.directwebsearch.net/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://weba.directwebsearch.net/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://weba.directwebsearch.net/search.html R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://weba.directwebsearch.net/search.html F1 - win.ini: run=C:\WINDOWS\system32\services\wmplayer.exe O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM) O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll und nu? ........................................................................................................................................ Jens0123 o.k. , ein Virus ist schon raus...jetzt mache folgendes Fixe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://weba.directwebsearch.net/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://weba.directwebsearch.net/search.html R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://weba.directwebsearch.net/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://weba.directwebsearch.net/index.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://weba.directwebsearch.net/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://weba.directwebsearch.net/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://weba.directwebsearch.net/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://weba.directwebsearch.net/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://weba.directwebsearch.net/search.html R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://weba.directwebsearch.net/search.html R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://weba.directwebsearch.net/search.html F1 - win.ini: run=C:\WINDOWS\system32\services\wmplayer.exe NEUSTARTEN UND IN DEN ABGESICHERTEN MODUS GEHEN http://www.bsi.de/av/texte/winsave.htm #Konfiguriere Antivirus-Einstellungen : Automatischen Scan stoppen, Einstellungen hochschrauben (Suchen: ALLE DATEIN, Reperatur: OHNE RÜCKFRAGEN, Löschen bei fehlgeschlagener Reperatur: LÖSCHEN OHNE RÜCKFRAGEN, Unerwünschte Programme: ALLE ausser spiele, Heuristik: Win32 Heuristik Priorität hoch) scanne mit deinem Antivirus !!!!! #loesche C:\WINDOWS\system32\services\wmplayer.exe #gehe in die Registry Start<Ausfuehren<regedit HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL loesche diesen Eintrag:http://weba.directwebsearch. suche dann noch nach anderen Eintraegen vom Hijacker (siehe R1-Eintraege) neustarten #Loesche unter InternetOptionen die TemporaryInternetfiles und stelle eine neue Startseite ein. Dann poste das Log noch mal. MfG Sabina __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 11.07.2004 um 15:10 Uhr von Sabina editiert.
|
|
|
||
11.07.2004, 21:14
...neu hier
Beiträge: 6 |
#13
Aktuell:
Logfile of HijackThis v1.97.7 Scan saved at 21:13:06, on 11.07.2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\RunDll32.exe C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\System32\sistray.EXE C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\PROGRA~1\DAP\DAP.EXE C:\WINDOWS\System32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe F:\Dateien von Jens\download\HijackThis.exe O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Programme\DAP\DAPBHO.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Programme\DAP\DAPIEBar.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM) O9 - Extra button: Run DAP (HKLM) O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38179.1470717593 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab |
|
|
||
11.07.2004, 23:10
Ehrenmitglied
Beiträge: 29434 |
#14
Jens0123
Auch wenn du im IE keine Startseite eingestellt hast...denke ich, dass nun alles sauber ist. #der Antivirus hat einen Guard C:\Programme\AVPersonal\AVGUARD.EXE unter \Optionen \einstellen und dann muss der \aufgespannte Regenschirm \in der Tasklieiste erscheinen . #aktualisiere den IE auf IE 6 SP1 http://www.microsoft.com/windows/ie_intl/de/ie6sp1.mspx #mache die WindowsUpdates, wenigstens alle bis auf Systempack 1 ......falls du das nicht kannst ..... #Lade Firefox als Alternetivbrowser...ist sicherer http://www.firebird-browser.de/ Gruss Sabina __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 11.07.2004 um 23:16 Uhr von Sabina editiert.
|
|
|
||
12.07.2004, 19:45
...neu hier
Beiträge: 6 |
#15
Sabina, wenn ich Windows starte, will mein Rechner automatisch Verbindung zum Internet herstellen.
Logfile of HijackThis v1.97.7 Scan saved at 19:41:58, on 12.07.2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\RunDll32.exe C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\System32\sistray.EXE C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\PROGRA~1\DAP\DAP.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\System32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe F:\Dateien von Jens\download\mo\mozilla-win32-1.8a1-de-AT\mozilla\mozilla.exe C:\Programme\Microsoft Office\Office10\OUTLOOK.EXE C:\Programme\Microsoft Office\Office10\WINWORD.EXE F:\Dateien von Jens\download\HijackThis.exe O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Programme\DAP\DAPBHO.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Programme\DAP\DAPIEBar.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM) O9 - Extra button: Run DAP (HKLM) O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38179.1470717593 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3473BC2E-BD34-4FE3-BDE2-69B84DD1F107}: NameServer = 195.50.140.250 145.253.2.203 |
|
|
||
kann jemand helfen?
MfG
Wolfgang
Logfile of HijackThis v1.98.0
Scan saved at 20:42:28, on 09.07.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Norton Internet Security\ccPxySvc.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\CAPRPCSK.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Dokumente und Einstellungen\Wolfgang\Lokale Einstellungen\Temp\Temporäres Verzeichnis 2 für hijackthis_198.zip\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {85CBFDE0-B26B-4EE5-BD3C-4DE111DE763E} - C:\WINDOWS\System32\winnet.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F687BCAC-761B-452D-BB39-CD805D453928} - C:\WINDOWS\System32\mfplay.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\spydoctor.exe" /Q
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Canon LBP-800 Statusfönster.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\nosuch.mht!http://195.225.177.8/count/chm/cool.chm::/cool.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Filter: text/html - {EE219200-2288-4E9F-A22A-7D89136C5ECA} - C:\WINDOWS\System32\mfplay.dll
O18 - Filter: text/plain - {EE219200-2288-4E9F-A22A-7D89136C5ECA} - C:\WINDOWS\System32\mfplay.dll
O21 - SSODL: System - {0667452E-10DB-4F4F-B325-EFF3C243FEC4} - C:\WINDOWS\system32\system32.dll