System32\connmie.exe - im Spyware Hilfe von der Protecus Community" />
Pop-Ups -->AdWare.FindSpy.a"->System32\connmie.exe |
||
---|---|---|
#0
| ||
03.03.2005, 10:28
...neu hier
Beiträge: 10 |
||
|
||
03.03.2005, 15:26
Ehrenmitglied
Beiträge: 29434 |
#2
Hallo@JayWood
Please download DllCompare from here http://www.atribune.org/downloads/DllCompare.exe <klick: Locate.com button. wenn der Scan beendet ist <klick:Compare button <klick: und erstelle das Log--->bitte posten Lade silentrunners http://www.silentrunners.org/sr_download.html Click here to download a zip file hier die Erklaerung--> http://www.silentrunners.org/sr_scriptuse.html klicke: output file is in text format. --> Doppelklick und es oeffnet sich der Editor--> und poste alles, was angezeigt wird. es muesste eine dll angezeigt werden, die dann unbedingt auch geloescht werden muss ! Zitat Beispiel:Lade: FindIt.zip- http://bilder.informationsarchiv.net/Nikitas_Tools/ Lade, entpacke und klicke auf: "find.bat" [ignoriere : File not found messages] <DOS oeffnet sich -->warte den Scan ab --> es oeffnet sich der Texteditor --> und poste den Text von output.txt. _________________________________ •KillBox http://www.bleepingcomputer.com/files/killbox.php •Delete File on Reboot <--anhaken C:\WINNT\System32\sysobj.exe C:\WINNT\System32\opensdl.exe C:\WINNT\System32\sprmover.exe C:\WINNT\System32\connmie.exe <---AdWare.FindSpy.a" C:\WINNT\System32\truettf.exe <---Spyware/AdClicker C:\WINNT\System32\dxconf.exe und klick auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" PC neustarten scanne im abgesicherten Modus mit a2 http://download6.emsisoft.com/a2freesetup.exe •eScan-Erkennungstool eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich: http://www.mwti.net/antivirus/free_utilities.asp oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche kavupd.exe, die klickst du an--> (Update- in DOS) ausführen -->mwav.exe oeffnen-->alle Haekchen setzen-->scannen-->View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben und nun alles rauskopieren, was angezeigt wird--> ____________________________________________________________ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
04.03.2005, 14:51
...neu hier
Themenstarter Beiträge: 10 |
#3
Ich bedanke mich, Sabina!
Deine Liste habe ich abgearbeitet und die infizierten Dateien per Killbox gelöscht. Ein erneuter Scan brachte keine erneuten negativen Ergebnisse. Alle relevanten Logs sowie das aktuelle hijackthis-Log habe ich drunterstehend einkopiert. Ich hoffe, keine Lump kann etwas mit dem Posting anfangen. Ansonsten wäre ich Dir/Euch sehr verbunden, wenn meine Logs gelöscht würden - Danke! Sollten noch Bedenken bestehen, würde ich mich über eine weitere Nachricht freuen. Wenn alles okay scheint natürlich auch ;-) Grüße von hier, Ciao- JayWood DLLCompare-Log * DLLCompare Log version(1.0.0.127) Files Found that Windows does not See or cannot Access *Not everything listed here means you are infected! ________________________________________________ O^E says: "There were no files found " ________________________________________________ 1.076 items found: 1.076 files, 0 directories. Total of file sizes: 192.208.054 bytes 183,30 M Administrator Account = True --------------------End log--------------------- Findit Warning! This utility will find legitimate files in addition to malware. Do not remove anything unless you are sure you know what you're doing. ------- System Files in System32 Directory ------- Datentr„ger in Laufwerk C: ist Laufwerk_C Datentr„gernummer: 7443-56E1 Verzeichnis von C:\WINNT\System32 02.03.2005 18:32 <DIR> dllcache 26.02.2005 21:07 32 {B0B2F7BA-6E57-4117-BE2F-A9DCA9D6E5E2}.dat 26.02.2005 21:06 32 {5EF0A9CE-BFAE-42A2-85A1-B81F7C59EC5B}.dat 14.02.2005 20:20 32 {9F57EC8D-06BE-4D09-8101-E7033BD9A94A}.dat 14.02.2005 20:10 32 {3768DF7A-1E79-4DCE-AD7E-E0B6F6D56F5A}.dat 14.02.2005 20:06 32 {F870DF35-8D1E-41AE-B7EB-2835264C2BE5}.dat 5 Datei(en) 160 Bytes 1 Verzeichnis(se), 1.201.774.592 Bytes frei ------- Hidden Files in System32 Directory ------- Datentr„ger in Laufwerk C: ist Laufwerk_C Datentr„gernummer: 7443-56E1 Verzeichnis von C:\WINNT\System32 03.03.2005 19:15 24.441 FFASTLOG.TXT 02.03.2005 18:32 <DIR> dllcache 26.02.2005 21:07 32 {B0B2F7BA-6E57-4117-BE2F-A9DCA9D6E5E2}.dat 26.02.2005 21:06 32 {5EF0A9CE-BFAE-42A2-85A1-B81F7C59EC5B}.dat 14.02.2005 20:20 32 {9F57EC8D-06BE-4D09-8101-E7033BD9A94A}.dat 14.02.2005 20:10 32 {3768DF7A-1E79-4DCE-AD7E-E0B6F6D56F5A}.dat 14.02.2005 20:06 32 {F870DF35-8D1E-41AE-B7EB-2835264C2BE5}.dat 06.05.2003 16:43 <DIR> GroupPolicy 06.05.2003 16:37 271 desktop.ini 06.05.2003 16:37 21.817 folder.htt 8 Datei(en) 46.689 Bytes 2 Verzeichnis(se), 1.201.766.400 Bytes frei ---------- Files Named "Guard" ------------- Datentr„ger in Laufwerk C: ist Laufwerk_C Datentr„gernummer: 7443-56E1 Verzeichnis von C:\WINNT\System32 --------- Temp Files in System32 Directory -------- Datentr„ger in Laufwerk C: ist Laufwerk_C Datentr„gernummer: 7443-56E1 Verzeichnis von C:\WINNT\System32 10.12.1999 13:00 325.904 OLD47F.tmp 10.12.1999 13:00 2.951 CONFIG.TMP 2 Datei(en) 328.855 Bytes 0 Verzeichnis(se), 1.201.766.400 Bytes frei ---------------- User Agent ------------ REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "DT"=................. ------------ Keys Under Notify ------------ REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,72,79,70,74,33,32,2e,64,6c,6c,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,72,79,70,74,6e,65,74,2e,64,6c,6c,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,63,6c,67,6e,74,66,79,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ---------------- Xfind Results ----------------- Der Befehl "Xfind" ist entweder falsch geschrieben oder konnte nicht gefunden werden. -------------- Locate.com Results --------------- Silentrunners "Silent Runners.vbs", revision 32, http://www.silentrunners.org/ Operating System: Windows 2000 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "internat.exe" = "internat.exe" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Synchronization Manager" = "mobsync.exe /logon" [MS] "C-Media Mixer" = "C:\Programme\PCI Audio Applications\Mixer.exe /startup" ["C-Media Electronic Inc."] "NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS] "HotKey" = "C:\WINNT\Twain_32\FlatBed\HotKey.exe" ["Primax Electronics Ltd."] "NeroCheck" = "C:\WINNT\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "HPDJ Taskbar Utility" = "C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe" ["HP"] "Share-to-Web Namespace Daemon" = "C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" ["Hewlett-Packard"] "T-DSL SpeedMgr" = ""C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"" ["T-Systems Nova, Berkom"] Zitat "sysobj.exe" = "sysobj.exe" [null data]"ccApp" = ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"" ["Symantec Corporation"] "ccRegVfy" = ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"" ["Symantec Corporation"] "Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" ["Symantec Corporation"] Zitat "sprmover.exe" = "sprmover.exe" [null data]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx" [empty string] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] Zitat {7D15124F-0858-4033-9D28-2AAADC56B0C3}\(Default) = "Name" [from CLSID]data] {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {CLSID}\InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{3779D068-8AA6-11d2-B8FF-0080C84D9C69}" = "WinFast Information Property Sheet 2000" -> {CLSID}\InProcServer32\(Default) = "WF2KCPL.DLL" ["Leadtek Research Inc."] Startup items in "jaywood" & "All Users" startup folders: --------------------------------------------------------- C:\Dokumente und Einstellungen\jaywood\Startmenü\Programme\Autostart "WinMySQLadmin" -> shortcut to: "C:\mysql\bin\winmysqladmin.exe" ["MySQL AB"] C:\Dokumente und Einstellungen\All Users.WINNT\Startmenü\Programme\Autostart "Acrobat Assistant" -> shortcut to: "C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe" ["Adobe Systems Inc."] "Adobe Gamma Loader" -> shortcut to: "C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] "Microsoft-Indexerstellung" -> shortcut to: "C:\Programme\Microsoft Office\Office\FINDFAST.EXE" [MS] "Office-Start" -> shortcut to: "C:\Programme\Microsoft Office\Office\OSA.EXE -b" [MS] "WinZip Quick Pick" -> shortcut to: "C:\Programme\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc."] Enabled Scheduled Tasks: ------------------------ "Norton AntiVirus - Meinen Computer prüfen" -> launches: "C:\PROGRA~1\NORTON~1\NAVW32.exe /task:C:\DOKUME~1\ALLUSE~1.WIN\ANWEND~1\Symantec\NORTON~2\Tasks\mycomp.sca" ["Symantec Corporation"] "Symantec NetDetect" -> launches: "C:\Programme\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Apache2, Apache2, ""F:\Entwuerfe\xampp\xampp\apache\bin\Apache.exe" -k runservice" ["Apache Software Foundation"] COM+-Ereignissystem, EventSystem, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\es.dll" [null data]} KAV Monitor Service, KAVMonitorService, ""C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe" /service" ["Kaspersky Labs."] Leadtek Driver Helper Service, nvSvc, "C:\WINNT\System32\nvsvc32.exe" ["NVIDIA Corporation"] MySql, MySql, "C:/mysql/bin/mysqld-nt.exe" [null data] Norton AntiVirus Auto-Protect-Dienst, navapsvc, ""C:\Programme\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"] Norton Internet Security Accounts Manager, NISUM, "C:\Programme\Norton Internet Security\NISUM.EXE" ["Symantec Corporation"] Sophos Anti-Virus Network, SweepNet, ""C:\Programme\Sophos SWEEP for NT\SWNETSUP.EXE"" ["Sophos Plc"] Symantec Event Manager, ccEvtMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"] Symantec Proxy Service, ccPxySvc, "C:\Programme\Norton Internet Security\ccPxySvc.exe" ["Symantec Corporation"] TSMService, TSMService, ""C:\Programme\T-DSL SpeedManager\tsmsvc.exe"" ["T-Systems Nova, Berkom"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 ---------- This report excludes default entries except where indicated. To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. ---------- Killbox c:\System32\sysobj.exe This file does not seem to exist C:\System32\opensdl.exe This file does not seem to exist C:\System32\sprmover.exe This file does not seem to exist C:\WINNT\System32\sysobj.exe This File could not be Deleted C:\WINNT\System32\sysobj.exe Delete on Reboot C:\WINNT\System32\opensdl.exe Delete on Reboot C:\WINNT\System32\sprmover.exe Delete on Reboot C:\WINNT\System32\connmie.exe Delete on Reboot C:\WINNT\System32\truettf.exe Delete on Reboot C:\WINNT\System32\dxconf.exe Delete on Reboot C:\WINNT\System32\mskxw.dll Delete on Reboot C:\WINNT\System32\mskxw.dll Delete on Reboot C:\WINNT\System32\ctbasxt.exe Delete on Reboot C:\WINNT\System32\hdmrp.dll Delete on Reboot C:\WINNT\System32\iecustme.exe Delete on Reboot C:\WINNT\System32\iecustom32.dll Delete on Reboot C:\WINNT\System32\mxbkup.exe Delete on Reboot C:\WINNT\System32\TFTP2600 Delete on Reboot C:\DOKUME~1\jaywood\LOKALE~1\Temp\backups\backup-20050224-143020-412.dll Delete on Reboot C:\DOKUME~1\jaywood\LOKALE~1\Temp\backups\backup-20050224-145023-814.dll Delete on Reboot C:\DOKUME~1\jaywood\LOKALE~1\Temp\backups\backup-20050224-153756-938.dll Delete on Reboot C:\DOKUME~1\jaywood\LOKALE~1\Temp\backups\backup-20050224-220315-417.dll Delete on Reboot C:\Dokumente und Einstellungen\jaywood\Lokale Einstellungen\Temp\backups\backup-20050224-143020-412.dll Delete on Reboot C:\Dokumente und Einstellungen\jaywood\Lokale Einstellungen\Temp\backups\backup-20050224-145023-814.dll Delete on Reboot C:\Dokumente und Einstellungen\jaywood\Lokale Einstellungen\Temp\backups\backup-20050224-153756-938.dll Delete on Reboot C:\Dokumente und Einstellungen\jaywood\Lokale Einstellungen\Temp\backups\backup-20050224-220315-417.dll Delete on Reboot C:\Programme\Norton AntiVirus\Quarantine\0F8D5712 Delete on Reboot C:\Programme\Norton AntiVirus\Quarantine\0FCB7055 Delete on Reboot C:\Programme\Norton AntiVirus\Quarantine\131C14AE Delete on Reboot C:\Programme\Norton AntiVirus\Quarantine\13AB4C10 Delete on Reboot C:\Programme\Norton AntiVirus\Quarantine\13D243E5 Delete on Reboot C:\Programme\Norton AntiVirus\Quarantine\13D66DE1 Delete on Reboot C:\Programme\Norton AntiVirus\Quarantine\14DB0E59 Delete on Reboot C:\Programme\Norton AntiVirus\Quarantine\19EA2A5C Delete on Reboot C:\Programme\Norton AntiVirus\Quarantine\3E8A0023 Delete on Reboot C:\Programme\Norton AntiVirus\Quarantine\423439B2 Delete on Reboot C:\Programme\Norton AntiVirus\Quarantine\4AB274B4 Delete on Reboot C:\Programme\Norton AntiVirus\Quarantine\55553511 Delete on Reboot C:\Programme\Norton AntiVirus\Quarantine\555B7655 Delete on Reboot C:\Programme\RegCleaner\Backups\Sfcman32.dll Delete on Reboot C:\WINNT\system32\ctbasxt.exe Delete on Reboot C:\WINNT\system32\hdmrp.dll Delete on Reboot C:\WINNT\system32\iecustme.exe Delete on Reboot C:\WINNT\system32\iecustom32.dll Delete on Reboot C:\WINNT\system32\mxbkup.exe Delete on Reboot C:\WINNT\system32\TFTP2600 Delete on Reboot Aktuelles hijackthis-Log Logfile of HijackThis v1.99.0 Scan saved at 14:51:43, on 04.03.2005 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\Programme\Norton Internet Security\NISUM.EXE F:\Entwuerfe\xampp\xampp\apache\bin\Apache.exe C:\Programme\Norton Internet Security\ccPxySvc.exe C:\WINNT\System32\svchost.exe C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe C:\mysql\bin\mysqld-nt.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\WINNT\System32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\Explorer.exe C:\WINNT\system32\MSTask.exe F:\Entwuerfe\xampp\xampp\apache\bin\Apache.exe C:\WINNT\system32\stisvc.exe C:\Programme\Sophos SWEEP for NT\SWNETSUP.EXE C:\Programme\PCI Audio Applications\Mixer.exe C:\WINNT\Twain_32\FlatBed\HotKey.exe C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Programme\T-DSL SpeedManager\SpeedMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\WINNT\System32\internat.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Programme\Microsoft Office\Office\FINDFAST.EXE C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Programme\Microsoft Office\Office\OSA.EXE C:\Programme\WinZip\WZQKPICK.EXE C:\mysql\bin\winmysqladmin.exe C:\Programme\T-DSL SpeedManager\tsmsvc.exe C:\WINNT\notepad.exe C:\WINNT\system32\ntvdm.exe C:\T-ONLINE\BSW3\ToDuCAlC.EXE C:\PROGRA~1\INTERN~1\IEXPLORE.EXE C:\Programme\Windows NT\Zubehör\WORDPAD.EXE C:\Programme\Windows NT\Zubehör\WORDPAD.EXE C:\Programme\Windows NT\Zubehör\WORDPAD.EXE C:\PROGRA~1\WINZIP\winzip32.exe C:\Dokumente und Einstellungen\jaywood\Lokale Einstellungen\Temp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jaywoods.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von T-Online O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [C-Media Mixer] C:\Programme\PCI Audio Applications\Mixer.exe /startup O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [HotKey] C:\WINNT\Twain_32\FlatBed\HotKey.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O12 - Plugin for .mid: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .mov: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .psd: C:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O12 - Plugin for .wav: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de O17 - HKLM\System\CCS\Services\Tcpip\..\{4ECE0EAB-C140-4CA6-B094-AB52A546410E}: NameServer = 217.237.150.225 217.237.150.141 O17 - HKLM\System\CS3\Services\Tcpip\..\{4ECE0EAB-C140-4CA6-B094-AB52A546410E}: NameServer = 217.237.150.225 217.237.150.141 O23 - Service: Apache2 - Apache Software Foundation - F:\Entwuerfe\xampp\xampp\apache\bin\Apache.exe O23 - Service: AVP Control Centre Service - Kaspersky Labs. - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Programme\Norton Internet Security\ccPxySvc.exe O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: KAV Monitor Service - Kaspersky Labs. - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe O23 - Service: MySql - Unknown - C:/mysql/bin/mysqld-nt.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Programme\Norton Internet Security\NISUM.EXE O23 - Service: Leadtek Driver Helper Service - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Sophos Anti-Virus Network - Sophos Plc - C:\Programme\Sophos SWEEP for NT\SWNETSUP.EXE O23 - Service: Sophos Anti-Virus - Sophos Plc - C:\Programme\Sophos SWEEP for NT\SWEEPSRV.SYS O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe Dieser Beitrag wurde am 04.03.2005 um 14:52 Uhr von JayWood editiert.
|
|
|
||
04.03.2005, 15:48
Ehrenmitglied
Beiträge: 29434 |
#4
Hallo@JayWood
Da hast du gute Arbeit geleistet Mit den Logs kann nicht jeder was anfangen ( ) scanne bitte noch mal mit: Silentrunners (zur Ueeberpruefung ) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
04.03.2005, 15:58
...neu hier
Themenstarter Beiträge: 10 |
#5
Danke für die Blumen ;-),
war ‘ne Strafarbeit. Ciao und ein schönes WE, JayWood Hier nochmal, was silentrunners dazu sagt "Silent Runners.vbs", revision 32, http://www.silentrunners.org/ Operating System: Windows 2000 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "internat.exe" = "internat.exe" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Synchronization Manager" = "mobsync.exe /logon" [MS] "C-Media Mixer" = "C:\Programme\PCI Audio Applications\Mixer.exe /startup" ["C-Media Electronic Inc."] "NvCplDaemon" = "RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" [MS] "HotKey" = "C:\WINNT\Twain_32\FlatBed\HotKey.exe" ["Primax Electronics Ltd."] "NeroCheck" = "C:\WINNT\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "HPDJ Taskbar Utility" = "C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe" ["HP"] "Share-to-Web Namespace Daemon" = "C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" ["Hewlett-Packard"] "T-DSL SpeedMgr" = ""C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"" ["T-Systems Nova, Berkom"] "ccApp" = ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"" ["Symantec Corporation"] "ccRegVfy" = ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"" ["Symantec Corporation"] "Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" ["Symantec Corporation"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx" [empty string] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {CLSID}\InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{3779D068-8AA6-11d2-B8FF-0080C84D9C69}" = "WinFast Information Property Sheet 2000" -> {CLSID}\InProcServer32\(Default) = "WF2KCPL.DLL" ["Leadtek Research Inc."] "{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a² Context Menu Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data] Startup items in "jaywood" & "All Users" startup folders: --------------------------------------------------------- C:\Dokumente und Einstellungen\jaywood\Startmenü\Programme\Autostart "WinMySQLadmin" -> shortcut to: "C:\mysql\bin\winmysqladmin.exe" ["MySQL AB"] C:\Dokumente und Einstellungen\All Users.WINNT\Startmenü\Programme\Autostart "Acrobat Assistant" -> shortcut to: "C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe" ["Adobe Systems Inc."] "Adobe Gamma Loader" -> shortcut to: "C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] "Microsoft-Indexerstellung" -> shortcut to: "C:\Programme\Microsoft Office\Office\FINDFAST.EXE" [MS] "Office-Start" -> shortcut to: "C:\Programme\Microsoft Office\Office\OSA.EXE -b" [MS] "WinZip Quick Pick" -> shortcut to: "C:\Programme\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc."] Enabled Scheduled Tasks: ------------------------ "Norton AntiVirus - Meinen Computer prüfen" -> launches: "C:\PROGRA~1\NORTON~1\NAVW32.exe /task:C:\DOKUME~1\ALLUSE~1.WIN\ANWEND~1\Symantec\NORTON~2\Tasks\mycomp.sca" ["Symantec Corporation"] "Symantec NetDetect" -> launches: "C:\Programme\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Apache2, Apache2, ""F:\Entwuerfe\xampp\xampp\apache\bin\Apache.exe" -k runservice" ["Apache Software Foundation"] COM+-Ereignissystem, EventSystem, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\es.dll" [null data]} KAV Monitor Service, KAVMonitorService, ""C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe" /service" ["Kaspersky Labs."] Leadtek Driver Helper Service, nvSvc, "C:\WINNT\System32\nvsvc32.exe" ["NVIDIA Corporation"] MySql, MySql, "C:/mysql/bin/mysqld-nt.exe" [null data] Norton AntiVirus Auto-Protect-Dienst, navapsvc, ""C:\Programme\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"] Norton Internet Security Accounts Manager, NISUM, "C:\Programme\Norton Internet Security\NISUM.EXE" ["Symantec Corporation"] Sophos Anti-Virus Network, SweepNet, ""C:\Programme\Sophos SWEEP for NT\SWNETSUP.EXE"" ["Sophos Plc"] Symantec Event Manager, ccEvtMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"] Symantec Proxy Service, ccPxySvc, "C:\Programme\Norton Internet Security\ccPxySvc.exe" ["Symantec Corporation"] TSMService, TSMService, ""C:\Programme\T-DSL SpeedManager\tsmsvc.exe"" ["T-Systems Nova, Berkom"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 ---------- This report excludes default entries except where indicated. To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. ---------- |
|
|
||
04.03.2005, 16:11
Ehrenmitglied
Beiträge: 29434 |
||
|
||
ich bekomme beim Surfen immer mal wieder, statt des von mir angeklickten Links, eine Auswahl von reinen Adult-Suchergebnissen. Dazu immer mal wieder Pop-Ups eines Online-Casinos und leider auch eine Reihe von Favorieten-Einträgen, die ich nie aufgerufen habe (natürlich auch alles Adult-Thermen).
Muss etwas mit dem Virus opensdl.exe zu tun haben, der sich immer wieder einnistet
Hier noch mal meine Logs.
Danke von hier,
JayWood
PS: Einträge 017 habe ich bereits gefixt.
Logfile of HijackThis v1.99.0
Scan saved at 10:26:36, on 03.03.2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Norton Internet Security\NISUM.EXE
F:\Entwuerfe\xampp\xampp\apache\bin\Apache.exe
C:\Programme\Norton Internet Security\ccPxySvc.exe
C:\WINNT\System32\svchost.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe
C:\mysql\bin\mysqld-nt.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Programme\Sophos SWEEP for NT\SWNETSUP.EXE
F:\Entwuerfe\xampp\xampp\apache\bin\Apache.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Programme\PCI Audio Applications\Mixer.exe
C:\WINNT\Twain_32\FlatBed\HotKey.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programme\T-DSL SpeedManager\SpeedMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINNT\System32\internat.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programme\Microsoft Office\Office\FINDFAST.EXE
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\Programme\WinZip\WZQKPICK.EXE
C:\mysql\bin\winmysqladmin.exe
C:\Programme\T-DSL SpeedManager\tsmsvc.exe
C:\WINNT\system32\ntvdm.exe
C:\PROGRA~1\INTERN~1\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\NMain.exe
C:\WINNT\System32\sprmover.exe
C:\WINNT\System32\connmie.exe
C:\WINNT\System32\truettf.exe
C:\WINNT\System32\dxconf.exe
C:\T-ONLINE\BSW3\ToDuCAlC.EXE
C:\Dokumente und Einstellungen\jaywood\Lokale Einstellungen\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jaywoods.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von T-Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] C:\Programme\PCI Audio Applications\Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [HotKey] C:\WINNT\Twain_32\FlatBed\HotKey.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O12 - Plugin for .mid: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .psd: C:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de
O17 - HKLM\System\CCS\Services\Tcpip\..\{4ECE0EAB-C140-4CA6-B094-AB52A546410E}: NameServer = 217.237.150.225 217.237.150.141
O17 - HKLM\System\CS3\Services\Tcpip\..\{4ECE0EAB-C140-4CA6-B094-AB52A546410E}: NameServer = 217.237.150.225 217.237.150.141
O23 - Service: Apache2 - Apache Software Foundation - F:\Entwuerfe\xampp\xampp\apache\bin\Apache.exe
O23 - Service: AVP Control Centre Service - Kaspersky Labs. - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Programme\Norton Internet Security\ccPxySvc.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: KAV Monitor Service - Kaspersky Labs. - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe
O23 - Service: MySql - Unknown - C:/mysql/bin/mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Programme\Norton Internet Security\NISUM.EXE
O23 - Service: Leadtek Driver Helper Service - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Sophos Anti-Virus Network - Sophos Plc - C:\Programme\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus - Sophos Plc - C:\Programme\Sophos SWEEP for NT\SWEEPSRV.SYS
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe