http://www.lop.com/searchbar.html entfernen

#0
05.04.2005, 23:09
...neu hier

Beiträge: 7
#1 Neuerdings fährt mein System des Öfteren unaufgefordert 'runter; insbesondere, wenn man sich ein paar Augenblicke vom Rechner abwendet. Ich habe ein Logfile mit Hijackthis erstellt. Kann den bitte mal jemand anschauen? Vielen Dank für eure Hilfe.


Logfile of HijackThis v1.99.1
Scan saved at 22:32:53, on 05.04.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Programme\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Softwin\BitDefender8\vsserv.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Softwin\BitDefender8\bdmcon.exe
C:\Programme\Softwin\BitDefender8\bdoesrv.exe
C:\Programme\Softwin\BitDefender8\bdswitch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Analog Devices\Teledat 300 USB Treiber\DSLMON.exe
C:\Programme\Digital Image\Monitor.exe
C:\Dokumente und Einstellungen\Uwe\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lop.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.lop.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lop.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.lop.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.lop.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.lop.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: IPInsigtObj Class - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINDOWS\IPINSIGT.DLL
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IEHlprObj Class - {700944A0-9399-4D84-A0BE-EDD754923D7D} - C:\WINDOWS\system32\mo030414s.dll
O2 - BHO: TChkBHO Class - {96C44C0F-F8D1-4052-A34E-19255E0ABEF5} - C:\WINDOWS\system32\fzfken.dll
O2 - BHO: Swish Browser Helper - {D44B5436-B3E4-4595-B0E9-106690E70A58} - C:\DOKUME~1\Uwe\ANWEND~1\plg_ie0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Accessories - {9B35A850-66AB-4c6d-8A66-136ECADCD904} - C:\DOKUME~1\Uwe\ANWEND~1\plg_ie0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [szuejzitzyoe] C:\WINDOWS\System32\ifykzh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [BDMCon] C:\Programme\Softwin\BitDefender8\\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Programme\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Programme\Softwin\BitDefender8\\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Programme\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Programme\Washer\washidx.exe "Uwe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: DSLMON.lnk = C:\Programme\Analog Devices\Teledat 300 USB Treiber\DSLMON.exe
O4 - Global Startup: Monitor.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Programme\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{310A717B-1159-4478-973B-5C552BD7D43F}: NameServer = 217.237.150.225 217.237.150.141
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programme\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: GBPoll - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe

Gruß, Ginny66
Seitenanfang Seitenende
06.04.2005, 17:54
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Hallo@Ginny66

start<Ausfuehren<regedit


HKEY_LOCAL_MACHINE\Software

falls du folgende Eintraege findest, loesche sie mit rechtskliclk

* ckotetlllyllshz
* kseateasteestoe
* rhvlveasteafpr
* ssaxstxoaieoagrh
* TrinityAYB

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lop.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.lop.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lop.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.lop.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.lop.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.lop.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IPInsigtObj Class - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINDOWS\IPINSIGT.DLL
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: IEHlprObj Class - {700944A0-9399-4D84-A0BE-EDD754923D7D} - C:\WINDOWS\system32\mo030414s.dll
O2 - BHO: TChkBHO Class - {96C44C0F-F8D1-4052-A34E-19255E0ABEF5} - C:\WINDOWS\system32\fzfken.dll
O2 - BHO: Swish Browser Helper - {D44B5436-B3E4-4595-B0E9-106690E70A58} - C:\DOKUME~1\Uwe\ANWEND~1\plg_ie0.dll
O3 - Toolbar: Accessories - {9B35A850-66AB-4c6d-8A66-136ECADCD904} - C:\DOKUME~1\Uwe\ANWEND~1\plg_ie0.dll
O4 - HKLM\..\Run: [szuejzitzyoe] C:\WINDOWS\System32\ifykzh.exe

PC neustarten

•KillBox
http://www.bleepingcomputer.com/files/killbox.php

•Delete File on Reboot <--anhaken

und klick auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

C:\WINDOWS\desktop.htm
C:\WINDOWS\dnserror.htm
C:\WINDOWS\jexpoofro.htm
C:\WINDOWS\i_dnserr.gif
C:\WINDOWS\s_dnserr.gif
C:\WINDOWS\r_dnserr.gif
C:\WINDOWS\b_dnserr.gif
C:\WINDOWS\tiejexpoo.gif
C:\WINDOWS\xiejexpoo.gif
C:\WINDOWS\oiejexpoo.gif
C:\WINDOWS\uiejexpoo.gif

* C:\WINDOWS\System32\asshuktr.exe
* C:\WINDOWS\System32\bilyooas.exe
* C:\WINDOWS\System32\byb_save.exe
* C:\WINDOWS\System32\crgbeaoa.exe
* C:\WINDOWS\System32\eaymulyl.exe
* C:\WINDOWS\System32\eeublidc.exe
* C:\WINDOWS\System32\glxshmcr.exe
* C:\WINDOWS\System32\ijlysseb.exe
* C:\WINDOWS\System32\jqumysto.exe
* C:\WINDOWS\System32\kfriegbs.exe
* C:\WINDOWS\System32\llfggrdr.exe
* C:\WINDOWS\System32\lltckiey.exe
* C:\WINDOWS\System32\lopsearc.exe
* C:\WINDOWS\System32\meemnckyqbr.exe
* C:\WINDOWS\System32\meepajlr.exe
* C:\WINDOWS\System32\mprcouie.exe
* C:\WINDOWS\System32\oofrkxpe.exe
* C:\WINDOWS\System32\peebqusz.exe
* C:\WINDOWS\System32\quveioot.exe
* C:\WINDOWS\System32\shoucrck.exe
* C:\WINDOWS\System32\ssmeeibl.exe
* C:\WINDOWS\System32\tchpeatr.exe
* C:\WINDOWS\System32\tglblrll.exe
* C:\WINDOWS\System32\trstdris.exe
* C:\WINDOWS\System32\ulyuiexeechp.exe
* C:\WINDOWS\System32\vestufck.exe
* C:\WINDOWS\System32\vfthrcbr.exe
C:\WINDOWS\System32\xogyfhp.exe
C:\WINDOWS\System32\ykphmbre.exe
C:\WINDOWS\System32\ylynfste.exe

C:\WINDOWS\IPINSIGT.DLL
C:\WINDOWS\twaintec.dll
C:\WINDOWS\system32\mo030414s.dll
C:\WINDOWS\system32\fzfken.dll
C:\Dokumente und Einstellungen\Uwe\Anwendungsdaten\plg_ie0.dll
C:\WINDOWS\System32\ifykzh.exe

PC neustarten

CCleaner
http://www.ccleaner.com/ccdownload.asp

Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Versteckte Dateien und Ordner-> "alle Dateien und Ordner anzeigen" aktivieren
+
Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Dateien und Ordner-> "Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren

suche und loesche;
mp3.exe
FreeMP3.exe
freemp3z.exe
FreeMP3Music.exe
free_sex_viewer.exe
free_deals.exe
Software_Plugin.exe
download_file.exe
The_Ultimate_Browser_Enhancer.exe
free_plugin.exe

C:\Dokumente und Einstellungen\Uwe\Anwendungsdaten\<--alles loeschen was mit dem Zeitpunkt der LOP.com-Verseuchung zusammenfaellt

•eScan-Erkennungstool
eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich:
http://www.mwti.net/antivirus/free_utilities.asp
oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche
kavupd.exe, die klickst du an--> (Update- in DOS) ausführen

-->mwav.exe oeffnen-->alle Haekchen setzen-->scannen-->View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben
und nun alles rauskopieren, was angezeigt wird-->
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
08.04.2005, 23:32
...neu hier

Themenstarter

Beiträge: 7
#3 Hallo Sabina!

Zunächst einmal vielen, vielen Dank für deine Hilfe. Konnte mich erst heute abschließend mit der Geschichte beschäftigen.

Eines ist mir nicht ganz klar:
Du schreibst "-->mwav.exe oeffnen-->alle Haekchen setzen-->scannen-->View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben
und nun alles rauskopieren, was angezeigt wird-->"

Was mache ich jetzt mit den rauskopierten Suchtreffern meiner "infected"-Suche?


MfG Ginny66
Seitenanfang Seitenende
08.04.2005, 23:40
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#4 •jene zeile in der infected steht, markieren, und hier einfügen, weitersuchen usw.
•und ganz unten steht die zusammenfassung, diese auch hier posten
__________
MfG Argus
Seitenanfang Seitenende
08.04.2005, 23:51
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#5

Zitat

•jene zeile in der infected steht, markieren, und hier einfügen, weitersuchen usw.
•und ganz unten steht die zusammenfassung, diese auch hier posten


;) ;) ;) Danke ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
09.04.2005, 00:15
...neu hier

Themenstarter

Beiträge: 7
#6 Alles klar! Hier kommt's:

Thu Apr 07 20:27:27 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Services\VxD
Thu Apr 07 20:27:27 2005 => Scanning File C:\WINDOWS\system32\JAVASUP.VXD
Thu Apr 07 20:27:40 2005 => System found infected with Bargain Buddy Spyware/Adware ({297AFC77-2039-4D3C-BEF9-598819EB2C8A})! Action taken: No Action Taken.
Thu Apr 07 20:27:40 2005 => File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action Taken.


Thu Apr 07 20:27:40 2005 => System found infected with Bargain Buddy Spyware/Adware ({BE35582C-9796-4CF1-AED9-556ADA120B38})! Action taken: No Action Taken.
Thu Apr 07 20:27:40 2005 => File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action Taken.


Thu Apr 07 20:27:41 2005 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
Thu Apr 07 20:27:41 2005 => File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken.


Thu Apr 07 20:27:41 2005 => System found infected with Gator Spyware/Adware ({21FFB6C0-0DA1-11D5-A9D5-00500413153C})! Action taken: No Action Taken.
Thu Apr 07 20:27:41 2005 => File System Found infected by "Gator Spyware/Adware" Virus. Action Taken: No Action Taken.


Thu Apr 07 20:27:41 2005 => System found infected with BetterInternet Spyware/Adware ({4534CD6B-59D6-43FD-864B-06A0D843444A})! Action taken: No Action Taken.
Thu Apr 07 20:27:41 2005 => File System Found infected by "BetterInternet Spyware/Adware" Virus. Action Taken: No Action Taken.


Thu Apr 07 20:27:41 2005 => System found infected with BetterInternet Spyware/Adware ({690BCCB4-6B83-4203-AE77-038C116594EC})! Action taken: No Action Taken.
Thu Apr 07 20:27:41 2005 => File System Found infected by "BetterInternet Spyware/Adware" Virus. Action Taken: No Action Taken.


Thu Apr 07 20:27:41 2005 => System found infected with WurldMedia Spyware/Adware ({a83e42b1-1ae7-4ce6-b128-ab0f4a126b2c})! Action taken: No Action Taken.
Thu Apr 07 20:27:41 2005 => File System Found infected by "WurldMedia Spyware/Adware" Virus. Action Taken: No Action Taken.


Thu Apr 07 20:27:42 2005 => Offending value found in HKCU\Software\cydoor !!!
Thu Apr 07 20:27:42 2005 => System found infected with cydoor Spyware/Adware! Action taken: No Action Taken.
Thu Apr 07 20:27:42 2005 => File System Found infected by "cydoor Spyware/Adware" Virus. Action Taken: No Action Taken.


Thu Apr 07 20:27:42 2005 => Offending value found in HKLM\Software\gator.com !!!
Thu Apr 07 20:27:42 2005 => System found infected with gator.com Spyware/Adware! Action taken: No Action Taken.
Thu Apr 07 20:27:42 2005 => File System Found infected by "gator.com Spyware/Adware" Virus. Action Taken: No Action Taken.


Thu Apr 07 20:27:43 2005 => Offending value found in HKLM\Software\vendor !!!
Thu Apr 07 20:27:43 2005 => System found infected with vendor Spyware/Adware! Action taken: No Action Taken.
Thu Apr 07 20:27:43 2005 => File System Found infected by "vendor Spyware/Adware" Virus. Action Taken: No Action Taken.


Thu Apr 07 20:27:43 2005 => Offending value found in HKCU\Software\VB and VBA Program Settings !!!
Thu Apr 07 20:27:43 2005 => System found infected with VB and VBA Program Settings Spyware/Adware! Action taken: No Action Taken.
Thu Apr 07 20:27:43 2005 => File System Found infected by "VB and VBA Program Settings Spyware/Adware" Virus. Action Taken: No Action Taken.


Thu Apr 07 20:27:43 2005 => Offending value found in HKLM\Software\TwainTec !!!
Thu Apr 07 20:27:43 2005 => System found infected with TwainTec Spyware/Adware! Action taken: No Action Taken.
Thu Apr 07 20:27:44 2005 => File System Found infected by "TwainTec Spyware/Adware" Virus. Action Taken: No Action Taken.


Thu Apr 07 20:27:44 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\shopping community !!!
Thu Apr 07 20:27:44 2005 => System found infected with shopping community Spyware/Adware! Action taken: No Action Taken.
Thu Apr 07 20:27:44 2005 => File System Found infected by "shopping community Spyware/Adware" Virus. Action Taken: No Action Taken.


Thu Apr 07 20:27:44 2005 => Offending value found in HKLM\Software\morp !!!
Thu Apr 07 20:27:44 2005 => System found infected with morp Spyware/Adware! Action taken: No Action Taken.
Thu Apr 07 20:27:44 2005 => File System Found infected by "morp Spyware/Adware" Virus. Action Taken: No Action Taken.


Thu Apr 07 20:27:44 2005 => Offending value found in HKLM\Software\mscrp !!!
Thu Apr 07 20:27:44 2005 => System found infected with mscrp Spyware/Adware! Action taken: No Action Taken.
Thu Apr 07 20:27:44 2005 => File System Found infected by "mscrp Spyware/Adware" Virus. Action Taken: No Action Taken.


Thu Apr 07 20:27:45 2005 => Offending value found in HKCU\Software\wurld media !!!
Thu Apr 07 20:27:45 2005 => System found infected with wurld media Spyware/Adware! Action taken: No Action Taken.
Thu Apr 07 20:27:45 2005 => File System Found infected by "wurld media Spyware/Adware" Virus. Action Taken: No Action Taken.


Thu Apr 07 20:27:45 2005 => Offending value found in HKCU\Software\trinityayb !!!
Thu Apr 07 20:27:45 2005 => System found infected with trinityayb Spyware/Adware! Action taken: No Action Taken.
Thu Apr 07 20:27:45 2005 => File System Found infected by "trinityayb Spyware/Adware" Virus. Action Taken: No Action Taken.


Thu Apr 07 20:28:02 2005 => File C:\WINDOWS\MSView.DLL infected by "not-a-virus:AdWare.BiSpy.m" Virus. Action Taken: No Action Taken.


Thu Apr 07 20:28:03 2005 => File C:\WINDOWS\MSVprep.exe infected by "not-a-virus:AdWare.BiSpy.r" Virus. Action Taken: No Action Taken.


Thu Apr 07 20:30:23 2005 => File C:\WINDOWS\System32\mocupd.exe infected by "not-a-virus:AdWare.WurldMedia.b" Virus. Action Taken: No Action Taken.


Thu Apr 07 20:37:00 2005 => File C:\Dokumente und Einstellungen\Uwe\Anwendungsdaten\lopsearch.exe infected by "not-a-virus:AdWare.Lop" Virus. Action Taken: No Action Taken.


Thu Apr 07 22:08:31 2005 => Scanning Folder: C:\Programme\Softwin\BitDefender8\Infected\*.*


Thu Apr 07 22:28:24 2005 => File C:\WINDOWS\Downloaded Program Files\Download_Plugin.exe infected by "not-a-virus:AdWare.Lop" Virus. Action Taken: No Action Taken.


Thu Apr 07 22:42:52 2005 => File C:\WINDOWS\MSView.DLL infected by "not-a-virus:AdWare.BiSpy.m" Virus. Action Taken: No Action Taken.


Thu Apr 07 22:42:52 2005 => File C:\WINDOWS\MSVprep.exe infected by "not-a-virus:AdWare.BiSpy.r" Virus. Action Taken: No Action Taken.


Thu Apr 07 22:52:49 2005 => File C:\WINDOWS\system32\mocupd.exe infected by "not-a-virus:AdWare.WurldMedia.b" Virus. Action Taken: No Action Taken.

Fri Apr 08 22:14:05 2005 => File C:\WINDOWS\Downloaded Program Files\Download_Plugin.exe infected by "not-a-virus:AdWare.Lop" Virus. Action Taken: No Action Taken.


Fri Apr 08 22:26:51 2005 => File C:\WINDOWS\MSView.DLL infected by "not-a-virus:AdWare.BiSpy.m" Virus. Action Taken: No Action Taken.


Fri Apr 08 22:26:51 2005 => File C:\WINDOWS\MSVprep.exe infected by "not-a-virus:AdWare.BiSpy.r" Virus. Action Taken: No Action Taken.


Fri Apr 08 22:33:30 2005 => File C:\WINDOWS\system32\mocupd.exe infected by "not-a-virus:AdWare.WurldMedia.b" Virus. Action Taken: No Action Taken.



Fri Apr 08 22:36:34 2005 => ***** Checking for specific ITW Viruses *****
Fri Apr 08 22:36:34 2005 => Checking for Welchia Virus...
Fri Apr 08 22:36:34 2005 => Checking for LovGate Virus...
Fri Apr 08 22:36:34 2005 => Checking for CodeRed Virus...
Fri Apr 08 22:36:34 2005 => Checking for OpaServ Virus...
Fri Apr 08 22:36:34 2005 => Checking for Sobig.e Virus...
Fri Apr 08 22:36:34 2005 => Checking for Winupie Virus...
Fri Apr 08 22:36:34 2005 => Checking for Swen Virus...
Fri Apr 08 22:36:34 2005 => Checking for JS.Fortnight Virus...
Fri Apr 08 22:36:34 2005 => Checking for Novarg Virus...
Fri Apr 08 22:36:34 2005 => Checking for Pagabot Virus...
Fri Apr 08 22:36:34 2005 => Checking for Parite.b Virus...
Fri Apr 08 22:36:34 2005 => Checking for Parite.a Virus...

Fri Apr 08 22:36:34 2005 => ***** Scanning complete. *****

Fri Apr 08 22:36:34 2005 => Total Objects Scanned: 56229
Fri Apr 08 22:36:34 2005 => Total Virus(es) Found: 30
Fri Apr 08 22:36:34 2005 => Total Disinfected Files: 0
Fri Apr 08 22:36:34 2005 => Total Files Renamed: 0
Fri Apr 08 22:36:34 2005 => Total Deleted Objects: 0
Fri Apr 08 22:36:34 2005 => Total Errors: 4
Fri Apr 08 22:36:34 2005 => Time Elapsed: 02:40:31
Fri Apr 08 22:36:34 2005 => Virus Database Date: 2005/04/06
Fri Apr 08 22:36:34 2005 => Virus Database Count: 124827

Fri Apr 08 22:36:34 2005 => Scan Completed.

MfG Ginny66
Seitenanfang Seitenende
09.04.2005, 00:20
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#7 Hallo@Ginny66

•KillBox
http://www.bleepingcomputer.com/files/killbox.php

•Delete File on Reboot <--anhaken

und klick auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"


C:\WINDOWS\MSView.DLL
C:\WINDOWS\MSVprep.exe
C:\WINDOWS\System32\mocupd.exe
C:\WINDOWS\Downloaded Program Files\Download_Plugin.exe

neustarten

#Ad-aware SE Personal 1.05 Updated

http://fileforum.betanews.com/detail/965718306/1
Laden--> Updaten-->scannen-->PC neustarten--> noch mal scannen--> poste das Log vom Scann
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
09.04.2005, 21:09
...neu hier

Themenstarter

Beiträge: 7
#8 Hallo Sabina!

Der Ad-Aware Log ist elendiglich lang:

Ad-Aware SE Build 1.05
Logfile Created on:Samstag, 9. April 2005 20:39:08
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R37 07.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):3 total references
Claria(TAC index:7):6 total references
CommonName(TAC index:7):1 total references
Cydoor(TAC index:7):66 total references
Dialer(TAC index:5):18 total references
Hi-Wire(TAC index:4):22 total references
IPInsight(TAC index:7):22 total references
Lop(TAC index:7):49 total references
MainPean Dialer(TAC index:5):10 total references
MRU List(TAC index:0):33 total references
MSView(TAC index:10):3 total references
SecretCrush(TAC index:3):1 total references
WebDialer(TAC index:5):1 total references
WurldMedia(TAC index:9):47 total references
VX2(TAC index:10):57 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


09.04.2005 20:39:08 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Dokumente und Einstellungen\Uwe\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\office\10.0\powerpoint\recenttemplatelist
Description : list of recent templates used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\office\10.0\powerpoint\recent templates
Description : list of recent templates used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\ahead\nero - burning rom\recent file list
Description : list of recently used files in nero burning rom


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\office\10.0\common\general
Description : list of recently used symbols in microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\visual basic\6.0\recentfiles
Description : list of recently used files in microsoft visual basic


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\musicmatch
Description : download location of the musicmatch installer


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\ahead\cover designer\recent file list
Description : list of recently used files in ahead cover designer


MRU List Object Recognized!
Location: : software\musicmatch\musicmatch jukebox\4.0\mmradio
Description : information on the last station listened to using musicmatch radio


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\office\10.0\clip organizer\search\last query
Description : last query in microsoft clip organizer


MRU List Object Recognized!
Location: : software\musicmatch\musicmatch jukebox\4.0\fileconv
Description : file conversion location settings in musicmatch jukebox


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 608
ThreadCreationTime : 09.04.2005 18:37:12
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 672
ThreadCreationTime : 09.04.2005 18:37:16
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 696
ThreadCreationTime : 09.04.2005 18:37:20
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 740
ThreadCreationTime : 09.04.2005 18:37:20
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 752
ThreadCreationTime : 09.04.2005 18:37:20
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 920
ThreadCreationTime : 09.04.2005 18:37:21
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 944
ThreadCreationTime : 09.04.2005 18:37:21
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1048
ThreadCreationTime : 09.04.2005 18:37:22
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1060
ThreadCreationTime : 09.04.2005 18:37:22
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1244
ThreadCreationTime : 09.04.2005 18:37:23
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1348
ThreadCreationTime : 09.04.2005 18:37:26
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:12 [dkservice.exe]
FilePath : C:\Programme\Executive Software\DiskeeperWorkstation\
ProcessID : 1368
ThreadCreationTime : 09.04.2005 18:37:26
BasePriority : Normal
FileVersion : 7.0.398.0
ProductVersion : 7.0.398.0
ProductName : Diskeeper (TM) Disk Defragmenter
CompanyName : Executive Software International, Inc.
FileDescription : DKSERVICE.EXE
InternalName : DKSERVICE
LegalCopyright : © 1995-2001 Executive Software Int'l, Inc.
OriginalFilename : DKSERVICE

#:13 [gbpoll.exe]
FilePath : C:\Programme\Norton SystemWorks\Norton GoBack\
ProcessID : 1412
ThreadCreationTime : 09.04.2005 18:37:27
BasePriority : Normal


#:14 [ghoststartservice.exe]
FilePath : C:\Programme\Symantec\Norton Ghost 2003\
ProcessID : 1424
ThreadCreationTime : 09.04.2005 18:37:27
BasePriority : Normal
FileVersion : 2003.775
ProductVersion : 2003.775
ProductName : Norton Ghost Start Service
CompanyName : Symantec Corporation
FileDescription : Norton Ghost Start
InternalName : GhostStartService
LegalCopyright : Copyright (C) 1998-2002 Symantec Corp. All rights reserved.
OriginalFilename : GhostStartService.exe

#:15 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1460
ThreadCreationTime : 09.04.2005 18:37:27
BasePriority : Normal
FileVersion : 6.14.10.7184
ProductVersion : 6.14.10.7184
ProductName : NVIDIA Driver Helper Service, Version 71.84
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 71.84
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:16 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1560
ThreadCreationTime : 09.04.2005 18:37:28
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:17 [xcommsvr.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\
ProcessID : 1648
ThreadCreationTime : 09.04.2005 18:37:28
BasePriority : Normal
FileVersion : 1, 7, 0, 6
ProductVersion : 1, 7, 0, 6
ProductName : Softwin BitDefender Communicator Server
CompanyName : Softwin
FileDescription : BitDefender Communicator Server
InternalName : XCOMMSVR
LegalCopyright : Copyright © 2003-2004 Softwin
OriginalFilename : xcommsvr.exe
Comments : Manages communication between BitDefender components

#:18 [bdss.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\
ProcessID : 1740
ThreadCreationTime : 09.04.2005 18:37:31
BasePriority : Normal


#:19 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1972
ThreadCreationTime : 09.04.2005 18:37:37
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:20 [vsserv.exe]
FilePath : C:\Programme\Softwin\BitDefender8\
ProcessID : 1176
ThreadCreationTime : 09.04.2005 18:37:53
BasePriority : Normal


#:21 [jusched.exe]
FilePath : C:\Programme\Java\jre1.5.0_01\bin\
ProcessID : 1208
ThreadCreationTime : 09.04.2005 18:37:53
BasePriority : Normal


#:22 [bdmcon.exe]
FilePath : C:\PROGRA~1\Softwin\BITDEF~1\
ProcessID : 1088
ThreadCreationTime : 09.04.2005 18:37:54
BasePriority : Normal
FileVersion : 8.0
ProductVersion : 8.0
ProductName : BitDefender 8
CompanyName : SOFTWIN S.R.L.
FileDescription : BitDefender Management Console
InternalName : Management Console
LegalCopyright : © 2004 SOFTWIN S.R.L.
OriginalFilename : bdmcon.exe

#:23 [em_exec.exe]
FilePath : C:\Programme\Logitech\MouseWare\system\
ProcessID : 856
ThreadCreationTime : 09.04.2005 18:37:55
BasePriority : Normal
FileVersion : 9.78.034
ProductVersion : 9.78.034
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Events Handler Application
InternalName : Em_Exec
LegalCopyright : (C) 1987-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Em_Exec.exe
Comments : Created by the MouseWare team

#:24 [bdoesrv.exe]
FilePath : C:\Programme\Softwin\BitDefender8\
ProcessID : 1380
ThreadCreationTime : 09.04.2005 18:37:55
BasePriority : Normal


#:25 [bdswitch.exe]
FilePath : C:\Programme\Softwin\BitDefender8\
ProcessID : 1532
ThreadCreationTime : 09.04.2005 18:37:57
BasePriority : Normal


#:26 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1544
ThreadCreationTime : 09.04.2005 18:37:57
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Eine DLL-Datei als Anwendung ausführen
InternalName : rundll
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : RUNDLL.EXE

#:27 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1612
ThreadCreationTime : 09.04.2005 18:37:57
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:28 [dslmon.exe]
FilePath : C:\Programme\Analog Devices\Teledat 300 USB Treiber\
ProcessID : 1768
ThreadCreationTime : 09.04.2005 18:38:02
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DSLMON Application
FileDescription : ADIMON MFC Application
InternalName : DSLMON
LegalCopyright : Copyright (C) 2000
OriginalFilename : ADIMON.EXE

#:29 [monitor.exe]
FilePath : C:\Programme\Digital Image\
ProcessID : 1908
ThreadCreationTime : 09.04.2005 18:38:03
BasePriority : Normal


#:30 [ad-aware.exe]
FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\
ProcessID : 912
ThreadCreationTime : 09.04.2005 18:38:48
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 33


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : uets

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : GEF

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : GMG

Claria Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
Value : GMI

CommonName Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000000-0000-0000-0000-000000000000}

Dialer Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment : VLoading
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{11bf0e2b-4229-4adc-9c11-1c6968731018}

Dialer Object Recognized!
Type : RegValue
Data :
Category : Dialer
Comment : VLoading
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{11bf0e2b-4229-4adc-9c11-1c6968731018}
Value :

Dialer Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment : WebDialer
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0d639e64-5c31-4313-b62a-1b4d99e2f284}

Dialer Object Recognized!
Type : RegValue
Data :
Category : Dialer
Comment : WebDialer
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0d639e64-5c31-4313-b62a-1b4d99e2f284}
Value :

Dialer Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment : VLoading
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{67355a47-1544-4905-b698-4d7e5b62ec32}

Dialer Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment : VLoading
Rootkey : HKEY_CLASSES_ROOT
Object : vloading.download

Dialer Object Recognized!
Type : RegValue
Data :
Category : Dialer
Comment : VLoading
Rootkey : HKEY_CLASSES_ROOT
Object : vloading.download
Value :

Dialer Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment : VLoading
Rootkey : HKEY_CLASSES_ROOT
Object : vloading.download.1

Dialer Object Recognized!
Type : RegValue
Data :
Category : Dialer
Comment : VLoading
Rootkey : HKEY_CLASSES_ROOT
Object : vloading.download.1
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{28f00b04-dc4e-11d3-abec-005004a44eeb}

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{28f00b04-dc4e-11d3-abec-005004a44eeb}
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{28f00b20-dc4e-11d3-abec-005004a44eeb}

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{28f00b20-dc4e-11d3-abec-005004a44eeb}
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{28f00b21-dc4e-11d3-abec-005004a44eeb}

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{28f00b21-dc4e-11d3-abec-005004a44eeb}
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hiwire.configurator

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hiwire.configurator
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hiwire.configurator.1

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hiwire.configurator.1
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hiwire.transportcenter

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hiwire.transportcenter
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hiwire.transportcenter.1

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hiwire.transportcenter.1
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hiwire.userregrequest

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hiwire.userregrequest
Value :

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hiwire.userregrequest.1

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : hiwire.userregrequest.1
Value :

IPInsight Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{297afc77-2039-4d3c-bef9-598819eb2c8a}

IPInsight Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{297afc77-2039-4d3c-bef9-598819eb2c8a}
Value :

IPInsight Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ipinsigt.ipinsigtobj.1

IPInsight Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ipinsigt.ipinsigtobj.1
Value :

IPInsight Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{be35582c-9796-4cf1-aed9-556ada120b38}

Lop Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : swish.toolband.1

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : swish.toolband.1
Value :

Lop Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : swish.toolband

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : swish.toolband
Value :

Lop Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : swish.browserhelper.1

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : swish.browserhelper.1
Value :

Lop Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : swish.browserhelper

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : swish.browserhelper
Value :

Lop Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{9b35a850-66ab-4c6d-8a66-136ecadcd904}

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{9b35a850-66ab-4c6d-8a66-136ecadcd904}
Value :

MSView Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : msview.msviewobj.1

MSView Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : msview.msviewobj.1
Value :

WurldMedia Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{7e5da25b-1c13-4b78-837a-b938624eba41}

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{7e5da25b-1c13-4b78-837a-b938624eba41}
Value :

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{7e5da25b-1c13-4b78-837a-b938624eba41}
Value : AppID

WurldMedia Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a83e42b1-1ae7-4ce6-b128-ab0f4a126b2c}

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a83e42b1-1ae7-4ce6-b128-ab0f4a126b2c}
Value :

WurldMedia Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mobho.iehlprobj

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mobho.iehlprobj
Value :

WurldMedia Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mobho.iehlprobj.1

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : mobho.iehlprobj.1
Value :

WurldMedia Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sostatatl.stathtmlctrl

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sostatatl.stathtmlctrl
Value :

WurldMedia Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sostatatl.stathtmlctrl.1

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sostatatl.stathtmlctrl.1
Value :

WurldMedia Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tchk.tchkbho

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tchk.tchkbho
Value :

WurldMedia Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tchk.tchkbho.1

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : tchk.tchkbho.1
Value :

WurldMedia Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{48f35889-7f47-4a93-8876-7ab20324e5d7}

WurldMedia Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{ed15346e-0aec-4b72-b23c-ed6f420fcba7}

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : vx2.vx2obj

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : vx2.vx2obj
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{690bccb4-6b83-4203-ae77-038c116594ec}

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : twaintecdll.twaintecdllobj.1

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : twaintecdll.twaintecdllobj.1
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4534cd6b-59d6-43fd-864b-06a0d843444a}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4534cd6b-59d6-43fd-864b-06a0d843444a}
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000580-c637-11d5-831c-00105ad6acf0}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000580-c637-11d5-831c-00105ad6acf0}
Value :

Cydoor Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor
Value : Vers

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor
Value : Desc2

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor
Value : UserCode

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor
Value : ShowChange

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor
Value : ConnType

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor
Value : HIS_4

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor
Value : RHIS_4

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor
Value : DHIS_4

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor
Value : HIS_5

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor
Value : RHIS_5

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor
Value : DHIS_5

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor
Value : DelHistDate

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor
Value : HIS_6

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor
Value : RHIS_6

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor
Value : DHIS_6

Cydoor Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor services

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\hiwire

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\hiwire
Value : CommonFiles

Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\hiwire

Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\hiwire
Value : CommonFiles

Lop Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb
Value : ts

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb
Value : ld

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb
Value : pn

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb
Value : ui

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb
Value : dc

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb
Value : ros

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb
Value : u2

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb
Value : bwp

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb
Value : wp

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb
Value : ade

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb
Value : ft

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb
Value : et

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb
Value : SearchAssistant

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb
Value : Search Page2

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb
Value : AutoSearch

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb
Value : oiehp

Lop Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup
Value : ts

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup
Value : ld

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup
Value : pn

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup
Value : ui

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup
Value : dc

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup
Value : ros

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup
Value : u2

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup
Value : bwp

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup
Value : wp

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup
Value : ade

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup
Value : ft

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup
Value : et

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup
Value : SearchAssistant

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup
Value : Search Page2

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup
Value : AutoSearch

Lop Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup
Value : oiehp

WebDialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\webdialer

WurldMedia Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\wurld media

Claria Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\gator.com

Cydoor Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\cydoor

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\cydoor
Value : C:\Programme\eDonkey2000\gdonkey.exe

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\cydoor
Value : AdwrCnt

Cydoor Object Recognized!
Type : Regkey
Data : AdSupport_
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\windows\currentversion\uninstall\AdSupport_260

Cydoor Object Recognized!
Type : Regkey
Data : AdSupport_
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\windows\currentversion\uninstall\AdSupport_260

Cydoor Object Recognized!
Type : Regkey
Data : AdSupport_
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\microsoft\windows\currentversion\uninstall\AdSupport_260

Cydoor Object Recognized!
Type : Regkey
Data : AdSupport_
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\microsoft\windows\currentversion\uninstall\AdSupport_260

Cydoor Object Recognized!
Type : Regkey
Data : AdSupport_
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\uninstall\AdSupport_260

Cydoor Object Recognized!
Type : Regkey
Data : AdSupport_
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\AdSupport_260

Cydoor Object Recognized!
Type : RegValue
Data : AdSupport_
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\AdSupport_260
Value : DisplayName

IPInsight Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\mscrp

IPInsight Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\mscrp
Value : morpheushome

IPInsight Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\mscrp
Value : mv

IPInsight Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\mscrp
Value :

IPInsight Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\mscrp
Value : AE123

IPInsight Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\mscrp
Value : AE98

IPInsight Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\mscrp
Value : AE119

IPInsight Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\mscrp
Value : AE100

IPIns
Seitenanfang Seitenende
09.04.2005, 21:37
...neu hier

Themenstarter

Beiträge: 7
#9 Diesen Log muß ich offensichtlich in zwei Teilen schicken...


IPInsight Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\mscrp
Value : AE131

IPInsight Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\mscrp
Value : AE156

IPInsight Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\mscrp
Value : AE155

IPInsight Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\mscrp
Value : lvmd

MainPean Dialer Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment : MainPean
Rootkey : HKEY_LOCAL_MACHINE
Object : software\mainpean highspeed

MainPean Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : MainPean
Rootkey : HKEY_LOCAL_MACHINE
Object : software\mainpean highspeed
Value : Pre

MainPean Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : MainPean
Rootkey : HKEY_LOCAL_MACHINE
Object : software\mainpean highspeed
Value : PreNumber

MainPean Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : MainPean
Rootkey : HKEY_LOCAL_MACHINE
Object : software\mainpean highspeed
Value : DeviceName

MainPean Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : MainPean
Rootkey : HKEY_LOCAL_MACHINE
Object : software\mainpean highspeed
Value : Country

MainPean Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : MainPean
Rootkey : HKEY_LOCAL_MACHINE
Object : software\mainpean highspeed
Value : Language

MainPean Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : MainPean
Rootkey : HKEY_LOCAL_MACHINE
Object : software\mainpean highspeed
Value : Machine

MainPean Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : MainPean
Rootkey : HKEY_LOCAL_MACHINE
Object : software\mainpean highspeed
Value : InstallFlags

MainPean Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : MainPean
Rootkey : HKEY_LOCAL_MACHINE
Object : software\mainpean highspeed
Value : PassFlags

MainPean Dialer Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : MainPean
Rootkey : HKEY_LOCAL_MACHINE
Object : software\mainpean highspeed
Value : Password

WurldMedia Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\shopping community

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\shopping community
Value : DisplayIcon

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\shopping community
Value : DisplayName

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\shopping community
Value : UninstallString

Cydoor Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor
Value : Vers

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor
Value : Desc2

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor
Value : UserCode

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor
Value : ShowChange

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor
Value : ConnType

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor
Value : HIS_4

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor
Value : RHIS_4

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor
Value : DHIS_4

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor
Value : HIS_5

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor
Value : RHIS_5

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor
Value : DHIS_5

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor
Value : DelHistDate

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor
Value : HIS_6

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor
Value : RHIS_6

Cydoor Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor
Value : DHIS_6

Cydoor Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor services

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "ltr2"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\fenx
Value : ltr2

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 193
Objects found so far: 226


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Dialer Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment : VLoading
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/VLoading.dll

Dialer Object Recognized!
Type : RegValue
Data :
Category : Dialer
Comment : VLoading
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/VLoading.dll
Value : .Owner

Dialer Object Recognized!
Type : RegValue
Data :
Category : Dialer
Comment : VLoading
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/VLoading.dll
Value : {11BF0E2B-4229-4ADC-9C11-1C6968731018}

Dialer Object Recognized!
Type : File
Data : /windows/downloaded program files/vloading.dll
Category : Dialer
Comment :
Object : c:\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : VLoading Module
FileDescription : VLoading Module
InternalName : VLoading
LegalCopyright : Copyright 2000-2002 EBS-AG
OriginalFilename : VLoading.dll


Dialer Object Recognized!
Type : RegValue
Data : C:\WINDOWS\Downloaded Program Files\VLoading.dll
Category : Dialer
Comment : VLoading
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs
Value : C:\WINDOWS\Downloaded Program Files\VLoading.dll

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 231


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 231



Deep scanning and examining files (C;)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Lop Object Recognized!
Type : File
Data : deskicon.lib
Category : Malware
Comment :
Object : C:\Dokumente und Einstellungen\Uwe\Anwendungsdaten\



Lop Object Recognized!
Type : File
Data : lopsearch.exe
Category : Malware
Comment :
Object : C:\Dokumente und Einstellungen\Uwe\Anwendungsdaten\



SecretCrush Object Recognized!
Type : File
Data : Restart.exe
Category : Malware
Comment :
Object : C:\Programme\Logitech\Desktop Messenger\8876480\6.1.0.155-8876480L\Program\



Dialer Object Recognized!
Type : File
Data : VLoading.dll
Category : Dialer
Comment : VLoading
Object : C:\WINDOWS\Downloaded Program Files\
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : VLoading Module
FileDescription : VLoading Module
InternalName : VLoading
LegalCopyright : Copyright 2000-2002 EBS-AG
OriginalFilename : VLoading.dll


WurldMedia Object Recognized!
Type : File
Data : mostat.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : sostatatl Module
FileDescription : sostatatl Module
InternalName : sostatatl
LegalCopyright : Copyright 2003
OriginalFilename : sostatatl.EXE


Lop Object Recognized!
Type : File
Data : desktop.swf
Category : Malware
Comment :
Object : C:\WINDOWS\Web\Wallpaper\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 237


Deep scanning and examining files (D;)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 237


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
4 entries scanned.
New critical objects:0
Objects found so far: 237




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Dialer Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment : FENX Dialer
Rootkey : HKEY_LOCAL_MACHINE
Object : software\fenx

Dialer Object Recognized!
Type : File
Data : Dial32.ini
Category : Dialer
Comment :
Object : C:\WINDOWS\



Dialer Object Recognized!
Type : File
Data : VLoading.inf
Category : Dialer
Comment : VLoading
Object : C:\WINDOWS\downloaded program files\



IPInsight Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Programme\ip

IPInsight Object Recognized!
Type : File
Data : INSTALL.LOG
Category : Data Miner
Comment :
Object : C:\Programme\ip\



IPInsight Object Recognized!
Type : File
Data : UNWISE.EXE
Category : Data Miner
Comment :
Object : C:\Programme\ip\



IPInsight Object Recognized!
Type : File
Data : UNWISE.INI
Category : Data Miner
Comment :
Object : C:\Programme\ip\



IPInsight Object Recognized!
Type : File
Data : Sentry.ini
Category : Data Miner
Comment :
Object : C:\WINDOWS\



Lop Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

Lop Object Recognized!
Type : File
Data : tmp.edb
Category : Malware
Comment :
Object : C:\WINDOWS\security\



MSView Object Recognized!
Type : File
Data : MSView.inf
Category : Malware
Comment :
Object : C:\WINDOWS\inf\



WurldMedia Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : SID

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : file

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : cls

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : tv

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : ffn

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : shopopt

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : rlc

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : alc

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : AE131

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : AE155

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : lvmd

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : AE205

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : AE207

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : AE153

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : AE120432

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : AE120431

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : AE121226

WurldMedia Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\morp
Value : AE121225

WurldMedia Object Recognized!
Type : File
Data : mo001.dat
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\



WurldMedia Object Recognized!
Type : File
Data : moad02020217.de
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\



VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vendor\xml

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vendor\xml
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vendor

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTI4d5OfSDist

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTI4d5OfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTT4o5pListSPos

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTI4n5ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTI4n5ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTI4n5ProgSLstest

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTC4n5trSEvnt

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTC4n5trMsgSDisp

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTC4S5Insur

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTT4h5rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TT4C5ntrSTransac

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTC4u5rrentSMode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTC4n5tFyl

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTM4o5deSSync

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTT4h5rshSBath

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTT4h5rshSysSInf

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTT4h5rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTI4g5noreS

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTs4t5i6cky1S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTs4t5icky2S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TT4N5a6tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTD4s5tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTD4s5tSCHost

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTD4s5tSCPath

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTS4t5atusOfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTL3a4stMotsSDay

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTL3a4stSSChckin

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTC1o4d5eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTT4i5m6eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTs4t5i6cky2S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTs4t5i6cky3S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTs4t5i6cky4S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTs4t5icky1S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTs4t5icky3S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTs4t5icky4S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\twaintec
Value : TTP4D5om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

VX2 Object Recognized!
Type : File
Data : twaintec.ini
Category : Malware
Comment :
Object : C:\WINDOWS\



VX2 Object Recognized!
Type : File
Data : satmat.inf
Category : Malware
Comment :
Object : C:\WINDOWS\lastgood\inf\



VX2 Object Recognized!
Type : File
Data : satmat.PNF
Category : Malware
Comment :
Object : C:\WINDOWS\lastgood\inf\



VX2 Object Recognized!
Type : File
Data : twtini.inf
Category : Malware
Comment :
Object : C:\WINDOWS\inf\



VX2 Object Recognized!
Type : File
Data : twaintec.inf
Category : Malware
Comment :
Object : C:\WINDOWS\inf\



VX2 Object Recognized!
Type : File
Data : twaintec.PNF
Category : Malware
Comment :
Object : C:\WINDOWS\inf\



VX2 Object Recognized!
Type : File
Data : bitmap1.bmp
Category : Malware
Comment :
Object : C:\DOKUME~1\Uwe\LOKALE~1\Temp\



Cydoor Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\AdCache

Cydoor Object Recognized!
Type : File
Data : B_260_0_1_611000.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\adcache\



Cydoor Object Recognized!
Type : File
Data : B_260_0_2_440700.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\adcache\



Cydoor Object Recognized!
Type : File
Data : B_260_0_2_440800.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\adcache\



Cydoor Object Recognized!
Type : File
Data : B_260_0_3_450300.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\adcache\



Cydoor Object Recognized!
Type : File
Data : B_260_0_3_476200.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\adcache\



Cydoor Object Recognized!
Type : File
Data : B_260_0_3_489700.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\adcache\



Cydoor Object Recognized!
Type : File
Data : B_260_0_3_495200.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\adcache\



Cydoor Object Recognized!
Type : File
Data : B_260_0_3_528700.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\adcache\



Cydoor Object Recognized!
Type : File
Data : B_260_0_3_528800.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\adcache\



Cydoor Object Recognized!
Type : File
Data : B_260_0_3_528900.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\adcache\



Cydoor Object Recognized!
Type : File
Data : B_260_0_3_543200.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\adcache\



Cydoor Object Recognized!
Type : File
Data : B_260_0_3_599500.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\adcache\



Cydoor Object Recognized!
Type : File
Data : B_260_0_4_495900.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\adcache\



Cydoor Object Recognized!
Type : File
Data : B_260_0_4_499300.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\adcache\



Cydoor Object Recognized!
Type : File
Data : B_260_0_4_499600.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\adcache\



Cydoor Object Recognized!
Type : File
Data : B_260_0_4_529000.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\adcache\



Cydoor Object Recognized!
Type : File
Data : B_260_0_4_581800.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\adcache\



Cydoor Object Recognized!
Type : File
Data : B_260_0_4_596800.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\adcache\



Cydoor Object Recognized!
Type : File
Data : B_260_0_4_597200.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\adcache\



Cydoor Object Recognized!
Type : File
Data : B_457700.HTM
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\adcache\



Cydoor Object Recognized!
Type : File
Data : B_468400.GIF
Category : Data Miner
Comment :
Object : C:\WINDOWS\System32\adcache\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 102
Objects found so far: 339

20:55:06 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:15:57.998
Objects scanned:115266
Objects identified:307
Objects ignored:0
New critical objects:307


MfG Ginny66
Seitenanfang Seitenende
09.04.2005, 21:44
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 Loesche.

C:\Dokumente und Einstellungen\Uwe\Anwendungsdaten\lopsearch.exe

C:\WINDOWS\System32\mo001.dat

C:\WINDOWS\twaintec.ini

C:\WINDOWS\System32\AdCache

C:\DOKUME~1\Uwe\LOKALE~1\Temp\bitmap1.bmp
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
09.04.2005, 21:56
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#11

Zitat

Sabina postete
Hallo@Ginny66

L2mfix
1. Laden Sie L2mfix von hier :
2.
http://bilder.informationsarchiv.net/Nikitas_Tools/l2mfix.exe
3. Speichern Sie die Datei auf Ihren Desktop und doppel-klicken Sie click l2mfix.exe.
4. Klicken Sie auf Installieren um die Dateien zu extrahieren und folgen Sie den Anweisungen während der Installation.
5. Dann öffnen Sie den auf Ihrem Desktop neuerstellten Ordner l2mfix
6. Doppel-klicken Sie die Datei l2mfix.bat und tippen sie eine 1 und drücken Sie [Enter], um Find log laufen zu lassen. Dies wird Ihren Computer scannen. Es kann sein, das es so aussieht als ob nichts passiert, aber nach 1 oder 2 Minuten wird sich Notepad mit einem Log öffnen.
7. Kopieren Sie den Inhalt durch Strg+A und fügen Sie den Inhalt in Ihren Thread durch Strg+V...oder einfach mit der Maus abkopieren Wink

WICHTIG:Nutzen Sie nicht Option 2, oder jegliche andere Dateien aus dem l2mfix Ordner, bis Sie dazu aufgefordert werden!

8. Schließen Sie alle offenen Programme , da der nächste Schritt einen Neustart erfordert. Klicken Sie erneut auf l2mfix.bat und tippen Sie 2 ein --> [Enter].
9. Drücken Sie eine beliebige Taste um einen Systemneustart einzuleiten.
10. Nach dem Neustart, werden Ihre Icons auf dem Desktop kurz erscheinen und kurz verschwinden - dies ist NORMAL.
11. L2mfix wird den Systemscan fortsetzen und wenn es fertig ist, wird sich Notepad öffnen und einen Log anzeigen. Kopieren Sie auch diesen hier in den Thread rein (Strg+C & Strg+V). Posten Sie ausserdem einen aktuellen HijackThis Log.

WICHTIG: Nutzen Sie nicht Option 2, oder jegliche andere Dateien aus dem l2mfix Ordner, bis Sie dazu aufgefordert werden!

12. Doppel-klicken Sie erneut auf l2mfix.bat und geben Sie 4 ein. Bestätigen Sie mit [Enter].
13. Dies stellt die Winlogon Standardeinstellungen wieder her.
14. Posten Sie einen aktuellen HijackThis Log

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
10.04.2005, 13:07
...neu hier

Themenstarter

Beiträge: 7
#12 Hallo Sabina!

Hier ist zunächst mal der L2MFIX-Logfile mit der 1:

L2MFIX find log 1.02b
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"Q312461"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Eigenschaften fr Multimediadatei"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite fr Dokumente"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen fr Freigaben"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Grafikkarten"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Bildschirme"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung fr Datentr„gerkopien"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen fr Microsoft Windows-Netzwerkobjekte"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung fr Webdrucker"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung fr HyperTerminal-Icons"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen fr Freigaben"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Eigenschaftenseitenerweiterung des automatischen Updates"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen fr Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausfhren..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Syntaxanalyse der Adressleiste"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begráungsbildschirm"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abzgen ber das Internet"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverknpfung"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v8"
"{57C51AF9-DEF7-11D3-A801-00C04F163490}"="Ghost Shell Extension"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
nv4_disp.dll Thu 24 Feb 2005 7:32:00 A.... 3.973.888 3,79 M
nvcod.dll Thu 24 Feb 2005 7:32:00 A.... 32.256 31,50 K
nvcodins.dll Thu 24 Feb 2005 7:32:00 A.... 32.256 31,50 K
nvcpl.dll Thu 24 Feb 2005 7:32:00 A.... 5.537.792 5,28 M
nvhwvid.dll Thu 24 Feb 2005 7:32:00 A.... 540.672 528,00 K
nview.dll Thu 24 Feb 2005 7:32:00 A.... 1.458.176 1,39 M
nvmctray.dll Thu 24 Feb 2005 7:32:00 A.... 86.016 84,00 K
nvnt4cpl.dll Thu 24 Feb 2005 7:32:00 A.... 245.760 240,00 K
nvoglnt.dll Thu 24 Feb 2005 7:32:00 A.... 5.332.992 5,09 M
nvrsar.dll Thu 24 Feb 2005 7:32:00 A.... 307.200 300,00 K
nvrscs.dll Thu 24 Feb 2005 7:32:00 A.... 229.376 224,00 K
nvrsda.dll Thu 24 Feb 2005 7:32:00 A.... 237.568 232,00 K
nvrsde.dll Thu 24 Feb 2005 7:32:00 A.... 258.048 252,00 K
nvrsel.dll Thu 24 Feb 2005 7:32:00 A.... 262.144 256,00 K
nvrseng.dll Thu 24 Feb 2005 7:32:00 A.... 229.376 224,00 K
nvrses.dll Thu 24 Feb 2005 7:32:00 A.... 262.144 256,00 K
nvrsesm.dll Thu 24 Feb 2005 7:32:00 A.... 253.952 248,00 K
nvrsfi.dll Thu 24 Feb 2005 7:32:00 A.... 229.376 224,00 K
nvrsfr.dll Thu 24 Feb 2005 7:32:00 A.... 266.240 260,00 K
nvrshe.dll Thu 24 Feb 2005 7:32:00 A.... 303.104 296,00 K
nvrshu.dll Thu 24 Feb 2005 7:32:00 A.... 241.664 236,00 K
nvrsit.dll Thu 24 Feb 2005 7:32:00 A.... 262.144 256,00 K
nvrsja.dll Thu 24 Feb 2005 7:32:00 A.... 249.856 244,00 K
nvrsko.dll Thu 24 Feb 2005 7:32:00 A.... 245.760 240,00 K
nvrsnl.dll Thu 24 Feb 2005 7:32:00 A.... 253.952 248,00 K
nvrsno.dll Thu 24 Feb 2005 7:32:00 A.... 237.568 232,00 K
nvrspl.dll Thu 24 Feb 2005 7:32:00 A.... 237.568 232,00 K
nvrspt.dll Thu 24 Feb 2005 7:32:00 A.... 253.952 248,00 K
nvrsptb.dll Thu 24 Feb 2005 7:32:00 A.... 249.856 244,00 K
nvrsru.dll Thu 24 Feb 2005 7:32:00 A.... 249.856 244,00 K
nvrssk.dll Thu 24 Feb 2005 7:32:00 A.... 237.568 232,00 K
nvrssl.dll Thu 24 Feb 2005 7:32:00 A.... 237.568 232,00 K
nvrssv.dll Thu 24 Feb 2005 7:32:00 A.... 237.568 232,00 K
nvrstr.dll Thu 24 Feb 2005 7:32:00 A.... 237.568 232,00 K
nvrszhc.dll Thu 24 Feb 2005 7:32:00 A.... 208.896 204,00 K
nvrszht.dll Thu 24 Feb 2005 7:32:00 A.... 114.688 112,00 K
nvshell.dll Thu 24 Feb 2005 7:32:00 A.... 466.944 456,00 K
nvwddi.dll Thu 24 Feb 2005 7:32:00 A.... 81.920 80,00 K
nvwdmcpl.dll Thu 24 Feb 2005 7:32:00 A.... 1.662.976 1,59 M
nvwimg.dll Thu 24 Feb 2005 7:32:00 A.... 1.019.904 996,00 K
nvwrsar.dll Thu 24 Feb 2005 7:32:00 A.... 274.432 268,00 K
nvwrscs.dll Thu 24 Feb 2005 7:32:00 A.... 278.528 272,00 K
nvwrsda.dll Thu 24 Feb 2005 7:32:00 A.... 290.816 284,00 K
nvwrsde.dll Thu 24 Feb 2005 7:32:00 A.... 303.104 296,00 K
nvwrsel.dll Thu 24 Feb 2005 7:32:00 A.... 331.776 324,00 K
nvwrseng.dll Thu 24 Feb 2005 7:32:00 A.... 278.528 272,00 K
nvwrses.dll Thu 24 Feb 2005 7:32:00 A.... 327.680 320,00 K
nvwrsesm.dll Thu 24 Feb 2005 7:32:00 A.... 319.488 312,00 K
nvwrsfi.dll Thu 24 Feb 2005 7:32:00 A.... 294.912 288,00 K
nvwrsfr.dll Thu 24 Feb 2005 7:32:00 A.... 319.488 312,00 K
nvwrshe.dll Thu 24 Feb 2005 7:32:00 A.... 274.432 268,00 K
nvwrshu.dll Thu 24 Feb 2005 7:32:00 A.... 307.200 300,00 K
nvwrsit.dll Thu 24 Feb 2005 7:32:00 A.... 319.488 312,00 K
nvwrsja.dll Thu 24 Feb 2005 7:32:00 A.... 208.896 204,00 K
nvwrsko.dll Thu 24 Feb 2005 7:32:00 A.... 192.512 188,00 K
nvwrsnl.dll Thu 24 Feb 2005 7:32:00 A.... 311.296 304,00 K
nvwrsno.dll Thu 24 Feb 2005 7:32:00 A.... 294.912 288,00 K
nvwrspl.dll Thu 24 Feb 2005 7:32:00 A.... 290.816 284,00 K
nvwrspt.dll Thu 24 Feb 2005 7:32:00 A.... 319.488 312,00 K
nvwrsptb.dll Thu 24 Feb 2005 7:32:00 A.... 311.296 304,00 K
nvwrsru.dll Thu 24 Feb 2005 7:32:00 A.... 307.200 300,00 K
nvwrssk.dll Thu 24 Feb 2005 7:32:00 A.... 290.816 284,00 K
nvwrssl.dll Thu 24 Feb 2005 7:32:00 A.... 294.912 288,00 K
nvwrssv.dll Thu 24 Feb 2005 7:32:00 A.... 290.816 284,00 K
nvwrstr.dll Thu 24 Feb 2005 7:32:00 A.... 299.008 292,00 K
nvwrszhc.dll Thu 24 Feb 2005 7:32:00 A.... 159.744 156,00 K
nvwrszht.dll Thu 24 Feb 2005 7:32:00 A.... 163.840 160,00 K
sockspy.dll Thu 7 Apr 2005 7:43:40 A.... 73.728 72,00 K

68 items found: 68 files, 0 directories.
Total of file sizes: 34.795.264 bytes 33,18 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1880-A677

Verzeichnis von C:\WINDOWS\System32

27.03.2005 15:44 <DIR> dllcache
21.11.2001 12:57 <DIR> Microsoft
30.09.1999 20:21 166.672 mstext35.dll
28.09.1999 22:42 1.050.896 msjet35.dll
09.09.1999 23:06 168.720 msltus35.dll
09.09.1999 23:06 252.688 msexcl35.dll
25.08.1999 15:57 415.504 msrepl35.dll
07.06.1999 19:59 250.128 mspdox35.dll
25.04.1999 18:00 287.504 Msxbse35.dll
7 Datei(en) 2.592.112 Bytes
2 Verzeichnis(se), 10.706.636.800 Bytes frei


L2MFIX-Logfile mit der 2:

L2Mfix 1.02b

Running From:
C:\Dokumente und Einstellungen\Uwe\Desktop\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- Jeder
(ID-NI) ALLOW Read VORDEFINIERT\Benutzer
(ID-IO) ALLOW Read VORDEFINIERT\Benutzer
(ID-NI) ALLOW Read VORDEFINIERT\Hauptbenutzer
(ID-IO) ALLOW Read VORDEFINIERT\Hauptbenutzer
(ID-NI) ALLOW Full access VORDEFINIERT\Administratoren
(ID-IO) ALLOW Full access VORDEFINIERT\Administratoren
(ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access ERSTELLER-BESITZER



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C access for really "Everyone"
- adding new ACCESS DENY entry
- removing existing ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- Jeder
(ID-NI) ALLOW Read VORDEFINIERT\Benutzer
(ID-IO) ALLOW Read VORDEFINIERT\Benutzer
(ID-NI) ALLOW Read VORDEFINIERT\Hauptbenutzer
(ID-IO) ALLOW Read VORDEFINIERT\Hauptbenutzer
(ID-NI) ALLOW Full access VORDEFINIERT\Administratoren
(ID-IO) ALLOW Full access VORDEFINIERT\Administratoren
(ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access ERSTELLER-BESITZER



Setting up for Reboot


Starting Reboot!

C:\Dokumente und Einstellungen\Uwe\Desktop\l2mfix
System Rebooted!

Running From:
C:\Dokumente und Einstellungen\Uwe\Desktop\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1892 'explorer.exe'
Killing PID 1892 'explorer.exe'
Killing PID 1892 'explorer.exe'
Killing PID 1892 'explorer.exe'
Killing PID 1892 'explorer.exe'
Killing PID 1892 'explorer.exe'
Killing PID 1892 'explorer.exe'
Killing PID 1892 'explorer.exe'
Killing PID 1892 'explorer.exe'
Killing PID 1892 'explorer.exe'
Killing PID 1892 'explorer.exe'
Killing PID 1892 'explorer.exe'
Killing PID 1892 'explorer.exe'
Killing PID 1892 'explorer.exe'
Killing PID 1892 'explorer.exe'
Killing PID 1892 'explorer.exe'
Killing PID 1892 'explorer.exe'
Killing PID 1892 'explorer.exe'
Killing PID 1892 'explorer.exe'
Killing PID 1892 'explorer.exe'
Killing PID 1892 'explorer.exe'
Killing PID 1892 'explorer.exe'
Killing PID 1892 'explorer.exe'
Killing PID 1892 'explorer.exe'
Killing PID 1892 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 576 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!

Zipping up files for submission:
adding: clear.reg (164 bytes security) (deflated 2%)
adding: echo.reg (164 bytes security) (deflated 9%)
adding: direct.txt (164 bytes security) (stored 0%)
adding: L2MFIX-log1.txt (164 bytes security) (deflated 67%)
adding: lo2.txt (164 bytes security) (deflated 77%)
adding: readme.txt (164 bytes security) (deflated 49%)
adding: report.txt (164 bytes security) (deflated 67%)
adding: test.txt (164 bytes security) (stored 0%)
adding: test2.txt (164 bytes security) (stored 0%)
adding: test3.txt (164 bytes security) (stored 0%)
adding: test5.txt (164 bytes security) (stored 0%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for really "Everyone"


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read VORDEFINIERT\Benutzer
(ID-IO) ALLOW Read VORDEFINIERT\Benutzer
(ID-NI) ALLOW Read VORDEFINIERT\Hauptbenutzer
(ID-IO) ALLOW Read VORDEFINIERT\Hauptbenutzer
(ID-NI) ALLOW Full access VORDEFINIERT\Administratoren
(ID-IO) ALLOW Full access VORDEFINIERT\Administratoren
(ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access ERSTELLER-BESITZER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332


The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************


HijackThis- Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 13:24:20, on 10.04.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Programme\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Softwin\BitDefender8\vsserv.exe
C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Programme\Softwin\BitDefender8\bdoesrv.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Softwin\BitDefender8\bdswitch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Uwe\Lokale Einstellungen\Temp\Temporäres Verzeichnis 2 für hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Programme\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Programme\Softwin\BitDefender8\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Programme\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Programme\Washer\washidx.exe "Uwe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: DSLMON.lnk = C:\Programme\Analog Devices\Teledat 300 USB Treiber\DSLMON.exe
O4 - Global Startup: Monitor.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Programme\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{310A717B-1159-4478-973B-5C552BD7D43F}: NameServer = 217.237.150.225 217.237.150.141
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programme\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: GBPoll - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe


L2MFIX-Logfile mit der 4:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


Hier der letzte HijackThis-Log:

Logfile of HijackThis v1.99.1
Scan saved at 13:29:21, on 10.04.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Programme\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Softwin\BitDefender8\vsserv.exe
C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Programme\Softwin\BitDefender8\bdoesrv.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Softwin\BitDefender8\bdswitch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Uwe\Lokale Einstellungen\Temp\Temporäres Verzeichnis 3 für hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Programme\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Programme\Softwin\BitDefender8\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Programme\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Programme\Washer\washidx.exe "Uwe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: DSLMON.lnk = C:\Programme\Analog Devices\Teledat 300 USB Treiber\DSLMON.exe
O4 - Global Startup: Monitor.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Programme\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{310A717B-1159-4478-973B-5C552BD7D43F}: NameServer = 217.237.150.225 217.237.150.141
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programme\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: GBPoll - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe

MfG Ginnyteddy
Dieser Beitrag wurde am 10.04.2005 um 13:34 Uhr von Ginny66 editiert.
Seitenanfang Seitenende
10.04.2005, 14:46
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#13 Hallo@Ginny66

Lade;)ownload the beta* of our new anti-spyware software today
http://www.microsoft.com/athome/security/spyware/software/default.mspx


Wie kann ich das Service Pack 2 installieren?


Sie können Windows XP Service Pack 2 mit der Funktion Windows Update oder von CD installieren.

[A] Installation über Windows Update (Internet)

1. Wählen Sie im Start-Menü den Befehl Windows Update.
Sie werden automatisch mit der Internetseite Windows Update verbunden (Internetverbindung vorausgesetzt).

2. Aktivieren Sie Windows XP Servicepack 2 und Updates installieren.

Installation von CD

1. Legen Sie die CD mit Service Pack 2 in das CD-Laufwerk Ihres PCs ein.
2. Klicken Sie nach dem Autostart auf Weiter.
3. Lesen Sie aufmerksam die Informationen Was sie wissen sollten, bevor sie mit der Installation beginnen.
4. Starten Sie das Setup, in dem Sie Jetzt installieren klicken.
5. Folgen Sie den weiteren Anweisungen.

Am Sichersten ist es, wenn man das SP2 schon von einer CD vor dem Anschluss ans Internet installiert hat. Diese Updates werden regelmässig in PC-Zeitschriften angeboten oder man lädt und brennt sie sich selbst , so dass man sie zur Hand hat, wenn eine Neuinstallation notwendig geworden ist.

Außerdem gibt es beim Microsoft-Support auch die Möglichkeit diese CD kostenlos anzufordern und sich zuschicken zu lassen.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
10.04.2005, 23:16
...neu hier

Themenstarter

Beiträge: 7
#14 Hallo Sabina!

Vielen Dank für Deine unendliche Geduld. Man konnte Deinen Anweisungen supergut folgen. Ohne Hilfe hätte ich das nicht hingekriegt.

MfG Ginny66
Seitenanfang Seitenende