http://www.lop.com/searchbar.html entfernen |
||
---|---|---|
#0
| ||
05.04.2005, 23:09
...neu hier
Beiträge: 7 |
||
|
||
06.04.2005, 17:54
Ehrenmitglied
Beiträge: 29434 |
#2
Hallo@Ginny66
start<Ausfuehren<regedit HKEY_LOCAL_MACHINE\Software falls du folgende Eintraege findest, loesche sie mit rechtskliclk * ckotetlllyllshz * kseateasteestoe * rhvlveasteafpr * ssaxstxoaieoagrh * TrinityAYB #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lop.com/searchbar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.lop.com/searchbar.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lop.com/searchbar.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.lop.com/searchbar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.lop.com/searchbar.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.lop.com/searchbar.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: IPInsigtObj Class - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINDOWS\IPINSIGT.DLL O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll O2 - BHO: IEHlprObj Class - {700944A0-9399-4D84-A0BE-EDD754923D7D} - C:\WINDOWS\system32\mo030414s.dll O2 - BHO: TChkBHO Class - {96C44C0F-F8D1-4052-A34E-19255E0ABEF5} - C:\WINDOWS\system32\fzfken.dll O2 - BHO: Swish Browser Helper - {D44B5436-B3E4-4595-B0E9-106690E70A58} - C:\DOKUME~1\Uwe\ANWEND~1\plg_ie0.dll O3 - Toolbar: Accessories - {9B35A850-66AB-4c6d-8A66-136ECADCD904} - C:\DOKUME~1\Uwe\ANWEND~1\plg_ie0.dll O4 - HKLM\..\Run: [szuejzitzyoe] C:\WINDOWS\System32\ifykzh.exe PC neustarten •KillBox http://www.bleepingcomputer.com/files/killbox.php •Delete File on Reboot <--anhaken und klick auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" C:\WINDOWS\desktop.htm C:\WINDOWS\dnserror.htm C:\WINDOWS\jexpoofro.htm C:\WINDOWS\i_dnserr.gif C:\WINDOWS\s_dnserr.gif C:\WINDOWS\r_dnserr.gif C:\WINDOWS\b_dnserr.gif C:\WINDOWS\tiejexpoo.gif C:\WINDOWS\xiejexpoo.gif C:\WINDOWS\oiejexpoo.gif C:\WINDOWS\uiejexpoo.gif * C:\WINDOWS\System32\asshuktr.exe * C:\WINDOWS\System32\bilyooas.exe * C:\WINDOWS\System32\byb_save.exe * C:\WINDOWS\System32\crgbeaoa.exe * C:\WINDOWS\System32\eaymulyl.exe * C:\WINDOWS\System32\eeublidc.exe * C:\WINDOWS\System32\glxshmcr.exe * C:\WINDOWS\System32\ijlysseb.exe * C:\WINDOWS\System32\jqumysto.exe * C:\WINDOWS\System32\kfriegbs.exe * C:\WINDOWS\System32\llfggrdr.exe * C:\WINDOWS\System32\lltckiey.exe * C:\WINDOWS\System32\lopsearc.exe * C:\WINDOWS\System32\meemnckyqbr.exe * C:\WINDOWS\System32\meepajlr.exe * C:\WINDOWS\System32\mprcouie.exe * C:\WINDOWS\System32\oofrkxpe.exe * C:\WINDOWS\System32\peebqusz.exe * C:\WINDOWS\System32\quveioot.exe * C:\WINDOWS\System32\shoucrck.exe * C:\WINDOWS\System32\ssmeeibl.exe * C:\WINDOWS\System32\tchpeatr.exe * C:\WINDOWS\System32\tglblrll.exe * C:\WINDOWS\System32\trstdris.exe * C:\WINDOWS\System32\ulyuiexeechp.exe * C:\WINDOWS\System32\vestufck.exe * C:\WINDOWS\System32\vfthrcbr.exe C:\WINDOWS\System32\xogyfhp.exe C:\WINDOWS\System32\ykphmbre.exe C:\WINDOWS\System32\ylynfste.exe C:\WINDOWS\IPINSIGT.DLL C:\WINDOWS\twaintec.dll C:\WINDOWS\system32\mo030414s.dll C:\WINDOWS\system32\fzfken.dll C:\Dokumente und Einstellungen\Uwe\Anwendungsdaten\plg_ie0.dll C:\WINDOWS\System32\ifykzh.exe PC neustarten CCleaner http://www.ccleaner.com/ccdownload.asp Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Versteckte Dateien und Ordner-> "alle Dateien und Ordner anzeigen" aktivieren + Im Windows-Explorer->Extras->Ordneroptionen->den Reiter "Ansicht"->Dateien und Ordner-> "Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren suche und loesche; mp3.exe FreeMP3.exe freemp3z.exe FreeMP3Music.exe free_sex_viewer.exe free_deals.exe Software_Plugin.exe download_file.exe The_Ultimate_Browser_Enhancer.exe free_plugin.exe C:\Dokumente und Einstellungen\Uwe\Anwendungsdaten\<--alles loeschen was mit dem Zeitpunkt der LOP.com-Verseuchung zusammenfaellt •eScan-Erkennungstool eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich: http://www.mwti.net/antivirus/free_utilities.asp oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche kavupd.exe, die klickst du an--> (Update- in DOS) ausführen -->mwav.exe oeffnen-->alle Haekchen setzen-->scannen-->View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben und nun alles rauskopieren, was angezeigt wird--> __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.04.2005, 23:32
...neu hier
Themenstarter Beiträge: 7 |
#3
Hallo Sabina!
Zunächst einmal vielen, vielen Dank für deine Hilfe. Konnte mich erst heute abschließend mit der Geschichte beschäftigen. Eines ist mir nicht ganz klar: Du schreibst "-->mwav.exe oeffnen-->alle Haekchen setzen-->scannen-->View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben und nun alles rauskopieren, was angezeigt wird-->" Was mache ich jetzt mit den rauskopierten Suchtreffern meiner "infected"-Suche? MfG Ginny66 |
|
|
||
08.04.2005, 23:40
Ehrenmitglied
Beiträge: 6028 |
#4
•jene zeile in der infected steht, markieren, und hier einfügen, weitersuchen usw.
•und ganz unten steht die zusammenfassung, diese auch hier posten __________ MfG Argus |
|
|
||
08.04.2005, 23:51
Ehrenmitglied
Beiträge: 29434 |
#5
Zitat •jene zeile in der infected steht, markieren, und hier einfügen, weitersuchen usw. Danke __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.04.2005, 00:15
...neu hier
Themenstarter Beiträge: 7 |
#6
Alles klar! Hier kommt's:
Thu Apr 07 20:27:27 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Services\VxD Thu Apr 07 20:27:27 2005 => Scanning File C:\WINDOWS\system32\JAVASUP.VXD Thu Apr 07 20:27:40 2005 => System found infected with Bargain Buddy Spyware/Adware ({297AFC77-2039-4D3C-BEF9-598819EB2C8A})! Action taken: No Action Taken. Thu Apr 07 20:27:40 2005 => File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action Taken. Thu Apr 07 20:27:40 2005 => System found infected with Bargain Buddy Spyware/Adware ({BE35582C-9796-4CF1-AED9-556ADA120B38})! Action taken: No Action Taken. Thu Apr 07 20:27:40 2005 => File System Found infected by "Bargain Buddy Spyware/Adware" Virus. Action Taken: No Action Taken. Thu Apr 07 20:27:41 2005 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. Thu Apr 07 20:27:41 2005 => File System Found infected by "Alexa Spyware/Adware" Virus. Action Taken: No Action Taken. Thu Apr 07 20:27:41 2005 => System found infected with Gator Spyware/Adware ({21FFB6C0-0DA1-11D5-A9D5-00500413153C})! Action taken: No Action Taken. Thu Apr 07 20:27:41 2005 => File System Found infected by "Gator Spyware/Adware" Virus. Action Taken: No Action Taken. Thu Apr 07 20:27:41 2005 => System found infected with BetterInternet Spyware/Adware ({4534CD6B-59D6-43FD-864B-06A0D843444A})! Action taken: No Action Taken. Thu Apr 07 20:27:41 2005 => File System Found infected by "BetterInternet Spyware/Adware" Virus. Action Taken: No Action Taken. Thu Apr 07 20:27:41 2005 => System found infected with BetterInternet Spyware/Adware ({690BCCB4-6B83-4203-AE77-038C116594EC})! Action taken: No Action Taken. Thu Apr 07 20:27:41 2005 => File System Found infected by "BetterInternet Spyware/Adware" Virus. Action Taken: No Action Taken. Thu Apr 07 20:27:41 2005 => System found infected with WurldMedia Spyware/Adware ({a83e42b1-1ae7-4ce6-b128-ab0f4a126b2c})! Action taken: No Action Taken. Thu Apr 07 20:27:41 2005 => File System Found infected by "WurldMedia Spyware/Adware" Virus. Action Taken: No Action Taken. Thu Apr 07 20:27:42 2005 => Offending value found in HKCU\Software\cydoor !!! Thu Apr 07 20:27:42 2005 => System found infected with cydoor Spyware/Adware! Action taken: No Action Taken. Thu Apr 07 20:27:42 2005 => File System Found infected by "cydoor Spyware/Adware" Virus. Action Taken: No Action Taken. Thu Apr 07 20:27:42 2005 => Offending value found in HKLM\Software\gator.com !!! Thu Apr 07 20:27:42 2005 => System found infected with gator.com Spyware/Adware! Action taken: No Action Taken. Thu Apr 07 20:27:42 2005 => File System Found infected by "gator.com Spyware/Adware" Virus. Action Taken: No Action Taken. Thu Apr 07 20:27:43 2005 => Offending value found in HKLM\Software\vendor !!! Thu Apr 07 20:27:43 2005 => System found infected with vendor Spyware/Adware! Action taken: No Action Taken. Thu Apr 07 20:27:43 2005 => File System Found infected by "vendor Spyware/Adware" Virus. Action Taken: No Action Taken. Thu Apr 07 20:27:43 2005 => Offending value found in HKCU\Software\VB and VBA Program Settings !!! Thu Apr 07 20:27:43 2005 => System found infected with VB and VBA Program Settings Spyware/Adware! Action taken: No Action Taken. Thu Apr 07 20:27:43 2005 => File System Found infected by "VB and VBA Program Settings Spyware/Adware" Virus. Action Taken: No Action Taken. Thu Apr 07 20:27:43 2005 => Offending value found in HKLM\Software\TwainTec !!! Thu Apr 07 20:27:43 2005 => System found infected with TwainTec Spyware/Adware! Action taken: No Action Taken. Thu Apr 07 20:27:44 2005 => File System Found infected by "TwainTec Spyware/Adware" Virus. Action Taken: No Action Taken. Thu Apr 07 20:27:44 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\shopping community !!! Thu Apr 07 20:27:44 2005 => System found infected with shopping community Spyware/Adware! Action taken: No Action Taken. Thu Apr 07 20:27:44 2005 => File System Found infected by "shopping community Spyware/Adware" Virus. Action Taken: No Action Taken. Thu Apr 07 20:27:44 2005 => Offending value found in HKLM\Software\morp !!! Thu Apr 07 20:27:44 2005 => System found infected with morp Spyware/Adware! Action taken: No Action Taken. Thu Apr 07 20:27:44 2005 => File System Found infected by "morp Spyware/Adware" Virus. Action Taken: No Action Taken. Thu Apr 07 20:27:44 2005 => Offending value found in HKLM\Software\mscrp !!! Thu Apr 07 20:27:44 2005 => System found infected with mscrp Spyware/Adware! Action taken: No Action Taken. Thu Apr 07 20:27:44 2005 => File System Found infected by "mscrp Spyware/Adware" Virus. Action Taken: No Action Taken. Thu Apr 07 20:27:45 2005 => Offending value found in HKCU\Software\wurld media !!! Thu Apr 07 20:27:45 2005 => System found infected with wurld media Spyware/Adware! Action taken: No Action Taken. Thu Apr 07 20:27:45 2005 => File System Found infected by "wurld media Spyware/Adware" Virus. Action Taken: No Action Taken. Thu Apr 07 20:27:45 2005 => Offending value found in HKCU\Software\trinityayb !!! Thu Apr 07 20:27:45 2005 => System found infected with trinityayb Spyware/Adware! Action taken: No Action Taken. Thu Apr 07 20:27:45 2005 => File System Found infected by "trinityayb Spyware/Adware" Virus. Action Taken: No Action Taken. Thu Apr 07 20:28:02 2005 => File C:\WINDOWS\MSView.DLL infected by "not-a-virus:AdWare.BiSpy.m" Virus. Action Taken: No Action Taken. Thu Apr 07 20:28:03 2005 => File C:\WINDOWS\MSVprep.exe infected by "not-a-virus:AdWare.BiSpy.r" Virus. Action Taken: No Action Taken. Thu Apr 07 20:30:23 2005 => File C:\WINDOWS\System32\mocupd.exe infected by "not-a-virus:AdWare.WurldMedia.b" Virus. Action Taken: No Action Taken. Thu Apr 07 20:37:00 2005 => File C:\Dokumente und Einstellungen\Uwe\Anwendungsdaten\lopsearch.exe infected by "not-a-virus:AdWare.Lop" Virus. Action Taken: No Action Taken. Thu Apr 07 22:08:31 2005 => Scanning Folder: C:\Programme\Softwin\BitDefender8\Infected\*.* Thu Apr 07 22:28:24 2005 => File C:\WINDOWS\Downloaded Program Files\Download_Plugin.exe infected by "not-a-virus:AdWare.Lop" Virus. Action Taken: No Action Taken. Thu Apr 07 22:42:52 2005 => File C:\WINDOWS\MSView.DLL infected by "not-a-virus:AdWare.BiSpy.m" Virus. Action Taken: No Action Taken. Thu Apr 07 22:42:52 2005 => File C:\WINDOWS\MSVprep.exe infected by "not-a-virus:AdWare.BiSpy.r" Virus. Action Taken: No Action Taken. Thu Apr 07 22:52:49 2005 => File C:\WINDOWS\system32\mocupd.exe infected by "not-a-virus:AdWare.WurldMedia.b" Virus. Action Taken: No Action Taken. Fri Apr 08 22:14:05 2005 => File C:\WINDOWS\Downloaded Program Files\Download_Plugin.exe infected by "not-a-virus:AdWare.Lop" Virus. Action Taken: No Action Taken. Fri Apr 08 22:26:51 2005 => File C:\WINDOWS\MSView.DLL infected by "not-a-virus:AdWare.BiSpy.m" Virus. Action Taken: No Action Taken. Fri Apr 08 22:26:51 2005 => File C:\WINDOWS\MSVprep.exe infected by "not-a-virus:AdWare.BiSpy.r" Virus. Action Taken: No Action Taken. Fri Apr 08 22:33:30 2005 => File C:\WINDOWS\system32\mocupd.exe infected by "not-a-virus:AdWare.WurldMedia.b" Virus. Action Taken: No Action Taken. Fri Apr 08 22:36:34 2005 => ***** Checking for specific ITW Viruses ***** Fri Apr 08 22:36:34 2005 => Checking for Welchia Virus... Fri Apr 08 22:36:34 2005 => Checking for LovGate Virus... Fri Apr 08 22:36:34 2005 => Checking for CodeRed Virus... Fri Apr 08 22:36:34 2005 => Checking for OpaServ Virus... Fri Apr 08 22:36:34 2005 => Checking for Sobig.e Virus... Fri Apr 08 22:36:34 2005 => Checking for Winupie Virus... Fri Apr 08 22:36:34 2005 => Checking for Swen Virus... Fri Apr 08 22:36:34 2005 => Checking for JS.Fortnight Virus... Fri Apr 08 22:36:34 2005 => Checking for Novarg Virus... Fri Apr 08 22:36:34 2005 => Checking for Pagabot Virus... Fri Apr 08 22:36:34 2005 => Checking for Parite.b Virus... Fri Apr 08 22:36:34 2005 => Checking for Parite.a Virus... Fri Apr 08 22:36:34 2005 => ***** Scanning complete. ***** Fri Apr 08 22:36:34 2005 => Total Objects Scanned: 56229 Fri Apr 08 22:36:34 2005 => Total Virus(es) Found: 30 Fri Apr 08 22:36:34 2005 => Total Disinfected Files: 0 Fri Apr 08 22:36:34 2005 => Total Files Renamed: 0 Fri Apr 08 22:36:34 2005 => Total Deleted Objects: 0 Fri Apr 08 22:36:34 2005 => Total Errors: 4 Fri Apr 08 22:36:34 2005 => Time Elapsed: 02:40:31 Fri Apr 08 22:36:34 2005 => Virus Database Date: 2005/04/06 Fri Apr 08 22:36:34 2005 => Virus Database Count: 124827 Fri Apr 08 22:36:34 2005 => Scan Completed. MfG Ginny66 |
|
|
||
09.04.2005, 00:20
Ehrenmitglied
Beiträge: 29434 |
#7
Hallo@Ginny66
•KillBox http://www.bleepingcomputer.com/files/killbox.php •Delete File on Reboot <--anhaken und klick auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" C:\WINDOWS\MSView.DLL C:\WINDOWS\MSVprep.exe C:\WINDOWS\System32\mocupd.exe C:\WINDOWS\Downloaded Program Files\Download_Plugin.exe neustarten #Ad-aware SE Personal 1.05 Updated http://fileforum.betanews.com/detail/965718306/1 Laden--> Updaten-->scannen-->PC neustarten--> noch mal scannen--> poste das Log vom Scann __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.04.2005, 21:09
...neu hier
Themenstarter Beiträge: 7 |
#8
Hallo Sabina!
Der Ad-Aware Log ist elendiglich lang: Ad-Aware SE Build 1.05 Logfile Created on:Samstag, 9. April 2005 20:39:08 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R37 07.04.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Alexa(TAC index:5):3 total references Claria(TAC index:7):6 total references CommonName(TAC index:7):1 total references Cydoor(TAC index:7):66 total references Dialer(TAC index:5):18 total references Hi-Wire(TAC index:4):22 total references IPInsight(TAC index:7):22 total references Lop(TAC index:7):49 total references MainPean Dialer(TAC index:5):10 total references MRU List(TAC index:0):33 total references MSView(TAC index:10):3 total references SecretCrush(TAC index:3):1 total references WebDialer(TAC index:5):1 total references WurldMedia(TAC index:9):47 total references VX2(TAC index:10):57 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 09.04.2005 20:39:08 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Dokumente und Einstellungen\Uwe\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\office\10.0\powerpoint\recenttemplatelist Description : list of recent templates used by microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\office\10.0\powerpoint\recent templates Description : list of recent templates used by microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\realnetworks\realplayer\6.0\preferences Description : list of recent skins in realplayer MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\ahead\nero - burning rom\recent file list Description : list of recently used files in nero burning rom MRU List Object Recognized! Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\office\10.0\common\general Description : list of recently used symbols in microsoft office MRU List Object Recognized! Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\visual basic\6.0\recentfiles Description : list of recently used files in microsoft visual basic MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\musicmatch Description : download location of the musicmatch installer MRU List Object Recognized! Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\realnetworks\realplayer\6.0\preferences Description : list of recent clips in realplayer MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-19\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-20\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\ahead\cover designer\recent file list Description : list of recently used files in ahead cover designer MRU List Object Recognized! Location: : software\musicmatch\musicmatch jukebox\4.0\mmradio Description : information on the last station listened to using musicmatch radio MRU List Object Recognized! Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\realnetworks\realplayer\6.0\preferences Description : last login time in realplayer MRU List Object Recognized! Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\office\10.0\clip organizer\search\last query Description : last query in microsoft clip organizer MRU List Object Recognized! Location: : software\musicmatch\musicmatch jukebox\4.0\fileconv Description : file conversion location settings in musicmatch jukebox MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows media\wmsdk\general Description : windows media sdk Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 608 ThreadCreationTime : 09.04.2005 18:37:12 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 672 ThreadCreationTime : 09.04.2005 18:37:16 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 696 ThreadCreationTime : 09.04.2005 18:37:20 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 740 ThreadCreationTime : 09.04.2005 18:37:20 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 752 ThreadCreationTime : 09.04.2005 18:37:20 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 920 ThreadCreationTime : 09.04.2005 18:37:21 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 944 ThreadCreationTime : 09.04.2005 18:37:21 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1048 ThreadCreationTime : 09.04.2005 18:37:22 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1060 ThreadCreationTime : 09.04.2005 18:37:22 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1244 ThreadCreationTime : 09.04.2005 18:37:23 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:11 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1348 ThreadCreationTime : 09.04.2005 18:37:26 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:12 [dkservice.exe] FilePath : C:\Programme\Executive Software\DiskeeperWorkstation\ ProcessID : 1368 ThreadCreationTime : 09.04.2005 18:37:26 BasePriority : Normal FileVersion : 7.0.398.0 ProductVersion : 7.0.398.0 ProductName : Diskeeper (TM) Disk Defragmenter CompanyName : Executive Software International, Inc. FileDescription : DKSERVICE.EXE InternalName : DKSERVICE LegalCopyright : © 1995-2001 Executive Software Int'l, Inc. OriginalFilename : DKSERVICE #:13 [gbpoll.exe] FilePath : C:\Programme\Norton SystemWorks\Norton GoBack\ ProcessID : 1412 ThreadCreationTime : 09.04.2005 18:37:27 BasePriority : Normal #:14 [ghoststartservice.exe] FilePath : C:\Programme\Symantec\Norton Ghost 2003\ ProcessID : 1424 ThreadCreationTime : 09.04.2005 18:37:27 BasePriority : Normal FileVersion : 2003.775 ProductVersion : 2003.775 ProductName : Norton Ghost Start Service CompanyName : Symantec Corporation FileDescription : Norton Ghost Start InternalName : GhostStartService LegalCopyright : Copyright (C) 1998-2002 Symantec Corp. All rights reserved. OriginalFilename : GhostStartService.exe #:15 [nvsvc32.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1460 ThreadCreationTime : 09.04.2005 18:37:27 BasePriority : Normal FileVersion : 6.14.10.7184 ProductVersion : 6.14.10.7184 ProductName : NVIDIA Driver Helper Service, Version 71.84 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 71.84 InternalName : NVSVC LegalCopyright : (C) NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:16 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1560 ThreadCreationTime : 09.04.2005 18:37:28 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:17 [xcommsvr.exe] FilePath : C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\ ProcessID : 1648 ThreadCreationTime : 09.04.2005 18:37:28 BasePriority : Normal FileVersion : 1, 7, 0, 6 ProductVersion : 1, 7, 0, 6 ProductName : Softwin BitDefender Communicator Server CompanyName : Softwin FileDescription : BitDefender Communicator Server InternalName : XCOMMSVR LegalCopyright : Copyright © 2003-2004 Softwin OriginalFilename : xcommsvr.exe Comments : Manages communication between BitDefender components #:18 [bdss.exe] FilePath : C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\ ProcessID : 1740 ThreadCreationTime : 09.04.2005 18:37:31 BasePriority : Normal #:19 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1972 ThreadCreationTime : 09.04.2005 18:37:37 BasePriority : Normal FileVersion : 6.00.2600.0000 (xpclient.010817-1148) ProductVersion : 6.00.2600.0000 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:20 [vsserv.exe] FilePath : C:\Programme\Softwin\BitDefender8\ ProcessID : 1176 ThreadCreationTime : 09.04.2005 18:37:53 BasePriority : Normal #:21 [jusched.exe] FilePath : C:\Programme\Java\jre1.5.0_01\bin\ ProcessID : 1208 ThreadCreationTime : 09.04.2005 18:37:53 BasePriority : Normal #:22 [bdmcon.exe] FilePath : C:\PROGRA~1\Softwin\BITDEF~1\ ProcessID : 1088 ThreadCreationTime : 09.04.2005 18:37:54 BasePriority : Normal FileVersion : 8.0 ProductVersion : 8.0 ProductName : BitDefender 8 CompanyName : SOFTWIN S.R.L. FileDescription : BitDefender Management Console InternalName : Management Console LegalCopyright : © 2004 SOFTWIN S.R.L. OriginalFilename : bdmcon.exe #:23 [em_exec.exe] FilePath : C:\Programme\Logitech\MouseWare\system\ ProcessID : 856 ThreadCreationTime : 09.04.2005 18:37:55 BasePriority : Normal FileVersion : 9.78.034 ProductVersion : 9.78.034 ProductName : MouseWare CompanyName : Logitech Inc. FileDescription : Logitech Events Handler Application InternalName : Em_Exec LegalCopyright : (C) 1987-2003 Logitech. All rights reserved. LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc. OriginalFilename : Em_Exec.exe Comments : Created by the MouseWare team #:24 [bdoesrv.exe] FilePath : C:\Programme\Softwin\BitDefender8\ ProcessID : 1380 ThreadCreationTime : 09.04.2005 18:37:55 BasePriority : Normal #:25 [bdswitch.exe] FilePath : C:\Programme\Softwin\BitDefender8\ ProcessID : 1532 ThreadCreationTime : 09.04.2005 18:37:57 BasePriority : Normal #:26 [rundll32.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1544 ThreadCreationTime : 09.04.2005 18:37:57 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Eine DLL-Datei als Anwendung ausführen InternalName : rundll LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : RUNDLL.EXE #:27 [ctfmon.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1612 ThreadCreationTime : 09.04.2005 18:37:57 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:28 [dslmon.exe] FilePath : C:\Programme\Analog Devices\Teledat 300 USB Treiber\ ProcessID : 1768 ThreadCreationTime : 09.04.2005 18:38:02 BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : DSLMON Application FileDescription : ADIMON MFC Application InternalName : DSLMON LegalCopyright : Copyright (C) 2000 OriginalFilename : ADIMON.EXE #:29 [monitor.exe] FilePath : C:\Programme\Digital Image\ ProcessID : 1908 ThreadCreationTime : 09.04.2005 18:38:03 BasePriority : Normal #:30 [ad-aware.exe] FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\ ProcessID : 912 ThreadCreationTime : 09.04.2005 18:38:48 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 33 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Claria Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} Claria Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} Value : uets Claria Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} Value : GEF Claria Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} Value : GMG Claria Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c} Value : GMI CommonName Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{00000000-0000-0000-0000-000000000000} Dialer Object Recognized! Type : Regkey Data : Category : Dialer Comment : VLoading Rootkey : HKEY_CLASSES_ROOT Object : clsid\{11bf0e2b-4229-4adc-9c11-1c6968731018} Dialer Object Recognized! Type : RegValue Data : Category : Dialer Comment : VLoading Rootkey : HKEY_CLASSES_ROOT Object : clsid\{11bf0e2b-4229-4adc-9c11-1c6968731018} Value : Dialer Object Recognized! Type : Regkey Data : Category : Dialer Comment : WebDialer Rootkey : HKEY_CLASSES_ROOT Object : interface\{0d639e64-5c31-4313-b62a-1b4d99e2f284} Dialer Object Recognized! Type : RegValue Data : Category : Dialer Comment : WebDialer Rootkey : HKEY_CLASSES_ROOT Object : interface\{0d639e64-5c31-4313-b62a-1b4d99e2f284} Value : Dialer Object Recognized! Type : Regkey Data : Category : Dialer Comment : VLoading Rootkey : HKEY_CLASSES_ROOT Object : typelib\{67355a47-1544-4905-b698-4d7e5b62ec32} Dialer Object Recognized! Type : Regkey Data : Category : Dialer Comment : VLoading Rootkey : HKEY_CLASSES_ROOT Object : vloading.download Dialer Object Recognized! Type : RegValue Data : Category : Dialer Comment : VLoading Rootkey : HKEY_CLASSES_ROOT Object : vloading.download Value : Dialer Object Recognized! Type : Regkey Data : Category : Dialer Comment : VLoading Rootkey : HKEY_CLASSES_ROOT Object : vloading.download.1 Dialer Object Recognized! Type : RegValue Data : Category : Dialer Comment : VLoading Rootkey : HKEY_CLASSES_ROOT Object : vloading.download.1 Value : Hi-Wire Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{28f00b04-dc4e-11d3-abec-005004a44eeb} Hi-Wire Object Recognized! Type : RegValue Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{28f00b04-dc4e-11d3-abec-005004a44eeb} Value : Hi-Wire Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{28f00b20-dc4e-11d3-abec-005004a44eeb} Hi-Wire Object Recognized! Type : RegValue Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{28f00b20-dc4e-11d3-abec-005004a44eeb} Value : Hi-Wire Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{28f00b21-dc4e-11d3-abec-005004a44eeb} Hi-Wire Object Recognized! Type : RegValue Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{28f00b21-dc4e-11d3-abec-005004a44eeb} Value : Hi-Wire Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : hiwire.configurator Hi-Wire Object Recognized! Type : RegValue Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : hiwire.configurator Value : Hi-Wire Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : hiwire.configurator.1 Hi-Wire Object Recognized! Type : RegValue Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : hiwire.configurator.1 Value : Hi-Wire Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : hiwire.transportcenter Hi-Wire Object Recognized! Type : RegValue Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : hiwire.transportcenter Value : Hi-Wire Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : hiwire.transportcenter.1 Hi-Wire Object Recognized! Type : RegValue Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : hiwire.transportcenter.1 Value : Hi-Wire Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : hiwire.userregrequest Hi-Wire Object Recognized! Type : RegValue Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : hiwire.userregrequest Value : Hi-Wire Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : hiwire.userregrequest.1 Hi-Wire Object Recognized! Type : RegValue Data : Category : Misc Comment : Rootkey : HKEY_CLASSES_ROOT Object : hiwire.userregrequest.1 Value : IPInsight Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{297afc77-2039-4d3c-bef9-598819eb2c8a} IPInsight Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{297afc77-2039-4d3c-bef9-598819eb2c8a} Value : IPInsight Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : ipinsigt.ipinsigtobj.1 IPInsight Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : ipinsigt.ipinsigtobj.1 Value : IPInsight Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{be35582c-9796-4cf1-aed9-556ada120b38} Lop Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : swish.toolband.1 Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : swish.toolband.1 Value : Lop Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : swish.toolband Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : swish.toolband Value : Lop Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : swish.browserhelper.1 Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : swish.browserhelper.1 Value : Lop Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : swish.browserhelper Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : swish.browserhelper Value : Lop Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{9b35a850-66ab-4c6d-8a66-136ecadcd904} Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{9b35a850-66ab-4c6d-8a66-136ecadcd904} Value : MSView Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : msview.msviewobj.1 MSView Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : msview.msviewobj.1 Value : WurldMedia Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{7e5da25b-1c13-4b78-837a-b938624eba41} WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{7e5da25b-1c13-4b78-837a-b938624eba41} Value : WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{7e5da25b-1c13-4b78-837a-b938624eba41} Value : AppID WurldMedia Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{a83e42b1-1ae7-4ce6-b128-ab0f4a126b2c} WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{a83e42b1-1ae7-4ce6-b128-ab0f4a126b2c} Value : WurldMedia Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : mobho.iehlprobj WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : mobho.iehlprobj Value : WurldMedia Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : mobho.iehlprobj.1 WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : mobho.iehlprobj.1 Value : WurldMedia Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : sostatatl.stathtmlctrl WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : sostatatl.stathtmlctrl Value : WurldMedia Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : sostatatl.stathtmlctrl.1 WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : sostatatl.stathtmlctrl.1 Value : WurldMedia Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : tchk.tchkbho WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : tchk.tchkbho Value : WurldMedia Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : tchk.tchkbho.1 WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : tchk.tchkbho.1 Value : WurldMedia Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{48f35889-7f47-4a93-8876-7ab20324e5d7} WurldMedia Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{ed15346e-0aec-4b72-b23c-ed6f420fcba7} VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : vx2.vx2obj VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : vx2.vx2obj Value : VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{690bccb4-6b83-4203-ae77-038c116594ec} VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : twaintecdll.twaintecdllobj.1 VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : twaintecdll.twaintecdllobj.1 Value : VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{4534cd6b-59d6-43fd-864b-06a0d843444a} VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{4534cd6b-59d6-43fd-864b-06a0d843444a} Value : VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{00000580-c637-11d5-831c-00105ad6acf0} VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{00000580-c637-11d5-831c-00105ad6acf0} Value : Cydoor Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor Value : Vers Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor Value : Desc2 Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor Value : UserCode Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor Value : ShowChange Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor Value : ConnType Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor Value : HIS_4 Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor Value : RHIS_4 Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor Value : DHIS_4 Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor Value : HIS_5 Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor Value : RHIS_5 Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor Value : DHIS_5 Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor Value : DelHistDate Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor Value : HIS_6 Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor Value : RHIS_6 Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor Value : DHIS_6 Cydoor Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\cydoor services Hi-Wire Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\hiwire Hi-Wire Object Recognized! Type : RegValue Data : Category : Misc Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\hiwire Value : CommonFiles Hi-Wire Object Recognized! Type : Regkey Data : Category : Misc Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\hiwire Hi-Wire Object Recognized! Type : RegValue Data : Category : Misc Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\hiwire Value : CommonFiles Lop Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb Value : ts Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb Value : ld Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb Value : pn Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb Value : ui Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb Value : dc Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb Value : ros Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb Value : u2 Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb Value : bwp Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb Value : wp Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb Value : ade Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb Value : ft Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb Value : et Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb Value : SearchAssistant Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb Value : Search Page2 Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb Value : AutoSearch Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\trinityayb Value : oiehp Lop Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup Value : ts Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup Value : ld Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup Value : pn Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup Value : ui Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup Value : dc Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup Value : ros Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup Value : u2 Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup Value : bwp Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup Value : wp Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup Value : ade Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup Value : ft Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup Value : et Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup Value : SearchAssistant Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup Value : Search Page2 Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup Value : AutoSearch Lop Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\backup Value : oiehp WebDialer Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\webdialer WurldMedia Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\wurld media Claria Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\gator.com Cydoor Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cydoor Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cydoor Value : C:\Programme\eDonkey2000\gdonkey.exe Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\cydoor Value : AdwrCnt Cydoor Object Recognized! Type : Regkey Data : AdSupport_ Category : Data Miner Comment : Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\windows\currentversion\uninstall\AdSupport_260 Cydoor Object Recognized! Type : Regkey Data : AdSupport_ Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-18\software\microsoft\windows\currentversion\uninstall\AdSupport_260 Cydoor Object Recognized! Type : Regkey Data : AdSupport_ Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-19\software\microsoft\windows\currentversion\uninstall\AdSupport_260 Cydoor Object Recognized! Type : Regkey Data : AdSupport_ Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-20\software\microsoft\windows\currentversion\uninstall\AdSupport_260 Cydoor Object Recognized! Type : Regkey Data : AdSupport_ Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\windows\currentversion\uninstall\AdSupport_260 Cydoor Object Recognized! Type : Regkey Data : AdSupport_ Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\AdSupport_260 Cydoor Object Recognized! Type : RegValue Data : AdSupport_ Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\AdSupport_260 Value : DisplayName IPInsight Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\mscrp IPInsight Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\mscrp Value : morpheushome IPInsight Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\mscrp Value : mv IPInsight Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\mscrp Value : IPInsight Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\mscrp Value : AE123 IPInsight Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\mscrp Value : AE98 IPInsight Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\mscrp Value : AE119 IPInsight Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\mscrp Value : AE100 IPIns |
|
|
||
09.04.2005, 21:37
...neu hier
Themenstarter Beiträge: 7 |
#9
Diesen Log muß ich offensichtlich in zwei Teilen schicken...
IPInsight Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\mscrp Value : AE131 IPInsight Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\mscrp Value : AE156 IPInsight Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\mscrp Value : AE155 IPInsight Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\mscrp Value : lvmd MainPean Dialer Object Recognized! Type : Regkey Data : Category : Malware Comment : MainPean Rootkey : HKEY_LOCAL_MACHINE Object : software\mainpean highspeed MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : MainPean Rootkey : HKEY_LOCAL_MACHINE Object : software\mainpean highspeed Value : Pre MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : MainPean Rootkey : HKEY_LOCAL_MACHINE Object : software\mainpean highspeed Value : PreNumber MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : MainPean Rootkey : HKEY_LOCAL_MACHINE Object : software\mainpean highspeed Value : DeviceName MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : MainPean Rootkey : HKEY_LOCAL_MACHINE Object : software\mainpean highspeed Value : Country MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : MainPean Rootkey : HKEY_LOCAL_MACHINE Object : software\mainpean highspeed Value : Language MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : MainPean Rootkey : HKEY_LOCAL_MACHINE Object : software\mainpean highspeed Value : Machine MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : MainPean Rootkey : HKEY_LOCAL_MACHINE Object : software\mainpean highspeed Value : InstallFlags MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : MainPean Rootkey : HKEY_LOCAL_MACHINE Object : software\mainpean highspeed Value : PassFlags MainPean Dialer Object Recognized! Type : RegValue Data : Category : Malware Comment : MainPean Rootkey : HKEY_LOCAL_MACHINE Object : software\mainpean highspeed Value : Password WurldMedia Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\shopping community WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\shopping community Value : DisplayIcon WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\shopping community Value : DisplayName WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\shopping community Value : UninstallString Cydoor Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor Value : Vers Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor Value : Desc2 Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor Value : UserCode Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor Value : ShowChange Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor Value : ConnType Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor Value : HIS_4 Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor Value : RHIS_4 Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor Value : DHIS_4 Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor Value : HIS_5 Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor Value : RHIS_5 Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor Value : DHIS_5 Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor Value : DelHistDate Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor Value : HIS_6 Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor Value : RHIS_6 Cydoor Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor Value : DHIS_6 Cydoor Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\\software\cydoor services Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : S-1-5-21-1454471165-1708537768-1343024091-1003\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "ltr2" Rootkey : HKEY_LOCAL_MACHINE Object : software\fenx Value : ltr2 Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 193 Objects found so far: 226 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Dialer Object Recognized! Type : Regkey Data : Category : Dialer Comment : VLoading Rootkey : HKEY_LOCAL_MACHINE Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/VLoading.dll Dialer Object Recognized! Type : RegValue Data : Category : Dialer Comment : VLoading Rootkey : HKEY_LOCAL_MACHINE Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/VLoading.dll Value : .Owner Dialer Object Recognized! Type : RegValue Data : Category : Dialer Comment : VLoading Rootkey : HKEY_LOCAL_MACHINE Object : Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/VLoading.dll Value : {11BF0E2B-4229-4ADC-9C11-1C6968731018} Dialer Object Recognized! Type : File Data : /windows/downloaded program files/vloading.dll Category : Dialer Comment : Object : c:\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : VLoading Module FileDescription : VLoading Module InternalName : VLoading LegalCopyright : Copyright 2000-2002 EBS-AG OriginalFilename : VLoading.dll Dialer Object Recognized! Type : RegValue Data : C:\WINDOWS\Downloaded Program Files\VLoading.dll Category : Dialer Comment : VLoading Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\SharedDLLs Value : C:\WINDOWS\Downloaded Program Files\VLoading.dll Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 4 Objects found so far: 231 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 231 Deep scanning and examining files (C »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Lop Object Recognized! Type : File Data : deskicon.lib Category : Malware Comment : Object : C:\Dokumente und Einstellungen\Uwe\Anwendungsdaten\ Lop Object Recognized! Type : File Data : lopsearch.exe Category : Malware Comment : Object : C:\Dokumente und Einstellungen\Uwe\Anwendungsdaten\ SecretCrush Object Recognized! Type : File Data : Restart.exe Category : Malware Comment : Object : C:\Programme\Logitech\Desktop Messenger\8876480\6.1.0.155-8876480L\Program\ Dialer Object Recognized! Type : File Data : VLoading.dll Category : Dialer Comment : VLoading Object : C:\WINDOWS\Downloaded Program Files\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : VLoading Module FileDescription : VLoading Module InternalName : VLoading LegalCopyright : Copyright 2000-2002 EBS-AG OriginalFilename : VLoading.dll WurldMedia Object Recognized! Type : File Data : mostat.exe Category : Data Miner Comment : Object : C:\WINDOWS\system32\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : sostatatl Module FileDescription : sostatatl Module InternalName : sostatatl LegalCopyright : Copyright 2003 OriginalFilename : sostatatl.EXE Lop Object Recognized! Type : File Data : desktop.swf Category : Malware Comment : Object : C:\WINDOWS\Web\Wallpaper\ Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 237 Deep scanning and examining files (D »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for D:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 237 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 4 entries scanned. New critical objects:0 Objects found so far: 237 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Dialer Object Recognized! Type : Regkey Data : Category : Dialer Comment : FENX Dialer Rootkey : HKEY_LOCAL_MACHINE Object : software\fenx Dialer Object Recognized! Type : File Data : Dial32.ini Category : Dialer Comment : Object : C:\WINDOWS\ Dialer Object Recognized! Type : File Data : VLoading.inf Category : Dialer Comment : VLoading Object : C:\WINDOWS\downloaded program files\ IPInsight Object Recognized! Type : Folder Category : Data Miner Comment : Object : C:\Programme\ip IPInsight Object Recognized! Type : File Data : INSTALL.LOG Category : Data Miner Comment : Object : C:\Programme\ip\ IPInsight Object Recognized! Type : File Data : UNWISE.EXE Category : Data Miner Comment : Object : C:\Programme\ip\ IPInsight Object Recognized! Type : File Data : UNWISE.INI Category : Data Miner Comment : Object : C:\Programme\ip\ IPInsight Object Recognized! Type : File Data : Sentry.ini Category : Data Miner Comment : Object : C:\WINDOWS\ Lop Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\downloadmanager Lop Object Recognized! Type : File Data : tmp.edb Category : Malware Comment : Object : C:\WINDOWS\security\ MSView Object Recognized! Type : File Data : MSView.inf Category : Malware Comment : Object : C:\WINDOWS\inf\ WurldMedia Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\morp WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\morp Value : SID WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\morp Value : file WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\morp Value : cls WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\morp Value : tv WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\morp Value : ffn WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\morp Value : shopopt WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\morp Value : rlc WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\morp Value : alc WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\morp Value : AE131 WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\morp Value : AE155 WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\morp Value : lvmd WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\morp Value : AE205 WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\morp Value : AE207 WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\morp Value : AE153 WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\morp Value : AE120432 WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\morp Value : AE120431 WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\morp Value : AE121226 WurldMedia Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\morp Value : AE121225 WurldMedia Object Recognized! Type : File Data : mo001.dat Category : Data Miner Comment : Object : C:\WINDOWS\System32\ WurldMedia Object Recognized! Type : File Data : moad02020217.de Category : Data Miner Comment : Object : C:\WINDOWS\System32\ VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\vendor\xml VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\vendor\xml Value : VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\vendor VX2 Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTI4d5OfSDist VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTI4d5OfSInst VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTT4o5pListSPos VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTI4n5ProgSCab VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTI4n5ProgSEx VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTI4n5ProgSLstest VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTC4n5trSEvnt VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTC4n5trMsgSDisp VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTC4S5Insur VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTT4h5rshSCheckSIn VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TT4C5ntrSTransac VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTC4u5rrentSMode VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTC4n5tFyl VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTM4o5deSSync VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTT4h5rshSBath VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTT4h5rshSysSInf VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTT4h5rshSMots VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTI4g5noreS VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTs4t5i6cky1S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTs4t5icky2S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TT4N5a6tionSCode VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTD4s5tSSEnd VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTD4s5tSCHost VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTD4s5tSCPath VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTS4t5atusOfSInst VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTL3a4stMotsSDay VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTL3a4stSSChckin VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTC1o4d5eOfSFinalAd VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTT4i5m6eOfSFinalAd VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTs4t5i6cky2S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTs4t5i6cky3S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTs4t5i6cky4S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTs4t5icky1S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTs4t5icky3S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTs4t5icky4S VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\twaintec Value : TTP4D5om VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\toolbar\webbrowser Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383} VX2 Object Recognized! Type : File Data : twaintec.ini Category : Malware Comment : Object : C:\WINDOWS\ VX2 Object Recognized! Type : File Data : satmat.inf Category : Malware Comment : Object : C:\WINDOWS\lastgood\inf\ VX2 Object Recognized! Type : File Data : satmat.PNF Category : Malware Comment : Object : C:\WINDOWS\lastgood\inf\ VX2 Object Recognized! Type : File Data : twtini.inf Category : Malware Comment : Object : C:\WINDOWS\inf\ VX2 Object Recognized! Type : File Data : twaintec.inf Category : Malware Comment : Object : C:\WINDOWS\inf\ VX2 Object Recognized! Type : File Data : twaintec.PNF Category : Malware Comment : Object : C:\WINDOWS\inf\ VX2 Object Recognized! Type : File Data : bitmap1.bmp Category : Malware Comment : Object : C:\DOKUME~1\Uwe\LOKALE~1\Temp\ Cydoor Object Recognized! Type : Folder Category : Data Miner Comment : Object : C:\WINDOWS\System32\AdCache Cydoor Object Recognized! Type : File Data : B_260_0_1_611000.GIF Category : Data Miner Comment : Object : C:\WINDOWS\System32\adcache\ Cydoor Object Recognized! Type : File Data : B_260_0_2_440700.GIF Category : Data Miner Comment : Object : C:\WINDOWS\System32\adcache\ Cydoor Object Recognized! Type : File Data : B_260_0_2_440800.GIF Category : Data Miner Comment : Object : C:\WINDOWS\System32\adcache\ Cydoor Object Recognized! Type : File Data : B_260_0_3_450300.GIF Category : Data Miner Comment : Object : C:\WINDOWS\System32\adcache\ Cydoor Object Recognized! Type : File Data : B_260_0_3_476200.GIF Category : Data Miner Comment : Object : C:\WINDOWS\System32\adcache\ Cydoor Object Recognized! Type : File Data : B_260_0_3_489700.GIF Category : Data Miner Comment : Object : C:\WINDOWS\System32\adcache\ Cydoor Object Recognized! Type : File Data : B_260_0_3_495200.GIF Category : Data Miner Comment : Object : C:\WINDOWS\System32\adcache\ Cydoor Object Recognized! Type : File Data : B_260_0_3_528700.GIF Category : Data Miner Comment : Object : C:\WINDOWS\System32\adcache\ Cydoor Object Recognized! Type : File Data : B_260_0_3_528800.GIF Category : Data Miner Comment : Object : C:\WINDOWS\System32\adcache\ Cydoor Object Recognized! Type : File Data : B_260_0_3_528900.GIF Category : Data Miner Comment : Object : C:\WINDOWS\System32\adcache\ Cydoor Object Recognized! Type : File Data : B_260_0_3_543200.GIF Category : Data Miner Comment : Object : C:\WINDOWS\System32\adcache\ Cydoor Object Recognized! Type : File Data : B_260_0_3_599500.GIF Category : Data Miner Comment : Object : C:\WINDOWS\System32\adcache\ Cydoor Object Recognized! Type : File Data : B_260_0_4_495900.GIF Category : Data Miner Comment : Object : C:\WINDOWS\System32\adcache\ Cydoor Object Recognized! Type : File Data : B_260_0_4_499300.GIF Category : Data Miner Comment : Object : C:\WINDOWS\System32\adcache\ Cydoor Object Recognized! Type : File Data : B_260_0_4_499600.GIF Category : Data Miner Comment : Object : C:\WINDOWS\System32\adcache\ Cydoor Object Recognized! Type : File Data : B_260_0_4_529000.GIF Category : Data Miner Comment : Object : C:\WINDOWS\System32\adcache\ Cydoor Object Recognized! Type : File Data : B_260_0_4_581800.GIF Category : Data Miner Comment : Object : C:\WINDOWS\System32\adcache\ Cydoor Object Recognized! Type : File Data : B_260_0_4_596800.GIF Category : Data Miner Comment : Object : C:\WINDOWS\System32\adcache\ Cydoor Object Recognized! Type : File Data : B_260_0_4_597200.GIF Category : Data Miner Comment : Object : C:\WINDOWS\System32\adcache\ Cydoor Object Recognized! Type : File Data : B_457700.HTM Category : Data Miner Comment : Object : C:\WINDOWS\System32\adcache\ Cydoor Object Recognized! Type : File Data : B_468400.GIF Category : Data Miner Comment : Object : C:\WINDOWS\System32\adcache\ Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 102 Objects found so far: 339 20:55:06 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:15:57.998 Objects scanned:115266 Objects identified:307 Objects ignored:0 New critical objects:307 MfG Ginny66 |
|
|
||
09.04.2005, 21:44
Ehrenmitglied
Beiträge: 29434 |
#10
Loesche.
C:\Dokumente und Einstellungen\Uwe\Anwendungsdaten\lopsearch.exe C:\WINDOWS\System32\mo001.dat C:\WINDOWS\twaintec.ini C:\WINDOWS\System32\AdCache C:\DOKUME~1\Uwe\LOKALE~1\Temp\bitmap1.bmp __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.04.2005, 21:56
Ehrenmitglied
Beiträge: 29434 |
#11
Zitat Sabina postete __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
10.04.2005, 13:07
...neu hier
Themenstarter Beiträge: 7 |
#12
Hallo Sabina!
Hier ist zunächst mal der L2MFIX-Logfile mit der 1: L2MFIX find log 1.02b These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "Q312461"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Eigenschaften fr Multimediadatei" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite fr Dokumente" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen fr Freigaben" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Grafikkarten" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Bildschirme" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung fr Datentr„gerkopien" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen fr Microsoft Windows-Netzwerkobjekte" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung fr Webdrucker" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung fr HyperTerminal-Icons" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen fr Freigaben" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Eigenschaftenseitenerweiterung des automatischen Updates" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen fr Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausfhren..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Syntaxanalyse der Adressleiste" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begráungsbildschirm" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abzgen ber das Internet" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverknpfung" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v8" "{57C51AF9-DEF7-11D3-A801-00C04F163490}"="Ghost Shell Extension" "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class" "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu" ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ nv4_disp.dll Thu 24 Feb 2005 7:32:00 A.... 3.973.888 3,79 M nvcod.dll Thu 24 Feb 2005 7:32:00 A.... 32.256 31,50 K nvcodins.dll Thu 24 Feb 2005 7:32:00 A.... 32.256 31,50 K nvcpl.dll Thu 24 Feb 2005 7:32:00 A.... 5.537.792 5,28 M nvhwvid.dll Thu 24 Feb 2005 7:32:00 A.... 540.672 528,00 K nview.dll Thu 24 Feb 2005 7:32:00 A.... 1.458.176 1,39 M nvmctray.dll Thu 24 Feb 2005 7:32:00 A.... 86.016 84,00 K nvnt4cpl.dll Thu 24 Feb 2005 7:32:00 A.... 245.760 240,00 K nvoglnt.dll Thu 24 Feb 2005 7:32:00 A.... 5.332.992 5,09 M nvrsar.dll Thu 24 Feb 2005 7:32:00 A.... 307.200 300,00 K nvrscs.dll Thu 24 Feb 2005 7:32:00 A.... 229.376 224,00 K nvrsda.dll Thu 24 Feb 2005 7:32:00 A.... 237.568 232,00 K nvrsde.dll Thu 24 Feb 2005 7:32:00 A.... 258.048 252,00 K nvrsel.dll Thu 24 Feb 2005 7:32:00 A.... 262.144 256,00 K nvrseng.dll Thu 24 Feb 2005 7:32:00 A.... 229.376 224,00 K nvrses.dll Thu 24 Feb 2005 7:32:00 A.... 262.144 256,00 K nvrsesm.dll Thu 24 Feb 2005 7:32:00 A.... 253.952 248,00 K nvrsfi.dll Thu 24 Feb 2005 7:32:00 A.... 229.376 224,00 K nvrsfr.dll Thu 24 Feb 2005 7:32:00 A.... 266.240 260,00 K nvrshe.dll Thu 24 Feb 2005 7:32:00 A.... 303.104 296,00 K nvrshu.dll Thu 24 Feb 2005 7:32:00 A.... 241.664 236,00 K nvrsit.dll Thu 24 Feb 2005 7:32:00 A.... 262.144 256,00 K nvrsja.dll Thu 24 Feb 2005 7:32:00 A.... 249.856 244,00 K nvrsko.dll Thu 24 Feb 2005 7:32:00 A.... 245.760 240,00 K nvrsnl.dll Thu 24 Feb 2005 7:32:00 A.... 253.952 248,00 K nvrsno.dll Thu 24 Feb 2005 7:32:00 A.... 237.568 232,00 K nvrspl.dll Thu 24 Feb 2005 7:32:00 A.... 237.568 232,00 K nvrspt.dll Thu 24 Feb 2005 7:32:00 A.... 253.952 248,00 K nvrsptb.dll Thu 24 Feb 2005 7:32:00 A.... 249.856 244,00 K nvrsru.dll Thu 24 Feb 2005 7:32:00 A.... 249.856 244,00 K nvrssk.dll Thu 24 Feb 2005 7:32:00 A.... 237.568 232,00 K nvrssl.dll Thu 24 Feb 2005 7:32:00 A.... 237.568 232,00 K nvrssv.dll Thu 24 Feb 2005 7:32:00 A.... 237.568 232,00 K nvrstr.dll Thu 24 Feb 2005 7:32:00 A.... 237.568 232,00 K nvrszhc.dll Thu 24 Feb 2005 7:32:00 A.... 208.896 204,00 K nvrszht.dll Thu 24 Feb 2005 7:32:00 A.... 114.688 112,00 K nvshell.dll Thu 24 Feb 2005 7:32:00 A.... 466.944 456,00 K nvwddi.dll Thu 24 Feb 2005 7:32:00 A.... 81.920 80,00 K nvwdmcpl.dll Thu 24 Feb 2005 7:32:00 A.... 1.662.976 1,59 M nvwimg.dll Thu 24 Feb 2005 7:32:00 A.... 1.019.904 996,00 K nvwrsar.dll Thu 24 Feb 2005 7:32:00 A.... 274.432 268,00 K nvwrscs.dll Thu 24 Feb 2005 7:32:00 A.... 278.528 272,00 K nvwrsda.dll Thu 24 Feb 2005 7:32:00 A.... 290.816 284,00 K nvwrsde.dll Thu 24 Feb 2005 7:32:00 A.... 303.104 296,00 K nvwrsel.dll Thu 24 Feb 2005 7:32:00 A.... 331.776 324,00 K nvwrseng.dll Thu 24 Feb 2005 7:32:00 A.... 278.528 272,00 K nvwrses.dll Thu 24 Feb 2005 7:32:00 A.... 327.680 320,00 K nvwrsesm.dll Thu 24 Feb 2005 7:32:00 A.... 319.488 312,00 K nvwrsfi.dll Thu 24 Feb 2005 7:32:00 A.... 294.912 288,00 K nvwrsfr.dll Thu 24 Feb 2005 7:32:00 A.... 319.488 312,00 K nvwrshe.dll Thu 24 Feb 2005 7:32:00 A.... 274.432 268,00 K nvwrshu.dll Thu 24 Feb 2005 7:32:00 A.... 307.200 300,00 K nvwrsit.dll Thu 24 Feb 2005 7:32:00 A.... 319.488 312,00 K nvwrsja.dll Thu 24 Feb 2005 7:32:00 A.... 208.896 204,00 K nvwrsko.dll Thu 24 Feb 2005 7:32:00 A.... 192.512 188,00 K nvwrsnl.dll Thu 24 Feb 2005 7:32:00 A.... 311.296 304,00 K nvwrsno.dll Thu 24 Feb 2005 7:32:00 A.... 294.912 288,00 K nvwrspl.dll Thu 24 Feb 2005 7:32:00 A.... 290.816 284,00 K nvwrspt.dll Thu 24 Feb 2005 7:32:00 A.... 319.488 312,00 K nvwrsptb.dll Thu 24 Feb 2005 7:32:00 A.... 311.296 304,00 K nvwrsru.dll Thu 24 Feb 2005 7:32:00 A.... 307.200 300,00 K nvwrssk.dll Thu 24 Feb 2005 7:32:00 A.... 290.816 284,00 K nvwrssl.dll Thu 24 Feb 2005 7:32:00 A.... 294.912 288,00 K nvwrssv.dll Thu 24 Feb 2005 7:32:00 A.... 290.816 284,00 K nvwrstr.dll Thu 24 Feb 2005 7:32:00 A.... 299.008 292,00 K nvwrszhc.dll Thu 24 Feb 2005 7:32:00 A.... 159.744 156,00 K nvwrszht.dll Thu 24 Feb 2005 7:32:00 A.... 163.840 160,00 K sockspy.dll Thu 7 Apr 2005 7:43:40 A.... 73.728 72,00 K 68 items found: 68 files, 0 directories. Total of file sizes: 34.795.264 bytes 33,18 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 1880-A677 Verzeichnis von C:\WINDOWS\System32 27.03.2005 15:44 <DIR> dllcache 21.11.2001 12:57 <DIR> Microsoft 30.09.1999 20:21 166.672 mstext35.dll 28.09.1999 22:42 1.050.896 msjet35.dll 09.09.1999 23:06 168.720 msltus35.dll 09.09.1999 23:06 252.688 msexcl35.dll 25.08.1999 15:57 415.504 msrepl35.dll 07.06.1999 19:59 250.128 mspdox35.dll 25.04.1999 18:00 287.504 Msxbse35.dll 7 Datei(en) 2.592.112 Bytes 2 Verzeichnis(se), 10.706.636.800 Bytes frei L2MFIX-Logfile mit der 2: L2Mfix 1.02b Running From: C:\Dokumente und Einstellungen\Uwe\Desktop\l2mfix RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (CI) DENY --C------- Jeder (ID-NI) ALLOW Read VORDEFINIERT\Benutzer (ID-IO) ALLOW Read VORDEFINIERT\Benutzer (ID-NI) ALLOW Read VORDEFINIERT\Hauptbenutzer (ID-IO) ALLOW Read VORDEFINIERT\Hauptbenutzer (ID-NI) ALLOW Full access VORDEFINIERT\Administratoren (ID-IO) ALLOW Full access VORDEFINIERT\Administratoren (ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access ERSTELLER-BESITZER Setting registry permissions: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Denying C access for really "Everyone" - adding new ACCESS DENY entry - removing existing ACCESS DENY entry Registry Permissions set too: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (CI) DENY --C------- Jeder (ID-NI) ALLOW Read VORDEFINIERT\Benutzer (ID-IO) ALLOW Read VORDEFINIERT\Benutzer (ID-NI) ALLOW Read VORDEFINIERT\Hauptbenutzer (ID-IO) ALLOW Read VORDEFINIERT\Hauptbenutzer (ID-NI) ALLOW Full access VORDEFINIERT\Administratoren (ID-IO) ALLOW Full access VORDEFINIERT\Administratoren (ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access ERSTELLER-BESITZER Setting up for Reboot Starting Reboot! C:\Dokumente und Einstellungen\Uwe\Desktop\l2mfix System Rebooted! Running From: C:\Dokumente und Einstellungen\Uwe\Desktop\l2mfix killing explorer and rundll32.exe Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1892 'explorer.exe' Killing PID 1892 'explorer.exe' Killing PID 1892 'explorer.exe' Killing PID 1892 'explorer.exe' Killing PID 1892 'explorer.exe' Killing PID 1892 'explorer.exe' Killing PID 1892 'explorer.exe' Killing PID 1892 'explorer.exe' Killing PID 1892 'explorer.exe' Killing PID 1892 'explorer.exe' Killing PID 1892 'explorer.exe' Killing PID 1892 'explorer.exe' Killing PID 1892 'explorer.exe' Killing PID 1892 'explorer.exe' Killing PID 1892 'explorer.exe' Killing PID 1892 'explorer.exe' Killing PID 1892 'explorer.exe' Killing PID 1892 'explorer.exe' Killing PID 1892 'explorer.exe' Killing PID 1892 'explorer.exe' Killing PID 1892 'explorer.exe' Killing PID 1892 'explorer.exe' Killing PID 1892 'explorer.exe' Killing PID 1892 'explorer.exe' Killing PID 1892 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 576 'rundll32.exe' Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! Zipping up files for submission: adding: clear.reg (164 bytes security) (deflated 2%) adding: echo.reg (164 bytes security) (deflated 9%) adding: direct.txt (164 bytes security) (stored 0%) adding: L2MFIX-log1.txt (164 bytes security) (deflated 67%) adding: lo2.txt (164 bytes security) (deflated 77%) adding: readme.txt (164 bytes security) (deflated 49%) adding: report.txt (164 bytes security) (deflated 67%) adding: test.txt (164 bytes security) (stored 0%) adding: test2.txt (164 bytes security) (stored 0%) adding: test3.txt (164 bytes security) (stored 0%) adding: test5.txt (164 bytes security) (stored 0%) adding: backregs/shell.reg (164 bytes security) (deflated 73%) Restoring Registry Permissions: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Revoking access for really "Everyone" Registry permissions set too: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (ID-NI) ALLOW Read VORDEFINIERT\Benutzer (ID-IO) ALLOW Read VORDEFINIERT\Benutzer (ID-NI) ALLOW Read VORDEFINIERT\Hauptbenutzer (ID-IO) ALLOW Read VORDEFINIERT\Hauptbenutzer (ID-NI) ALLOW Full access VORDEFINIERT\Administratoren (ID-IO) ALLOW Full access VORDEFINIERT\Administratoren (ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access ERSTELLER-BESITZER Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332 The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 The following are the files found: **************************************************************************** Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] **************************************************************************** Desktop.ini Contents: **************************************************************************** **************************************************************************** HijackThis- Logfile: Logfile of HijackThis v1.99.1 Scan saved at 13:24:20, on 10.04.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Executive Software\DiskeeperWorkstation\DKService.exe C:\Programme\Norton SystemWorks\Norton GoBack\GBPoll.exe C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe C:\Programme\Softwin\BitDefender8\vsserv.exe C:\Programme\Java\jre1.5.0_01\bin\jusched.exe C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe C:\Programme\Softwin\BitDefender8\bdoesrv.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe C:\Programme\Softwin\BitDefender8\bdswitch.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Uwe\Lokale Einstellungen\Temp\Temporäres Verzeichnis 2 für hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe O4 - HKLM\..\Run: [BDOESRV] C:\Programme\Softwin\BitDefender8\\bdoesrv.exe O4 - HKLM\..\Run: [BDNewsAgent] C:\Programme\Softwin\BitDefender8\bdnagent.exe O4 - HKLM\..\Run: [BDSwitchAgent] C:\Programme\Softwin\BitDefender8\\bdswitch.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\RunServicesOnce: [washindex] C:\Programme\Washer\washidx.exe "Uwe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - Global Startup: DSLMON.lnk = C:\Programme\Analog Devices\Teledat 300 USB Treiber\DSLMON.exe O4 - Global Startup: Monitor.lnk = ? O4 - Global Startup: Norton GoBack.lnk = C:\Programme\Norton SystemWorks\Norton GoBack\GBTray.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{310A717B-1159-4478-973B-5C552BD7D43F}: NameServer = 217.237.150.225 217.237.150.141 O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programme\Executive Software\DiskeeperWorkstation\DKService.exe O23 - Service: GBPoll - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton GoBack\GBPoll.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender8\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe L2MFIX-Logfile mit der 4: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] "DLLName"="wzcdlg.dll" "Logon"="WZCEventLogon" "Logoff"="WZCEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000000 Hier der letzte HijackThis-Log: Logfile of HijackThis v1.99.1 Scan saved at 13:29:21, on 10.04.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Executive Software\DiskeeperWorkstation\DKService.exe C:\Programme\Norton SystemWorks\Norton GoBack\GBPoll.exe C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe C:\Programme\Softwin\BitDefender8\vsserv.exe C:\Programme\Java\jre1.5.0_01\bin\jusched.exe C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe C:\Programme\Softwin\BitDefender8\bdoesrv.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe C:\Programme\Softwin\BitDefender8\bdswitch.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\Uwe\Lokale Einstellungen\Temp\Temporäres Verzeichnis 3 für hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe O4 - HKLM\..\Run: [BDOESRV] C:\Programme\Softwin\BitDefender8\\bdoesrv.exe O4 - HKLM\..\Run: [BDNewsAgent] C:\Programme\Softwin\BitDefender8\bdnagent.exe O4 - HKLM\..\Run: [BDSwitchAgent] C:\Programme\Softwin\BitDefender8\\bdswitch.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\RunServicesOnce: [washindex] C:\Programme\Washer\washidx.exe "Uwe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - Global Startup: DSLMON.lnk = C:\Programme\Analog Devices\Teledat 300 USB Treiber\DSLMON.exe O4 - Global Startup: Monitor.lnk = ? O4 - Global Startup: Norton GoBack.lnk = C:\Programme\Norton SystemWorks\Norton GoBack\GBTray.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{310A717B-1159-4478-973B-5C552BD7D43F}: NameServer = 217.237.150.225 217.237.150.141 O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programme\Executive Software\DiskeeperWorkstation\DKService.exe O23 - Service: GBPoll - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton GoBack\GBPoll.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender8\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe MfG Ginnyteddy Dieser Beitrag wurde am 10.04.2005 um 13:34 Uhr von Ginny66 editiert.
|
|
|
||
10.04.2005, 14:46
Ehrenmitglied
Beiträge: 29434 |
#13
Hallo@Ginny66
Ladeownload the beta* of our new anti-spyware software today http://www.microsoft.com/athome/security/spyware/software/default.mspx Wie kann ich das Service Pack 2 installieren? Sie können Windows XP Service Pack 2 mit der Funktion Windows Update oder von CD installieren. [A] Installation über Windows Update (Internet) 1. Wählen Sie im Start-Menü den Befehl Windows Update. Sie werden automatisch mit der Internetseite Windows Update verbunden (Internetverbindung vorausgesetzt). 2. Aktivieren Sie Windows XP Servicepack 2 und Updates installieren. Installation von CD 1. Legen Sie die CD mit Service Pack 2 in das CD-Laufwerk Ihres PCs ein. 2. Klicken Sie nach dem Autostart auf Weiter. 3. Lesen Sie aufmerksam die Informationen Was sie wissen sollten, bevor sie mit der Installation beginnen. 4. Starten Sie das Setup, in dem Sie Jetzt installieren klicken. 5. Folgen Sie den weiteren Anweisungen. Am Sichersten ist es, wenn man das SP2 schon von einer CD vor dem Anschluss ans Internet installiert hat. Diese Updates werden regelmässig in PC-Zeitschriften angeboten oder man lädt und brennt sie sich selbst , so dass man sie zur Hand hat, wenn eine Neuinstallation notwendig geworden ist. Außerdem gibt es beim Microsoft-Support auch die Möglichkeit diese CD kostenlos anzufordern und sich zuschicken zu lassen. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
10.04.2005, 23:16
...neu hier
Themenstarter Beiträge: 7 |
#14
Hallo Sabina!
Vielen Dank für Deine unendliche Geduld. Man konnte Deinen Anweisungen supergut folgen. Ohne Hilfe hätte ich das nicht hingekriegt. MfG Ginny66 |
|
|
||
Logfile of HijackThis v1.99.1
Scan saved at 22:32:53, on 05.04.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Programme\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Softwin\BitDefender8\vsserv.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Softwin\BitDefender8\bdmcon.exe
C:\Programme\Softwin\BitDefender8\bdoesrv.exe
C:\Programme\Softwin\BitDefender8\bdswitch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Analog Devices\Teledat 300 USB Treiber\DSLMON.exe
C:\Programme\Digital Image\Monitor.exe
C:\Dokumente und Einstellungen\Uwe\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lop.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.lop.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.lop.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.lop.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.lop.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.lop.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: IPInsigtObj Class - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINDOWS\IPINSIGT.DLL
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IEHlprObj Class - {700944A0-9399-4D84-A0BE-EDD754923D7D} - C:\WINDOWS\system32\mo030414s.dll
O2 - BHO: TChkBHO Class - {96C44C0F-F8D1-4052-A34E-19255E0ABEF5} - C:\WINDOWS\system32\fzfken.dll
O2 - BHO: Swish Browser Helper - {D44B5436-B3E4-4595-B0E9-106690E70A58} - C:\DOKUME~1\Uwe\ANWEND~1\plg_ie0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Accessories - {9B35A850-66AB-4c6d-8A66-136ECADCD904} - C:\DOKUME~1\Uwe\ANWEND~1\plg_ie0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [szuejzitzyoe] C:\WINDOWS\System32\ifykzh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [BDMCon] C:\Programme\Softwin\BitDefender8\\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Programme\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Programme\Softwin\BitDefender8\\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Programme\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Programme\Washer\washidx.exe "Uwe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: DSLMON.lnk = C:\Programme\Analog Devices\Teledat 300 USB Treiber\DSLMON.exe
O4 - Global Startup: Monitor.lnk = ?
O4 - Global Startup: Norton GoBack.lnk = C:\Programme\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{310A717B-1159-4478-973B-5C552BD7D43F}: NameServer = 217.237.150.225 217.237.150.141
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programme\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: GBPoll - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
Gruß, Ginny66