Postbank Phishing |
||
|---|---|---|
| #0
| ||
|
19.08.2005, 16:00
Member
Beiträge: 16 |
||
 
|
|
|
|
19.08.2005, 19:23
Member
 Beiträge: 4730 |
#2
Gehe in Deine Hosts-Datei
c:\winnt\system32\drivers\etc\hosts (keine Dateiendung!) lösche dort alles bis auf den Eintrag 127.0.0.1 localhost Überprüfe folgende Dateien bei http://www.virustotal.com c:\winnt\system32\internat.exe Fixe mit HijackThis: O1 - Hosts: 209.160.64.29 lloydstsb.co.uk O1 - Hosts: 209.160.64.29 online.lloydstsb.co.uk O1 - Hosts: 209.160.64.29 www.lloydstsb.co.uk O1 - Hosts: 209.160.64.29 www.lloydstsb.com O1 - Hosts: 209.160.64.29 personal.barclays.co.uk O1 - Hosts: 209.160.64.29 barclays.co.uk O1 - Hosts: 209.160.64.29 ibank.barclays.co.uk O1 - Hosts: 209.160.64.29 www.barclays.co.uk O1 - Hosts: 209.160.64.29 www.nwolb.com O1 - Hosts: 209.160.64.29 nwolb.com O1 - Hosts: 209.160.64.29 hsbc.co.uk O1 - Hosts: 209.160.64.29 www.hsbc.co.uk O1 - Hosts: 209.160.64.29 abbey.com O1 - Hosts: 209.160.64.29 www.abbey.com O1 - Hosts: 209.160.64.29 www.abbey.co.uk O1 - Hosts: 209.160.64.29 abbey.co.uk O1 - Hosts: 209.160.64.29 cahoot.com O1 - Hosts: 209.160.64.29 www.cahoot.com O1 - Hosts: 209.160.64.29 www.cahoot.co.uk O1 - Hosts: 209.160.64.29 cahoot.co.uk O1 - Hosts: 209.160.64.29 www.co-operativebank.co.uk O1 - Hosts: 209.160.64.29 co-operativebank.co.uk O1 - Hosts: 209.160.64.29 www.co-operativebank.com O1 - Hosts: 209.160.64.29 co-operativebank.com O1 - Hosts: 209.160.64.29 welcome2.co-operativebankonline.co.uk O1 - Hosts: 209.160.64.29 welcome6.co-operativebankonline.co.uk O1 - Hosts: 209.160.64.29 welcome8.co-operativebankonline.co.uk O1 - Hosts: 209.160.64.29 welcome10.co-operativebankonline.co.uk O1 - Hosts: 209.160.64.29 www.smile.co.uk O1 - Hosts: 209.160.64.29 smile.co.uk O1 - Hosts: 209.160.64.29 www.cajamar.es O1 - Hosts: 209.160.64.29 cajamar.es O1 - Hosts: 209.160.64.29 www.cajamar.com O1 - Hosts: 209.160.64.29 www.unicaja.es O1 - Hosts: 209.160.64.29 unicaja.es O1 - Hosts: 209.160.64.29 www.unicaja.com O1 - Hosts: 209.160.64.29 unicaja.com O1 - Hosts: 209.160.64.29 www.caixagalicia.es O1 - Hosts: 209.160.64.29 caixagalicia.es O1 - Hosts: 209.160.64.29 www.caixagalicia.com O1 - Hosts: 209.160.64.29 caixagalicia.com O1 - Hosts: 209.160.64.29 activa.caixagalicia.es O1 - Hosts: 209.160.64.29 www.caixapenedes.es O1 - Hosts: 209.160.64.29 caixapenedes.es O1 - Hosts: 209.160.64.29 www.caixapenedes.com O1 - Hosts: 209.160.64.29 caixapenedes.com O1 - Hosts: 209.160.64.29 bancae.caixapenedes.com O1 - Hosts: 209.160.64.29 www.caixasabadell.es O1 - Hosts: 209.160.64.29 caixasabadell.es O1 - Hosts: 209.160.64.29 www.caixasabadell.net O1 - Hosts: 209.160.64.29 caixasabadell.net O1 - Hosts: 209.160.64.29 www.cajamadrid.es O1 - Hosts: 209.160.64.29 cajamadrid.es O1 - Hosts: 209.160.64.29 www.cajamadrid.com O1 - Hosts: 209.160.64.29 cajamadrid.com O1 - Hosts: 209.160.64.29 oi.cajamadrid.es O1 - Hosts: 209.160.64.29 www.ccm.es O1 - Hosts: 209.160.64.29 ccm.es O1 - Hosts: 209.160.64.29 www.haspa.de O1 - Hosts: 209.160.64.29 haspa.de O1 - Hosts: 209.160.64.29 ssl2.haspa.de O1 - Hosts: 209.160.64.29 berliner-sparkasse.de O1 - Hosts: 209.160.64.29 www.berliner-sparkasse.de O1 - Hosts: 209.160.64.29 berliner-bank.de O1 - Hosts: 209.160.64.29 postbank.de O1 - Hosts: 209.160.64.29 www.postbank.de O1 - Hosts: 209.160.64.29 banking.postbank.de O1 - Hosts: 209.160.64.29 www.sparda-b.de O1 - Hosts: 209.160.64.29 sparda-b.de O1 - Hosts: 209.160.64.29 www.bankingonline.de O1 - Hosts: 209.160.64.29 www.raiffeisenbank-erding.de O1 - Hosts: 209.160.64.29 raiffeisenbank-erding.de O1 - Hosts: 209.160.64.29 www.vr-networld-ebanking.de O1 - Hosts: 209.160.64.29 vr-networld-ebanking.de O1 - Hosts: 209.160.64.29 www.bnhof.de O1 - Hosts: 209.160.64.29 bnhof.de O1 - Hosts: 209.160.64.29 www.deutsche-bank.de O1 - Hosts: 209.160.64.29 deutsche-bank.de O1 - Hosts: 209.160.64.29 meine.deutsche-bank.de O1 - Hosts: 209.160.64.29 www.citibank.de O1 - Hosts: 209.160.64.29 citibank.de O1 - Hosts: 209.160.64.29 cipehb13.cdg.citibank.de O1 - Hosts: 209.160.64.29 www.dkb.de O1 - Hosts: 209.160.64.29 dkb.de O1 - Hosts: 209.160.64.29 www.sparkasse-regensburg.de O1 - Hosts: 209.160.64.29 sparkasse-regensburg.de O1 - Hosts: 209.160.64.29 www.berliner-bank.de O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - Startup: Reboot.exe O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) __________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
|
|
|
|
19.08.2005, 19:43
Member
Themenstarter Beiträge: 16 |
#3
Logfile of HijackThis v1.99.1
Scan saved at 19:42:21, on 19.08.2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\LEXBCES.EXE C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\netdde.exe C:\WINNT\system32\LEXPPS.EXE C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE C:\WINNT\System32\svchost.exe C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe C:\Programme\F-Secure Internet Security\Anti-Virus\FSGK32.EXE C:\Programme\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE C:\Programme\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\Programme\F-Secure Internet Security\Common\FSMB32.EXE C:\Programme\Ahead\InCD\InCDsrv.exe C:\Programme\F-Secure Internet Security\Common\FCH32.EXE C:\WINNT\system32\MSTask.exe C:\Programme\F-Secure Internet Security\Common\FAMEH32.EXE C:\WINNT\System32\tcpsvcs.exe C:\WINNT\System32\snmp.exe C:\Programme\F-Secure Internet Security\FSPC\fspc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\inetsrv\inetinfo.exe C:\Programme\F-Secure Internet Security\Anti-Virus\fsav32.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\sistray.EXE C:\WINNT\System32\khooker.exe C:\Programme\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE C:\Programme\Ahead\InCD\InCD.exe C:\WINNT\System32\LXSUPMON.EXE C:\Programme\D-Link\Air USB Utility\AirCFG.exe C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Programme\F-Secure Internet Security\Common\FSM32.EXE C:\Programme\F-Secure Internet Security\backweb\4476822\Program\fspex.exe C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe C:\Programme\F-Secure Internet Security\FSPC\fshttps\fshttps.exe C:\Programme\F-Secure Internet Security\FSGUI\fsguiexe.exe C:\Programme\WEBDE\SmartSurfer3.0\SmartSurfer.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\rassen\Desktop\HijackThis.exe C:\WINNT\system32\rundll32.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\System32\sistray.EXE O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [LXSUPMON] C:\WINNT\System32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Programme\D-Link\Air USB Utility\AirCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [Microsoft Network Services Controller] C:\WINNT\system32\mmsvc32.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programme\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKCU\..\Run: [a-squared] "C:\Programme\a2\a2guard.exe" O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: SmartSurfer.lnk = C:\Programme\WEBDE\SmartSurfer3.0\SmartSurfer.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Website-&Liste anzeigen - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Webseitenfilter &aussetzen - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Diese Website &sperren - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Diese Website &zulassen - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: Microsoft AntiSpyware helper - {6D16465D-A5B1-422F-B5B2-B0C5A2A30FDE} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6D16465D-A5B1-422F-B5B2-B0C5A2A30FDE} - (no file) (HKCU) O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5F9BA02E-41FC-47B1-8D87-7D396B13706D}: NameServer = 62.104.191.241 62.104.196.134 O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: F-Secure Internet Security 2005 (BackWeb Plug-in - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Programme\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\FSPC\fshttps\fshttps.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE |
|
|
|
|
|
|
19.08.2005, 19:46
Member
Beiträge: 4730 |
#4
Sieht gut aus.
Nun mache noch vorsichtshalber einen Scan mit eScan und berichte (wie auf der Seite beschrieben). __________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
|
|
|
|
19.08.2005, 23:51
Member
Themenstarter Beiträge: 16 |
#5
mein computer ist nach wie vor langsamer geworden,escan sagt dass keine daten zum löschen gint,wobei 4 viren und 192 fehler gefunden sind..hier eine Kopie der Logfile:
Fri Aug 19 22:42:37 2005 => ***** Scanning complete. ***** Fri Aug 19 22:42:37 2005 => Total Objects Scanned: 92737 Fri Aug 19 22:42:37 2005 => Total Virus(es) Found: 4 Fri Aug 19 22:42:37 2005 => Total Disinfected Files: 0 Fri Aug 19 22:42:37 2005 => Total Files Renamed: 0 Fri Aug 19 22:42:37 2005 => Total Deleted Objects: 0 Fri Aug 19 22:42:37 2005 => Total Errors: 192 Fri Aug 19 22:42:37 2005 => Time Elapsed: 01:09:53 Fri Aug 19 22:42:37 2005 => Virus Database Date: 2005/08/19 Fri Aug 19 22:42:37 2005 => Virus Database Count: 144579 Fri Aug 19 22:42:37 2005 => Scan Completed. Fri Aug 19 22:51:51 2005 => Total Objects Scanned: 92737 Fri Aug 19 22:51:51 2005 => Total Virus(es) Found: 4 Fri Aug 19 22:51:51 2005 => Total Disinfected Files: 0 Fri Aug 19 22:51:51 2005 => Total Files Renamed: 0 Fri Aug 19 22:51:51 2005 => Total Deleted Objects: 0 Fri Aug 19 22:51:51 2005 => Total Errors: 192 Fri Aug 19 22:51:51 2005 => Time Elapsed: 01:09:53 Fri Aug 19 22:51:52 2005 => AV Library Unloaded (3)... Fri Aug 19 21:32:28 2005 => ********************************************************** Fri Aug 19 21:32:28 2005 => MicroWorld AntiVirus & Spyware Toolkit Utility. Fri Aug 19 21:32:28 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc. Fri Aug 19 21:32:28 2005 => ********************************************************** Fri Aug 19 21:32:28 2005 => Version 7.0.6 (C:\bases_x\mwavscan.com) Fri Aug 19 21:32:28 2005 => Log File: C:\bases_x\MWAV.LOG Fri Aug 19 21:32:28 2005 => MWAV Registered: FALSE. Fri Aug 19 21:32:28 2005 => MWAV Mode: Only Scan files. Fri Aug 19 21:32:28 2005 => Command Line Options Given: /MEM /REG /STARTUP /SysFolder /SER /DRIVE /WaitToExit /SNOC Fri Aug 19 21:32:31 2005 => Latest Date of files inside MWAV: 19 Aug 2005 20:40:23. Fri Aug 19 21:32:34 2005 => AV Library Loaded... Fri Aug 19 21:32:34 2005 => ********************************************************** Fri Aug 19 21:32:34 2005 => MicroWorld AntiVirus & Spyware Toolkit Utility. Fri Aug 19 21:32:34 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc. Fri Aug 19 21:32:34 2005 => Fri Aug 19 21:32:34 2005 => Support: support@mwti.net Fri Aug 19 21:32:34 2005 => Web: http://www.mwti.net Fri Aug 19 21:32:34 2005 => ********************************************************** Fri Aug 19 21:32:34 2005 => Version 7.0.6 (C:\bases_x\mwavscan.com) Fri Aug 19 21:32:34 2005 => Log File: C:\bases_x\MWAV.LOG Fri Aug 19 21:32:34 2005 => User Account: rassen Fri Aug 19 21:32:34 2005 => Windows Root Folder: C:\WINNT Fri Aug 19 21:32:34 2005 => Windows Sys32 Folder: C:\WINNT\system32 Fri Aug 19 21:32:34 2005 => OS: Windows NT Fri Aug 19 21:32:34 2005 => Latest Date of files inside MWAV: 19 Aug 2005 20:40:23. Fri Aug 19 21:32:34 2005 => Options Selected by User: Fri Aug 19 21:32:34 2005 => Memory Check: Enabled Fri Aug 19 21:32:34 2005 => Registry Check: Enabled Fri Aug 19 21:32:34 2005 => StartUp Folder Check: Enabled Fri Aug 19 21:32:34 2005 => System Folder Check: Enabled Fri Aug 19 21:32:34 2005 => System Area Check: Disabled Fri Aug 19 21:32:34 2005 => Services Check: Enabled Fri Aug 19 21:32:34 2005 => Drive Check: Disabled Fri Aug 19 21:32:34 2005 => All Drive Check :Enabled Fri Aug 19 21:32:34 2005 => Folder Check: Disabled Fri Aug 19 21:32:47 2005 => ***** Scanning Registry Files ***** Fri Aug 19 21:32:47 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad Fri Aug 19 21:32:47 2005 => Scanning File C:\WINNT\system32\NETSHELL.dll Fri Aug 19 21:32:47 2005 => Scanning File C:\WINNT\system32\webcheck.dll Fri Aug 19 21:32:47 2005 => Scanning File C:\WINNT\system32\stobject.dll Fri Aug 19 21:32:47 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad Fri Aug 19 21:32:47 2005 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension Fri Aug 19 21:32:47 2005 => Scanning File C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll Fri Aug 19 21:32:47 2005 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar Fri Aug 19 21:32:47 2005 => Scanning File C:\WINNT\system32\msdxm.ocx Fri Aug 19 21:32:47 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects Fri Aug 19 21:32:47 2005 => {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx Fri Aug 19 21:32:47 2005 => Scanning File C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\ACROIE~1.OCX Fri Aug 19 21:32:48 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler Fri Aug 19 21:32:48 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:48 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:48 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved Fri Aug 19 21:32:48 2005 => Scanning File C:\WINNT\system32\mmsys.cpl Fri Aug 19 21:32:48 2005 => Scanning File C:\WINNT\system32\icmui.dll Fri Aug 19 21:32:48 2005 => Scanning File C:\WINNT\system32\rshx32.dll Fri Aug 19 21:32:48 2005 => Scanning File C:\WINNT\system32\docprop.dll Fri Aug 19 21:32:48 2005 => Scanning File C:\WINNT\system32\ntshrui.dll Fri Aug 19 21:32:48 2005 => Scanning File C:\WINNT\system32\plustab.dll Fri Aug 19 21:32:48 2005 => Scanning File C:\WINNT\system32\deskadp.dll Fri Aug 19 21:32:48 2005 => Scanning File C:\WINNT\system32\deskmon.dll Fri Aug 19 21:32:48 2005 => Scanning File C:\WINNT\system32\dssec.dll Fri Aug 19 21:32:48 2005 => Scanning File C:\WINNT\system32\shscrap.dll Fri Aug 19 21:32:48 2005 => Scanning File C:\WINNT\system32\diskcopy.dll Fri Aug 19 21:32:48 2005 => Scanning File C:\WINNT\system32\ntlanui2.dll Fri Aug 19 21:32:48 2005 => Scanning File C:\WINNT\System32\icmui.dll Fri Aug 19 21:32:48 2005 => Scanning File C:\WINNT\system32\icmui.dll Fri Aug 19 21:32:48 2005 => Scanning File C:\WINNT\system32\printui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\dskquoui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\syncui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\System32\hticons.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\fontext.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\icmui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\rshx32.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\ntshrui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\deskperf.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\wshext.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\cryptext.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\cryptext.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\NETSHELL.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\System32\mstask.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\System32\mstask.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\System32\mstask.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\shell32.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\shell32.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\shell32.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\shell32.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\shell32.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\shell32.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\shell32.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\shell32.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\shell32.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\shell32.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\shell32.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\shell32.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\shell32.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\shell32.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\shell32.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\shell32.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\shell32.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\shell32.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\shell32.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\shell32.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\shell32.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\shell32.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:49 2005 => Scanning File C:\WINNT\system32\shdocvw.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\shdocvw.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\shdocvw.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\shdocvw.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\shdocvw.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\shdocvw.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\shdocvw.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\shdocvw.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\shdocvw.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\shdocvw.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\shdocvw.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\shdocvw.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\shdocvw.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\shdocvw.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\sendmail.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\sendmail.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\occache.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\webcheck.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\webcheck.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\webcheck.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\webcheck.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\webcheck.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\webcheck.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\webcheck.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\webcheck.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\webcheck.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\webcheck.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\System32\thumbvw.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\System32\thumbvw.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\System32\thumbvw.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\System32\thumbvw.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\System32\thumbvw.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\System32\appwiz.cpl Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\System32\appwiz.cpl Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\System32\appwiz.cpl Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\dsfolder.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\dsfolder.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\dsquery.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\dsquery.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\dsquery.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\dsuiext.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\dsuiext.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\mydocs.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\mydocs.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\mydocs.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\mydocs.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\cscui.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\cscui.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\cscui.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\mmcshext.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\cabview.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\browseui.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\shdocvw.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\shdocvw.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\WINNT\system32\shdocvw.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\PROGRA~1\OUTLOO~1\wabfind.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\Programme\Ahead\InCD\incdshx.dll Fri Aug 19 21:32:50 2005 => Scanning File C:\PROGRA~1\ACDSYS~1\PicaView\Picaview.dll Fri Aug 19 21:32:51 2005 => Scanning File C:\PROGRA~1\WINZIP\WZSHLSTB.DLL Fri Aug 19 21:32:51 2005 => Scanning File C:\PROGRA~1\WINZIP\WZSHLSTB.DLL Fri Aug 19 21:32:51 2005 => Scanning File C:\PROGRA~1\WINZIP\WZSHLSTB.DLL Fri Aug 19 21:32:51 2005 => Scanning File C:\PROGRA~1\WINZIP\WZSHLSTB.DLL Fri Aug 19 21:32:51 2005 => Scanning File C:\Programme\WinRAR\rarext.dll Fri Aug 19 21:32:51 2005 => Scanning File C:\WINNT\System32\inetsrv\w3ext.dll Fri Aug 19 21:32:51 2005 => Scanning File C:\Programme\a2\a2contmenu.dll Fri Aug 19 21:32:51 2005 => Scanning File C:\WINNT\system32\cdfview.dll Fri Aug 19 21:32:51 2005 => Scanning File C:\WINNT\system32\cdfview.dll Fri Aug 19 21:32:51 2005 => Scanning File C:\WINNT\system32\cdfview.dll Fri Aug 19 21:32:51 2005 => Scanning File C:\WINNT\system32\cdfview.dll Fri Aug 19 21:32:51 2005 => Scanning File C:\WINNT\system32\cdfview.dll Fri Aug 19 21:32:51 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Fri Aug 19 21:32:51 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Fri Aug 19 21:32:51 2005 => Scanning File C:\WINNT\Explorer.exe Fri Aug 19 21:32:51 2005 => Scanning File C:\WINNT\system32\userinit.exe Fri Aug 19 21:32:51 2005 => Scanning File C:\WINNT\system32\fdeploy.dll Fri Aug 19 21:32:51 2005 => Scanning File C:\WINNT\system32\dskquota.dll Fri Aug 19 21:32:52 2005 => Scanning File C:\WINNT\system32\gptext.dll Fri Aug 19 21:32:52 2005 => Scanning File C:\WINNT\system32\scecli.dll Fri Aug 19 21:32:52 2005 => Scanning File C:\WINNT\system32\iedkcs32.dll Fri Aug 19 21:32:52 2005 => Scanning File C:\WINNT\system32\scecli.dll Fri Aug 19 21:32:52 2005 => Scanning File C:\WINNT\system32\appmgmts.dll Fri Aug 19 21:32:52 2005 => Scanning File C:\WINNT\system32\gptext.dll Fri Aug 19 21:32:52 2005 => Scanning File C:\WINNT\system32\crypt32.dll Fri Aug 19 21:32:52 2005 => Scanning File C:\WINNT\system32\cryptnet.dll Fri Aug 19 21:32:52 2005 => Scanning File C:\WINNT\system32\cscdll.dll Fri Aug 19 21:32:52 2005 => Scanning File C:\WINNT\system32\sclgntfy.dll Fri Aug 19 21:32:52 2005 => Scanning File C:\WINNT\system32\WlNotify.dll Fri Aug 19 21:32:52 2005 => Scanning File C:\WINNT\system32\wzcdlg.dll Fri Aug 19 21:32:52 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Fri Aug 19 21:32:52 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Fri Aug 19 21:32:52 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Fri Aug 19 21:32:52 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDEBUG Fri Aug 19 21:32:52 2005 => Scanning File C:\WINNT\system32\drwtsn32.exe Fri Aug 19 21:32:52 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options Fri Aug 19 21:32:52 2005 => Scanning File C:\WINNT\system32\ntsd.exe Fri Aug 19 21:32:52 2005 => Scanning HKCU\Control Panel\Desktop Fri Aug 19 21:32:52 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Control\WOW Fri Aug 19 21:32:52 2005 => Scanning File C:\WINNT\system32\ntvdm.exe Fri Aug 19 21:32:52 2005 => Scanning File C:\WINNT\system32\ntvdm.exe Fri Aug 19 21:32:52 2005 => Scanning HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components Fri Aug 19 21:32:52 2005 => Scanning File C:\WINNT\System32\shmgrate.exe Fri Aug 19 21:32:53 2005 => Scanning File C:\WINNT\system32\RunDLL32.exe Fri Aug 19 21:32:53 2005 => Scanning File C:\WINNT\System32\shmgrate.exe Fri Aug 19 21:32:53 2005 => Scanning File C:\WINNT\system32\rundll32.exe Fri Aug 19 21:32:53 2005 => Scanning File C:\PROGRA~1\OUTLOO~1\setup50.exe Fri Aug 19 21:32:53 2005 => Scanning File C:\WINNT\system32\rundll32.exe Fri Aug 19 21:32:53 2005 => Scanning File C:\WINNT\system32\regsvr32.exe Fri Aug 19 21:32:53 2005 => Scanning File C:\PROGRA~1\OUTLOO~1\setup50.exe Fri Aug 19 21:32:53 2005 => Scanning File C:\WINNT\system32\regsvr32.exe Fri Aug 19 21:32:53 2005 => Scanning File C:\WINNT\system32\ie4uinit.exe Fri Aug 19 21:32:53 2005 => Scanning File C:\WINNT\system32\updcrl.exe Fri Aug 19 21:32:53 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run Fri Aug 19 21:32:53 2005 => ERROR!!! Invalid Entry notepad.exe = msmsgs.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run). No Action Taken. Fri Aug 19 21:32:53 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run Fri Aug 19 21:32:53 2005 => Scanning HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Run Fri Aug 19 21:32:53 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Run Fri Aug 19 21:32:53 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Fri Aug 19 21:32:53 2005 => Scanning File C:\WINNT\system32\mobsync.exe Fri Aug 19 21:32:53 2005 => Scanning File C:\WINNT\System32\sistray.EXE Fri Aug 19 21:32:54 2005 => Scanning File C:\WINNT\System32\khooker.exe Fri Aug 19 21:32:54 2005 => Scanning File C:\PROGRA~1\BROWSE~1\BROWSE~1\1.1\MOUSE32A.EXE Fri Aug 19 21:32:54 2005 => Scanning File C:\WINNT\system32\NeroCheck.exe Fri Aug 19 21:32:54 2005 => Scanning File C:\Programme\Ahead\InCD\InCD.exe Fri Aug 19 21:32:54 2005 => Scanning File C:\WINNT\System32\LXSUPMON.EXE Fri Aug 19 21:32:55 2005 => Scanning File C:\PROGRA~1\D-Link\AIRUSB~1\AirCFG.exe Fri Aug 19 21:32:55 2005 => Scanning File C:\PROGRA~1\ANI\ANIWZC~1\WZCSLDR2.exe Fri Aug 19 21:32:55 2005 => ERROR!!! Invalid Entry Microsoft Network Services Controller = C:\WINNT\system32\mmsvc32.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken. Fri Aug 19 21:32:55 2005 => Scanning File C:\PROGRA~1\F-SECU~1\Common\FSM32.EXE Fri Aug 19 21:32:56 2005 => Scanning File C:\PROGRA~1\F-SECU~1\TNB\TNBUtil.exe Fri Aug 19 21:32:56 2005 => Scanning File C:\PROGRA~1\F-SECU~1\FSGUI\FSSW.EXE Fri Aug 19 21:32:56 2005 => Scanning File C:\Programme\AVPersonal\AVGNT.EXE Fri Aug 19 21:32:56 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Fri Aug 19 21:32:56 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx Fri Aug 19 21:32:56 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Fri Aug 19 21:32:56 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce Fri Aug 19 21:32:56 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Fri Aug 19 21:32:56 2005 => Scanning File C:\Programme\a2\a2guard.exe Fri Aug 19 21:32:56 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Fri Aug 19 21:32:56 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx Fri Aug 19 21:32:56 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Fri Aug 19 21:32:56 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup Fri Aug 19 21:32:56 2005 => Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Fri Aug 19 21:32:57 2005 => Scanning File C:\WINNT\system32\internat.exe Fri Aug 19 21:32:57 2005 => Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Fri Aug 19 21:32:57 2005 => Scanning File C:\PROGRA~1\INTERN~1\CONNEC~1\icwconn1.exe Fri Aug 19 21:32:57 2005 => Scanning HKCR\txtfile\shell\open\command Fri Aug 19 21:32:57 2005 => Scanning HKCR\comfile\shell\open\command Fri Aug 19 21:32:57 2005 => Scanning HKCR\exefile\shell\open\command Fri Aug 19 21:32:57 2005 => Scanning HKCR\dllfile\shell\open\command Fri Aug 19 21:32:57 2005 => Scanning HKCR\batfile\shell\open\command Fri Aug 19 21:32:57 2005 => Scanning HKCR\piffile\shell\open\command Fri Aug 19 21:32:57 2005 => Scanning HKCR\scrfile\shell\open\command Fri Aug 19 21:32:57 2005 => Scanning HKCR\scrfile\shell\config\command Fri Aug 19 21:32:57 2005 => Replacing Registry Value Fri Aug 19 21:32:57 2005 => Scanning HKCR\regfile\shell\open\command Fri Aug 19 21:32:57 2005 => Scanning HKCR\htmlfile\shell\open\command Fri Aug 19 21:32:57 2005 => Scanning File C:\PROGRA~1\INTERN~1\iexplore.exe Fri Aug 19 21:32:57 2005 => Scanning HKCR\htafile\shell\open\command Fri Aug 19 21:32:57 2005 => Scanning File C:\WINNT\system32\mshta.exe Fri Aug 19 21:32:57 2005 => Scanning HKCR\jsfile\shell\open\command Fri Aug 19 21:32:57 2005 => Scanning File C:\WINNT\System32\WScript.exe Fri Aug 19 21:32:57 2005 => Scanning HKCR\jsefile\shell\open\command Fri Aug 19 21:32:57 2005 => Scanning File C:\WINNT\System32\WScript.exe Fri Aug 19 21:32:57 2005 => Scanning HKCR\vbsfile\shell\open\command Fri Aug 19 21:32:57 2005 => Scanning File C:\WINNT\System32\WScript.exe Fri Aug 19 21:32:57 2005 => Scanning HKCR\vbefile\shell\open\command Fri Aug 19 21:32:57 2005 => Scanning File C:\WINNT\System32\WScript.exe Fri Aug 19 21:32:57 2005 => Scanning HKCR\wshfile\shell\open\command Fri Aug 19 21:32:57 2005 => Scanning File C:\WINNT\System32\WScript.exe Fri Aug 19 21:32:57 2005 => Scanning HKCR\wsffile\shell\open\command Fri Aug 19 21:32:57 2005 => Scanning File C:\WINNT\System32\WScript.exe Fri Aug 19 21:32:57 2005 => ***** Scanning StartUp Folders ***** Fri Aug 19 21:32:57 2005 => ***** Scanning C:\Dokumente und Einstellungen\rassen\Startmenü\Programme\Autostart Folder ***** Fri Aug 19 21:32:57 2005 => Scanning Folder: C:\Dokumente und Einstellungen\rassen\Startmenü\Programme\Autostart\*.* Fri Aug 19 21:32:57 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk Fri Aug 19 21:32:57 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Startmenü\Programme\Autostart\SmartSurfer.lnk Fri Aug 19 21:32:57 2005 => ***** Scanning C:\Dokumente und Einstellungen\rassen\Desktop Folder ***** Fri Aug 19 21:32:57 2005 => Scanning Folder: C:\Dokumente und Einstellungen\rassen\Desktop\*.* Fri Aug 19 21:32:57 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\Aino Aalto, Iitala, Alvar Aalto, Artek sur Tribu-Design.url [**] Fri Aug 19 21:32:57 2005 => Scanning Folder: C:\Dokumente und Einstellungen\rassen\Desktop\backups\*.* Fri Aug 19 21:32:57 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\backups\backup-20050819-135026-121 [**] Fri Aug 19 21:32:57 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\backups\backup-20050819-135026-385 [**] Fri Aug 19 21:32:57 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\backups\backup-20050819-135026-446 [**] Fri Aug 19 21:32:57 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\backups\backup-20050819-135026-631 [**] Fri Aug 19 21:32:57 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\backups\backup-20050819-135026-926 [**] Fri Aug 19 21:32:57 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\backups\backup-20050819-135027-122 [**] Fri Aug 19 21:32:57 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\backups\backup-20050819-135027-127 [**] Fri Aug 19 21:32:57 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\backups\backup-20050819-135027-236 [**] Fri Aug 19 21:32:57 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\backups\backup-20050819-135027-244 [**] Fri Aug 19 21:32:57 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\backups\backup-20050819-135027-304 [**] Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\backups\backup-20050819-135027-365 [**] Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\backups\backup-20050819-135027-386 [**] Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\backups\backup-20050819-135027-389 [**] Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\backups\backup-20050819-135027-412 [**] Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\backups\backup-20050819-135027-495 [**] Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\backups\backup-20050819-135027-507 [**] Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\backups\backup-20050819-135027-522 [**] Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\backups\backup-20050819-135027-538 [**] Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\backups\backup-20050819-135027-653 [**] Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\backups\backup-20050819-135027-721 [**] Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\backups\backup-20050819-135027-773 [**] Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\backups\backup-20050819-135027-839 [**] Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\backups\backup-20050819-135027-957 [**] Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\backups\backup-20050819-193854-237 [**] Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\backups\backup-20050819-193905-411 [**] Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\backups\backup-20050819-193905-411-Reboot.exe Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\backups\backup-20050819-193905-627 [**] Fri Aug 19 21:32:58 2005 => Scanning Folder: C:\Dokumente und Einstellungen\rassen\Desktop\bank & co\*.* Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\bank & co\http--www.laposte.fr-IMG-pdf-tarifs_guichet05.pdf.url [**] Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\ClassicDesign Interior.url [**] Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\Collectibles Glas Pagina 5 english.url [**] Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\daea-FAQ - ein Ratgeber zu Onlineauktionen - 2003-03-16 - Version 1.012.url [**] Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\Deutsche Post Portokalkulator.url [**] Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\Deutsche Post eFiliale - die Postfiliale im Internet.url [**] Fri Aug 19 21:32:58 2005 => Scanning Folder: C:\Dokumente und Einstellungen\rassen\Desktop\DWL-122_drv_revALL_32040318Win_ALL_en_040420\*.* Fri Aug 19 21:32:58 2005 => Scanning Folder: C:\Dokumente und Einstellungen\rassen\Desktop\DWL-122_drv_revALL_32040318Win_ALL_en_040420\Drivers\*.* Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\DWL-122_drv_revALL_32040318Win_ALL_en_040420\Drivers\NETPRISM.inf Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\DWL-122_drv_revALL_32040318Win_ALL_en_040420\Drivers\PRISMNDS.sys Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\DWL-122_drv_revALL_32040318Win_ALL_en_040420\Drivers\PRISMNIC.cat [**] Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\DWL-122_drv_revALL_32040318Win_ALL_en_040420\Drivers\PRISMUSB.sys Fri Aug 19 21:32:58 2005 => Scanning Folder: C:\Dokumente und Einstellungen\rassen\Desktop\DWL-122_drv_revALL_32040318Win_ALL_en_040420\Drivers\WinXP\*.* Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\DWL-122_drv_revALL_32040318Win_ALL_en_040420\Drivers\WinXP\PRISMNDS.sys Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\DWL-122_drv_revALL_32040318Win_ALL_en_040420\Drivers\WinXP\PRISMUSB.sys Fri Aug 19 21:32:58 2005 => *** File C:\Dokumente und Einstellungen\rassen\Desktop\DWL-122_drv_revALL_32040318Win_ALL_en_040420\setup.exe having Size Restriction ***. Filesize 8924 kb > 2560 kb... Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\DWL-122_drv_revALL_32040318Win_ALL_en_040420\setup.exe [**] Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\eBay - Per Lutken Holmegaard, Glass, Decorative Arts, and Pottery Glass items at low prices.url [**] Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\eBay Turbo Lister.lnk Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\eBay-Artikel 3864791955 (Endet 13.01.05 182553 MEZ ) - La Cimbali Bistro Gastronomie Espressomaschine Defekt.url [**] Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\eBay-Artikel 4356070294 (Endet 17.02.05 002511 MEZ ) - Sessel Mario BELLINI, Modell Amanta - Entwurf 1966.url [**] Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\eBay-Artikel 6505225027 (Endet 22.01.05 221006 MEZ ) - Paire d'enceinte hi-fi box 210a 15-20 WATT EAMES PANTON.url [**] Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\eBay-Artikel 6523280024 (Endet 10.04.05 211720 MESZ ) - 4 mal Design Z-Stuhl von Variopur.url [**] Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\eBay-Artikel 6526749496 (Endet 26.04.05 201500 MESZ ) - ^^PANTON EAMES ÄRA Beige Kugel-Deckenlampe 70er^^.url [**] Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\eScanCheck 1.10.lnk Fri Aug 19 21:32:58 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\escancheck110.sfx.exe Fri Aug 19 21:32:59 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\Freeforms Mid Century Decorative Arts.url [**] Fri Aug 19 21:32:59 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\Ghassen ben Ali Houss2 [**] Fri Aug 19 21:32:59 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\Glass from Denmark 1 - WILLEM BOTTERWEG - The Netherlands.url [**] Fri Aug 19 21:32:59 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\GLS Germany.url [**] Fri Aug 19 21:32:59 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\HijackThis.exe Fri Aug 19 21:32:59 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\hijackthis.log [**] Fri Aug 19 21:32:59 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\Holmegaard Glass, Denmark.url [**] Fri Aug 19 21:32:59 2005 => *** File C:\Dokumente und Einstellungen\rassen\Desktop\IE6.0sp1-KB823353-ia64-DEU.exe having Size Restriction ***. Filesize 3824 kb > 2560 kb... Fri Aug 19 21:32:59 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\IE6.0sp1-KB823353-ia64-DEU.exe [**] Fri Aug 19 21:32:59 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\IE6.0sp1-KB823353-x86-DEU.exe Fri Aug 19 21:33:01 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\jutta.zip Fri Aug 19 21:33:02 2005 => Scanning Folder: C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\*.* Fri Aug 19 21:33:02 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1125.JPG [**] Fri Aug 19 21:33:02 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1285.JPG [**] Fri Aug 19 21:33:02 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1286.JPG [**] Fri Aug 19 21:33:02 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1287.JPG [**] Fri Aug 19 21:33:02 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1288.JPG [**] Fri Aug 19 21:33:02 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1290.JPG [**] Fri Aug 19 21:33:02 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1336.JPG [**] Fri Aug 19 21:33:02 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1337.JPG [**] Fri Aug 19 21:33:03 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1338.JPG [**] Fri Aug 19 21:33:03 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1340.JPG [**] Fri Aug 19 21:33:03 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1341.JPG [**] Fri Aug 19 21:33:03 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1342.JPG [**] Fri Aug 19 21:33:03 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1345.JPG [**] Fri Aug 19 21:33:03 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1346.JPG [**] Fri Aug 19 21:33:04 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1349.JPG [**] Fri Aug 19 21:33:04 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1350.JPG [**] Fri Aug 19 21:33:04 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1351.JPG [**] Fri Aug 19 21:33:04 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1352.JPG [**] Fri Aug 19 21:33:04 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1353.JPG [**] Fri Aug 19 21:33:04 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1357.JPG [**] Fri Aug 19 21:33:04 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1358.JPG [**] Fri Aug 19 21:33:04 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1359.JPG [**] Fri Aug 19 21:33:04 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1360.JPG [**] Fri Aug 19 21:33:04 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1361.JPG [**] Fri Aug 19 21:33:04 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1363.JPG [**] Fri Aug 19 21:33:04 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1364.JPG [**] Fri Aug 19 21:33:04 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1365.JPG [**] Fri Aug 19 21:33:04 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1366.JPG [**] Fri Aug 19 21:33:04 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1367.JPG [**] Fri Aug 19 21:33:04 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1368.JPG [**] Fri Aug 19 21:33:04 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1369.JPG [**] Fri Aug 19 21:33:04 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1370.JPG [**] Fri Aug 19 21:33:04 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1371.JPG [**] Fri Aug 19 21:33:04 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1372.JPG [**] Fri Aug 19 21:33:04 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1373.JPG [**] Fri Aug 19 21:33:04 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1374.JPG [**] Fri Aug 19 21:33:04 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1375.JPG [**] Fri Aug 19 21:33:04 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1376.JPG [**] Fri Aug 19 21:33:04 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1377.JPG [**] Fri Aug 19 21:33:04 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1378.JPG [**] Fri Aug 19 21:33:04 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1379.JPG [**] Fri Aug 19 21:33:04 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1380.JPG [**] Fri Aug 19 21:33:05 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1381.JPG [**] Fri Aug 19 21:33:05 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1382.JPG [**] Fri Aug 19 21:33:05 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1383.JPG [**] Fri Aug 19 21:33:05 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1384.JPG [**] Fri Aug 19 21:33:05 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1385.JPG [**] Fri Aug 19 21:33:05 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1386.JPG [**] Fri Aug 19 21:33:05 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1387.JPG [**] Fri Aug 19 21:33:05 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1388.JPG [**] Fri Aug 19 21:33:05 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1389.JPG [**] Fri Aug 19 21:33:05 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1390.JPG [**] Fri Aug 19 21:33:05 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1391.JPG [**] Fri Aug 19 21:33:05 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1392.JPG [**] Fri Aug 19 21:33:05 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\katzen Bilder\DSCF1393.JPG [**] Fri Aug 19 21:33:05 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\Maschinelle Übersetzung WorldLingo - Übersetzung, Lokalisierung, Globalisierung.url [**] Fri Aug 19 21:33:05 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\Mon eBay Mes affaires à suivre.url [**] Fri Aug 19 21:33:05 2005 => Scanning Folder: C:\Dokumente und Einstellungen\rassen\Desktop\Neuer Ordner\*.* Fri Aug 19 21:33:05 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\Neuer Ordner\eScanCheck110 - Escan (Anleitung).url [**] Fri Aug 19 21:33:05 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\Neuer Ordner\svchost.exe + iexplore.exe 99% CPU-Auslastung! - Security Forum.url [**] Fri Aug 19 21:33:05 2005 => Scanning Folder: C:\Dokumente und Einstellungen\rassen\Desktop\nicht verwendete desktop dateien\*.* Fri Aug 19 21:33:05 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\nicht verwendete desktop dateien\a-squared StartCenter.lnk Fri Aug 19 21:33:05 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\nicht verwendete desktop dateien\a2personalsetup.exe Fri Aug 19 21:33:10 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\nicht verwendete desktop dateien\AntiVir XP.LNK Fri Aug 19 21:33:10 2005 => *** File C:\Dokumente und Einstellungen\rassen\Desktop\nicht verwendete desktop dateien\avwinsfx.exe having Size Restriction ***. Filesize 7344 kb > 2560 kb... Fri Aug 19 21:33:10 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\nicht verwendete desktop dateien\avwinsfx.exe [**] Fri Aug 19 21:33:10 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\nicht verwendete desktop dateien\CAPI Port für XP, W2K und NT.lnk Fri Aug 19 21:33:10 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\nicht verwendete desktop dateien\Encpack_Win2000_GER.exe Fri Aug 19 21:33:10 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\nicht verwendete desktop dateien\FotoAngelo.lnk Fri Aug 19 21:33:10 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\nicht verwendete desktop dateien\FotoCanvas.lnk Fri Aug 19 21:33:10 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\nicht verwendete desktop dateien\FotoVac.lnk Fri Aug 19 21:33:10 2005 => *** File C:\Dokumente und Einstellungen\rassen\Desktop\nicht verwendete desktop dateien\fsis2005n-04.exe having Size Restriction ***. Filesize 6980 kb > 2560 kb... Fri Aug 19 21:33:10 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\nicht verwendete desktop dateien\fsis2005n-04.exe [**] Fri Aug 19 21:33:10 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\nicht verwendete desktop dateien\hijackthis.zip Fri Aug 19 21:33:11 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\nicht verwendete desktop dateien\ISDN TAPI Services for CAPI.lnk Fri Aug 19 21:33:11 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\nicht verwendete desktop dateien\SmartInstall_230.exe Fri Aug 19 21:33:12 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\nicht verwendete desktop dateien\Verbindung mit dem Internet herstellen.LNK Fri Aug 19 21:33:12 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\nicht verwendete desktop dateien\wrar341d.exe Fri Aug 19 21:33:16 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\oe6.0sp1-KB897715-Windows-2000-XP-x86-DEU.exe Fri Aug 19 21:33:17 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\Postbank Online Banking.url [**] Fri Aug 19 21:33:17 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\proxy.pac [**] Fri Aug 19 21:33:17 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\Resultado - Sie sind eingelogged....url [**] Fri Aug 19 21:33:17 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\securepoint_pcfirewall_setup_3.6.exe Fri Aug 19 21:33:19 2005 => *** File C:\Dokumente und Einstellungen\rassen\Desktop\setupDE.exe having Size Restriction ***. Filesize 23260 kb > 2560 kb... Fri Aug 19 21:33:19 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\setupDE.exe [**] Fri Aug 19 21:33:19 2005 => *** File C:\Dokumente und Einstellungen\rassen\Desktop\SmartInstall_30.exe having Size Restriction ***. Filesize 2594 kb > 2560 kb... Fri Aug 19 21:33:19 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\SmartInstall_30.exe [**] Fri Aug 19 21:33:19 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\wetter.de.url [**] Fri Aug 19 21:33:19 2005 => Scanning Folder: C:\Dokumente und Einstellungen\rassen\Desktop\win dateien u Updates\*.* Fri Aug 19 21:33:19 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\win dateien u Updates\Encpack_Win2000_GER.exe Fri Aug 19 21:33:20 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\win dateien u Updates\ie6setup.exe Fri Aug 19 21:33:20 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\win dateien u Updates\SP4Express_DE.exe Fri Aug 19 21:33:21 2005 => *** File C:\Dokumente und Einstellungen\rassen\Desktop\win dateien u Updates\W2Ksp4_DE.exe having Size Restriction ***. Filesize 132759 kb > 2560 kb... Fri Aug 19 21:33:21 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\win dateien u Updates\W2Ksp4_DE.exe [**] Fri Aug 19 21:33:21 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\win dateien u Updates\Windows-KB833330-GER.exe Fri Aug 19 21:33:22 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\win dateien u Updates\Windows2000-KB823980-x86-DEU.exe Fri Aug 19 21:33:23 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\win dateien u Updates\Windows2000-KB824151-x86-DEU.EXE Fri Aug 19 21:33:23 2005 => *** File C:\Dokumente und Einstellungen\rassen\Desktop\win dateien u Updates\Windows2000-KB835732-x86-DEU.EXE having Size Restriction ***. Filesize 6676 kb > 2560 kb... Fri Aug 19 21:33:23 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\win dateien u Updates\Windows2000-KB835732-x86-DEU.EXE [**] Fri Aug 19 21:33:23 2005 => Scanning File C:\Dokumente und Einstellungen\rassen\Desktop\Zusammenfassung.url [**] Fri Aug 19 21:33:23 2005 => ***** Scanning C:\Dokumente und Einstellungen\All Users.WINNT\Startmenü\Programme\Autostart Folder ***** Fri Aug 19 21:33:23 2005 => Scanning Folder: C:\Dokumente und Einstellungen\All Users.WINNT\Startmenü\Programme\Autostart\*.* Fri Aug 19 21:33:23 2005 => Scanning File C:\Dokumente und Einstellungen\All Users.WINNT\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk Fri Aug 19 21:33:23 2005 => ***** Scanning Service Files ***** Fri Aug 19 21:33:23 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Services Fri Aug 19 21:33:23 2005 => Scanning File C:\WINNT\system32\DRIVERS\ACPI.sys Fri Aug 19 21:33:23 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\ADOBES~1\Service\ADOBEL~1.EXE Fri Aug 19 21:33:24 2005 => Scanning File C:\WINNT\System32\drivers\afd.sys Fri Aug 19 21:33:24 2005 => Scanning File C:\WINNT\SYSTEM32\ANIO.SYS Fri Aug 19 21:33:24 2005 => Scanning File C:\Programme\AVPersonal\AVGUARD.EXE Fri Aug 19 21:33:24 2005 => Scanning File C:\WINNT\system32\services.exe Fri Aug 19 21:33:24 2005 => Scanning File C:\WINNT\system32\DRIVERS\asc.sys Fri Aug 19 21:33:24 2005 => Scanning File C:\WINNT\system32\DRIVERS\asyncmac.sys Fri Aug 19 21:33:24 2005 => Scanning File C:\WINNT\system32\DRIVERS\atapi.sys Fri Aug 19 21:33:24 2005 => Scanning File C:\WINNT\system32\DRIVERS\atmarpc.sys Fri Aug 19 21:33:24 2005 => Scanning File C:\WINNT\system32\DRIVERS\audstub.sys Fri Aug 19 21:33:24 2005 => Scanning File C:\PROGRAMME\AVPERSONAL\AVGNTDW.SYS Fri Aug 19 21:33:24 2005 => Scanning File C:\WINNT\system32\DRIVERS\AVMCOWAN.sys Fri Aug 19 21:33:24 2005 => Scanning File C:\WINNT\System32\drivers\avmport.sys Fri Aug 19 21:33:24 2005 => Scanning File C:\Programme\AVPersonal\AVWUPSRV.EXE Fri Aug 19 21:33:25 2005 => Scanning File C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE Fri Aug 19 21:33:25 2005 => Scanning File C:\WINNT\System32\svchost.exe Fri Aug 19 21:33:25 2005 => Scanning File C:\WINNT\system32\DRIVERS\CCDECODE.sys Fri Aug 19 21:33:25 2005 => Scanning File C:\WINNT\system32\DRIVERS\cdrom.sys Fri Aug 19 21:33:25 2005 => Scanning File C:\WINNT\system32\cisvc.exe Fri Aug 19 21:33:25 2005 => Scanning File C:\WINNT\system32\clipsrv.exe Fri Aug 19 21:33:25 2005 => Scanning File C:\WINNT\System32\services.exe Fri Aug 19 21:33:25 2005 => Scanning File C:\WINNT\system32\DRIVERS\disk.sys Fri Aug 19 21:33:25 2005 => Scanning File C:\WINNT\System32\dmadmin.exe Fri Aug 19 21:33:25 2005 => Scanning File C:\WINNT\system32\drivers\dmboot.sys Fri Aug 19 21:33:25 2005 => Scanning File C:\WINNT\system32\DRIVERS\dmio.sys Fri Aug 19 21:33:25 2005 => Scanning File C:\WINNT\System32\services.exe Fri Aug 19 21:33:25 2005 => Scanning File C:\WINNT\system32\drivers\DMusic.sys Fri Aug 19 21:33:25 2005 => Scanning File C:\WINNT\System32\services.exe Fri Aug 19 21:33:25 2005 => Scanning File C:\WINNT\system32\services.exe Fri Aug 19 21:33:25 2005 => Scanning File C:\WINNT\System32\svchost.exe Fri Aug 19 21:33:25 2005 => Scanning File C:\PROGRA~1\F-SECU~1\ANTI-V~1\WIN2K\FSFILTER.SYS Fri Aug 19 21:33:25 2005 => Scanning File C:\PROGRA~1\F-SECU~1\ANTI-V~1\WIN2K\FSGK.SYS Fri Aug 19 21:33:26 2005 => Scanning File C:\PROGRA~1\F-SECU~1\ANTI-V~1\fsgk32st.exe Fri Aug 19 21:33:26 2005 => Scanning File C:\PROGRA~1\F-SECU~1\ANTI-V~1\WIN2K\FSREC.SYS Fri Aug 19 21:33:26 2005 => Scanning File C:\WINNT\system32\faxsvc.exe Fri Aug 19 21:33:26 2005 => Scanning File C:\WINNT\system32\DRIVERS\fdc.sys Fri Aug 19 21:33:26 2005 => Scanning File C:\WINNT\system32\DRIVERS\flpydisk.sys Fri Aug 19 21:33:26 2005 => Scanning File C:\PROGRA~1\F-SECU~1\backweb\4476822\program\fsbwsys.exe Fri Aug 19 21:33:26 2005 => Scanning File C:\PROGRA~1\F-SECU~1\FWES\Program\fsdfwd.exe Fri Aug 19 21:33:26 2005 => Scanning File C:\PROGRA~1\F-SECU~1\FSPC\fshttps\fshttps.exe Fri Aug 19 21:33:26 2005 => Scanning File C:\PROGRA~1\F-SECU~1\Common\FSMA32.EXE Fri Aug 19 21:33:26 2005 => Scanning File C:\WINNT\system32\DRIVERS\ftdisk.sys Fri Aug 19 21:33:27 2005 => Scanning File C:\WINNT\system32\DRIVERS\fxusbase.sys Fri Aug 19 21:33:27 2005 => Scanning File C:\WINNT\system32\DRIVERS\gameenum.sys Fri Aug 19 21:33:27 2005 => Scanning File C:\WINNT\system32\DRIVERS\msgpc.sys Fri Aug 19 21:33:27 2005 => Scanning File C:\WINNT\system32\DRIVERS\i8042prt.sys Fri Aug 19 21:33:27 2005 => Scanning File C:\WINNT\System32\inetsrv\inetinfo.exe Fri Aug 19 21:33:27 2005 => Scanning File C:\WINNT\system32\DRIVERS\InCDPass.sys Fri Aug 19 21:33:27 2005 => Scanning File C:\Programme\Ahead\InCD\InCDsrv.exe Fri Aug 19 21:33:27 2005 => Scanning File C:\WINNT\system32\DRIVERS\ipfltdrv.sys Fri Aug 19 21:33:27 2005 => Scanning File C:\WINNT\system32\DRIVERS\ipinip.sys Fri Aug 19 21:33:27 2005 => Scanning File C:\WINNT\system32\DRIVERS\ipnat.sys Fri Aug 19 21:33:27 2005 => Scanning File C:\WINNT\System32\svchost.exe Fri Aug 19 21:33:27 2005 => Scanning File C:\WINNT\system32\DRIVERS\ipsec.sys Fri Aug 19 21:33:28 2005 => Scanning File C:\WINNT\system32\DRIVERS\irenum.sys Fri Aug 19 21:33:28 2005 => Scanning File C:\WINNT\system32\DRIVERS\isapnp.sys Fri Aug 19 21:33:28 2005 => Scanning File C:\WINNT\system32\DRIVERS\kbdclass.sys Fri Aug 19 21:33:28 2005 => Scanning File C:\WINNT\system32\drivers\kmixer.sys Fri Aug 19 21:33:28 2005 => Scanning File C:\WINNT\System32\services.exe Fri Aug 19 21:33:28 2005 => Scanning File C:\WINNT\system32\LEXBCES.EXE Fri Aug 19 21:33:28 2005 => Scanning File C:\WINNT\System32\services.exe Fri Aug 19 21:33:28 2005 => Scanning File C:\WINNT\System32\tcpsvcs.exe Fri Aug 19 21:33:28 2005 => Scanning File C:\WINNT\System32\mnmsrvc.exe Fri Aug 19 21:33:28 2005 => Scanning File C:\WINNT\system32\DRIVERS\mouclass.sys Fri Aug 19 21:33:28 2005 => Scanning File C:\WINNT\system32\DRIVERS\MPE.sys Fri Aug 19 21:33:28 2005 => Scanning File C:\WINNT\System32\msdtc.exe Fri Aug 19 21:33:28 2005 => Scanning File C:\WINNT\System32\inetsrv\inetinfo.exe Fri Aug 19 21:33:28 2005 => Scanning File C:\WINNT\System32\MsiExec.exe Fri Aug 19 21:33:28 2005 => Scanning File C:\WINNT\system32\drivers\MSKSSRV.sys Fri Aug 19 21:33:28 2005 => Scanning File C:\WINNT\system32\drivers\MSPCLOCK.sys Fri Aug 19 21:33:28 2005 => Scanning File C:\WINNT\system32\drivers\MSPQM.sys Fri Aug 19 21:33:29 2005 => Scanning File C:\WINNT\system32\drivers\MSTEE.sys Fri Aug 19 21:33:29 2005 => Scanning File C:\WINNT\system32\drivers\msmpu401.sys Fri Aug 19 21:33:29 2005 => Scanning File C:\WINNT\system32\DRIVERS\NABTSFEC.sys Fri Aug 19 21:33:29 2005 => Scanning File C:\WINNT\system32\DRIVERS\ndistapi.sys Fri Aug 19 21:33:29 2005 => Scanning File C:\WINNT\system32\DRIVERS\ndisuio.sys Fri Aug 19 21:33:29 2005 => Scanning File C:\WINNT\system32\DRIVERS\ndiswan.sys Fri Aug 19 21:33:29 2005 => Scanning File C:\WINNT\system32\DRIVERS\netbt.sys Fri Aug 19 21:33:29 2005 => Scanning File C:\WINNT\system32\netdde.exe Fri Aug 19 21:33:29 2005 => Scanning File C:\WINNT\system32\netdde.exe Fri Aug 19 21:33:29 2005 => Scanning File C:\WINNT\system32\drivers\netdtect.sys Fri Aug 19 21:33:29 2005 => Scanning File C:\WINNT\System32\svchost.exe Fri Aug 19 21:33:29 2005 => ERROR!!! Invalid Entry System32\DRIVERS\NETPPPOI.SYS in SYSTEM\CurrentControlSet\Services\NETPPPOI... Fri Aug 19 21:33:29 2005 => Scanning File C:\WINNT\System32\svchost.exe Fri Aug 19 21:33:29 2005 => Scanning File C:\WINNT\system32\DRIVERS\nwlnkflt.sys Fri Aug 19 21:33:29 2005 => Scanning File C:\WINNT\system32\DRIVERS\nwlnkfwd.sys Fri Aug 19 21:33:29 2005 => Scanning File C:\WINNT\system32\DRIVERS\openhci.sys Fri Aug 19 21:33:29 2005 => Scanning File C:\WINNT\system32\DRIVERS\parallel.sys Fri Aug 19 21:33:29 2005 => Scanning File C:\WINNT\system32\DRIVERS\parport.sys Fri Aug 19 21:33:29 2005 => Scanning File C:\WINNT\system32\DRIVERS\pci.sys Fri Aug 19 21:33:30 2005 => Scanning File C:\WINNT\system32\DRIVERS\pciide.sys Fri Aug 19 21:33:30 2005 => Scanning File C:\WINNT\system32\services.exe Fri Aug 19 21:33:30 2005 => Scanning File C:\WINNT\System32\lsass.exe Fri Aug 19 21:33:30 2005 => Scanning File C:\WINNT\system32\DRIVERS\raspptp.sys Fri Aug 19 21:33:30 2005 => Scanning File C:\WINNT\system32\services.exe Fri Aug 19 21:33:30 2005 => Scanning File C:\WINNT\system32\DRIVERS\ptilink.sys Fri Aug 19 21:33:30 2005 => Scanning File C:\WINNT\system32\DRIVERS\rasacd.sys Fri Aug 19 21:33:30 2005 => Scanning File C:\WINNT\System32\svchost.exe Fri Aug 19 21:33:30 2005 => Scanning File C:\WINNT\system32\DRIVERS\rasl2tp.sys Fri Aug 19 21:33:30 2005 => Scanning File C:\WINNT\System32\svchost.exe Fri Aug 19 21:33:30 2005 => Scanning File C:\WINNT\system32\DRIVERS\raspti.sys Fri Aug 19 21:33:30 2005 => Scanning File C:\WINNT\system32\drivers\RCA.sys Fri Aug 19 21:33:30 2005 => Scanning File C:\WINNT\system32\DRIVERS\redbook.sys Fri Aug 19 21:33:30 2005 => Scanning File C:\WINNT\System32\svchost.exe Fri Aug 19 21:33:30 2005 => Scanning File C:\WINNT\system32\regsvc.exe Fri Aug 19 21:33:30 2005 => Scanning File C:\WINNT\system32\Drivers\RootMdm.sys Fri Aug 19 21:33:30 2005 => Scanning File C:\WINNT\system32\svchost.exe Fri Aug 19 21:33:30 2005 => Scanning File C:\WINNT\System32\rsvp.exe Fri Aug 19 21:33:30 2005 => Scanning File C:\WINNT\system32\DRIVERS\rt2500usb.sys Fri Aug 19 21:33:30 2005 => Scanning File C:\WINNT\system32\DRIVERS\RTL8139.SYS Fri Aug 19 21:33:30 2005 => Scanning File C:\WINNT\system32\lsass.exe Fri Aug 19 21:33:30 2005 => Scanning File C:\WINNT\System32\SCardSvr.exe Fri Aug 19 21:33:30 2005 => Scanning File C:\WINNT\System32\SCardSvr.exe Fri Aug 19 21:33:30 2005 => Scanning File C:\WINNT\system32\MSTask.exe Fri Aug 19 21:33:31 2005 => Scanning File C:\WINNT\system32\services.exe Fri Aug 19 21:33:31 2005 => Scanning File C:\WINNT\system32\svchost.exe Fri Aug 19 21:33:31 2005 => Scanning File C:\WINNT\system32\DRIVERS\serenum.sys Fri Aug 19 21:33:31 2005 => Scanning File C:\WINNT\system32\DRIVERS\Seri*hier nicht!*.sys Fri Aug 19 21:33:31 2005 => Scanning File C:\WINNT\System32\svchost.exe Fri Aug 19 21:33:31 2005 => Scanning File C:\WINNT\System32\tcpsvcs.exe Fri Aug 19 21:33:31 2005 => Scanning File C:\WINNT\system32\DRIVERS\sis630p.sys Fri Aug 19 21:33:31 2005 => Scanning File C:\WINNT\system32\drivers\sis7018.sys Fri Aug 19 21:33:31 2005 => Scanning File C:\WINNT\system32\DRIVERS\SISAGP.sys Fri Aug 19 21:33:31 2005 => Scanning File C:\WINNT\system32\DRIVERS\SLIP.sys Fri Aug 19 21:33:31 2005 => Scanning File C:\WINNT\System32\inetsrv\inetinfo.exe Fri Aug 19 21:33:31 2005 => Scanning File C:\WINNT\System32\snmp.exe Fri Aug 19 21:33:31 2005 => Scanning File C:\WINNT\System32\snmptrap.exe Fri Aug 19 21:33:31 2005 => Scanning File C:\WINNT\system32\spoolsv.exe Fri Aug 19 21:33:31 2005 => Scanning File C:\WINNT\system32\DRIVERS\srv.sys Fri Aug 19 21:33:31 2005 => Scanning File C:\WINNT\system32\DRIVERS\StreamIP.sys Fri Aug 19 21:33:31 2005 => Scanning File C:\WINNT\system32\DRIVERS\swenum.sys Fri Aug 19 21:33:31 2005 => Scanning File C:\WINNT\system32\drivers\swmidi.sys Fri Aug 19 21:33:31 2005 => Scanning File C:\WINNT\system32\drivers\sysaudio.sys Fri Aug 19 21:33:31 2005 => Scanning File C:\WINNT\system32\smlogsvc.exe Fri Aug 19 21:33:32 2005 => Scanning File C:\WINNT\System32\svchost.exe Fri Aug 19 21:33:32 2005 => Scanning File C:\WINNT\system32\DRIVERS\tcpip.sys Fri Aug 19 21:33:32 2005 => Scanning File C:\WINNT\system32\tlntsvr.exe Fri Aug 19 21:33:32 2005 => Scanning File C:\WINNT\system32\services.exe Fri Aug 19 21:33:32 2005 => Scanning File C:\WINNT\system32\DRIVERS\update.sys Fri Aug 19 21:33:32 2005 => Scanning File C:\WINNT\System32\ups.exe Fri Aug 19 21:33:32 2005 => Scanning File C:\WINNT\system32\DRIVERS\usbhub.sys Fri Aug 19 21:33:32 2005 => Scanning File C:\WINNT\system32\DRIVERS\usbprint.sys Fri Aug 19 21:33:32 2005 => Scanning File C:\WINNT\system32\DRIVERS\USBSTOR.SYS Fri Aug 19 21:33:32 2005 => Scanning File C:\WINNT\System32\UtilMan.exe Fri Aug 19 21:33:32 2005 => Scanning File C:\WINNT\System32\drivers\vga.sys Fri Aug 19 21:33:32 2005 => Scanning File C:\WINNT\System32\services.exe Fri Aug 19 21:33:32 2005 => Scanning File C:\WINNT\System32\inetsrv\inetinfo.exe Fri Aug 19 21:33:32 2005 => Scanning File C:\WINNT\system32\DRIVERS\wanarp.sys Fri Aug 19 21:33:32 2005 => Scanning File C:\WINNT\system32\drivers\wdmaud.sys Fri Aug 19 21:33:33 2005 => Scanning File C:\WINNT\System32\WBEM\WinMgmt.exe Fri Aug 19 21:33:33 2005 => Scanning File C:\WINNT\system32\Services.exe Fri Aug 19 21:33:33 2005 => Scanning File C:\WINNT\System32\drivers\ws2ifsl.sys Fri Aug 19 21:33:33 2005 => Scanning File C:\WINNT\system32\DRIVERS\WSTCODEC.SYS Fri Aug 19 21:33:33 2005 => Scanning File C:\WINNT\system32\svchost.exe Fri Aug 19 21:33:33 2005 => Scanning File C:\WINNT\System32\svchost.exe Fri Aug 19 21:33:33 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Services\VxD Fri Aug 19 21:33:33 2005 => ***** Scanning Registry and File system for Adware/Spyware ***** Fri Aug 19 21:33:33 2005 => Loading Spyware Signatures from new External Database (Size: 134742). Fri Aug 19 21:33:34 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. Fri Aug 19 21:33:38 2005 => System found infected with Searchmaid hijacker Spyware/Adware ({77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C})! Action taken: No Action Taken. Fri Aug 19 21:35:09 2005 => Offending value found in HKLM\System\CurrentControlSet\Services\EventLog\Application\iexplore !!! Fri Aug 19 21:35:09 2005 => Object "SearchSeekFind Spyware/Adware" found in File System! Action Taken: No Action Taken. Fri Aug 19 21:37:01 2005 => Offending file found: C:\WINNT\sites.ini Fri Aug 19 21:37:01 2005 => System found infected with SmitFraud Spyware/Adware (sites.ini)! Action taken: No Action Taken. Fri Aug 19 21:37:02 2005 => ***** Scanning Registry for errors created because of Adware/Spyware ***** Fri Aug 19 21:37:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\TEMP\_ISTMP0.DIR\directx\BDA.cab". Action Taken: No Action Taken. Fri Aug 19 21:37:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\TEMP\_ISTMP0.DIR\directx\BDANT.cab". Action Taken: No Action Taken. Fri Aug 19 21:37:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\TEMP\_ISTMP0.DIR\directx\cfgmgr32.dll". Action Taken: No Action Taken. Fri Aug 19 21:37:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\TEMP\_ISTMP0.DIR\directx\DirectX.cab". Action Taken: No Action Taken. Fri Aug 19 21:37:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\TEMP\_ISTMP0.DIR\directx\DSETUP.dll". Action Taken: No Action Taken. Fri Aug 19 21:37:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\TEMP\_ISTMP0.DIR\directx\dsetup32.dll". Action Taken: No Action Taken. Fri Aug 19 21:37:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\TEMP\_ISTMP0.DIR\directx\dxnt.cab". Action Taken: No Action Taken. Fri Aug 19 21:37:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\TEMP\_ISTMP0.DIR\directx\dxsetup.exe". Action Taken: No Action Taken. Fri Aug 19 21:37:02 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\TEMP\_ISTMP0.DIR\directx\setupapi.dll". Action Taken: No Action Taken. Fri Aug 19 21:37:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-dan.nls". Action Taken: No Action Taken. Fri Aug 19 21:37:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-cht.nls". Action Taken: No Action Taken. Fri Aug 19 21:37:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-nld.nls". Action Taken: No Action Taken. Fri Aug 19 21:37:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-fra.nls". Action Taken: No Action Taken. Fri Aug 19 21:37:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ita.nls". Action Taken: No Action Taken. Fri Aug 19 21:37:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-jpn.nls". Action Taken: No Action Taken. Fri Aug 19 21:37:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-kor.nls". Action Taken: No Action Taken. Fri Aug 19 21:37:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-nor.nls". Action Taken: No Action Taken. Fri Aug 19 21:37:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-ptg.nls". Action Taken: No Action Taken. Fri Aug 19 21:37:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-rus.nls". Action Taken: No Action Taken. Fri Aug 19 21:37:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-esp.nls". Ac |
|
|
|
|
|
|
19.08.2005, 23:51
Ehrenmitglied
 Beiträge: 29434 |
#6
rassen
W32/Nanpy-A http://www.sophos.de/virusinfo/analyses/w32nanpya.html Gehe in die Registry Start-->Ausfuehren-->regedit HKLM\System\CurrentControlSet\Services\EventLog\Application\iexplore !!! <--loeschen #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten O4 - HKLM\..\Run: [Microsoft Network Services Controller] C:\WINNT\system32\mmsvc32.exe PC neustarten loesche. C:\WINNT\system32\mmsvc32.exe C:\WINNT\sites.ini smitRem TOOL (Entfernungstool) Download: http://noahdfear.geekstogo.com/ öffne smitRem folder,Doppelklick: RunThis.bat warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal) suche smitfiles.txt und poste die Textdatei in den Thread Download:FindT http://bilder.informationsarchiv.net/Nikitas_Tools/FindT.zip in C:\ entpacken -- öffne "Find T" folder -- klicke batch file (runthis.bat) -- poste die txt (Textdatei) in den Thread Sophos (30 Tage free)-->scanne im abgesicherten modus  http://www.sophos.com/products/eval/ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
20.08.2005, 12:27
Member
Themenstarter Beiträge: 16 |
#7
ich fand 3 CurrentControlSets wo 2 mal Iexplore enthalten waren=>gelöscht
smitRem log file version 2.3 by noahdfear ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Pre-run Files Present ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Post-run Files Present ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Wininet.dll ~~~ CLEAN!  Und dass ist der Text Der FindiT PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. Und nu?? |
|
|
|
|
|
|
20.08.2005, 13:01
Ehrenmitglied
Beiträge: 29434 |
#8
Download:FindT
http://bilder.informationsarchiv.net/Nikitas_Tools/FindT.zip in C:\ entpacken -- öffne "Find T" folder -- klicke batch file (runthis.bat) -- poste die txt (Textdatei) in den Thread __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
20.08.2005, 13:28
Member
Themenstarter Beiträge: 16 |
#9
das ist alle was ich kriege bei FindT
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. hier mein Hikack: Logfile of HijackThis v1.99.1 Scan saved at 12:31:30, on 20.08.2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\LEXBCES.EXE C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\netdde.exe C:\WINNT\system32\LEXPPS.EXE C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE C:\WINNT\System32\svchost.exe C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe C:\Programme\F-Secure Internet Security\Anti-Virus\FSGK32.EXE C:\Programme\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE C:\Programme\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\Programme\F-Secure Internet Security\Common\FSMB32.EXE C:\Programme\Ahead\InCD\InCDsrv.exe C:\Programme\F-Secure Internet Security\Common\FCH32.EXE C:\WINNT\system32\MSTask.exe C:\Programme\F-Secure Internet Security\Common\FAMEH32.EXE C:\WINNT\System32\tcpsvcs.exe C:\WINNT\System32\snmp.exe C:\Programme\F-Secure Internet Security\FSPC\fspc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\inetsrv\inetinfo.exe C:\Programme\F-Secure Internet Security\Anti-Virus\fsav32.exe C:\WINNT\Explorer.EXE C:\Programme\F-Secure Internet Security\backweb\4476822\Program\fspex.exe C:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe C:\Programme\F-Secure Internet Security\FSPC\fshttps\fshttps.exe C:\WINNT\System32\sistray.EXE C:\WINNT\System32\khooker.exe C:\Programme\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE C:\Programme\Ahead\InCD\InCD.exe C:\WINNT\System32\LXSUPMON.EXE C:\Programme\D-Link\Air USB Utility\AirCFG.exe C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Programme\F-Secure Internet Security\Common\FSM32.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\WEBDE\SmartSurfer3.0\SmartSurfer.exe C:\Programme\F-Secure Internet Security\FSGUI\fsguiexe.exe C:\WINNT\system32\cleanmgr.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\rassen\Desktop\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\System32\sistray.EXE O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [LXSUPMON] C:\WINNT\System32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Programme\D-Link\Air USB Utility\AirCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programme\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKCU\..\Run: [a-squared] "C:\Programme\a2\a2guard.exe" O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: SmartSurfer.lnk = C:\Programme\WEBDE\SmartSurfer3.0\SmartSurfer.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Website-&Liste anzeigen - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Webseitenfilter &aussetzen - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Diese Website &sperren - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Diese Website &zulassen - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: Microsoft AntiSpyware helper - {6D16465D-A5B1-422F-B5B2-B0C5A2A30FDE} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6D16465D-A5B1-422F-B5B2-B0C5A2A30FDE} - (no file) (HKCU) O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5F9BA02E-41FC-47B1-8D87-7D396B13706D}: NameServer = 195.71.231.157 193.189.244.205 O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: F-Secure Internet Security 2005 (BackWeb Plug-in - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Programme\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\FSPC\fshttps\fshttps.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE Und meinEscan laüft auch gerade noch..: object "Alexa Spyware/Adware" found in file system!Action Taken:No Action taken |
|
|
|
|
|
|
20.08.2005, 13:29
Ehrenmitglied
Beiträge: 29434 |
#10
Start -- Ausführen -- reinschreiben : cmd -- DOS wird sich öffnen
einzeln in das schwarze DOS-Fenster reinkopieren: cd\ cd %windir%\system32 dir /a:-d /o:-d > %systemdrive%\system32.txt start %systemdrive%\system32.txt cls exit nun wird sich automatisch der Texteditor öffnen und alle Daten einzeigen, die sich auf dem PC befinden. Kopiere bitte nur die letzten 20 Tage raus. Dann schliesse DOS und führe die gleiche Anweisungen aus für: cd\ cd %temp%\ dir /a:-d /o:-d > %systemdrive%\systemtemp.txt start %systemdrive%\systemtemp.txt cls exit cd\ cd %windir% dir /a:-d /o:-d > %systemdrive%\system.txt start %systemdrive%\system.txt cls exit cd\ dir /a:-d /o:-d > %systemdrive%\sys.txt start %systemdrive%\sys.txt cls exit __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
20.08.2005, 13:41
Member
Themenstarter Beiträge: 16 |
#11
Verzeichnis von C:\WINNT\system32
19.08.2005 18:28 16.384 Perflib_Perfdata_4f8.dat 19.08.2005 18:06 0 TFTP1440 19.08.2005 16:37 16.384 Perflib_Perfdata_4d4.dat 18.08.2005 16:24 16.384 Perflib_Perfdata_4a4.dat 18.08.2005 16:20 16.832 amcompat.tlb 18.08.2005 16:20 23.392 nscompat.tlb 18.08.2005 16:08 147.728 schannel.dll 18.08.2005 16:08 524.048 lsasrv.dll 18.08.2005 01:40 16.384 Perflib_Perfdata_4a8.dat 17.08.2005 19:05 16.384 Perflib_Perfdata_4c0.dat 17.08.2005 09:26 16.384 Perflib_Perfdata_4c4.dat 16.08.2005 18:33 4.605 ModemLog_ISDN Internet (PPP over ISDN).txt 16.08.2005 17:01 4.600 ModemLog_ISDN RAS (PPP over ISDN).txt 16.08.2005 15:14 0 dresdner 16.08.2005 15:06 16.384 Perflib_Perfdata_4ac.dat 16.08.2005 14:52 1.155.072 winsflt.dll 16.08.2005 14:51 22.424 eraseme_28237.exe 16.08.2005 14:41 16.384 Perflib_Perfdata_32c.dat 16.08.2005 13:57 16.384 Perflib_Perfdata_568.dat 16.08.2005 13:46 16.384 Perflib_Perfdata_2f8.dat 16.08.2005 13:46 2.170 spupdsvc.log 16.08.2005 13:46 287 spupdw2k.log 16.08.2005 13:46 82.336 FNTCACHE.DAT 16.08.2005 13:14 16.384 Perflib_Perfdata_2d4.dat 16.08.2005 12:56 16.384 Perflib_Perfdata_2dc.dat 15.08.2005 17:02 16.384 Perflib_Perfdata_300.dat 15.08.2005 14:53 16.384 Perflib_Perfdata_304.dat 15.08.2005 14:49 16.384 Perflib_Perfdata_2f0.dat 15.08.2005 04:20 16.384 Perflib_Perfdata_2f4.dat 15.08.2005 04:16 353.186 perfh009.dat 15.08.2005 04:16 55.690 perfc009.dat 15.08.2005 04:16 356.470 perfh007.dat 15.08.2005 04:16 67.382 perfc007.dat 14.08.2005 19:16 16.384 Perflib_Perfdata_4a0.dat 14.08.2005 19:00 16.384 Perflib_Perfdata_490.dat 14.08.2005 18:53 271 desktop.ini 14.08.2005 18:53 21.817 folder.htt 14.08.2005 18:53 525 mapisvc.inf 14.08.2005 18:49 17.348 emptyregdb.dat 14.08.2005 18:41 415.894 PerfStringBackup_011.INI 14.08.2005 18:41 415.894 PerfStringBackup_010.INI 14.08.2005 18:41 1.041 $winnt$.inf 14.08.2005 17:11 16.384 Perflib_Perfdata_4e0.dat 14.08.2005 16:55 415.894 PerfStringBackup_009.INI 14.08.2005 16:55 415.894 PerfStringBackup_008.INI 14.08.2005 16:46 415.894 PerfStringBackup_007.INI 14.08.2005 16:46 415.894 PerfStringBackup_006.INI 14.08.2005 16:41 16.384 Perflib_Perfdata_4bc.dat 14.08.2005 16:21 16.384 Perflib_Perfdata_4f4.dat 14.08.2005 15:37 16.384 Perflib_Perfdata_488.dat 14.08.2005 15:32 16.384 Perflib_Perfdata_4fc.dat 13.08.2005 22:30 16.384 Perflib_Perfdata_4e4.dat 13.08.2005 22:09 16.384 Perflib_Perfdata_4b8.dat 13.08.2005 20:23 415.894 PerfStringBackup_005.INI 13.08.2005 20:23 415.894 PerfStringBackup_004.INI 13.08.2005 20:09 16.384 Perflib_Perfdata_a5c.dat 13.08.2005 15:51 343.188 PerfStringBackup_003.INI 13.08.2005 15:51 343.188 PerfStringBackup_002.INI 13.08.2005 13:49 16.384 Perflib_Perfdata_58c.dat 13.08.2005 13:36 16.384 Perflib_Perfdata_5d0.dat 12.08.2005 12:39 16.384 Perflib_Perfdata_630.dat 14.06.2005 12:12 16.384 Perflib_Perfdata_580.dat 13.05.2005 18:44 16.384 Perflib_Perfdata_92c.dat Datentr„ger in Laufwerk C: hat keine Bezeichnung. Datentr„gernummer: A848-59ED Verzeichnis von C:\DOKUME~1\rassen\LOKALE~1\Temp 20.08.2005 12:37 16.384 ~DFF5B5.tmp 20.08.2005 12:06 3.901 smurfver.xml 16.08.2005 14:44 24.613 IadHide5.dll 3 Datei(en) 44.898 Bytes 0 Verzeichnis(se), 73.250.623.488 Bytes frei Datentr„ger in Laufwerk C: hat keine Bezeichnung. Datentr„gernummer: A848-59ED Verzeichnis von C:\WINNT 20.08.2005 03:49 32.546 SchedLgU.Txt 20.08.2005 03:48 469.650 ShellIconCache 19.08.2005 21:37 78.580 ntbtlog.txt 18.08.2005 16:20 10.942 Active Setup Log.txt 18.08.2005 16:20 13.599 setupapi.log 18.08.2005 16:13 973 Active Setup Log.BAK 18.08.2005 16:12 4.439 KB897715-OE6SP1-20050503.210336.log 18.08.2005 16:07 2.447 KB823980.log 18.08.2005 16:07 8.712 KB833330.log 18.08.2005 16:07 6.536 KB824151.log 18.08.2005 16:07 42.970 KB835732.log 18.08.2005 15:28 1.575.448 setupapi.log.0.old 17.08.2005 22:17 1.059 IE4 Error Log.txt 17.08.2005 15:14 43.127 fsiuupd.log 16.08.2005 14:55 6.906.999 FSISU.log 16.08.2005 14:55 574.942 RunSetup.log 16.08.2005 14:55 3.308.745 FSSFM.log 16.08.2005 14:55 374.842 FSPROD.log 16.08.2005 14:55 1.127.301 FSSETUP.log 16.08.2005 14:55 374.211 FSSSINST.log 16.08.2005 14:55 18.789 FSSCINST.log 16.08.2005 14:55 16.154 FSSYSUPD.LOG 16.08.2005 14:55 3.348 fsavunin.log 16.08.2005 14:55 46.410 fsmainst.log 16.08.2005 14:54 7.970 FSAVCSIN.LOG 16.08.2005 14:54 20.217 FSPCINST.LOG 16.08.2005 14:54 8.126 FSASWINS.LOG 16.08.2005 14:54 15.637 FSGUIINS.LOG 16.08.2005 14:54 60.194 fwesinst.log 16.08.2005 14:54 6.090 fsdginst.log 16.08.2005 14:54 36.230 fstnbins.LOG 16.08.2005 14:53 12.825 fsrif.log 16.08.2005 14:52 22.573 fwinst.log 16.08.2005 14:52 82.662 FSAVINST.LOG 16.08.2005 14:52 2.183 DAASINST.LOG 16.08.2005 14:51 243.495 FSDEPH.log 16.08.2005 14:51 12.002 FSSGSUP.LOG 16.08.2005 14:50 219.012 fssgpex.LOG 16.08.2005 14:48 75.568 fsbwinst.log 16.08.2005 14:44 118.784 bwUnin-6.3.2.62-4476822L.exe 16.08.2005 14:43 10.904 Q-Klez.log 16.08.2005 13:41 1.809.164 iis5.log 16.08.2005 13:41 364.673 comsetup.log 16.08.2005 13:41 1.429 imsins.log 16.08.2005 13:41 162.967 svcpack.log 16.08.2005 13:41 200.998 ocgen.log 16.08.2005 13:41 14.181 ockodak.log 16.08.2005 13:41 344 msmqprop.log 16.08.2005 13:41 554 sptsupd.log 16.08.2005 13:20 2.711 avm.log 16.08.2005 13:06 38.647 avmw2k.log 16.08.2005 13:06 1.503 avmadd32.log 16.08.2005 13:06 8.080 avmcoins.log 15.08.2005 17:15 192.598 macromix.dll 15.08.2005 17:15 30.544 dirdib.drv 15.08.2005 17:10 130 avmenum32.log 15.08.2005 17:04 4.903 ModemDet.txt 15.08.2005 15:36 3.475 OEWABLog.txt 15.08.2005 04:16 4.772 imsins.BAK 15.08.2005 04:09 2.602 fsdgunst.log 15.08.2005 04:09 4.750 fsmaunin.log 15.08.2005 04:09 561 daasunin.LOG 15.08.2005 04:08 7.146 FSASWUNI.LOG 15.08.2005 04:08 2.494 FSPCUNIN.LOG 14.08.2005 18:57 255.972 setuplog.txt 14.08.2005 18:56 181.027 setupact.log 14.08.2005 18:53 4.073 ODBCINST.INI 14.08.2005 18:53 271 desktop.ini 14.08.2005 18:53 21.817 folder.htt 14.08.2005 18:53 334 win.ini 14.08.2005 18:50 233 setuperr.log 14.08.2005 18:48 312 DtcInstall.log 14.08.2005 18:45 226 mmdet.log 14.08.2005 18:41 252 system.ini 14.08.2005 18:28 8.752 WINNT32.LOG 14.08.2005 18:12 0 pws.INI 13.08.2005 20:08 0 frontpg.ini 11.08.2005 16:29 754 WORDPAD.INI 04.08.2005 11:59 528.011.264 MEMORY.DMP 15.07.2005 13:57 5.810 Windows Update.log Datentr„ger in Laufwerk C: hat keine Bezeichnung. Datentr„gernummer: A848-59ED Verzeichnis von C:\ 19.08.2005 22:42 0 23990098.$$$ 22.11.2004 12:54 1.384 AGPSetup.txt 22.11.2004 12:54 926 AGPSetup1.ini 22.11.2004 12:54 952 AGPSetup2.ini 22.11.2004 12:55 33 AGPUnist.ini 14.08.2005 18:54 0 AUTOEXEC.BAT 20.08.2005 14:05 4 AVPCallback.log 14.08.2005 18:46 378 boot.ini 14.08.2005 18:54 0 CONFIG.SYS 16.11.2004 19:36 0 IO.SYS 16.11.2004 19:36 0 MSDOS.SYS 16.08.2005 13:40 34.724 NTDETECT.COM 16.08.2005 13:40 216.096 ntldr 20.08.2005 11:54 792.723.456 pagefile.sys 22.11.2004 12:54 1.896 SiSSetup.txt 22.11.2004 12:54 1.439 SiSSetup1.ini 22.11.2004 12:54 271 SiSUnist.ini 20.08.2005 12:01 675 smitfiles.txt 20.08.2005 14:05 0 sys.txt 20.08.2005 14:03 8.419 system.txt 20.08.2005 13:48 98.889 system32.txt 20.08.2005 13:55 407 systemtemp.txt 10.01.2001 13:23 162.304 UNWISE.EXE 23 Datei(en) 793.252.253 Bytes 0 Verzeichnis(se), 73.250.246.656 Bytes frei Dieser Beitrag wurde am 20.08.2005 um 14:11 Uhr von rassen editiert.
|
|
|
|
|
|
|
20.08.2005, 14:11
Ehrenmitglied
Beiträge: 29434 |
||
|
|
|
|
|
20.08.2005, 14:13
Member
Themenstarter Beiträge: 16 |
#13
sind jetzt da,aktualisiert
mfg Rassen;-)) |
|
|
|
|
|
|
20.08.2005, 14:17
Ehrenmitglied
Beiträge: 29434 |
#14
loesche:
C:\WINNT\system32\TFTP1440 + Mache einen Onlinescan mit panda und McAfee FreeScan + berichte http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
20.08.2005, 20:26
Member
Themenstarter Beiträge: 16 |
#15
Stunden später....McAfee hat nichts gefunden und Panda scan hier der Bericht:
Incident Status Location Dialer:dialer.xd No disinfected HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44A1-9F4543D34545} Spyware:spyware/bargainbuddy No disinfected Windows Registry Possible Virus. No disinfected D:\Programme\Microsoft Office\Office\FRONTPG.EXE Possible Virus. No disinfected D:\RECYCLER\S-1-5-21-1177238915-1993962763-1708537768-1000\Dd1\regedit.exe Possible Virus. No disinfected D:\RECYCLER\S-1-5-21-1177238915-1993962763-1708537768-1000\Dd1\system32\at.exe Possible Virus. No disinfected D:\RECYCLER\S-1-5-21-1177238915-1993962763-1708537768-1000\Dd1\system32\cmstp.exe Possible Virus. No disinfected D:\RECYCLER\S-1-5-21-1177238915-1993962763-1708537768-1000\Dd1\system32\dvdplay.exe Possible Virus. No disinfected D:\RECYCLER\S-1-5-21-1177238915-1993962763-1708537768-1000\Dd1\system32\expand.exe Possible Virus. No disinfected D:\RECYCLER\S-1-5-21-1177238915-1993962763-1708537768-1000\Dd1\welcome.exe Possible Virus. No disinfected D:\WINNT\regedit.exe Possible Virus. No disinfected D:\WINNT\system32\at.exe Possible Virus. No disinfected D:\WINNT\system32\cmstp.exe Possible Virus. No disinfected D:\WINNT\system32\dplaysvr.exe Possible Virus. No disinfected D:\WINNT\system32\dvdplay.exe Possible Virus. No disinfected D:\WINNT\system32\expand.exe Possible Virus. No disinfected D:\WINNT\system32\rsnotify.exe Possible Virus. No disinfected D:\WINNT\system32\smlogsvc.exe Possible Virus. No disinfected D:\WINNT\system32\telnet.exe Possible Virus. No disinfected D:\WINNT\welcome.exe |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
vielleicht kann mir jemand dabei helfen
Logfile of HijackThis v1.99.1
Scan saved at 13:49:09, on 19.08.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\netdde.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\WINNT\System32\svchost.exe
C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Programme\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Programme\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE
C:\Programme\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Programme\F-Secure Internet Security\Common\FSMB32.EXE
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\Programme\F-Secure Internet Security\Common\FCH32.EXE
C:\WINNT\system32\MSTask.exe
C:\Programme\F-Secure Internet Security\Common\FAMEH32.EXE
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Programme\F-Secure Internet Security\FSPC\fspc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\Programme\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\sistray.EXE
C:\WINNT\System32\khooker.exe
C:\Programme\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\Programme\Ahead\InCD\InCD.exe
C:\WINNT\System32\LXSUPMON.EXE
C:\Programme\D-Link\Air USB Utility\AirCFG.exe
C:\Programme\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programme\F-Secure Internet Security\Common\FSM32.EXE
C:\WINNT\system32\internat.exe
C:\Programme\a2\a2guard.exe
C:\Programme\WEBDE\SmartSurfer3.0\SmartSurfer.exe
C:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Programme\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
C:\Programme\F-Secure Internet Security\FSGUI\fsguiexe.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\a2\a2start.exe
C:\Programme\a2\a2scan.exe
C:\Dokumente und Einstellungen\rassen\Desktop\HijackThis.exe
O1 - Hosts: 209.160.64.29 lloydstsb.co.uk
O1 - Hosts: 209.160.64.29 online.lloydstsb.co.uk
O1 - Hosts: 209.160.64.29 www.lloydstsb.co.uk
O1 - Hosts: 209.160.64.29 www.lloydstsb.com
O1 - Hosts: 209.160.64.29 personal.barclays.co.uk
O1 - Hosts: 209.160.64.29 barclays.co.uk
O1 - Hosts: 209.160.64.29 ibank.barclays.co.uk
O1 - Hosts: 209.160.64.29 www.barclays.co.uk
O1 - Hosts: 209.160.64.29 www.nwolb.com
O1 - Hosts: 209.160.64.29 nwolb.com
O1 - Hosts: 209.160.64.29 hsbc.co.uk
O1 - Hosts: 209.160.64.29 www.hsbc.co.uk
O1 - Hosts: 209.160.64.29 abbey.com
O1 - Hosts: 209.160.64.29 www.abbey.com
O1 - Hosts: 209.160.64.29 www.abbey.co.uk
O1 - Hosts: 209.160.64.29 abbey.co.uk
O1 - Hosts: 209.160.64.29 cahoot.com
O1 - Hosts: 209.160.64.29 www.cahoot.com
O1 - Hosts: 209.160.64.29 www.cahoot.co.uk
O1 - Hosts: 209.160.64.29 cahoot.co.uk
O1 - Hosts: 209.160.64.29 www.co-operativebank.co.uk
O1 - Hosts: 209.160.64.29 co-operativebank.co.uk
O1 - Hosts: 209.160.64.29 www.co-operativebank.com
O1 - Hosts: 209.160.64.29 co-operativebank.com
O1 - Hosts: 209.160.64.29 welcome2.co-operativebankonline.co.uk
O1 - Hosts: 209.160.64.29 welcome6.co-operativebankonline.co.uk
O1 - Hosts: 209.160.64.29 welcome8.co-operativebankonline.co.uk
O1 - Hosts: 209.160.64.29 welcome10.co-operativebankonline.co.uk
O1 - Hosts: 209.160.64.29 www.smile.co.uk
O1 - Hosts: 209.160.64.29 smile.co.uk
O1 - Hosts: 209.160.64.29 www.cajamar.es
O1 - Hosts: 209.160.64.29 cajamar.es
O1 - Hosts: 209.160.64.29 www.cajamar.com
O1 - Hosts: 209.160.64.29 www.unicaja.es
O1 - Hosts: 209.160.64.29 unicaja.es
O1 - Hosts: 209.160.64.29 www.unicaja.com
O1 - Hosts: 209.160.64.29 unicaja.com
O1 - Hosts: 209.160.64.29 www.caixagalicia.es
O1 - Hosts: 209.160.64.29 caixagalicia.es
O1 - Hosts: 209.160.64.29 www.caixagalicia.com
O1 - Hosts: 209.160.64.29 caixagalicia.com
O1 - Hosts: 209.160.64.29 activa.caixagalicia.es
O1 - Hosts: 209.160.64.29 www.caixapenedes.es
O1 - Hosts: 209.160.64.29 caixapenedes.es
O1 - Hosts: 209.160.64.29 www.caixapenedes.com
O1 - Hosts: 209.160.64.29 caixapenedes.com
O1 - Hosts: 209.160.64.29 bancae.caixapenedes.com
O1 - Hosts: 209.160.64.29 www.caixasabadell.es
O1 - Hosts: 209.160.64.29 caixasabadell.es
O1 - Hosts: 209.160.64.29 www.caixasabadell.net
O1 - Hosts: 209.160.64.29 caixasabadell.net
O1 - Hosts: 209.160.64.29 www.cajamadrid.es
O1 - Hosts: 209.160.64.29 cajamadrid.es
O1 - Hosts: 209.160.64.29 www.cajamadrid.com
O1 - Hosts: 209.160.64.29 cajamadrid.com
O1 - Hosts: 209.160.64.29 oi.cajamadrid.es
O1 - Hosts: 209.160.64.29 www.ccm.es
O1 - Hosts: 209.160.64.29 ccm.es
O1 - Hosts: 209.160.64.29 www.haspa.de
O1 - Hosts: 209.160.64.29 haspa.de
O1 - Hosts: 209.160.64.29 ssl2.haspa.de
O1 - Hosts: 209.160.64.29 berliner-sparkasse.de
O1 - Hosts: 209.160.64.29 www.berliner-sparkasse.de
O1 - Hosts: 209.160.64.29 berliner-bank.de
O1 - Hosts: 209.160.64.29 postbank.de
O1 - Hosts: 209.160.64.29 www.postbank.de
O1 - Hosts: 209.160.64.29 banking.postbank.de
O1 - Hosts: 209.160.64.29 www.sparda-b.de
O1 - Hosts: 209.160.64.29 sparda-b.de
O1 - Hosts: 209.160.64.29 www.bankingonline.de
O1 - Hosts: 209.160.64.29 www.raiffeisenbank-erding.de
O1 - Hosts: 209.160.64.29 raiffeisenbank-erding.de
O1 - Hosts: 209.160.64.29 www.vr-networld-ebanking.de
O1 - Hosts: 209.160.64.29 vr-networld-ebanking.de
O1 - Hosts: 209.160.64.29 www.bnhof.de
O1 - Hosts: 209.160.64.29 bnhof.de
O1 - Hosts: 209.160.64.29 www.deutsche-bank.de
O1 - Hosts: 209.160.64.29 deutsche-bank.de
O1 - Hosts: 209.160.64.29 meine.deutsche-bank.de
O1 - Hosts: 209.160.64.29 www.citibank.de
O1 - Hosts: 209.160.64.29 citibank.de
O1 - Hosts: 209.160.64.29 cipehb13.cdg.citibank.de
O1 - Hosts: 209.160.64.29 www.dkb.de
O1 - Hosts: 209.160.64.29 dkb.de
O1 - Hosts: 209.160.64.29 www.sparkasse-regensburg.de
O1 - Hosts: 209.160.64.29 sparkasse-regensburg.de
O1 - Hosts: 209.160.64.29 www.berliner-bank.de
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINNT\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Programme\D-Link\Air USB Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Microsoft Network Services Controller] C:\WINNT\system32\mmsvc32.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programme\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [a-squared] "C:\Programme\a2\a2guard.exe"
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Reboot.exe
O4 - Startup: SmartSurfer.lnk = C:\Programme\WEBDE\SmartSurfer3.0\SmartSurfer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Website-&Liste anzeigen - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Webseitenfilter &aussetzen - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Diese Website &sperren - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Diese Website &zulassen - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: Microsoft AntiSpyware helper - {6D16465D-A5B1-422F-B5B2-B0C5A2A30FDE} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6D16465D-A5B1-422F-B5B2-B0C5A2A30FDE} - (no file) (HKCU)
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F9BA02E-41FC-47B1-8D87-7D396B13706D}: NameServer = 195.71.231.157 193.189.244.205
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: F-Secure Internet Security 2005 (BackWeb Plug-in - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programme\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE