Home » Spyware & Browser Hijacker Support Forum » rdsndin.exe, hclean32.exe; Ballon der immer auftaucht » Themenansicht

rdsndin.exe, hclean32.exe; Ballon der immer auftaucht

Thema ist geschlossen!
Thema ist geschlossen!
#0
21.10.2005, 12:27
westinho
...neu hier

Beiträge: 3
#46 hey sabina!hoffe dass ist es fürs "erste"....vielen dank schon mal im voraus...thx thx thx ;)



"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Apoint" = "C:\Programme\Apoint\Apoint.exe" ["Alps Electric Co., Ltd."]
"IgfxTray" = "C:\WINDOWS\System32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
"SunJavaUpdateSched" = "C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe" [null data]
"DVDSentry" = "C:\WINDOWS\System32\DSentry.exe" ["Dell - Advanced Desktop Engineering"]
"AdaptecDirectCD" = ""C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"" ["Roxio"]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"iTunesHelper" = "C:\Programme\iTunes\iTunesHelper.exe" ["Apple Computer, Inc."]
"TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"hclean32.exe" = "C:\WINDOWS\System32\hclean32.exe" [null data]
"crifx.exe" = "C:\WINDOWS\System32\crifx.exe" [file not found]
"EXE32EXE" = "utsgmon.exe" [file not found]
"SmcService" = "C:\PROGRA~1\Sygate\SPF\smc.exe -startgui" ["Sygate Technologies, Inc."]
"dmvyu.exe" = "C:\WINDOWS\System32\dmvyu.exe" [file not found]
"yaemu.exe" = "C:\WINDOWS\System32\yaemu.exe" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\btneighborhood.dll" ["WIDCOMM, Inc."]
"{5E44E225-A408-11CF-B581-008029601108}" = "Adaptec DirectCD Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Roxio\EASYCD~1\DirectCD\Shellex.dll" ["Roxio"]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice Property Sheet Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\OpenOffice.org1.1.1\program\shlxthdl.dll" ["Sun Microsystems, Inc."]
"{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\1031\UNBIND.DLL" [MS]
"{E0D79300-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]
"{E0D79301-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]
"{E0D79302-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "csjyh.exe" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
INFECTION WARNING! NavLogon\DLLName = "C:\WINDOWS\System32\NavLogon.dll" [null data]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79300-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\wzshlext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\limbach\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\SSMYPICS.SCR" [MS]


Startup items in "limbach" & "All Users" startup folders:
---------------------------------------------------------

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"BTTray" -> shortcut to: "C:\Programme\Dell\Bluetooth Software\BTTray.exe" ["WIDCOMM, Inc."]
"Digital Line Detect" -> shortcut to: "C:\Programme\Digital Line Detect\DLG.exe" ["BVRP Software"]
"EPSON Status Monitor 3 Environment Check" -> shortcut to: "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV03.EXE" ["SEIKO EPSON CORPORATION"]
"Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office\OSA9.EXE -b -l" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 23
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Messenger"
"Exec" = "C:\Programme\Messenger\MSMSGS.EXE" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Bluetooth Service, btwdins, "C:\Programme\Dell\Bluetooth Software\bin\btwdins.exe" ["WIDCOMM, Inc."]
iPod Service, iPodService, "C:\Programme\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
Sygate Personal Firewall, SmcService, "C:\Programme\Sygate\SPF\smc.exe" ["Sygate Technologies, Inc."]
WLTRYSVC, WLTRYSVC, "C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe" [null data]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
BJ Language Monitor2\Driver = "CNBJMON2.DLL" [MS]
Bluetooth-Druckeranschluss\Driver = "bthcrp.dll" ["WIDCOMM, Inc."]
EPSON STM3 2KMonitor10\Driver = "E_SL2010.DLL" ["SEIKO EPSON CORPORATION"]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 132 seconds, including 11 seconds for message boxes)




BLACKLIGHT



10/21/05 12:17:29 [Info]: BlackLight Engine 1.0.23 initialized
10/21/05 12:17:29 [Info]: OS: 5.1 build 2600 (Service Pack 1)
10/21/05 12:17:30 [Note]: 4019 4
10/21/05 12:17:30 [Note]: 4005 0
10/21/05 12:17:34 [Note]: 4006 0
10/21/05 12:17:34 [Note]: 4011 1668
10/21/05 12:17:35 [Note]: FSRAW library version 1.7.1011
10/21/05 12:18:28 [Info]: Hidden file: C:\WINDOWS\SYSTEM32\WBEM\WBEMTEST.EXE
10/21/05 12:18:28 [Note]: 10002 1
10/21/05 12:18:31 [Info]: Hidden file: C:\WINDOWS\SYSTEM32\csjyh.exe
10/21/05 12:18:31 [Note]: 4002 32
10/21/05 12:18:31 [Note]: 4003 1
10/21/05 12:18:31 [Note]: 10002 1
10/21/05 12:18:33 [Info]: Hidden file: C:\WINDOWS\SYSTEM32\loadctr32.exe
10/21/05 12:18:33 [Note]: 10002 1
10/21/05 12:18:34 [Info]: Hidden file: C:\WINDOWS\SYSTEM32\ntfsnlpa.exe
10/21/05 12:18:34 [Note]: 10002 1
10/21/05 12:18:36 [Info]: Hidden file: C:\WINDOWS\SYSTEM32\rdsndin.exe
10/21/05 12:18:36 [Note]: 10002 1
10/21/05 12:18:36 [Info]: Hidden file: C:\WINDOWS\SYSTEM32\RDSNDIN.EXE.001
10/21/05 12:18:36 [Note]: 10002 1
10/21/05 12:18:36 [Info]: Hidden file: C:\WINDOWS\SYSTEM32\RDSNDIN.EXE.VIR
10/21/05 12:18:36 [Note]: 10002 1
10/21/05 12:18:40 [Info]: Hidden file: C:\WINDOWS\SYSTEM32\hclean32.exe
10/21/05 12:18:40 [Note]: 10002 1
10/21/05 12:18:43 [Info]: Hidden file: C:\WINDOWS\SYSTEM32\favme.exe
10/21/05 12:18:43 [Note]: 10002 1
10/21/05 12:18:43 [Info]: Hidden file: C:\WINDOWS\SYSTEM32\filesafer.exe
10/21/05 12:18:43 [Note]: 10002 1







Verzeichnis von C:\WINDOWS\SYSTEM32

21.10.2005 09:41 2.953 CONFIG.NT
19.10.2005 18:52 3.725 qtplugin.log
17.10.2005 18:43 121.336 FNTCACHE.DAT
16.10.2005 22:42 2.278 WPA.DBL
05.10.2005 09:36 2.301.792 MRT.exe
04.10.2005 12:33 2.700.288 MSHTML.DLL
27.09.2005 02:41 611.840 xpsp2res.dll
23.09.2005 05:27 8.389.632 shell32.dll
10.09.2005 04:04 2.025.984 cdosys.dll
02.09.2005 17:31 496.128 MSTIME.DLL
02.09.2005 17:31 458.752 URLMON.DLL
02.09.2005 16:35 192.000 DXTRANS.DLL
02.09.2005 11:07 988.160 DANIM.DLL
01.09.2005 03:51 278.528 winsrv.dll
01.09.2005 03:51 16.384 linkinfo.dll



Verzeichnis von C:\DOKUME~1\limbach\LOKALE~1\Temp


21.10.2005 12:01 65.536 msn4076.fdr
21.10.2005 12:01 59.138 msnclean.log
21.10.2005 11:56 63.848 jusched.log
21.10.2005 11:50 16.384 ~DF936D.tmp
21.10.2005 11:02 510.613 49F71E.dmp
21.10.2005 11:02 0 WER14.tmp
21.10.2005 09:54 505.080 B7DD8.dmp
21.10.2005 09:54 0 WERB.tmp
20.10.2005 21:57 32.768 ~DF70E.tmp
20.10.2005 21:56 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}21740.html
20.10.2005 21:55 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}21522.html
20.10.2005 21:55 16.384 ~DFD1D0.tmp
20.10.2005 21:52 49.152 ~DF1E16.tmp
20.10.2005 21:14 251 kb.log
20.10.2005 21:13 16.384 ~DFDF71.tmp
20.10.2005 20:55 16.384 ~DF1F9B.tmp
20.10.2005 20:55 16.384 ~DF1F65.tmp
20.10.2005 20:55 16.384 ~DF1F80.tmp
20.10.2005 20:55 16.384 ~DF1F4A.tmp
20.10.2005 20:54 16.384 ~DFC5C1.tmp
20.10.2005 20:54 16.384 ~DFB25E.tmp
20.10.2005 20:30 919.931 tmp.xpi
20.10.2005 12:12 0 WER4.tmp
19.10.2005 14:40 16.384 ~DF11F3.tmp
19.10.2005 14:40 16.384 ~DFF474.tmp
13.10.2005 20:09 0 WER12.tmp
04.10.2005 18:11 0 WER1.tmp
03.09.2005 16:10 0 WER2.tmp
02.09.2005 14:34 258 FolderLst.txt



Verzeichnis von C:\WINDOWS

21.10.2005 12:02 1.311.454 WindowsUpdate.log
21.10.2005 12:01 3.590 msnsetuplog.txt
21.10.2005 12:01 4.438 msnavpklog.txt
21.10.2005 12:01 73.522 setupapi.log
21.10.2005 11:56 0 0.LOG
21.10.2005 11:56 4.186 ModemLog_Conexant D480 MDC V.9x Modem.txt
21.10.2005 11:56 50 WIASERVC.LOG
21.10.2005 11:56 159 WIADEBUG.LOG
21.10.2005 11:55 2.048 BOOTSTAT.DAT
21.10.2005 11:54 32.618 SchedLgU.Txt
21.10.2005 09:54 6.400 balloon.wav
20.10.2005 21:40 505 ODBC.INI
20.10.2005 21:17 174.968 ntbtlog.txt
20.10.2005 20:30 3.251 mozver.dat
17.10.2005 11:57 426.659 IIS6.LOG
17.10.2005 11:57 131.795 COMSETUP.LOG
17.10.2005 11:57 170.175 TSOC.LOG
17.10.2005 11:57 18.773 TABLETOC.LOG
17.10.2005 11:57 1.393 imsins.log
17.10.2005 11:57 78.086 ntdtcsetup.log
17.10.2005 11:57 34.928 KB899587.log
17.10.2005 11:57 12.937 OCMSN.LOG
17.10.2005 11:57 63.125 NETFXOCM.LOG
17.10.2005 11:57 17.946 MSGSOCM.LOG
17.10.2005 11:57 188.265 OCGEN.LOG
17.10.2005 11:57 377.558 FaxSetup.log
17.10.2005 11:57 117.440 MSMQINST.LOG
17.10.2005 11:57 13.836 updspapi.log
17.10.2005 11:56 1.393 imsins.BAK
17.10.2005 11:56 34.027 KB896422.log
17.10.2005 11:55 34.788 KB885835.log
17.10.2005 11:55 31.242 KB885836.log
17.10.2005 11:54 31.941 KB901017.log
17.10.2005 11:53 32.413 KB899591.log
17.10.2005 11:53 32.616 KB893756.log
17.10.2005 11:52 36.344 KB896423.log
17.10.2005 11:52 29.844 KB873339.log
17.10.2005 11:51 29.846 KB888113.log
17.10.2005 11:51 22.399 KB896688-IE6SP1-20051004.130236.log
17.10.2005 11:50 28.632 KB896358.log
17.10.2005 11:49 18.991 KB898458.log
17.10.2005 11:49 24.741 KB905495.log
17.10.2005 11:48 37.422 KB902400.log
17.10.2005 11:48 20.076 KB891781.log
17.10.2005 11:47 21.144 KB890046.log
17.10.2005 11:47 20.467 KB893066.log
17.10.2005 11:46 20.327 KB899589.log
17.10.2005 11:45 15.236 KB904706.log
17.10.2005 11:45 20.162 KB905414.log
17.10.2005 11:44 19.626 KB901214.log
17.10.2005 11:44 16.297 KB892944.log
17.10.2005 11:43 18.060 KB888302.log
17.10.2005 11:43 19.441 KB900725.log
17.10.2005 11:43 5.767 KB897715-OE6SP1-20050503.210336.log
17.10.2005 11:42 15.679 KB905749.log
17.10.2005 11:42 14.591 KB896428.log
17.10.2005 11:42 17.729 KB890859.log
13.10.2005 20:11 0 nsreg.dat
13.10.2005 20:09 2.007 AMS2INST.LOG
13.10.2005 20:06 99.970 UninstallFirefox.exe
13.10.2005 19:50 6.914 KB898461.log
13.10.2005 18:56 8.837 KB893803v2.log
13.10.2005 17:17 2.299.425 setupapi.log.0.old
13.10.2005 11:20 4.395 rdt.ini
07.10.2005 19:48 24.590 wmsetup.log
07.10.2005 19:48 316.640 WMSysPr9.prx
02.09.2005 14:49 110.790 ModemLog_Motorola USB Modem.txt
14.08.2005 13:59 176 cdplayer.ini
15.06.2005 20:59 41.072 EPSTPLOG.TXT
26.05.2005 00:44 10.752 hh.exe
20.08.2004 11:34 770 WIN.INI
19.08.2004 15:55 15.290 Windows Update.log
19.08.2004 15:47 27.100 KB839645.log
19.08.2004 15:46 10.151 XPSP1HFM.LOG
19.08.2004 15:46 17.096 KB840374.log
19.08.2004 15:46 16.457 KB839643-DirectX9.log
19.08.2004 15:46 21.647 KB841873.log
19.08.2004 15:45 17.106 KB842773.log
19.08.2004 15:45 213.406 SETUPACT.LOG
19.08.2004 15:45 19.362 KB840315.log
19.08.2004 12:13 63 mdm.ini
19.08.2004 09:36 69.632 uinst001.exe
18.08.2004 15:39 1.174 OEWABLog.txt
18.08.2004 15:39 805.112 SETUPLOG.TXT
18.08.2004 15:18 2.815 sessmgr.setup.log
18.08.2004 15:18 628 DtcInstall.log
18.08.2004 13:57 2.734 REGOPT.LOG
18.08.2004 13:56 158 SETUPERR.LOG
18.08.2004 13:55 8.192 REGLOCS.OLD
15.08.2004 00:48 693 nsw.log
11.08.2004 12:32 61 smscfg.ini
11.08.2004 12:31 7.088 KB838989.log
11.08.2004 12:31 57.344 uneng.exe
11.08.2004 12:30 299.552 WMSysPrx.prx
11.08.2004 12:29 575 chipset.log
11.08.2004 12:25 816 vmuninst.log
11.08.2004 12:24 12.332 KB837001.log
11.08.2004 12:23 26.288 KB823182.log
11.08.2004 12:23 9.599 KB826942.log
11.08.2004 12:22 23.605 KB824810.log
11.08.2004 12:22 23.194 KB817611.log
11.08.2004 12:21 22.846 Q817472.log
11.08.2004 12:21 20.896 q330512.log
11.08.2004 12:20 3.075 KB835732.log
11.08.2004 12:20 2.448 KB828741.log
11.08.2004 12:16 59.218 DirectX.log



Verzeichnis von C:\

21.10.2005 12:24 0 sys.txt
21.10.2005 12:23 9.080 system.txt
21.10.2005 12:23 4.265 systemtemp.txt
21.10.2005 12:23 98.196 system32.txt
21.10.2005 11:55 535.064.576 hiberfil.sys
21.10.2005 11:55 805.306.368 pagefile.sys
13.10.2005 20:09 10.297 _NavCClt.Log
08.09.2005 04:55 746 devicetable.log
13.06.2005 12:18 0 DBS.TXT
18.08.2004 15:39 194 BOOT.INI
11.08.2004 12:02 4.238 DELL.SDR
Seitenanfang Seitenende
21.10.2005, 14:05
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#47 fein ;)
nun poste noch das:
http://virus-protect.org/winpfind.html
dann beginnt die reinigung
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
21.10.2005, 14:26
westinho
...neu hier

Beiträge: 3
#48 hey!


also....


»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
UPX! 09.07.2005 11:03:06 433152 C:\WINDOWS\SYSTEM32\aswBoot.exe
PEC2 26.03.2004 01:11:50 41118 C:\WINDOWS\SYSTEM32\DFRG.MSC
PECompact2 05.10.2005 09:36:08 2301792 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 05.10.2005 09:36:08 2301792 C:\WINDOWS\SYSTEM32\MRT.exe
Umonitor 26.03.2004 01:18:46 660480 C:\WINDOWS\SYSTEM32\RASDLG.DLL
winsync 26.03.2004 01:21:02 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
21.10.2005 11:55:58 S 2048 C:\WINDOWS\BOOTSTAT.DAT
21.10.2005 12:01:36 H 0 C:\WINDOWS\LastGood\INF\oem39.inf
21.10.2005 12:01:36 H 0 C:\WINDOWS\LastGood\INF\oem39.PNF
04.10.2005 13:16:48 S 20086 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688-IE6SP1-20051004.130236.cat
28.09.2005 11:53:22 S 17402 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB900725.cat
09.09.2005 19:14:58 S 11084 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB901017.cat
30.08.2005 11:28:32 S 7711 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB904706.cat
22.08.2005 20:48:20 S 11084 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905414.cat
25.08.2005 04:03:10 S 9798 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905495.cat
22.08.2005 21:03:28 S 11084 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905749.cat
21.10.2005 14:15:34 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
21.10.2005 11:56:10 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
21.10.2005 12:06:06 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
21.10.2005 14:21:12 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
21.10.2005 12:35:42 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
21.10.2005 09:41:32 H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
06.09.2005 20:23:14 HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\151e8852-d810-48f9-b7aa-4abf2a7bddb2
06.09.2005 20:23:14 HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
21.10.2005 11:56:00 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 26.03.2004 01:10:06 68096 C:\WINDOWS\SYSTEM32\ACCESS.CPL
Microsoft Corporation 26.03.2004 01:10:24 583680 C:\WINDOWS\SYSTEM32\APPWIZ.CPL
Dell Computer Corporation 20.02.2004 17:13:54 958464 C:\WINDOWS\SYSTEM32\BCMWLCPL.CPL
WIDCOMM, Inc. 05.03.2004 17:13:42 262203 C:\WINDOWS\SYSTEM32\btcpl.cpl
Microsoft Corporation 26.03.2004 01:11:50 132096 C:\WINDOWS\SYSTEM32\DESK.CPL
Microsoft Corporation 26.03.2004 01:14:24 152064 C:\WINDOWS\SYSTEM32\HDWWIZ.CPL
Intel Corporation 27.10.2003 20:04:12 98304 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 26.03.2004 01:14:54 293376 C:\WINDOWS\SYSTEM32\INETCPL.CPL
Microsoft Corporation 26.03.2004 01:14:58 125440 C:\WINDOWS\SYSTEM32\INTL.CPL
Microsoft Corporation 26.03.2004 01:15:08 66560 C:\WINDOWS\SYSTEM32\JOY.CPL
Sun Microsystems 19.11.2003 18:48:12 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 26.03.2004 01:15:28 189440 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 26.03.2004 01:15:52 566272 C:\WINDOWS\SYSTEM32\MMSYS.CPL
Microsoft Corporation 26.03.2004 01:17:04 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 26.03.2004 01:17:40 259072 C:\WINDOWS\SYSTEM32\NUSRMGR.CPL
Microsoft Corporation 26.03.2004 01:17:42 38400 C:\WINDOWS\SYSTEM32\NWC.CPL
Microsoft Corporation 26.03.2004 01:17:44 36864 C:\WINDOWS\SYSTEM32\ODBCCP32.CPL
Microsoft Corporation 26.03.2004 01:18:18 111616 C:\WINDOWS\SYSTEM32\POWERCFG.CPL
Intel(R) Corporation 06.08.2003 16:59:06 77824 C:\WINDOWS\SYSTEM32\PRApplet.cpl
Apple Computer, Inc. 30.09.2004 17:03:44 324608 C:\WINDOWS\SYSTEM32\QuickTime.cpl
SigmaTel Inc. 09.04.2003 23:13:02 81920 C:\WINDOWS\SYSTEM32\STAC97.cpl
Microsoft Corporation 26.03.2004 01:20:08 272896 C:\WINDOWS\SYSTEM32\SYSDM.CPL
Microsoft Corporation 26.03.2004 01:20:20 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 26.03.2004 01:20:24 90112 C:\WINDOWS\SYSTEM32\TIMEDATE.CPL
Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 29.08.2002 04:41:00 208896 C:\WINDOWS\SYSTEM32\DLLCACHE\joy.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
11.08.2004 12:27:24 667 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk
26.03.2004 14:23:24 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DESKTOP.INI
11.08.2004 12:26:54 473 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Digital Line Detect.lnk
15.06.2005 20:58:38 893 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\EPSON Status Monitor 3 Environment Check.lnk
19.08.2004 12:13:36 1709 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
26.03.2004 14:09:16 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DESKTOP.INI

Checking files in %USERPROFILE%\Startup folder...
26.03.2004 14:23:24 HS 84 C:\Dokumente und Einstellungen\limbach\Startmenü\Programme\Autostart\DESKTOP.INI

Checking files in %USERPROFILE%\Application Data folder...
26.03.2004 14:09:16 HS 62 C:\Dokumente und Einstellungen\limbach\Anwendungsdaten\DESKTOP.INI
19.08.2004 09:38:16 77 C:\Dokumente und Einstellungen\limbach\Anwendungsdaten\sversion.ini
29.05.2005 20:14:00 12 C:\Dokumente und Einstellungen\limbach\Anwendungsdaten\uns.tmp
23.12.2004 04:43:14 4713 C:\Dokumente und Einstellungen\limbach\Anwendungsdaten\wo.tmp

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\wzshlext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\wzshlext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79300-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\wzshlext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Konsole :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}
ButtonText = ICQ Lite : C:\Programme\ICQLite\ICQLite.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Programme\Messenger\MSMSGS.EXE

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer-Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{08BEC6AA-49FC-4379-3587-4B21E286C19E} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Apoint C:\Programme\Apoint\Apoint.exe
IgfxTray C:\WINDOWS\System32\igfxtray.exe
HotKeysCmds C:\WINDOWS\System32\hkcmd.exe
SunJavaUpdateSched C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
DVDSentry C:\WINDOWS\System32\DSentry.exe
AdaptecDirectCD "C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
QuickTime Task "C:\Programme\QuickTime\qttask.exe" -atboottime
iTunesHelper C:\Programme\iTunes\iTunesHelper.exe
TkBellExe "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
EXE32EXE utsgmon.exe
SmcService C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
SmcService C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
SmcService C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
SmcService C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
SmcService C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE C:\WINDOWS\System32\ctfmon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoBandCustomize 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon
= C:\WINDOWS\System32\NavLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 21.10.2005 14:24:43



mfg+nochmal thx ;)
westinho
Seitenanfang Seitenende
21.10.2005, 16:27
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#49 ich habe nun keine Zeit mehr, alles zusammenzustellen...nur als Info fuer dich, damit du nicht wartest, ich mache das um 11, da ist es in Deutschland um 12 ...
wahrscheinlich wirst du es dann erst morgen abarbeiten koennen...also, bis bald
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
22.10.2005, 00:26
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#50 Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.


Zitat

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=-
"System"=""

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WareOut]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WareOut]
[-HKEY_CURRENT_USER\Software\WareOut]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoBandCustomize"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion]
"Disabled"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\SearchToolbar]
[-HKEY_CURRENT_USER\Software\SearchToolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{08BEC6AA-49FC-4379-3587-4B21E286C19E}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hclean32.exe"=-
"crifx.exe"=-
"EXE32EXE"=-
"dmvyu.exe"=-
"yaemu.exe"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx]
"Flags"=dword:00000008
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\000]
"runonce1"="\"C:\\HJT\\hijackthis.exe\""

KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html
Delete File on Reboot -- anhaken
reinkopieren:
...
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"

C:\WINDOWS\SYSTEM32\csjyh.exe
C:\WINDOWS\SYSTEM32\loadctr32.exe
C:\WINDOWS\SYSTEM32\ntfsnlpa.exe
C:\WINDOWS\SYSTEM32\rdsndin.exe
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE.001
C:\WINDOWS\SYSTEM32\RDSNDIN.EXE.VIR
C:\WINDOWS\SYSTEM32\favme.exe
C:\WINDOWS\SYSTEM32\filesafer.exe
C:\WINDOWS\System32\dflnl.exe
C:\Dokumente und Einstellungen\limbach\Anwendungsdaten\uns.tmp
C:\Dokumente und Einstellungen\limbach\Anwendungsdaten\wo.tmp
C:\WINDOWS\System32\hclean32.exe
C:\WINDOWS\System32\crifx.exe
C:\WINDOWS\System32\utsgmon.exe
C:\WINDOWS\System32\dmvyu.exe
C:\WINDOWS\System32\yaemu.exe
C:\WINDOWS\balloon.wav
C:\WINDOWS\rdt.ini

PC neustartenComputer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "fixme.reg" auf dem Desktop doppelklicken und der Registry beifuegen

deinstalliere im abgesicherten modus das Programm Wareout + UnSpyPC

dann loesche:
C:\Programme\WareOut
C:\Programme\UnSpyPC
ATLIEHELPER.dll
mozilla-text.dll
utsgmon.exe
sysconf16.exe
bnui.exe
iesetupdll.exe
defect08.exe
SAPSTR.exe
wormexe.exe
newbreed.exe
cnftips.exe
TemplateDongle.exe


-------------------------------------------------------------------------

scanne mit Counterspy
http://virus-protect.org/counterspy.html
- Klicke: "Run a Spyware Scan Now"
- nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu
poste dann hier den Scanreport ;)
+
das neue Lot vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1234