Trojaner kommt immer wieder |
||
---|---|---|
#0
| ||
06.09.2005, 07:27
Member
Beiträge: 20 |
||
|
||
06.09.2005, 14:50
Moderator
Beiträge: 7805 |
#2
Fixe bitte folgendes im abgesicherten Modus:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online-soccer.de/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\PROGRAMME\OUTLOOK EXPRESS\MSIMN.EXE" R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von freenet.de R3 - URLSearchHook: (no name) - {7BC7CA4B-5AC7-A8AD-94C9-333BB666DA8E} - KeywordFinder.dll (file missing) O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file) O2 - BHO: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\SYSTEM\GZCXX.DLL (file missing) O8 - Extra context menu item: Download with &Shareaza - res://C:\PROGRAMME\SHAREAZA\PLUGINS\RAZAWEBHOOK.DLL/3000 O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) - O16 - DPF: {CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_04) - O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {40BF816B-D862-41B9-9445-ECA36D5F67F9} (Flatcast Viewer 4.12) - http://www.1mal1.com/flatcast/NpFv412.dll O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O16 - DPF: {DA511858-B44C-439E-A0EA-704ED20035E7} (EphoxEditLive4.EditLive) - http://www.beepworld.de/hp/activexeditor/editlive4.cab starte neu, erstelle die Startseite neu, lasse eScan deinen Rechner pruefen und schreib, ob es noch etwas gefunden hat. Ccleaner waere vieleicht auch nicht falsch. __________ MfG Ralf SEO-Spam Hunter |
|
|
||
06.09.2005, 17:21
Member
Themenstarter Beiträge: 20 |
#3
Hallo,vielen Dank erstmal.Hab das so gemacht.escan hat 13 Viren und 710 Anzahl der Fehler entdeckt,kann das aber nur in der Vollversion löschen.Was mach ich nun mit den Fehlern und Viren?Danach hat ccleaner dann aufgeräumt.
|
|
|
||
06.09.2005, 17:33
Moderator
Beiträge: 7805 |
#4
Achso, nutze dazu escancheck:
http://virus-protect.org/escan.html Beachte bitte, das die Auswertung nur funktioniert, wenn du bei Escan Englisch als Sprache auswaehlst! Dann kannst du den Teil des Reports hier postn, der aufzeigt, welche Dateien infiziert sind. Achso, bitte erstlle auch ein neues Hijackthis log. __________ MfG Ralf SEO-Spam Hunter |
|
|
||
06.09.2005, 19:32
Member
Themenstarter Beiträge: 20 |
#5
Dann kopier ich erstmal das.Hat ja über ne Stunde gedauert.Inzwischen kam das wieder mit dem Ballon.
-------------------------------------------------- -------------------- INFECTED -------------------- -------------------------------------------------- 1: Tue Sep 06 17:54:05 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. 2: Tue Sep 06 17:54:10 2005 => System found infected with AdWare.ToolBar.SBSoft.h Spyware/Adware ({08BEC6AA-49FC-4379-3587-4B21E286C19E})! Action taken: No Action Taken. 3: Tue Sep 06 17:57:29 2005 => Offending file found: C:\WINDOWS\SYSTEM\usbmonit.exe 4: Tue Sep 06 17:57:29 2005 => System found infected with PurityScan Spyware/Adware (usbmonit.exe)! Action taken: No Action Taken. 5: Tue Sep 06 18:00:33 2005 => Offending file found: C:\WINDOWS\pcconfig.dat 6: Tue Sep 06 18:00:33 2005 => System found infected with Xrenoder Spyware/Adware (pcconfig.dat)! Action taken: No Action Taken. 7: Tue Sep 06 18:09:34 2005 => File C:\WINDOWS\SYSTEM\cspap.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken. 8: Tue Sep 06 18:10:04 2005 => File C:\WINDOWS\SYSTEM\csjmf.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken. 9: Tue Sep 06 18:10:22 2005 => File C:\WINDOWS\SYSTEM\intlmain.dll infected by "Trojan.Win32.StartPage.iv" Virus! Action Taken: No Action Taken. 10: Tue Sep 06 18:10:34 2005 => File C:\WINDOWS\SYSTEM\csgxb.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken. 11: Tue Sep 06 18:10:35 2005 => File C:\WINDOWS\SYSTEM\csrev.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken. 12: Tue Sep 06 18:10:35 2005 => File C:\WINDOWS\SYSTEM\csjfm.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken. 13: Tue Sep 06 18:16:20 2005 => File C:\WINDOWS\SYSTEM\cspap.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken. 14: Tue Sep 06 18:16:47 2005 => File C:\WINDOWS\SYSTEM\csjmf.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken. 15: Tue Sep 06 18:17:04 2005 => File C:\WINDOWS\SYSTEM\intlmain.dll infected by "Trojan.Win32.StartPage.iv" Virus! Action Taken: No Action Taken. 16: Tue Sep 06 18:17:15 2005 => File C:\WINDOWS\SYSTEM\csgxb.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken. 17: Tue Sep 06 18:17:15 2005 => File C:\WINDOWS\SYSTEM\csrev.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken. 18: Tue Sep 06 18:17:15 2005 => File C:\WINDOWS\SYSTEM\csjfm.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken. 19: Tue Sep 06 18:33:15 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\TeenSex.exe infected by "Trojan.Win32.Liech.c" Virus! Action Taken: No Action Taken. 20: Tue Sep 06 18:33:15 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\setup.exe infected by "Trojan.Win32.Liech.c" Virus! Action Taken: No Action Taken. 21: Tue Sep 06 18:33:16 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.3\TeenSex.exe infected by "Trojan.Win32.Liech.c" Virus! Action Taken: No Action Taken. 22: Tue Sep 06 18:33:17 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.3\setup.exe infected by "Trojan.Win32.Liech.c" Virus! Action Taken: No Action Taken. 23: Tue Sep 06 18:33:18 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\TeenSex.exe infected by "Trojan.Win32.Liech.c" Virus! Action Taken: No Action Taken. 24: Tue Sep 06 18:33:19 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\login.exe infected by "Trojan.Win32.Liech.c" Virus! Action Taken: No Action Taken. 25: Tue Sep 06 18:33:20 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\setup.exe infected by "Trojan.Win32.Liech.c" Virus! Action Taken: No Action Taken. 26: Tue Sep 06 18:33:20 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.4\TeenSex.exe infected by "Trojan.Win32.Liech.c" Virus! Action Taken: No Action Taken. 27: Tue Sep 06 18:33:21 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.4\setup.exe infected by "Trojan.Win32.Liech.c" Virus! Action Taken: No Action Taken. 28: Tue Sep 06 18:33:23 2005 => File C:\WINDOWS\Downloaded Program Files\login.exe infected by "Trojan.Win32.Liech.c" Virus! Action Taken: No Action Taken. 29: Tue Sep 06 18:33:24 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.5\TeenSex.exe infected by "Trojan.Win32.Liech.c" Virus! Action Taken: No Action Taken. 30: Tue Sep 06 18:33:25 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.5\setup.exe infected by "Trojan.Win32.Liech.c" Virus! Action Taken: No Action Taken. 31: Tue Sep 06 18:33:26 2005 => File C:\WINDOWS\Downloaded Program Files\setup.exe infected by "Trojan.Win32.Liech.c" Virus! Action Taken: No Action Taken. 32: Tue Sep 06 18:33:26 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.6\setup.exe infected by "Trojan.Win32.Liech.c" Virus! Action Taken: No Action Taken. 33: Tue Sep 06 18:33:27 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.6\TeenSex.exe infected by "Trojan.Win32.Liech.c" Virus! Action Taken: No Action Taken. 34: Tue Sep 06 18:33:28 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.7\setup.exe infected by "Trojan.Win32.Liech.c" Virus! Action Taken: No Action Taken. 35: Tue Sep 06 18:33:29 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.7\TeenSex.exe infected by "Trojan.Win32.Liech.c" Virus! Action Taken: No Action Taken. 36: Tue Sep 06 18:33:30 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.8\setup.exe infected by "Trojan.Win32.Liech.c" Virus! Action Taken: No Action Taken. 37: Tue Sep 06 18:33:30 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.8\teensex.exe infected by "Trojan.Win32.Liech.c" Virus! Action Taken: No Action Taken. 38: Tue Sep 06 18:33:31 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.9\setup.exe infected by "Trojan.Win32.Liech.c" Virus! Action Taken: No Action Taken. 39: Tue Sep 06 18:33:32 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.9\teensex.exe infected by "Trojan.Win32.Liech.c" Virus! Action Taken: No Action Taken. 40: Tue Sep 06 18:33:33 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.10\setup.exe infected by "Trojan.Win32.Liech.c" Virus! Action Taken: No Action Taken. 41: Tue Sep 06 18:33:33 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.10\teensex.exe infected by "Trojan.Win32.Liech.c" Virus! Action Taken: No Action Taken. 42: Tue Sep 06 18:37:42 2005 => File C:\WINDOWS\.jpi_cache\file\1.0\SecurityClassLoader.class-798a89d8-6e16211c.class infected by "Exploit.JS.ScriptSrc.a" Virus! Action Taken: No Action Taken. 43: Tue Sep 06 19:06:23 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.* -------------------------------------------------- --------------------- TAGGED --------------------- -------------------------------------------------- 1: Tue Sep 06 18:33:34 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.18\TeenSex.exe tagged as "not-a-virusorn-Dialer.Win32.Generic". Action Taken: No Action Taken. 2: Tue Sep 06 18:33:35 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.19\TeenSex.exe tagged as "not-a-virusorn-Dialer.Win32.Generic". Action Taken: No Action Taken. 3: Tue Sep 06 18:33:36 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.20\TeenSex.exe tagged as "not-a-virusorn-Dialer.Win32.Generic". Action Taken: No Action Taken. 4: Tue Sep 06 18:33:36 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.21\TeenSex.exe tagged as "not-a-virusorn-Dialer.Win32.Generic". Action Taken: No Action Taken. 5: Tue Sep 06 18:33:37 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.22\TeenSex.exe tagged as "not-a-virusorn-Dialer.Win32.Generic". Action Taken: No Action Taken. -------------------------------------------------- --------------------- ERRORS --------------------- -------------------------------------------------- 1: Tue Sep 06 17:53:41 2005 => ERROR!!! Invalid Entry StubPath = rundll32.exeadvpack.dll (in key SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA851-CC51-11CF-AAFA-00AA00B6015C}). No Action Taken. .................................. 341: Tue Sep 06 18:32:41 2 |
|
|
||
06.09.2005, 19:38
Moderator
Beiträge: 7805 |
#6
scancheck sollte dir anbieten diese Dateien zu loeschen, mache das bitte, starte neu und poste ein aktuelles Hijackthis log.
__________ MfG Ralf SEO-Spam Hunter |
|
|
||
06.09.2005, 19:53
Member
Themenstarter Beiträge: 20 |
#7
Folgt sofort
Logfile of HijackThis v1.99.1 Scan saved at 19:47:15, on 06.09.05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\TASKMON.EXE C:\MOUSE\SYSTEM\EM_EXEC.EXE C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE C:\WINDOWS\SYSTEM\USBMONIT.EXE C:\WINDOWS\STARTMENü\PROGRAMME\AUTOSTART\RSRCMTR.EXE C:\PROGRAMME\PRINTKEY2000\PRINTKEY2000.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\EIGENE DATEIEN\PROGR_ENTPACKT\POSTDATA\POSTDA.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\EIGENE DATEIEN\PROGR_ENTPACKT\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online-soccer.de/index.php O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE /min O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\SYSTEM\USBMonit.exe O4 - Startup: RSRCMTR.EXE O4 - Startup: Printkey2000.lnk = C:\Programme\PrintKey2000\Printkey2000.exe O4 - Startup: PostDa.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm Wäre das dann jetzt so in Ordnung?Ist das erste mal seit 6 Jahren,das ich sowas gemacht hab. |
|
|
||
06.09.2005, 20:07
Moderator
Beiträge: 7805 |
#8
Also so sieht das log sauber aus. wenn eScan auch nichts mehr als infected meldet ist es okay. Du solltest trotzdem nochmal Spybot und Adware installieren und Spybot den Rechner "imunisieren" lassen...
__________ MfG Ralf SEO-Spam Hunter |
|
|
||
06.09.2005, 20:11
Member
Themenstarter Beiträge: 20 |
#9
Spybot blieb in letzter Zeit immer stehen(reagiert nicht mehr) aber ich versuch es jetzt nochmal.
|
|
|
||
06.09.2005, 20:19
Moderator
Beiträge: 7805 |
#10
Das Poblem bekommenwir auch noch in den Griff, wenn es denn nochj da sein sollte.... Nutze bitte die Version 1.4!
__________ MfG Ralf SEO-Spam Hunter |
|
|
||
06.09.2005, 20:23
Member
Themenstarter Beiträge: 20 |
#11
Hab ich gerade runtergeladen.Vorab möchte mich mich ganz herzlich für Deine Unterstützung bedanken.
|
|
|
||
06.09.2005, 20:29
Moderator
Beiträge: 7805 |
||
|
||
06.09.2005, 21:15
Member
Themenstarter Beiträge: 20 |
#13
Tja,wie gesagt,adaware und spyware bleiben beide stehen(reagirt nicht) und sind bloß mit Task beenden,zu beenden.Und bei ccleaner dasselbe.Hat doch wohl nix mit meiner neu angeschlossenen externen Festplatte zu tun.Aber heute reichts mir erstmal.Ich glaub,ist mal wieder ein Format c: fällig.
|
|
|
||
MFG,Hannjo
Logfile of HijackThis v1.99.1
Scan saved at 07:07:36, on 06.09.05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\PROGRAMME\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\WINDOWS\STARTMENü\PROGRAMME\AUTOSTART\RSRCMTR.EXE
C:\PROGRAMME\PRINTKEY2000\PRINTKEY2000.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
F:\PROGR_ENTPACKT\HIJACKTHIS\HIJACKTHIS.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online-soccer.de/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\PROGRAMME\OUTLOOK EXPRESS\MSIMN.EXE"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von freenet.de
R3 - URLSearchHook: (no name) - {7BC7CA4B-5AC7-A8AD-94C9-333BB666DA8E} - KeywordFinder.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\SYSTEM\GZCXX.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINDOWS\SYSTEM\USBMonit.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: RSRCMTR.EXE
O4 - Startup: Printkey2000.lnk = C:\Programme\PrintKey2000\Printkey2000.exe
O4 - Startup: Verknüpfung mit PostDa.lnk = C:\Eigene Dateien\ProgrEntpackt\postdata\PostDa.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Download with &Shareaza - res://C:\PROGRAMME\SHAREAZA\PLUGINS\RAZAWEBHOOK.DLL/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_04) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {40BF816B-D862-41B9-9445-ECA36D5F67F9} (Flatcast Viewer 4.12) - http://www.1mal1.com/flatcast/NpFv412.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {DA511858-B44C-439E-A0EA-704ED20035E7} (EphoxEditLive4.EditLive) - http://www.beepworld.de/hp/activexeditor/editlive4.cab
[/img]