AntiVir findet Trojaner TR/Dldr.ConHook.I |
||
---|---|---|
#0
| ||
09.09.2005, 23:47
Member
Beiträge: 17 |
||
|
||
10.09.2005, 01:15
Ehrenmitglied
Beiträge: 29434 |
#2
Hallo@sinus
#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\system32\cbxxu.dll O20 - Winlogon Notify: cbxxu - C:\WINDOWS\SYSTEM32\cbxxu.dll PC neustarten •KillBox http://bilder.informationsarchiv.net/Nikitas_Tools/KillBox.zip Anleitung: (bebildert) http://virus-protect.org/killbox.html •Delete File on Reboot <--anhaken reinkopieren: C:\WINDOWS\SYSTEM32\CBXXU.DLL und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "yes PC neustarten #neue Startseite gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein L2mfix (bitte abarbeiten und alles hier posten) http://virus-protect.org/L2mfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
12.09.2005, 00:42
Member
Themenstarter Beiträge: 17 |
#3
Hallo@Sabina,
vielen Dank für die Hinweise. KillBox liefert nach Reboot-Versuch aus dem Programm heraus einen PopUp-Fehler mit folgendem Text: PendingFileRenameOperations Registry Data has been Removed by External Process! Systemsteuerung Alle Offlineinhalte habe ich nicht finden können. l2mfix\report.txt L2MFIX find log 1.04a These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxxu] "Asynchronous"=dword:00000001 "DllName"="cbxxu.dll" "Impersonate"=dword:00000000 "Logon"="Logon" "Logoff"="Logoff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] "DLLName"="wzcdlg.dll" "Logon"="WZCEventLogon" "Logoff"="WZCEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000000 RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (ID-NI) ALLOW Read VORDEFINIERT\Benutzer (ID-IO) ALLOW Read VORDEFINIERT\Benutzer (ID-NI) ALLOW Full access VORDEFINIERT\Administratoren (ID-IO) ALLOW Full access VORDEFINIERT\Administratoren (ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access ERSTELLER-BESITZER ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Eigenschaften fr Multimediadatei" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite fr Dokumente" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen fr Freigaben" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Grafikkarten" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Bildschirme" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Anzeigeverschiebung" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung fr Datentr„gerkopien" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen fr Microsoft Windows-Netzwerkobjekte" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen fr die Dateikomprimierung" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung fr Webdrucker" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen fr die Verschlsselung" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung fr HyperTerminal-Icons" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen fr Freigaben" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen fr Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverknpfung" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausfhren..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Syntaxanalyse der Adressleiste" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begráungsbildschirm" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abzgen ber das Internet" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverknpfung" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{c7745760-8ead-11ce-b750-02608ca5202c}"="IomegaWare Shell Extension" "{c7745761-8ead-11ce-b750-02608ca5202c}"="IomegaWare Shell Extension" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{ED65AB21-B24F-11d3-BA80-00C0CA16AA37}"="Mobile" "{ED65AB22-B24F-11d3-BA80-00C0CA16AA37}"="Mobile ContextMenuHandler" "{ED65AB23-B24F-11d3-BA80-00C0CA16AA37}"="Mobile PropertySheetHandler" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{63542C48-9552-494A-84F7-73AA6A7C99C1}"="OpenOffice Property Sheet Handler" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes" "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension" ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ browseui.dll Sun 3 Jul 2005 4:15:24 A.... 1.019.904 996,00 K cbxxu.dll Thu 25 Aug 2005 0:36:28 ..... 25.088 24,50 K cdfview.dll Sun 3 Jul 2005 4:15:24 A.... 152.064 148,50 K gwfspi~1.dll Tue 12 Jul 2005 18:04:22 A.... 23.304 22,76 K icm32.dll Wed 29 Jun 2005 3:49:40 A.... 254.976 249,00 K iepeers.dll Sun 3 Jul 2005 4:15:24 ..... 251.392 245,50 K inseng.dll Sun 3 Jul 2005 4:15:24 A.... 96.768 94,50 K kerberos.dll Wed 15 Jun 2005 19:49:56 A.... 295.936 289,00 K legitc~1.dll Wed 3 Aug 2005 10:33:42 A.... 520.456 508,26 K mscms.dll Wed 29 Jun 2005 3:49:40 A.... 74.240 72,50 K mshtml.dll Wed 20 Jul 2005 4:04:36 A.... 3.012.096 2,87 M mshtmled.dll Sun 3 Jul 2005 4:15:28 ..... 448.512 438,00 K msrating.dll Sun 3 Jul 2005 4:15:28 A.... 146.432 143,00 K pngfilt.dll Sun 3 Jul 2005 4:15:28 A.... 39.424 38,50 K shdocvw.dll Sun 3 Jul 2005 4:15:28 A.... 1.484.288 1,41 M shlwapi.dll Sun 3 Jul 2005 4:15:28 A.... 474.112 463,00 K tapisrv.dll Fri 8 Jul 2005 18:28:24 A.... 249.344 243,50 K umpnpmgr.dll Thu 30 Jun 2005 4:05:34 A.... 119.296 116,50 K urlmon.dll Sun 3 Jul 2005 4:15:28 A.... 605.696 591,50 K wininet.dll Sun 3 Jul 2005 4:15:28 A.... 664.064 648,50 K 20 items found: 20 files, 0 directories. Total of file sizes: 9.957.392 bytes 9,50 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ set71.tmp Wed 29 Jun 2005 3:49:40 A.... 74.240 72,50 K set81.tmp Sun 3 Jul 2005 4:15:28 A.... 664.064 648,50 K set82.tmp Sun 3 Jul 2005 4:15:28 A.... 605.696 591,50 K set83.tmp Sun 3 Jul 2005 4:15:28 A.... 474.112 463,00 K set84.tmp Sun 3 Jul 2005 4:15:28 A.... 1.484.288 1,41 M set87.tmp Sun 3 Jul 2005 4:15:28 A.... 448.512 438,00 K set88.tmp Wed 20 Jul 2005 4:04:36 A.... 3.012.096 2,87 M set8a.tmp Sun 3 Jul 2005 4:15:24 A.... 251.392 245,50 K set8c.tmp Sun 3 Jul 2005 4:15:24 A.... 1.019.904 996,00 K 9 items found: 9 files, 0 directories. Total of file sizes: 8.034.304 bytes 7,66 M ********************************************************************************** Directory Listing of system files: Datentr„ger in Laufwerk C: ist 65-01-31 Volumeseriennummer: ECAE-D346 Verzeichnis von C:\WINDOWS\System32 04.09.2005 17:02 <DIR> dllcache 17.09.2002 06:38 <DIR> Microsoft 05.04.2001 19:43 94.208 msstkprp.dll 1 Datei(en) 94.208 Bytes 2 Verzeichnis(se), 16.543.322.112 Bytes frei log.txt Setting Directory C:\ C:\ System Rebooted! Running From: C:\ killing explorer and rundll32.exe Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 200 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 480 'rundll32.exe' Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! Zipping up files for submission: updating: clear.reg (188 bytes security) (deflated 2%) updating: gprs_log.txt (188 bytes security) (deflated 71%) updating: Lang.txt (188 bytes security) (deflated 48%) updating: lo2.txt (188 bytes security) (deflated 54%) updating: log.txt (188 bytes security) (deflated 76%) updating: mwmlog.txt (188 bytes security) (deflated 57%) updating: start.txt (188 bytes security) (stored 0%) updating: sys.txt (188 bytes security) (deflated 60%) updating: system.txt (188 bytes security) (deflated 66%) updating: system32.txt (188 bytes security) (deflated 79%) updating: systemtemp.txt (188 bytes security) (deflated 4%) updating: test.txt (188 bytes security) (stored 0%) updating: test2.txt (188 bytes security) (stored 0%) updating: test3.txt (188 bytes security) (stored 0%) updating: test5.txt (188 bytes security) (stored 0%) updating: virusscanJotti.txt (188 bytes security) (deflated 51%) updating: win.txt (188 bytes security) (deflated 83%) updating: windows.txt (188 bytes security) (stored 0%) Restoring Registry Permissions: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Revoking access for predefined group "Administrators" Inherited ACE can not be revoked here! Inherited ACE can not be revoked here! Registry permissions set too: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (ID-NI) ALLOW Read VORDEFINIERT\Benutzer (ID-IO) ALLOW Read VORDEFINIERT\Benutzer (ID-NI) ALLOW Full access VORDEFINIERT\Administratoren (ID-IO) ALLOW Full access VORDEFINIERT\Administratoren (ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access ERSTELLER-BESITZER Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332 Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxxu] "Asynchronous"=dword:00000001 "DllName"="cbxxu.dll" "Impersonate"=dword:00000000 "Logon"="Logon" "Logoff"="Logoff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] "DLLName"="wzcdlg.dll" "Logon"="WZCEventLogon" "Logoff"="WZCEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000000 The following are the files found: **************************************************************************** Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" **************************************************************************** Desktop.ini Contents: **************************************************************************** **************************************************************************** hijackthis.log Logfile of HijackThis v1.99.1 Scan saved at 00:18:37, on 12.09.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\WINDOWS\System32\Ati2evxx.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Iomega\AutoDisk\ADService.exe C:\WINDOWS\explorer.exe C:\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\SpybotSearchDestroy\SDHelper.dll O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\system32\cbxxu.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [QT4STBTN] C:\Progra~1\SwiftBtn\SwiftBtn.EXE O4 - HKLM\..\Run: [ADUserMon] C:\Programme\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] C:\Programme\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AS00_Gear511] C:\Programme\NETGEAR\WG511SCU\Utility\Gear511.exe -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3FE0A418-A61F-401B-8C4F-DEAA62C7CEEC} (Chartist25 Control) - http://www.tradesignal.com/wpa/tsb/2.6.2.2/components/tsbt-2-6-2-2.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125841006826 O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/de/check/qdiagh.cab?326 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll O20 - Winlogon Notify: cbxxu - C:\WINDOWS\SYSTEM32\cbxxu.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Programme\Iomega\AutoDisk\ADService.exe Bringt das neue Erkenntnisse? TR/Dldr.ConHook.I wird immer noch gemeldet. Oder habe ich etwas falsch gemacht? Müssen alle Schritte im abgesicherten Modus abgearbeitet werden? Vielen Dank und beste Grüße, Stefan |
|
|
||
12.09.2005, 00:49
Ehrenmitglied
Beiträge: 29434 |
#4
Hallo@sinus
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Zitat REGEDIT4•KillBox http://bilder.informationsarchiv.net/Nikitas_Tools/KillBox.zip Anleitung: (bebildert) http://virus-protect.org/killbox.html •Delete File on Reboot <--anhaken reinkopieren: C:\WINDOWS\SYSTEM32\CBXXU.DLL und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "yes PendingFileRenameOperations Registry Data has been Removed by External Process! starte du selbst den PC neu Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "fixme.reg" auf dem Desktop doppelklicken weiterhin im abgesicherten Modus #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\system32\cbxxu.dll O20 - Winlogon Notify: cbxxu - C:\WINDOWS\SYSTEM32\cbxxu.dll PC neustarten--> in den Normalmodus datfindbat (bitte alle 4 Logs mit pfadangabe posten) http://virus-protect.org/datfindbat.html + poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
12.09.2005, 01:26
Member
Themenstarter Beiträge: 17 |
#5
Hallo@Sabina,
vielen Dank für die prompte Antwort. datFind.bat: system32.txt Datentr„ger in Laufwerk C: ist 65-01-31 Volumeseriennummer: ECAE-D346 Verzeichnis von C:\WINDOWS\system32 07.09.2005 23:38 1.158 wpa.dbl 25.08.2005 00:36 25.088 cbxxu.dll 04.08.2005 18:54 1.457.496 MRT.exe 03.08.2005 10:33 520.456 LegitCheckControl.DLL 20.07.2005 04:04 3.012.096 mshtml.dll 20.07.2005 04:04 3.012.096 SET88.tmp 19.07.2005 00:48 2.122 qtplugin.log 12.07.2005 18:04 23.304 GWFSPidGen.dll 08.07.2005 18:28 76.800 remotesp.tsp 08.07.2005 18:28 249.344 tapisrv.dll 03.07.2005 04:15 1.484.288 SET84.tmp 03.07.2005 04:15 474.112 SET83.tmp 03.07.2005 04:15 1.484.288 shdocvw.dll 03.07.2005 04:15 474.112 shlwapi.dll 03.07.2005 04:15 664.064 wininet.dll 03.07.2005 04:15 605.696 SET82.tmp 03.07.2005 04:15 664.064 SET81.tmp 03.07.2005 04:15 605.696 urlmon.dll 03.07.2005 04:15 39.424 pngfilt.dll 03.07.2005 04:15 448.512 mshtmled.dll 03.07.2005 04:15 448.512 SET87.tmp 03.07.2005 04:15 146.432 msrating.dll 03.07.2005 04:15 251.392 SET8A.tmp 03.07.2005 04:15 251.392 iepeers.dll 03.07.2005 04:15 152.064 cdfview.dll 03.07.2005 04:15 96.768 inseng.dll 03.07.2005 04:15 1.019.904 browseui.dll 03.07.2005 04:15 1.019.904 SET8C.tmp 30.06.2005 04:05 119.296 umpnpmgr.dll 29.06.2005 03:49 254.976 icm32.dll 29.06.2005 03:49 74.240 SET71.tmp 29.06.2005 03:49 74.240 mscms.dll 15.06.2005 19:49 295.936 kerberos.dll datFind.bat: systemtemp.txt Datentr„ger in Laufwerk C: ist 65-01-31 Volumeseriennummer: ECAE-D346 Verzeichnis von C:\DOKUME~1\Stefan\LOKALE~1\Temp 12.09.2005 01:09 16.384 ~DF7BB9.tmp 12.09.2005 01:06 392 kb.log 12.09.2005 00:07 16.384 ~DF3E4B.tmp 11.09.2005 23:43 16.384 ~DF6CBC.tmp 11.09.2005 23:20 16.384 ~DF4B50.tmp 11.09.2005 22:56 16.384 ~DFF85A.tmp 11.09.2005 20:27 16.384 ~DF8C12.tmp 10.09.2005 13:32 222 01.03.rm.RAM 10.09.2005 13:31 222 01.01.rm.RAM 10.09.2005 13:30 222 01.02.rm.RAM 04.09.2005 22:44 651.580 _iu14D2N.tmp 11 Datei(en) 750.942 Bytes 0 Verzeichnis(se), 16.545.435.648 Bytes frei datFind.bat: system.txt Datentr„ger in Laufwerk C: ist 65-01-31 Volumeseriennummer: ECAE-D346 Verzeichnis von C:\WINDOWS 12.09.2005 01:14 807.590 WindowsUpdate.log 12.09.2005 01:13 0 0.log 12.09.2005 01:13 5.688 ModemLog_GPRS via COM.txt 12.09.2005 01:13 4.240 ModemLog_Agere Systems AC'97 Modem.txt 12.09.2005 01:13 159 wiadebug.log 12.09.2005 01:13 50 wiaservc.log 12.09.2005 01:12 2.048 bootstat.dat 12.09.2005 01:08 589.026 ntbtlog.txt 12.09.2005 01:06 32.588 SchedLgU.Txt 11.09.2005 11:59 2.687 setupapi.log 05.09.2005 00:17 352 wincmd.ini 04.09.2005 21:44 1.022 win.ini 23.08.2005 10:26 911 cdplayer.ini 19.08.2005 21:20 1.125 winamp.ini 07.06.2005 23:31 1.389 HHB.INI 31.05.2005 06:53 545 RAR.PIF 31.05.2005 06:53 545 PKUNZIP.PIF 31.05.2005 06:53 545 UC.PIF 31.05.2005 06:53 545 NOCLOSE.PIF 31.05.2005 06:53 545 LHA.PIF 31.05.2005 06:53 545 PKZIP.PIF 31.05.2005 06:53 545 ARJ.PIF 28.05.2005 20:14 48 ChssBase.ini 28.05.2005 13:40 114.688 UninstallSunbird.exe 28.05.2005 13:40 20.274 mozver.dat 27.05.2005 01:22 10.752 hh.exe 10.03.2005 01:41 17 Missing.ini datFind.bat: sys.txt Datentr„ger in Laufwerk C: ist 65-01-31 Volumeseriennummer: ECAE-D346 Verzeichnis von C:\ 12.09.2005 01:16 0 sys.txt 12.09.2005 01:15 6.174 system.txt 12.09.2005 01:15 777 systemtemp.txt 12.09.2005 01:14 102.195 system32.txt 12.09.2005 01:12 501.796.864 hiberfil.sys 12.09.2005 01:12 1.409.286.144 pagefile.sys 12.09.2005 01:01 488 hpfr5550.xml 12.09.2005 00:13 36.496 backup.zip 12.09.2005 00:13 7.896 log.txt 12.09.2005 00:09 0 test5.txt 11.09.2005 22:49 9.175 KillBoxFehler.jpg 09.09.2005 01:37 0 windows.txt 09.09.2005 01:34 703 win.txt 09.09.2005 01:27 39 start.txt 04.09.2005 22:40 780 virusscanJotti.txt 07.06.2005 23:31 191 mwmlog.txt hijackthis.log Logfile of HijackThis v1.99.1 Scan saved at 01:16:47, on 12.09.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\WINDOWS\System32\Ati2evxx.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Iomega\System32\AppServices.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\AGRSMMSG.exe C:\Programme\Apoint2K\Apoint.exe C:\Progra~1\SwiftBtn\SwiftBtn.EXE C:\Programme\Iomega\AutoDisk\ADUserMon.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\Programme\Iomega\DriveIcons\ImgIcon.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\NETGEAR\WG511SCU\Utility\Gear511.exe C:\Programme\QuickTime\qttask.exe C:\Programme\AVPersonal\AVSched32.EXE C:\Programme\AVPersonal\AVGNT.EXE C:\Programme\iTunes\iTunesHelper.exe C:\Programme\ICQLite\ICQLite.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Skype\Phone\Skype.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programme\Apoint2K\Apntex.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Programme\Iomega\AutoDisk\ADService.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\HPZipm12.exe C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\SpybotSearchDestroy\SDHelper.dll O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\system32\cbxxu.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [QT4STBTN] C:\Progra~1\SwiftBtn\SwiftBtn.EXE O4 - HKLM\..\Run: [ADUserMon] C:\Programme\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] C:\Programme\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AS00_Gear511] C:\Programme\NETGEAR\WG511SCU\Utility\Gear511.exe -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\MSMSGS.EXE" /background O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3FE0A418-A61F-401B-8C4F-DEAA62C7CEEC} (Chartist25 Control) - http://www.tradesignal.com/wpa/tsb/2.6.2.2/components/tsbt-2-6-2-2.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125841006826 O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/de/check/qdiagh.cab?326 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll O20 - Winlogon Notify: cbxxu - C:\WINDOWS\SYSTEM32\cbxxu.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Programme\Iomega\AutoDisk\ADService.exe Beste Grüße, Stefan |
|
|
||
12.09.2005, 01:38
Ehrenmitglied
Beiträge: 29434 |
#6
start-->Ausfuehren--> regedit
bearbeiten--> suchen--> cbxxu.dll loesche alles, was du findest. 1. Öffne notepad (editor) Unter Start/Ausführen den Befehl notepad eingeben,bestätigen,dann erscheint ein notepad editor. Oder unter Start/Programme/Zubehör/Editor 2. Kopiere diesen Code rein: @ECHO OFF attrib -s -r -h "C:\Windows\System32\cbxxu.dll" del "C:\Windows\System32\cbxxu.dll" exit 3. Speichere die Datei als Rem.bat auf Desktop PC in den abgesicherten modus starten 4. Doppelklick auf diese Datei Rem.bat ----------------------------------------------------------------------- Zitat Verzeichnis von C:\WINDOWS\system32 __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
13.09.2005, 02:04
Member
Themenstarter Beiträge: 17 |
#7
Hallo@Sabina,
ganz herzlichen Dank für die Hilfe! Bin leider nicht mehr dazu gekommen, Rem.bat auszuprobieren. Dafür bin ich jetzt anscheinend das Problem losgeworden. :-) Nachdem alle Versuche mit KillBox vergeblich waren und sich die Registry-Einträge für cbxxu.dll nicht dauerhaft löschen ließen, habe ich VundoFix im abgesicherten Modus auf C:\Windows\System32\cbxxu.dll angewendet (mit umgekehrter Zeichenfolge als zweitem Parameter: C:\Windows\System32\uxxbc.*). Seitdem erhalte ich keine Meldungen von AntiVir mehr und die zwei hartnäckigen Einträge für cbxxu.dll im hijackthis.log sind auch verschwunden. Gruß, Stefan |
|
|
||
13.09.2005, 03:47
Member
Beiträge: 4730 |
#8
Wobei das noch nicht bedeutet, dass Du das Problem los bist.
Scan mit eScanCheck (http://virus-protect.org/escan.html) und poste das Ergebnis. __________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
||
17.09.2005, 20:04
Member
Themenstarter Beiträge: 17 |
#9
Hi,
hat etwas länger gedauert, da ich Probleme mit dem Herunterladen der Virusdefinitionen hatte (mwti.net nicht erreichbar?!). Hier das Gesamtergebnis von eScan for Windows (Trial) mit default-Einstellungen im abgesicherten Modus: Sa Sep 17 17:55:15 2005 => Total Number of Files Scanned: 112963 Sa Sep 17 17:55:15 2005 => Total Number of Files Infected: 0 Sa Sep 17 17:55:15 2005 => Total Number of Files Disinfected: 0 Sa Sep 17 17:55:15 2005 => Total Number of Files Renamed: 0 Sa Sep 17 17:55:15 2005 => Total Number of Files Deleted: 0 Sa Sep 17 17:55:15 2005 => Total Number of Errors: 0 Sa Sep 17 17:55:15 2005 => Time Elapsed:: 04:01:32 Unten die Ausgabe MWAV.LOG. Vielen Dank im voraus für das Feedback! Stefan Sat Sep 17 13:53:07 2005 => ********************************************************** Sat Sep 17 13:53:07 2005 => eScan AntiVirus Toolkit Utility. Sat Sep 17 13:53:07 2005 => Copyright © 2003-2004, MicroWorld Technologies Inc. Sat Sep 17 13:53:07 2005 => ********************************************************** Sat Sep 17 13:53:07 2005 => Version 4.6.2 (C:\Programme\eScan\mwavscan.com) Sat Sep 17 13:53:07 2005 => Log File: C:\PROGRA~1\eScan\LOG\MWAV.LOG Sat Sep 17 13:53:07 2005 => Command Line Options Given: /MEM /REG /STARTUP /SER /SC /S Sat Sep 17 13:53:07 2005 => Database Path in KL Key: C:\PROGRA~1\eScan. Sat Sep 17 13:53:08 2005 => Latest Date of files in KL key: 17 Sep 2005 13:33:13. Sat Sep 17 13:53:08 2005 => Latest Date of files inside MWAV: 17 Sep 2005 13:33:13. Sat Sep 17 13:53:08 2005 => eScan Install Directory: C:\PROGRA~1\eScan\ Sat Sep 17 13:53:08 2005 => MailScan Install Directory: C:\PROGRA~1\eScan\ Sat Sep 17 13:53:09 2005 => AV Library Loaded... Sat Sep 17 13:53:09 2005 => ********************************************************** Sat Sep 17 13:53:09 2005 => eScan AntiVirus Toolkit Utility. Sat Sep 17 13:53:09 2005 => Copyright © 2003-2004, MicroWorld Technologies Inc. Sat Sep 17 13:53:09 2005 => Sat Sep 17 13:53:09 2005 => Support: support@mwti.net Sat Sep 17 13:53:09 2005 => Web: http://www.mwti.net Sat Sep 17 13:53:09 2005 => ********************************************************** Sat Sep 17 13:53:09 2005 => Version 4.6.2 (C:\Programme\eScan\mwavscan.com) Sat Sep 17 13:53:09 2005 => Log File: C:\PROGRA~1\eScan\LOG\MWAV.LOG Sat Sep 17 13:53:09 2005 => Database Path in KL Key: C:\PROGRA~1\eScan. Sat Sep 17 13:53:09 2005 => Latest Date of files in KL key: 17 Sep 2005 13:33:13. Sat Sep 17 13:53:09 2005 => Latest Date of files inside MWAV: 17 Sep 2005 13:33:13. Sat Sep 17 13:53:09 2005 => Options Selected by User: Sat Sep 17 13:53:09 2005 => Memory Check: Enabled Sat Sep 17 13:53:09 2005 => Registry Check: Enabled Sat Sep 17 13:53:09 2005 => StartUp Folder Check: Enabled Sat Sep 17 13:53:09 2005 => System Folder Check: Disabled Sat Sep 17 13:53:09 2005 => System Area Check: Disabled Sat Sep 17 13:53:09 2005 => Services Check: Enabled Sat Sep 17 13:53:09 2005 => Drive Check Option Disabled Sat Sep 17 13:53:09 2005 => Folder Check: Disabled Sat Sep 17 13:53:09 2005 => ***** Scanning Memory Files ***** Sat Sep 17 13:53:09 2005 => Scanning File C:\WINDOWS\SYSTEM32\CSRSS.EXE Sat Sep 17 13:53:09 2005 => Scanning File C:\WINDOWS\SYSTEM32\WINLOGON.EXE Sat Sep 17 13:53:09 2005 => Scanning File C:\WINDOWS\System32\smss.exe Sat Sep 17 13:53:09 2005 => Scanning File C:\PROGRA~1\eScan\msvlclnt.dll Sat Sep 17 13:53:09 2005 => Scanning File C:\PROGRA~1\Adobe\ACROBA~3.0\ActiveX\PDFShell.dll Sat Sep 17 13:53:10 2005 => Scanning File C:\Programme\eScan\escanwin.exe Sat Sep 17 13:53:10 2005 => Scanning File C:\Programme\eScan\ipc.dll Sat Sep 17 13:53:10 2005 => Scanning File C:\Programme\eScan\kavss.dll Sat Sep 17 13:53:10 2005 => Scanning File C:\Programme\eScan\kavss.exe Sat Sep 17 13:53:10 2005 => Scanning File C:\Programme\eScan\kavssd.dll Sat Sep 17 13:53:10 2005 => Scanning File C:\Programme\eScan\kavssdi.dll Sat Sep 17 13:53:10 2005 => Scanning File C:\Programme\eScan\kavssi.dll Sat Sep 17 13:53:10 2005 => Scanning File C:\Programme\eScan\msvlclnt.dll Sat Sep 17 13:53:10 2005 => Scanning File C:\Programme\eScan\mwavscan.com Sat Sep 17 13:53:10 2005 => Scanning File C:\WINDOWS\AppPatch\AcGenral.DLL Sat Sep 17 13:53:10 2005 => Scanning File C:\WINDOWS\Explorer.EXE Sat Sep 17 13:53:11 2005 => Scanning File C:\WINDOWS\SPORDER.dll Sat Sep 17 13:53:11 2005 => Scanning File C:\WINDOWS\system32\ADVAPI32.dll Sat Sep 17 13:53:11 2005 => Scanning File C:\WINDOWS\system32\Apphelp.dll Sat Sep 17 13:53:11 2005 => Scanning File C:\WINDOWS\system32\ATL.DLL Sat Sep 17 13:53:11 2005 => Scanning File C:\WINDOWS\system32\AUTHZ.dll Sat Sep 17 13:53:11 2005 => Scanning File C:\WINDOWS\system32\basesrv.dll Sat Sep 17 13:53:11 2005 => Scanning File C:\WINDOWS\system32\BROWSEUI.dll Sat Sep 17 13:53:11 2005 => Scanning File c:\windows\system32\certcli.dll Sat Sep 17 13:53:11 2005 => Scanning File C:\WINDOWS\system32\CLBCATQ.DLL Sat Sep 17 13:53:11 2005 => Scanning File C:\WINDOWS\system32\COMCTL32.dll Sat Sep 17 13:53:11 2005 => Scanning File C:\WINDOWS\system32\comdlg32.dll Sat Sep 17 13:53:11 2005 => Scanning File C:\WINDOWS\system32\COMRes.dll Sat Sep 17 13:53:11 2005 => Scanning File C:\WINDOWS\system32\credui.dll Sat Sep 17 13:53:11 2005 => Scanning File C:\WINDOWS\system32\CRYPT32.dll Sat Sep 17 13:53:11 2005 => Scanning File C:\WINDOWS\system32\cryptdll.dll Sat Sep 17 13:53:11 2005 => Scanning File c:\windows\system32\cryptsvc.dll Sat Sep 17 13:53:12 2005 => Scanning File C:\WINDOWS\system32\CRYPTUI.dll Sat Sep 17 13:53:12 2005 => Scanning File C:\WINDOWS\system32\cscdll.dll Sat Sep 17 13:53:12 2005 => Scanning File C:\WINDOWS\system32\cscui.dll Sat Sep 17 13:53:12 2005 => Scanning File C:\WINDOWS\system32\CSRSRV.dll Sat Sep 17 13:53:12 2005 => Scanning File C:\WINDOWS\System32\davclnt.dll Sat Sep 17 13:53:12 2005 => Scanning File C:\WINDOWS\system32\DNSAPI.dll Sat Sep 17 13:53:12 2005 => Scanning File C:\WINDOWS\System32\drprov.dll Sat Sep 17 13:53:12 2005 => Scanning File c:\windows\system32\ESENT.dll Sat Sep 17 13:53:12 2005 => Scanning File C:\WINDOWS\system32\eventlog.dll Sat Sep 17 13:53:12 2005 => Scanning File C:\WINDOWS\system32\GDI32.dll Sat Sep 17 13:53:12 2005 => Scanning File C:\WINDOWS\system32\HHCTRL.OCX Sat Sep 17 13:53:12 2005 => Scanning File C:\WINDOWS\system32\hnetcfg.dll Sat Sep 17 13:53:12 2005 => Scanning File C:\WINDOWS\system32\IMAGEHLP.dll Sat Sep 17 13:53:12 2005 => Scanning File C:\WINDOWS\system32\iphlpapi.dll Sat Sep 17 13:53:12 2005 => Scanning File C:\WINDOWS\system32\kerberos.dll Sat Sep 17 13:53:12 2005 => Scanning File C:\WINDOWS\system32\KERNEL32.dll Sat Sep 17 13:53:13 2005 => Scanning File C:\WINDOWS\system32\LINKINFO.dll Sat Sep 17 13:53:13 2005 => Scanning File C:\WINDOWS\system32\LSASRV.dll Sat Sep 17 13:53:13 2005 => Scanning File C:\WINDOWS\system32\lsass.exe Sat Sep 17 13:53:13 2005 => Scanning File C:\WINDOWS\system32\MPR.dll Sat Sep 17 13:53:13 2005 => Scanning File C:\WINDOWS\system32\MSACM32.dll Sat Sep 17 13:53:13 2005 => Scanning File C:\WINDOWS\system32\MSASN1.dll Sat Sep 17 13:53:13 2005 => Scanning File C:\WINDOWS\System32\MSCTF.dll Sat Sep 17 13:53:13 2005 => Scanning File C:\WINDOWS\system32\MSGINA.dll Sat Sep 17 13:53:13 2005 => Scanning File C:\WINDOWS\system32\msi.dll Sat Sep 17 13:53:13 2005 => Scanning File C:\WINDOWS\system32\MSIMG32.dll Sat Sep 17 13:53:13 2005 => Scanning File C:\WINDOWS\system32\msprivs.dll Sat Sep 17 13:53:13 2005 => Scanning File C:\WINDOWS\System32\msutb.dll Sat Sep 17 13:53:13 2005 => Scanning File C:\WINDOWS\system32\msv1_0.dll Sat Sep 17 13:53:13 2005 => Scanning File C:\WINDOWS\system32\MSVCP60.dll Sat Sep 17 13:53:13 2005 => Scanning File C:\WINDOWS\system32\msvcrt.dll Sat Sep 17 13:53:14 2005 => Scanning File C:\WINDOWS\system32\mswsock.dll Sat Sep 17 13:53:14 2005 => Scanning File C:\WINDOWS\system32\mui\0007\HHCTRLui.dll Sat Sep 17 13:53:14 2005 => Scanning File C:\WINDOWS\system32\mwtsp.dll Sat Sep 17 13:53:14 2005 => Scanning File C:\WINDOWS\system32\NCObjAPI.DLL Sat Sep 17 13:53:14 2005 => Scanning File C:\WINDOWS\system32\NDdeApi.dll Sat Sep 17 13:53:14 2005 => Scanning File C:\WINDOWS\system32\NETAPI32.dll Sat Sep 17 13:53:14 2005 => Scanning File C:\WINDOWS\system32\netlogon.dll Sat Sep 17 13:53:14 2005 => Scanning File C:\WINDOWS\System32\NETRAP.dll Sat Sep 17 13:53:14 2005 => Scanning File C:\WINDOWS\system32\netshell.dll Sat Sep 17 13:53:14 2005 => Scanning File C:\WINDOWS\System32\NETUI0.dll Sat Sep 17 13:53:14 2005 => Scanning File C:\WINDOWS\System32\NETUI1.dll Sat Sep 17 13:53:14 2005 => Scanning File C:\WINDOWS\system32\ntdll.dll Sat Sep 17 13:53:14 2005 => Scanning File C:\WINDOWS\system32\NTDSAPI.dll Sat Sep 17 13:53:14 2005 => Scanning File C:\WINDOWS\System32\ntlanman.dll Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\NTMARTA.DLL Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\ntshrui.dll Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\ODBC32.dll Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\odbcint.dll Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\ole32.dll Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\OLEAUT32.dll Sat Sep 17 13:53:15 2005 => Scanning File c:\windows\system32\POWRPROF.dll Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\PROFMAP.dll Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\PSAPI.DLL Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\rasadhlp.dll Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\REGAPI.dll Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\RICHED20.dll Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\RICHED32.DLL Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\RPCRT4.dll Sat Sep 17 13:53:15 2005 => Scanning File c:\windows\system32\rpcss.dll Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\rsaenh.dll Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\rtutils.dll Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\SAMLIB.dll Sat Sep 17 13:53:16 2005 => Scanning File C:\WINDOWS\system32\SAMSRV.dll Sat Sep 17 13:53:16 2005 => Scanning File C:\WINDOWS\system32\scecli.dll Sat Sep 17 13:53:16 2005 => Scanning File C:\WINDOWS\system32\SCESRV.dll Sat Sep 17 13:53:16 2005 => Scanning File C:\WINDOWS\system32\schannel.dll Sat Sep 17 13:53:16 2005 => Scanning File C:\WINDOWS\system32\Secur32.dll Sat Sep 17 13:53:16 2005 => Scanning File C:\WINDOWS\system32\services.exe Sat Sep 17 13:53:16 2005 => Scanning File C:\WINDOWS\system32\SETUPAPI.dll Sat Sep 17 13:53:16 2005 => Scanning File C:\WINDOWS\system32\sfc.dll Sat Sep 17 13:53:16 2005 => Scanning File C:\WINDOWS\system32\sfc_os.dll Sat Sep 17 13:53:16 2005 => Scanning File C:\WINDOWS\system32\shdoclc.dll Sat Sep 17 13:53:17 2005 => Scanning File C:\WINDOWS\system32\SHDOCVW.dll Sat Sep 17 13:53:17 2005 => Scanning File C:\WINDOWS\system32\SHELL32.dll Sat Sep 17 13:53:17 2005 => Scanning File C:\WINDOWS\system32\ShimEng.dll Sat Sep 17 13:53:17 2005 => Scanning File C:\WINDOWS\system32\SHLWAPI.dll Sat Sep 17 13:53:17 2005 => Scanning File C:\WINDOWS\system32\SHSVCS.dll Sat Sep 17 13:53:17 2005 => Scanning File c:\windows\system32\srsvc.dll Sat Sep 17 13:53:17 2005 => Scanning File C:\WINDOWS\system32\svchost.exe Sat Sep 17 13:53:17 2005 => Scanning File C:\WINDOWS\system32\sxs.dll Sat Sep 17 13:53:18 2005 => Scanning File C:\WINDOWS\System32\themeui.dll Sat Sep 17 13:53:18 2005 => Scanning File C:\WINDOWS\system32\umpnpmgr.dll Sat Sep 17 13:53:18 2005 => Scanning File C:\WINDOWS\system32\urlmon.dll Sat Sep 17 13:53:18 2005 => Scanning File C:\WINDOWS\system32\USER32.dll Sat Sep 17 13:53:18 2005 => Scanning File C:\WINDOWS\system32\USERENV.dll Sat Sep 17 13:53:18 2005 => Scanning File C:\WINDOWS\system32\UxTheme.dll Sat Sep 17 13:53:18 2005 => Scanning File C:\WINDOWS\system32\VDMDBG.DLL Sat Sep 17 13:53:18 2005 => Scanning File C:\WINDOWS\system32\VERSION.dll Sat Sep 17 13:53:18 2005 => Scanning File C:\WINDOWS\system32\VSSAPI.DLL Sat Sep 17 13:53:18 2005 => Scanning File C:\WINDOWS\system32\w32time.dll Sat Sep 17 13:53:18 2005 => Scanning File C:\WINDOWS\System32\wbem\esscli.dll Sat Sep 17 13:53:18 2005 => Scanning File C:\WINDOWS\System32\wbem\FastProx.dll Sat Sep 17 13:53:18 2005 => Scanning File C:\WINDOWS\System32\wbem\ncprov.dll Sat Sep 17 13:53:18 2005 => Scanning File C:\WINDOWS\System32\wbem\repdrvfs.dll Sat Sep 17 13:53:18 2005 => Scanning File C:\WINDOWS\System32\wbem\wbemcomn.dll Sat Sep 17 13:53:19 2005 => Scanning File C:\WINDOWS\System32\wbem\wbemcore.dll Sat Sep 17 13:53:19 2005 => Scanning File C:\WINDOWS\System32\wbem\wbemess.dll Sat Sep 17 13:53:19 2005 => Scanning File C:\WINDOWS\System32\wbem\wmiprvsd.dll Sat Sep 17 13:53:19 2005 => Scanning File c:\windows\system32\wbem\wmisvc.dll Sat Sep 17 13:53:19 2005 => Scanning File C:\WINDOWS\System32\wbem\wmiutils.dll Sat Sep 17 13:53:19 2005 => Scanning File C:\WINDOWS\system32\wdigest.dll Sat Sep 17 13:53:19 2005 => Scanning File C:\WINDOWS\system32\WINHTTP.dll Sat Sep 17 13:53:19 2005 => Scanning File C:\WINDOWS\system32\WININET.dll Sat Sep 17 13:53:19 2005 => Scanning File C:\WINDOWS\system32\WINMM.dll Sat Sep 17 13:53:19 2005 => Scanning File C:\WINDOWS\System32\winrnr.dll Sat Sep 17 13:53:19 2005 => Scanning File C:\WINDOWS\system32\WinSCard.dll Sat Sep 17 13:53:19 2005 => Scanning File C:\WINDOWS\system32\WINSPOOL.DRV Sat Sep 17 13:53:19 2005 => Scanning File C:\WINDOWS\system32\winsrv.dll Sat Sep 17 13:53:19 2005 => Scanning File C:\WINDOWS\system32\WINSTA.dll Sat Sep 17 13:53:19 2005 => Scanning File C:\WINDOWS\system32\WINTRUST.dll Sat Sep 17 13:53:20 2005 => Scanning File C:\WINDOWS\system32\WLDAP32.dll Sat Sep 17 13:53:20 2005 => Scanning File C:\WINDOWS\system32\WlNotify.dll Sat Sep 17 13:53:20 2005 => Scanning File C:\WINDOWS\system32\WS2_32.dll Sat Sep 17 13:53:20 2005 => Scanning File C:\WINDOWS\system32\WS2HELP.dll Sat Sep 17 13:53:20 2005 => Scanning File C:\WINDOWS\System32\wshtcpip.dll Sat Sep 17 13:53:20 2005 => Scanning File C:\WINDOWS\system32\wsock32.dll Sat Sep 17 13:53:20 2005 => Scanning File C:\WINDOWS\system32\WTSAPI32.dll Sat Sep 17 13:53:20 2005 => Scanning File C:\WINDOWS\system32\wzcdlg.dll Sat Sep 17 13:53:20 2005 => Scanning File C:\WINDOWS\system32\WZCSAPI.DLL Sat Sep 17 13:53:20 2005 => Scanning File C:\WINDOWS\system32\xpsp2res.dll Sat Sep 17 13:53:21 2005 => Scanning File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll Sat Sep 17 13:53:21 2005 => ***** Scanning Registry Files ***** Sat Sep 17 13:53:21 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad Sat Sep 17 13:53:21 2005 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction *** Sat Sep 17 13:53:21 2005 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**] Sat Sep 17 13:53:21 2005 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction *** Sat Sep 17 13:53:21 2005 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**] Sat Sep 17 13:53:21 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll Sat Sep 17 13:53:21 2005 => Scanning File C:\WINDOWS\System32\stobject.dll Sat Sep 17 13:53:21 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects Sat Sep 17 13:53:21 2005 => {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll Sat Sep 17 13:53:21 2005 => Scanning File C:\PROGRA~1\Adobe\ACROBA~3.0\ActiveX\ACROIE~1.DLL Sat Sep 17 13:53:21 2005 => {53707962-6F74-2D53-2644-206D7942484F} = C:\Programme\SpybotSearchDestroy\SDHelper.dll Sat Sep 17 13:53:21 2005 => Scanning File C:\Programme\SpybotSearchDestroy\SDHelper.dll Sat Sep 17 13:53:21 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Sat Sep 17 13:53:21 2005 => Scanning File C:\WINDOWS\system32\Ati2mdxx.exe Sat Sep 17 13:53:21 2005 => Scanning File C:\WINDOWS\SOUNDMAN.EXE Sat Sep 17 13:53:22 2005 => Scanning File C:\PROGRA~2\ATITEC~1\ATICON~1\atiptaxx.exe Sat Sep 17 13:53:22 2005 => Scanning File C:\WINDOWS\AGRSMMSG.exe Sat Sep 17 13:53:22 2005 => Scanning File C:\Programme\Apoint2K\Apoint.exe Sat Sep 17 13:53:22 2005 => Scanning File C:\Progra~1\SwiftBtn\SwiftBtn.EXE Sat Sep 17 13:53:22 2005 => Scanning File C:\Programme\Iomega\AutoDisk\ADUserMon.exe Sat Sep 17 13:53:22 2005 => Scanning File C:\Programme\Iomega\DriveIcons\ImgIcon.exe Sat Sep 17 13:53:22 2005 => Scanning File C:\Programme\Iomega\DriveIcons\deskup.exe Sat Sep 17 13:53:22 2005 => Scanning File C:\WINDOWS\System32\NeroCheck.exe Sat Sep 17 13:53:23 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\MICROS~1\WORKSS~1\WkUFind.exe Sat Sep 17 13:53:23 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\Real\UPDATE~1\REALSC~1.EXE Sat Sep 17 13:53:23 2005 => Scanning File C:\Programme\NETGEAR\WG511SCU\Utility\Gear511.exe Sat Sep 17 13:53:23 2005 => Scanning File C:\Programme\QuickTime\qttask.exe Sat Sep 17 13:53:23 2005 => Scanning File C:\Programme\AVPersonal\AVSched32.EXE Sat Sep 17 13:53:23 2005 => Scanning File C:\Programme\AVPersonal\AVGNT.EXE Sat Sep 17 13:53:24 2005 => Scanning File C:\Programme\iTunes\iTunesHelper.exe Sat Sep 17 13:53:24 2005 => *** File C:\Programme\ICQLite\ICQLite.exe having Size Restriction *** Sat Sep 17 13:53:24 2005 => Scanning File C:\Programme\ICQLite\ICQLite.exe [**] Sat Sep 17 13:53:24 2005 => Scanning File C:\Programme\eScan\LAUNCH.EXE Sat Sep 17 13:53:24 2005 => Scanning File C:\PROGRA~1\eScan\TRAYICOS.EXE Sat Sep 17 13:53:24 2005 => Scanning File C:\PROGRA~1\eScan\AVPMWrap.EXE Sat Sep 17 13:53:24 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Sat Sep 17 13:53:24 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx Sat Sep 17 13:53:24 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Sat Sep 17 13:53:24 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Sat Sep 17 13:53:24 2005 => Scanning File C:\WINDOWS\system32\ctfmon.exe Sat Sep 17 13:53:24 2005 => *** File C:\Programme\Messenger\MSMSGS.EXE having Size Restriction *** Sat Sep 17 13:53:24 2005 => Scanning File C:\Programme\Messenger\MSMSGS.EXE [**] Sat Sep 17 13:53:24 2005 => *** File C:\Programme\Skype\Phone\Skype.exe having Size Restriction *** Sat Sep 17 13:53:24 2005 => Scanning File C:\Programme\Skype\Phone\Skype.exe [**] Sat Sep 17 13:53:24 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Sat Sep 17 13:53:24 2005 => *** File C:\Programme\ICQLite\ICQLite.exe having Size Restriction *** Sat Sep 17 13:53:24 2005 => Scanning File C:\Programme\ICQLite\ICQLite.exe [**] Sat Sep 17 13:53:24 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx Sat Sep 17 13:53:24 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Sat Sep 17 13:53:24 2005 => Scanning HKCR\txtfile\shell\open\command Sat Sep 17 13:53:24 2005 => Scanning File C:\WINDOWS\system32\NOTEPAD.EXE Sat Sep 17 13:53:24 2005 => Scanning HKCR\comfile\shell\open\command Sat Sep 17 13:53:24 2005 => Scanning HKCR\exefile\shell\open\command Sat Sep 17 13:53:24 2005 => Scanning HKCR\dllfile\shell\open\command Sat Sep 17 13:53:24 2005 => Scanning HKCR\batfile\shell\open\command Sat Sep 17 13:53:24 2005 => Scanning HKCR\piffile\shell\open\command Sat Sep 17 13:53:24 2005 => Scanning HKCR\scrfile\shell\open\command Sat Sep 17 13:53:24 2005 => Scanning HKCR\scrfile\shell\config\command Sat Sep 17 13:53:24 2005 => Scanning HKCR\regfile\shell\open\command Sat Sep 17 13:53:24 2005 => Scanning HKCR\htmlfile\shell\open\command Sat Sep 17 13:53:24 2005 => Scanning File C:\PROGRA~1\INTERN~1\iexplore.exe Sat Sep 17 13:53:24 2005 => Scanning HKCR\htafile\shell\open\command Sat Sep 17 13:53:24 2005 => Scanning File C:\WINDOWS\System32\mshta.exe Sat Sep 17 13:53:25 2005 => Scanning HKCR\jsfile\shell\open\command Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\System32\WScript.exe Sat Sep 17 13:53:25 2005 => Scanning HKCR\jsefile\shell\open\command Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\System32\WScript.exe Sat Sep 17 13:53:25 2005 => Scanning HKCR\vbsfile\shell\open\command Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\System32\WScript.exe Sat Sep 17 13:53:25 2005 => Scanning HKCR\vbefile\shell\open\command Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\System32\WScript.exe Sat Sep 17 13:53:25 2005 => Scanning HKCR\wshfile\shell\open\command Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\System32\WScript.exe Sat Sep 17 13:53:25 2005 => Scanning HKCR\wsffile\shell\open\command Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\System32\WScript.exe Sat Sep 17 13:53:25 2005 => ***** Scanning StartUp Folders ***** Sat Sep 17 13:53:25 2005 => ***** Scanning C:\Dokumente und Einstellungen\Stefan\Startmenü\Programme\Autostart Folder ***** Sat Sep 17 13:53:25 2005 => Scanning Folder: C:\Dokumente und Einstellungen\Stefan\Startmenü\Programme\Autostart\*.* Sat Sep 17 13:53:25 2005 => Scanning File C:\Dokumente und Einstellungen\Stefan\Startmenü\Programme\Autostart\desktop.ini [**] Sat Sep 17 13:53:25 2005 => ***** Scanning C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Folder ***** Sat Sep 17 13:53:25 2005 => Scanning Folder: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\*.* Sat Sep 17 13:53:25 2005 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk [**] Sat Sep 17 13:53:25 2005 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini [**] Sat Sep 17 13:53:25 2005 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hp psc 2000 Series.lnk [**] Sat Sep 17 13:53:25 2005 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hpoddt01.exe.lnk [**] Sat Sep 17 13:53:25 2005 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk [**] Sat Sep 17 13:53:25 2005 => ***** Scanning Service Files ***** Sat Sep 17 13:53:25 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Services Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\system32\drivers\ac97intc.sys Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ACPI.sys Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ACPIEC.sys Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\adpu160m.sys Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\system32\drivers\aec.sys Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\System32\drivers\afd.sys Sat Sep 17 13:53:25 2005 => *** File C:\WINDOWS\system32\DRIVERS\AGRSM.sys having Size Restriction *** Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\AGRSM.sys [**] Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\agp440.sys Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\agpCPQ.sys Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\aha154x.sys Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\aic78u2.sys Sat Sep 17 13:53:26 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\aic78xx.sys Sat Sep 17 13:53:26 2005 => Scanning File C:\WINDOWS\system32\drivers\ALCXWDM.SYS Sat Sep 17 13:53:26 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:26 2005 => Scanning File C:\WINDOWS\System32\alg.exe Sat Sep 17 13:53:26 2005 => Scanning File C:\WINDOWS\system32\drivers\ac97ali.sys Sat Sep 17 13:53:26 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\aliide.sys Sat Sep 17 13:53:26 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\alim1541.sys Sat Sep 17 13:53:26 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\amdagp.sys Sat Sep 17 13:53:26 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\amdk7.sys Sat Sep 17 13:53:26 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\amsint.sys Sat Sep 17 13:53:26 2005 => Scanning File C:\Programme\AVPersonal\AVGUARD.EXE Sat Sep 17 13:53:26 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\Apfiltr.sys Sat Sep 17 13:53:26 2005 => Scanning File C:\WINDOWS\system32\svchost.exe Sat Sep 17 13:53:26 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ar5211.sys Sat Sep 17 13:53:26 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\arp1394.sys Sat Sep 17 13:53:26 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\asc.sys Sat Sep 17 13:53:27 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\asc3350p.sys Sat Sep 17 13:53:27 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\asc3550.sys Sat Sep 17 13:53:27 2005 => Scanning File C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe Sat Sep 17 13:53:27 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\asyncmac.sys Sat Sep 17 13:53:27 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\atapi.sys Sat Sep 17 13:53:27 2005 => Scanning File C:\WINDOWS\System32\Ati2evxx.exe Sat Sep 17 13:53:27 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ati2mtag.sys Sat Sep 17 13:53:27 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\atmarpc.sys Sat Sep 17 13:53:27 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:27 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\audstub.sys Sat Sep 17 13:53:27 2005 => Scanning File C:\PROGRAMME\AVPERSONAL\AVGNTDW.SYS Sat Sep 17 13:53:27 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\avmwan.sys Sat Sep 17 13:53:27 2005 => Scanning File C:\Programme\AVPersonal\AVWUPSRV.EXE Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\SYSTEM32\AWINDIS5.SYS Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\atisgkaf.sys Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\cbidf2k.sys Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\cdrom.sys Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\system32\cisvc.exe Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\system32\clipsrv.exe Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\CmBatt.sys Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\cmdide.sys Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\compbatt.sys Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\System32\dllhost.exe Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\cpqarray.sys Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\system32\svchost.exe Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\dac2w2k.sys Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\dac960nt.sys Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\system32\svchost.exe Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\disk.sys Sat Sep 17 13:53:29 2005 => Scanning File C:\WINDOWS\System32\dmadmin.exe Sat Sep 17 13:53:29 2005 => Scanning File C:\WINDOWS\system32\drivers\dmboot.sys Sat Sep 17 13:53:29 2005 => Scanning File C:\WINDOWS\system32\drivers\dmio.sys Sat Sep 17 13:53:29 2005 => Scanning File C:\WINDOWS\system32\drivers\dmload.sys Sat Sep 17 13:53:29 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:29 2005 => Scanning File C:\WINDOWS\system32\drivers\DMusic.sys Sat Sep 17 13:53:29 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:29 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\dpti2o.sys Sat Sep 17 13:53:29 2005 => Scanning File C:\WINDOWS\system32\drivers\drmkaud.sys Sat Sep 17 13:53:29 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:29 2005 => Scanning File C:\PROGRA~1\eScan\TRAYSSER.EXE Sat Sep 17 13:53:29 2005 => Scanning File C:\WINDOWS\system32\services.exe Sat Sep 17 13:53:29 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:29 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:29 2005 => Scanning File C:\WINDOWS\system32\fxssvc.exe Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\fdc.sys Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\flpydisk.sys Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\system32\drivers\fltmgr.sys Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ftdisk.sys Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\fxusbase.sys Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\msgpc.sys Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\hpn.sys Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\HPZid412.sys Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\HPZipr12.sys Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\HPZius12.sys Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\system32\Drivers\HTTP.sys Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\i2omp.sys Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\i8042prt.sys Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\imapi.sys Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\System32\imapi.exe Sat Sep 17 13:53:31 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ini910u.sys Sat Sep 17 13:53:31 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\intelide.sys Sat Sep 17 13:53:31 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\iomdisk.sys Sat Sep 17 13:53:31 2005 => ERROR!!! Invalid Entry "" in SYSTEM\CurrentControlSet\Services\Iomega Activity Disk2... Sat Sep 17 13:53:31 2005 => Scanning File C:\PROGRA~1\Iomega\System32\AppServices.exe Sat Sep 17 13:53:31 2005 => Scanning File C:\WINDOWS\system32\drivers\ip6fw.sys Sat Sep 17 13:53:31 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys Sat Sep 17 13:53:31 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ipinip.sys Sat Sep 17 13:53:31 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ipnat.sys Sat Sep 17 13:53:31 2005 => Scanning File C:\Programme\iPod\bin\iPodService.exe Sat Sep 17 13:53:31 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ipsec.sys Sat Sep 17 13:53:31 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\irenum.sys Sat Sep 17 13:53:31 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\isapnp.sys Sat Sep 17 13:53:31 2005 => Scanning File C:\PROGRA~1\eScan\avpm.exe Sat Sep 17 13:53:32 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\kbdclass.sys Sat Sep 17 13:53:32 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\KBFiltr.sys Sat Sep 17 13:53:32 2005 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\KLIF.SYS Sat Sep 17 13:53:32 2005 => Scanning File C:\WINDOWS\system32\drivers\kmixer.sys Sat Sep 17 13:53:32 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:32 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:32 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:32 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\mdc8021x.sys Sat Sep 17 13:53:32 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\MICROS~1\VS7Debug\mdm.exe Sat Sep 17 13:53:32 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:32 2005 => Scanning File C:\WINDOWS\System32\mnmsrvc.exe Sat Sep 17 13:53:32 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\mouclass.sys Sat Sep 17 13:53:32 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\mraid35x.sys Sat Sep 17 13:53:32 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\mrxdav.sys Sat Sep 17 13:53:32 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\mrxsmb.sys Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\System32\msdtc.exe Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\system32\msiexec.exe Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\system32\drivers\MSKSSRV.sys Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\system32\drivers\MSPCLOCK.sys Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\system32\drivers\MSPQM.sys Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\mssmbios.sys Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ndistapi.sys Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ndisuio.sys Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ndiswan.sys Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\netbios.sys Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\netbt.sys Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\system32\netdde.exe Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\system32\netdde.exe Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\wg511nd5.sys Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\System32\lsass.exe Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:33 2005 => ERROR!!! Invalid Entry System32\DRIVERS\NETPPPOI.SYS in SYSTEM\CurrentControlSet\Services\NETPPPOI... Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\nic1394.sys Sat Sep 17 13:53:33 2005 => ERROR!!! Invalid Entry C:\PROGRAMME\NORMAN\Nvc\BIN\nipsvc.exe in SYSTEM\CurrentControlSet\Services\NipSvc... Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\nscirda.sys Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\System32\lsass.exe Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\system32\svchost.exe Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ohci1394.sys Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\parport.sys Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\pci.sys Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\pciide.sys Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\pcmcia.sys Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\perc2.sys Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\perc2hib.sys Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\system32\services.exe Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\System32\HPZipm12.exe Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\System32\lsass.exe Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ppa.sys Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\raspptp.sys Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\processr.sys Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\system32\lsass.exe Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\psched.sys Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ptilink.sys Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\PxHelp20.sys Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ql1080.sys Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ql10wnt.sys Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ql12160.sys Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ql1240.sys Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ql1280.sys Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\rasacd.sys Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\rasirda.sys Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\rasl2tp.sys Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\raspppoe.sys Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\raspti.sys Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\rdbss.sys Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\RDPCDD.sys Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\rdpdr.sys Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\system32\sessmgr.exe Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\redbook.sys Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\system32\Drivers\RootMdm.sys Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\System32\locator.exe Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\system32\svchost.exe Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\System32\rsvp.exe Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\R8139n51.SYS Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\system32\lsass.exe Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\System32\SCardSvr.exe Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\system32\drivers\scsiport.sys Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\secdrv.sys Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\system32\svchost.exe Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\serenum.sys Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\Seri*hier nicht!*.sys Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\sisagp.sys Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\sparrow.sys Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\system32\drivers\splitter.sys Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\system32\spoolsv.exe Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\sr.sys Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\srv.sys Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\SSHDRV61.SYS Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\swenum.sys Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\system32\drivers\swmidi.sys Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\System32\dllhost.exe Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\symc810.sys Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\symc8xx.sys Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\sym_hi.sys Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\sym_u3.sys Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\system32\drivers\sysaudio.sys Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\system32\smlogsvc.exe Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\tcpip.sys Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\termdd.sys Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\toside.sys Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\system32\svchost.exe Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ultra.sys Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\system32\wdfmgr.exe Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\update.sys Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\System32\ups.exe Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\usbccgp.sys Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\usbhub.sys Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\usbohci.sys Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\usbprint.sys Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\usbscan.sys Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\usbuhci.sys Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\System32\drivers\vga.sys Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\viaagp.sys Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\viaide.sys Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\System32\vssvc.exe Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\wanarp.sys Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\system32\drivers\wdmaud.sys Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\system32\svchost.exe Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\wlluc48.sys Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\System32\wbem\wmiapsrv.exe Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\System32\drivers\ws2ifsl.sys Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\system32\svchost.exe Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Sat Sep 17 13:53:39 2005 => Scanning File C:\Programme\Iomega\AutoDisk\ADService.exe Sat Sep 17 13:53:39 2005 => ***** Scanning Important System Files ***** Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\system32\winsock.dll Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\WSSPORD.DAT Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\system32\ws2help.dll Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\system32\ws2_32.dll Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\system32\wscntfy.exe Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\system32\wscript.exe Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\system32\wscsvc.dll Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\system32\wscui.cpl Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\wshatm.dll Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\wshbth.dll Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\wshcon.dll Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\wshde.dll Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\wshext.dll Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\wship6.dll Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\wshirda.dll Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\wshisn.dll Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\wshnetbs.dll Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\wshom.ocx Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\wshrm.dll Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\wshtcpip.dll Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\wsnmp32.dll Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\wsock32.dll Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\wstdecod.dll Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\DEFESMS.HTML Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\explorer.exe Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\explorer.scf Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\notepad.exe Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\notepad.exe Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\ctfmon.exe Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\cmd.exe Sat Sep 17 13:53:41 2005 => *** File C:\WINDOWS\system32\kernel32.dll having Size Restriction *** Sat Sep 17 13:53:41 2005 => Scanning File C:\WINDOWS\system32\kernel32.dll [**] Sat Sep 17 13:53:41 2005 => *** File C:\WINDOWS\system32\ntoskrnl.exe having Size Restriction *** Sat Sep 17 13:53:41 2005 => Scanning File C:\WINDOWS\system32\ntoskrnl.exe [**] Sat Sep 17 13:53:41 2005 => *** File C:\WINDOWS\system32\ntkrnlpa.exe having Size Restriction *** Sat Sep 17 13:53:41 2005 => Scanning File C:\WINDOWS\system32\ntkrnlpa.exe [**] Sat Sep 17 13:53:41 2005 => Scanning File C:\WINDOWS\system32\HAL.DLL Sat Sep 17 13:53:41 2005 => *** File C:\WINDOWS\system32\win32k.sys having Size Restriction *** Sat Sep 17 13:53:41 2005 => Scanning File C:\WINDOWS\system32\win32k.sys [**] Sat Sep 17 13:53:41 2005 => Scanning File C:\WINDOWS\system32\ntdll.dll Sat Sep 17 13:53:41 2005 => Scanning File C:\WINDOWS\system32\advapi32.dll Sat Sep 17 13:53:41 2005 => Scanning File C:\WINDOWS\system32\user32.dll Sat Sep 17 13:53:41 2005 => Scanning File C:\WINDOWS\system32\gdi32.dll Sat Sep 17 13:53:41 2005 => Scanning File C:\WINDOWS\system32\bootvid.dll Sat Sep 17 13:53:41 2005 => Scanning File C:\WINDOWS\system32\command.com Sat Sep 17 13:53:41 2005 => ***** Checking for specific ITW Viruses ***** Sat Sep 17 13:53:41 2005 => Checking for Welchia Virus... Sat Sep 17 13:53:41 2005 => Checking for LovGate Virus... Sat Sep 17 13:53:41 2005 => Checking for CodeRed Virus... Sat Sep 17 13:53:41 2005 => Checking for OpaServ Virus... Sat Sep 17 13:53:41 2005 => Checking for Sobig.e Virus... Sat Sep 17 13:53:41 2005 => Checking for Winupie Virus... Sat Sep 17 13:53:41 2005 => Checking for Swen Virus... Sat Sep 17 13:53:41 2005 => Checking for JS.Fortnight Virus... Sat Sep 17 13:53:41 2005 => Checking for Novarg Virus... Sat Sep 17 13:53:41 2005 => Checking for Pagabot Virus... Sat Sep 17 13:53:41 2005 => Checking for Parite.b Virus... Sat Sep 17 13:53:41 2005 => Checking for Parite.a Virus... Sat Sep 17 13:53:41 2005 => ***** Scanning complete. ***** Sat Sep 17 13:53:41 2005 => Total Files Scanned: 494 Sat Sep 17 13:53:41 2005 => Total Virus(es) Found: 0 Sat Sep 17 13:53:41 2005 => Total Disinfected Files: 0 Sat Sep 17 13:53:41 2005 => Total Files Renamed: 0 Sat Sep 17 13:53:41 2005 => Total Deleted Files: 0 Sat Sep 17 13:53:41 2005 => Total Errors: 3 Sat Sep 17 13:53:41 2005 => Time Elapsed: 00:00:31 Sat Sep 17 13:53:41 2005 => Virus Database Date: 2005/09/17 Sat Sep 17 13:53:41 2005 => Virus Database Count: 145463 Sat Sep 17 13:53:41 2005 => Scan Completed. Sat Sep 17 13:53:42 2005 => AV Library Unloaded (3)... |
|
|
||
bekomme ständige Warnungen von AntiVir:
-------------------------------------------------------
C:\WINDOWS\SYSTEM32\CBXXU.DLL
Ist das Trojanische Pferd TR/Dldr.ConHook.I
http://www.kaspersky.com/de/remoteviruschk.html findet zwar nix,
Malwareupload.com sagt aber auch: Trojan-Downloader.ConHook.i
-------------------------------------------------------
Hier hijackthis.log:
Logfile of HijackThis v1.99.1
Scan saved at 00:08:29, on 09.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Apoint2K\Apoint.exe
C:\Progra~1\SwiftBtn\SwiftBtn.EXE
C:\Programme\Iomega\AutoDisk\ADUserMon.exe
C:\Programme\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\AVPersonal\AVSched32.EXE
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\SpybotSearchDestroy\TeaTimer.exe
C:\Programme\Apoint2K\Apntex.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\Downloads\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\SpybotSearchDestroy\SDHelper.dll
O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\system32\cbxxu.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QT4STBTN] C:\Progra~1\SwiftBtn\SwiftBtn.EXE
O4 - HKLM\..\Run: [ADUserMon] C:\Programme\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Programme\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AS00_Gear511] C:\Programme\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\SpybotSearchDestroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3FE0A418-A61F-401B-8C4F-DEAA62C7CEEC} (Chartist25 Control) - http://www.tradesignal.com/wpa/tsb/2.6.2.2/components/tsbt-2-6-2-2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125841006826
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/de/check/qdiagh.cab?326
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: cbxxu - C:\WINDOWS\SYSTEM32\cbxxu.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Programme\Iomega\AutoDisk\ADService.exe
-------------------------------------------------------
Löschen bei Reboot funktioniert aus abgesichertem Modus für
O2 - cbxxu und O20 - cbxxu nicht.
Habe versucht, eine Anleitung für ein ähnliches Problem abzuarbeiten.
CCleaner habe ich angewendet.
-------------------------------------------------------
Ich hoffe, dass Find-Qoologic.bat funktioniert hat.
Ich musste nämlich ziemlich häufig auf die Warnung von AntiVir hin
"Zugriff erlauben und Datei belassen" auswählen, um die folgende Log-Datei
zu erhalten:
Find Qoologic last edited 8/30/2005
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
some examples are MRT.EXE NTDLL.DLL.
»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
If this string search find's both and an exe and dat it's bad.
»»»»»»»»»»»»»»»»»»»»»»»» Packed files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
* UPX! C:\WINDOWS\System32\OEMBIOS.BIN
* aspack C:\WINDOWS\System32\MRT.EXE
* aspack C:\WINDOWS\System32\NTDLL.DLL
»»»»»»»»»»»»»»»»»»»»»»»» startup files»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»»
(fstarts by IMM - test ver. 0.001) NOT using address check -- 0x7c91df5e
Global Startup:
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
.
..
Adobe Reader - Schnellstart.lnk
desktop.ini
hp psc 2000 Series.lnk
hpoddt01.exe.lnk
InterVideo WinCinema Manager.lnk
Microsoft Office.lnk
User Startup:
C:\Dokumente und Einstellungen\Stefan\Startmenü\Programme\Autostart
.
..
desktop.ini
»»»»» Search by size and name...
»»»»» Files found by this method are not necessarily bad...
»»»»» Example PNGFILT.DLL ctl3d32.dll are windows files...
-------------------------------------------------------
Hier ist die Ausgabe von datfind.bat:
Datenträger in Laufwerk C: ist 65-01-31
Volumeseriennummer: ECAE-D346
Verzeichnis von C:\WINDOWS\system32
07.09.2005 23:38 1.158 wpa.dbl
25.08.2005 00:36 25.088 cbxxu.dll
04.08.2005 18:54 1.457.496 MRT.exe
03.08.2005 10:33 520.456 LegitCheckControl.DLL
20.07.2005 04:04 3.012.096 mshtml.dll
20.07.2005 04:04 3.012.096 SET88.tmp
19.07.2005 00:48 2.122 qtplugin.log
12.07.2005 18:04 23.304 GWFSPidGen.dll
08.07.2005 18:28 76.800 remotesp.tsp
08.07.2005 18:28 249.344 tapisrv.dll
03.07.2005 04:15 474.112 shlwapi.dll
03.07.2005 04:15 605.696 urlmon.dll
03.07.2005 04:15 474.112 SET83.tmp
03.07.2005 04:15 664.064 SET81.tmp
03.07.2005 04:15 1.484.288 shdocvw.dll
03.07.2005 04:15 605.696 SET82.tmp
03.07.2005 04:15 1.484.288 SET84.tmp
03.07.2005 04:15 664.064 wininet.dll
03.07.2005 04:15 448.512 mshtmled.dll
03.07.2005 04:15 448.512 SET87.tmp
03.07.2005 04:15 146.432 msrating.dll
03.07.2005 04:15 39.424 pngfilt.dll
03.07.2005 04:15 1.019.904 browseui.dll
03.07.2005 04:15 251.392 SET8A.tmp
03.07.2005 04:15 251.392 iepeers.dll
03.07.2005 04:15 152.064 cdfview.dll
03.07.2005 04:15 1.019.904 SET8C.tmp
03.07.2005 04:15 96.768 inseng.dll
30.06.2005 04:05 119.296 umpnpmgr.dll
29.06.2005 03:49 74.240 SET71.tmp
29.06.2005 03:49 254.976 icm32.dll
29.06.2005 03:49 74.240 mscms.dll
15.06.2005 19:49 295.936 kerberos.dll
11.06.2005 01:53 57.856 spoolsv.exe
27.05.2005 04:04 41.472 hhsetup.dll
27.05.2005 04:04 546.304 hhctrl.ocx
27.05.2005 04:04 155.136 itircl.dll
27.05.2005 04:04 137.216 itss.dll
26.05.2005 04:19 173.536 wuweb.dll
26.05.2005 04:16 18.200 wups2.dll
26.05.2005 04:16 41.240 wups.dll
26.05.2005 04:16 1.343.768 wuaueng.dll
26.05.2005 04:16 198.424 iuengine.dll
26.05.2005 04:16 75.544 cdm.dll
26.05.2005 04:16 124.696 wuauclt.exe
26.05.2005 04:16 128.280 wucltui.dll
26.05.2005 04:16 174.872 wuauclt1.exe
Datenträger in Laufwerk C: ist 65-01-31
Volumeseriennummer: ECAE-D346
Verzeichnis von C:\DOKUME~1\Stefan\LOKALE~1\Temp
Datenträger in Laufwerk C: ist 65-01-31
Volumeseriennummer: ECAE-D346
Verzeichnis von C:\WINDOWS
09.09.2005 00:04 5.688 ModemLog_GPRS via COM.txt
09.09.2005 00:04 4.240 ModemLog_Agere Systems AC'97 Modem.txt
09.09.2005 00:04 159 wiadebug.log
09.09.2005 00:04 739.495 WindowsUpdate.log
09.09.2005 00:04 50 wiaservc.log
09.09.2005 00:04 2.048 bootstat.dat
09.09.2005 00:03 32.588 SchedLgU.Txt
05.09.2005 00:17 352 wincmd.ini
04.09.2005 21:44 1.022 win.ini
23.08.2005 10:26 911 cdplayer.ini
19.08.2005 21:20 1.125 winamp.ini
07.06.2005 23:31 1.389 HHB.INI
31.05.2005 06:53 545 PKUNZIP.PIF
31.05.2005 06:53 545 NOCLOSE.PIF
31.05.2005 06:53 545 UC.PIF
31.05.2005 06:53 545 LHA.PIF
31.05.2005 06:53 545 RAR.PIF
31.05.2005 06:53 545 ARJ.PIF
31.05.2005 06:53 545 PKZIP.PIF
28.05.2005 20:14 48 ChssBase.ini
28.05.2005 13:40 114.688 UninstallSunbird.exe
28.05.2005 13:40 20.274 mozver.dat
27.05.2005 01:22 10.752 hh.exe
10.03.2005 01:41 17 Missing.ini
24.01.2005 02:32 235 BUHL.INI
08.01.2005 14:41 316.640 WMSysPr9.prx
22.12.2004 02:56 151 infotax.ini
04.10.2004 10:51 69.632 uinst001.exe
13.09.2004 02:16 1.748 nsreg.dat
13.09.2004 02:15 87.184 NSUninst.exe
13.09.2004 02:15 87.184 GREUninstall.exe
12.09.2004 23:55 2.718.997 setupapi.log.0.old
12.09.2004 20:49 0 iPlayer.INI
03.09.2004 23:32 40 iltwain.ini
04.08.2004 09:58 288.768 winhlp32.exe
04.08.2004 09:58 32.866 slrundll.exe
Datenträger in Laufwerk C: ist 65-01-31
Volumeseriennummer: ECAE-D346
Verzeichnis von C:\
09.09.2005 01:04 0 sys.txt
09.09.2005 01:03 6.081 system.txt
09.09.2005 01:02 129 systemtemp.txt
09.09.2005 00:59 101.906 system32.txt
09.09.2005 00:04 501.796.864 hiberfil.sys
09.09.2005 00:04 1.409.286.144 pagefile.sys
08.09.2005 23:25 488 hpfr5550.xml
04.09.2005 23:22 0 win.txt
04.09.2005 23:22 23 log.txt
04.09.2005 22:40 780 virusscanJotti.txt
07.06.2005 23:31 191 mwmlog.txt
-------------------------------------------------------
Und schließlich die Ausgabe von rkfiles.bat
C:\Downloads\rkfiles
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\oembios.bin: uPx!
C:\WINDOWS\system32\atl71.pdb: dwProvSpec2
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
C:\WINDOWS\system32\mfc71.pdb: dwProvSpec2
C:\WINDOWS\system32\MFC71d.pdb: dwProvSpec2
C:\WINDOWS\system32\mfc71u.pdb: dwProvSpec2
C:\WINDOWS\system32\mfc71ud.pdb: dwProvSpec2
C:\WINDOWS\system32\atl71.pdb: dwProvSpec2
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
C:\WINDOWS\system32\mfc71.pdb: dwProvSpec2
C:\WINDOWS\system32\MFC71d.pdb: dwProvSpec2
C:\WINDOWS\system32\mfc71u.pdb: dwProvSpec2
C:\WINDOWS\system32\mfc71ud.pdb: dwProvSpec2
Files Found in all users startup Folder............
------------------------
C:\WINDOWS\system32\oembios.bin: uPx!
Files Found in all users windows Folder............
------------------------
Finished
bye
-------------------------------------------------------
Weiß jemand weiter?
Tausend Dank im voraus!
Stefan