AntiVir findet Trojaner TR/Dldr.ConHook.I

#0
09.09.2005, 23:47
Member

Beiträge: 17
#1 Hallo,

bekomme ständige Warnungen von AntiVir:

-------------------------------------------------------
C:\WINDOWS\SYSTEM32\CBXXU.DLL
Ist das Trojanische Pferd TR/Dldr.ConHook.I

http://www.kaspersky.com/de/remoteviruschk.html findet zwar nix,

Malwareupload.com sagt aber auch: Trojan-Downloader.ConHook.i
-------------------------------------------------------
Hier hijackthis.log:

Logfile of HijackThis v1.99.1
Scan saved at 00:08:29, on 09.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Apoint2K\Apoint.exe
C:\Progra~1\SwiftBtn\SwiftBtn.EXE
C:\Programme\Iomega\AutoDisk\ADUserMon.exe
C:\Programme\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\AVPersonal\AVSched32.EXE
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\SpybotSearchDestroy\TeaTimer.exe
C:\Programme\Apoint2K\Apntex.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Dokumente und Einstellungen\Stefan\Eigene Dateien\Downloads\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\SpybotSearchDestroy\SDHelper.dll
O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\system32\cbxxu.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QT4STBTN] C:\Progra~1\SwiftBtn\SwiftBtn.EXE
O4 - HKLM\..\Run: [ADUserMon] C:\Programme\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Programme\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AS00_Gear511] C:\Programme\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\SpybotSearchDestroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3FE0A418-A61F-401B-8C4F-DEAA62C7CEEC} (Chartist25 Control) - http://www.tradesignal.com/wpa/tsb/2.6.2.2/components/tsbt-2-6-2-2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125841006826
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/de/check/qdiagh.cab?326
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: cbxxu - C:\WINDOWS\SYSTEM32\cbxxu.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Programme\Iomega\AutoDisk\ADService.exe
-------------------------------------------------------

Löschen bei Reboot funktioniert aus abgesichertem Modus für
O2 - cbxxu und O20 - cbxxu nicht.

Habe versucht, eine Anleitung für ein ähnliches Problem abzuarbeiten.

CCleaner habe ich angewendet.

-------------------------------------------------------
Ich hoffe, dass Find-Qoologic.bat funktioniert hat.
Ich musste nämlich ziemlich häufig auf die Warnung von AntiVir hin
"Zugriff erlauben und Datei belassen" auswählen, um die folgende Log-Datei
zu erhalten:

Find Qoologic last edited 8/30/2005
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
some examples are MRT.EXE NTDLL.DLL.
»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

If this string search find's both and an exe and dat it's bad.
»»»»»»»»»»»»»»»»»»»»»»»» Packed files »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

* UPX! C:\WINDOWS\System32\OEMBIOS.BIN
* aspack C:\WINDOWS\System32\MRT.EXE
* aspack C:\WINDOWS\System32\NTDLL.DLL
»»»»»»»»»»»»»»»»»»»»»»»» startup files»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Checking Global Startup »»»»»»»»»»»»»»»»»»»»»»

(fstarts by IMM - test ver. 0.001) NOT using address check -- 0x7c91df5e

Global Startup:
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
.
..
Adobe Reader - Schnellstart.lnk
desktop.ini
hp psc 2000 Series.lnk
hpoddt01.exe.lnk
InterVideo WinCinema Manager.lnk
Microsoft Office.lnk

User Startup:
C:\Dokumente und Einstellungen\Stefan\Startmenü\Programme\Autostart
.
..
desktop.ini

»»»»» Search by size and name...
»»»»» Files found by this method are not necessarily bad...
»»»»» Example PNGFILT.DLL ctl3d32.dll are windows files...

-------------------------------------------------------

Hier ist die Ausgabe von datfind.bat:

Datenträger in Laufwerk C: ist 65-01-31
Volumeseriennummer: ECAE-D346

Verzeichnis von C:\WINDOWS\system32

07.09.2005 23:38 1.158 wpa.dbl
25.08.2005 00:36 25.088 cbxxu.dll
04.08.2005 18:54 1.457.496 MRT.exe
03.08.2005 10:33 520.456 LegitCheckControl.DLL
20.07.2005 04:04 3.012.096 mshtml.dll
20.07.2005 04:04 3.012.096 SET88.tmp
19.07.2005 00:48 2.122 qtplugin.log
12.07.2005 18:04 23.304 GWFSPidGen.dll
08.07.2005 18:28 76.800 remotesp.tsp
08.07.2005 18:28 249.344 tapisrv.dll
03.07.2005 04:15 474.112 shlwapi.dll
03.07.2005 04:15 605.696 urlmon.dll
03.07.2005 04:15 474.112 SET83.tmp
03.07.2005 04:15 664.064 SET81.tmp
03.07.2005 04:15 1.484.288 shdocvw.dll
03.07.2005 04:15 605.696 SET82.tmp
03.07.2005 04:15 1.484.288 SET84.tmp
03.07.2005 04:15 664.064 wininet.dll
03.07.2005 04:15 448.512 mshtmled.dll
03.07.2005 04:15 448.512 SET87.tmp
03.07.2005 04:15 146.432 msrating.dll
03.07.2005 04:15 39.424 pngfilt.dll
03.07.2005 04:15 1.019.904 browseui.dll
03.07.2005 04:15 251.392 SET8A.tmp
03.07.2005 04:15 251.392 iepeers.dll
03.07.2005 04:15 152.064 cdfview.dll
03.07.2005 04:15 1.019.904 SET8C.tmp
03.07.2005 04:15 96.768 inseng.dll
30.06.2005 04:05 119.296 umpnpmgr.dll
29.06.2005 03:49 74.240 SET71.tmp
29.06.2005 03:49 254.976 icm32.dll
29.06.2005 03:49 74.240 mscms.dll
15.06.2005 19:49 295.936 kerberos.dll
11.06.2005 01:53 57.856 spoolsv.exe
27.05.2005 04:04 41.472 hhsetup.dll
27.05.2005 04:04 546.304 hhctrl.ocx
27.05.2005 04:04 155.136 itircl.dll
27.05.2005 04:04 137.216 itss.dll
26.05.2005 04:19 173.536 wuweb.dll
26.05.2005 04:16 18.200 wups2.dll
26.05.2005 04:16 41.240 wups.dll
26.05.2005 04:16 1.343.768 wuaueng.dll
26.05.2005 04:16 198.424 iuengine.dll
26.05.2005 04:16 75.544 cdm.dll
26.05.2005 04:16 124.696 wuauclt.exe
26.05.2005 04:16 128.280 wucltui.dll
26.05.2005 04:16 174.872 wuauclt1.exe


Datenträger in Laufwerk C: ist 65-01-31
Volumeseriennummer: ECAE-D346

Verzeichnis von C:\DOKUME~1\Stefan\LOKALE~1\Temp


Datenträger in Laufwerk C: ist 65-01-31
Volumeseriennummer: ECAE-D346

Verzeichnis von C:\WINDOWS

09.09.2005 00:04 5.688 ModemLog_GPRS via COM.txt
09.09.2005 00:04 4.240 ModemLog_Agere Systems AC'97 Modem.txt
09.09.2005 00:04 159 wiadebug.log
09.09.2005 00:04 739.495 WindowsUpdate.log
09.09.2005 00:04 50 wiaservc.log
09.09.2005 00:04 2.048 bootstat.dat
09.09.2005 00:03 32.588 SchedLgU.Txt
05.09.2005 00:17 352 wincmd.ini
04.09.2005 21:44 1.022 win.ini
23.08.2005 10:26 911 cdplayer.ini
19.08.2005 21:20 1.125 winamp.ini
07.06.2005 23:31 1.389 HHB.INI
31.05.2005 06:53 545 PKUNZIP.PIF
31.05.2005 06:53 545 NOCLOSE.PIF
31.05.2005 06:53 545 UC.PIF
31.05.2005 06:53 545 LHA.PIF
31.05.2005 06:53 545 RAR.PIF
31.05.2005 06:53 545 ARJ.PIF
31.05.2005 06:53 545 PKZIP.PIF
28.05.2005 20:14 48 ChssBase.ini
28.05.2005 13:40 114.688 UninstallSunbird.exe
28.05.2005 13:40 20.274 mozver.dat
27.05.2005 01:22 10.752 hh.exe
10.03.2005 01:41 17 Missing.ini
24.01.2005 02:32 235 BUHL.INI
08.01.2005 14:41 316.640 WMSysPr9.prx
22.12.2004 02:56 151 infotax.ini
04.10.2004 10:51 69.632 uinst001.exe
13.09.2004 02:16 1.748 nsreg.dat
13.09.2004 02:15 87.184 NSUninst.exe
13.09.2004 02:15 87.184 GREUninstall.exe
12.09.2004 23:55 2.718.997 setupapi.log.0.old
12.09.2004 20:49 0 iPlayer.INI
03.09.2004 23:32 40 iltwain.ini
04.08.2004 09:58 288.768 winhlp32.exe
04.08.2004 09:58 32.866 slrundll.exe


Datenträger in Laufwerk C: ist 65-01-31
Volumeseriennummer: ECAE-D346

Verzeichnis von C:\

09.09.2005 01:04 0 sys.txt
09.09.2005 01:03 6.081 system.txt
09.09.2005 01:02 129 systemtemp.txt
09.09.2005 00:59 101.906 system32.txt
09.09.2005 00:04 501.796.864 hiberfil.sys
09.09.2005 00:04 1.409.286.144 pagefile.sys
08.09.2005 23:25 488 hpfr5550.xml
04.09.2005 23:22 0 win.txt
04.09.2005 23:22 23 log.txt
04.09.2005 22:40 780 virusscanJotti.txt
07.06.2005 23:31 191 mwmlog.txt
-------------------------------------------------------

Und schließlich die Ausgabe von rkfiles.bat

C:\Downloads\rkfiles

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\oembios.bin: uPx!
C:\WINDOWS\system32\atl71.pdb: dwProvSpec2
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
C:\WINDOWS\system32\mfc71.pdb: dwProvSpec2
C:\WINDOWS\system32\MFC71d.pdb: dwProvSpec2
C:\WINDOWS\system32\mfc71u.pdb: dwProvSpec2
C:\WINDOWS\system32\mfc71ud.pdb: dwProvSpec2
C:\WINDOWS\system32\atl71.pdb: dwProvSpec2
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
C:\WINDOWS\system32\mfc71.pdb: dwProvSpec2
C:\WINDOWS\system32\MFC71d.pdb: dwProvSpec2
C:\WINDOWS\system32\mfc71u.pdb: dwProvSpec2
C:\WINDOWS\system32\mfc71ud.pdb: dwProvSpec2

Files Found in all users startup Folder............
------------------------
C:\WINDOWS\system32\oembios.bin: uPx!
Files Found in all users windows Folder............
------------------------
Finished
bye
-------------------------------------------------------

Weiß jemand weiter?

Tausend Dank im voraus!
Stefan
Seitenanfang Seitenende
10.09.2005, 01:15
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Hallo@sinus

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\system32\cbxxu.dll
O20 - Winlogon Notify: cbxxu - C:\WINDOWS\SYSTEM32\cbxxu.dll

PC neustarten

•KillBox
http://bilder.informationsarchiv.net/Nikitas_Tools/KillBox.zip
Anleitung: (bebildert)
http://virus-protect.org/killbox.html

•Delete File on Reboot <--anhaken

reinkopieren:
C:\WINDOWS\SYSTEM32\CBXXU.DLL

und klicke auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "yes

PC neustarten

#neue Startseite
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein

L2mfix
(bitte abarbeiten und alles hier posten)
http://virus-protect.org/L2mfix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
12.09.2005, 00:42
Member

Themenstarter

Beiträge: 17
#3 Hallo@Sabina,

vielen Dank für die Hinweise.

KillBox liefert nach Reboot-Versuch aus dem Programm heraus einen PopUp-Fehler mit folgendem Text:

PendingFileRenameOperations Registry Data has been Removed by External Process!

Systemsteuerung
Alle Offlineinhalte habe ich nicht finden können.

l2mfix\report.txt
L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxxu]
"Asynchronous"=dword:00000001
"DllName"="cbxxu.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read VORDEFINIERT\Benutzer
(ID-IO) ALLOW Read VORDEFINIERT\Benutzer
(ID-NI) ALLOW Full access VORDEFINIERT\Administratoren
(ID-IO) ALLOW Full access VORDEFINIERT\Administratoren
(ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access ERSTELLER-BESITZER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Eigenschaften fr Multimediadatei"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite fr Dokumente"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen fr Freigaben"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Grafikkarten"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Bildschirme"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Anzeigeverschiebung"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung fr Datentr„gerkopien"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen fr Microsoft Windows-Netzwerkobjekte"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen fr die Dateikomprimierung"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung fr Webdrucker"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen fr die Verschlsselung"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung fr HyperTerminal-Icons"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen fr Freigaben"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen fr Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverknpfung"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausfhren..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Syntaxanalyse der Adressleiste"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begráungsbildschirm"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abzgen ber das Internet"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverknpfung"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{c7745760-8ead-11ce-b750-02608ca5202c}"="IomegaWare Shell Extension"
"{c7745761-8ead-11ce-b750-02608ca5202c}"="IomegaWare Shell Extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{ED65AB21-B24F-11d3-BA80-00C0CA16AA37}"="Mobile"
"{ED65AB22-B24F-11d3-BA80-00C0CA16AA37}"="Mobile ContextMenuHandler"
"{ED65AB23-B24F-11d3-BA80-00C0CA16AA37}"="Mobile PropertySheetHandler"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63542C48-9552-494A-84F7-73AA6A7C99C1}"="OpenOffice Property Sheet Handler"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
browseui.dll Sun 3 Jul 2005 4:15:24 A.... 1.019.904 996,00 K
cbxxu.dll Thu 25 Aug 2005 0:36:28 ..... 25.088 24,50 K
cdfview.dll Sun 3 Jul 2005 4:15:24 A.... 152.064 148,50 K
gwfspi~1.dll Tue 12 Jul 2005 18:04:22 A.... 23.304 22,76 K
icm32.dll Wed 29 Jun 2005 3:49:40 A.... 254.976 249,00 K
iepeers.dll Sun 3 Jul 2005 4:15:24 ..... 251.392 245,50 K
inseng.dll Sun 3 Jul 2005 4:15:24 A.... 96.768 94,50 K
kerberos.dll Wed 15 Jun 2005 19:49:56 A.... 295.936 289,00 K
legitc~1.dll Wed 3 Aug 2005 10:33:42 A.... 520.456 508,26 K
mscms.dll Wed 29 Jun 2005 3:49:40 A.... 74.240 72,50 K
mshtml.dll Wed 20 Jul 2005 4:04:36 A.... 3.012.096 2,87 M
mshtmled.dll Sun 3 Jul 2005 4:15:28 ..... 448.512 438,00 K
msrating.dll Sun 3 Jul 2005 4:15:28 A.... 146.432 143,00 K
pngfilt.dll Sun 3 Jul 2005 4:15:28 A.... 39.424 38,50 K
shdocvw.dll Sun 3 Jul 2005 4:15:28 A.... 1.484.288 1,41 M
shlwapi.dll Sun 3 Jul 2005 4:15:28 A.... 474.112 463,00 K
tapisrv.dll Fri 8 Jul 2005 18:28:24 A.... 249.344 243,50 K
umpnpmgr.dll Thu 30 Jun 2005 4:05:34 A.... 119.296 116,50 K
urlmon.dll Sun 3 Jul 2005 4:15:28 A.... 605.696 591,50 K
wininet.dll Sun 3 Jul 2005 4:15:28 A.... 664.064 648,50 K

20 items found: 20 files, 0 directories.
Total of file sizes: 9.957.392 bytes 9,50 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
set71.tmp Wed 29 Jun 2005 3:49:40 A.... 74.240 72,50 K
set81.tmp Sun 3 Jul 2005 4:15:28 A.... 664.064 648,50 K
set82.tmp Sun 3 Jul 2005 4:15:28 A.... 605.696 591,50 K
set83.tmp Sun 3 Jul 2005 4:15:28 A.... 474.112 463,00 K
set84.tmp Sun 3 Jul 2005 4:15:28 A.... 1.484.288 1,41 M
set87.tmp Sun 3 Jul 2005 4:15:28 A.... 448.512 438,00 K
set88.tmp Wed 20 Jul 2005 4:04:36 A.... 3.012.096 2,87 M
set8a.tmp Sun 3 Jul 2005 4:15:24 A.... 251.392 245,50 K
set8c.tmp Sun 3 Jul 2005 4:15:24 A.... 1.019.904 996,00 K

9 items found: 9 files, 0 directories.
Total of file sizes: 8.034.304 bytes 7,66 M
**********************************************************************************
Directory Listing of system files:
Datentr„ger in Laufwerk C: ist 65-01-31
Volumeseriennummer: ECAE-D346

Verzeichnis von C:\WINDOWS\System32

04.09.2005 17:02 <DIR> dllcache
17.09.2002 06:38 <DIR> Microsoft
05.04.2001 19:43 94.208 msstkprp.dll
1 Datei(en) 94.208 Bytes
2 Verzeichnis(se), 16.543.322.112 Bytes frei

log.txt
Setting Directory
C:\
C:\
System Rebooted!

Running From:
C:\

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 200 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 480 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!

Zipping up files for submission:
updating: clear.reg (188 bytes security) (deflated 2%)
updating: gprs_log.txt (188 bytes security) (deflated 71%)
updating: Lang.txt (188 bytes security) (deflated 48%)
updating: lo2.txt (188 bytes security) (deflated 54%)
updating: log.txt (188 bytes security) (deflated 76%)
updating: mwmlog.txt (188 bytes security) (deflated 57%)
updating: start.txt (188 bytes security) (stored 0%)
updating: sys.txt (188 bytes security) (deflated 60%)
updating: system.txt (188 bytes security) (deflated 66%)
updating: system32.txt (188 bytes security) (deflated 79%)
updating: systemtemp.txt (188 bytes security) (deflated 4%)
updating: test.txt (188 bytes security) (stored 0%)
updating: test2.txt (188 bytes security) (stored 0%)
updating: test3.txt (188 bytes security) (stored 0%)
updating: test5.txt (188 bytes security) (stored 0%)
updating: virusscanJotti.txt (188 bytes security) (deflated 51%)
updating: win.txt (188 bytes security) (deflated 83%)
updating: windows.txt (188 bytes security) (stored 0%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read VORDEFINIERT\Benutzer
(ID-IO) ALLOW Read VORDEFINIERT\Benutzer
(ID-NI) ALLOW Full access VORDEFINIERT\Administratoren
(ID-IO) ALLOW Full access VORDEFINIERT\Administratoren
(ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access ERSTELLER-BESITZER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332

Restoring Windows Update Certificates.:


The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxxu]
"Asynchronous"=dword:00000001
"DllName"="cbxxu.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************



hijackthis.log

Logfile of HijackThis v1.99.1
Scan saved at 00:18:37, on 12.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\explorer.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\SpybotSearchDestroy\SDHelper.dll
O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\system32\cbxxu.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QT4STBTN] C:\Progra~1\SwiftBtn\SwiftBtn.EXE
O4 - HKLM\..\Run: [ADUserMon] C:\Programme\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Programme\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AS00_Gear511] C:\Programme\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3FE0A418-A61F-401B-8C4F-DEAA62C7CEEC} (Chartist25 Control) - http://www.tradesignal.com/wpa/tsb/2.6.2.2/components/tsbt-2-6-2-2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125841006826
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/de/check/qdiagh.cab?326
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: cbxxu - C:\WINDOWS\SYSTEM32\cbxxu.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Programme\Iomega\AutoDisk\ADService.exe

Bringt das neue Erkenntnisse?
TR/Dldr.ConHook.I wird immer noch gemeldet.
Oder habe ich etwas falsch gemacht?
Müssen alle Schritte im abgesicherten Modus abgearbeitet werden?

Vielen Dank und beste Grüße,
Stefan
Seitenanfang Seitenende
12.09.2005, 00:49
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 Hallo@sinus

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.

Zitat

REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxxu]

•KillBox
http://bilder.informationsarchiv.net/Nikitas_Tools/KillBox.zip
Anleitung: (bebildert)
http://virus-protect.org/killbox.html

•Delete File on Reboot <--anhaken

reinkopieren:
C:\WINDOWS\SYSTEM32\CBXXU.DLL

und klicke auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "yes
PendingFileRenameOperations Registry Data has been Removed by External Process!
starte du selbst den PC neu


Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "fixme.reg" auf dem Desktop doppelklicken

weiterhin im abgesicherten Modus
;)

#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\system32\cbxxu.dll
O20 - Winlogon Notify: cbxxu - C:\WINDOWS\SYSTEM32\cbxxu.dll

PC neustarten--> in den Normalmodus

datfindbat (bitte alle 4 Logs mit pfadangabe posten)

http://virus-protect.org/datfindbat.html

+ poste das neue Log vom HijackThis ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
12.09.2005, 01:26
Member

Themenstarter

Beiträge: 17
#5 Hallo@Sabina,

vielen Dank für die prompte Antwort.

datFind.bat: system32.txt

Datentr„ger in Laufwerk C: ist 65-01-31
Volumeseriennummer: ECAE-D346

Verzeichnis von C:\WINDOWS\system32

07.09.2005 23:38 1.158 wpa.dbl
25.08.2005 00:36 25.088 cbxxu.dll
04.08.2005 18:54 1.457.496 MRT.exe
03.08.2005 10:33 520.456 LegitCheckControl.DLL
20.07.2005 04:04 3.012.096 mshtml.dll
20.07.2005 04:04 3.012.096 SET88.tmp
19.07.2005 00:48 2.122 qtplugin.log
12.07.2005 18:04 23.304 GWFSPidGen.dll
08.07.2005 18:28 76.800 remotesp.tsp
08.07.2005 18:28 249.344 tapisrv.dll
03.07.2005 04:15 1.484.288 SET84.tmp
03.07.2005 04:15 474.112 SET83.tmp
03.07.2005 04:15 1.484.288 shdocvw.dll
03.07.2005 04:15 474.112 shlwapi.dll
03.07.2005 04:15 664.064 wininet.dll
03.07.2005 04:15 605.696 SET82.tmp
03.07.2005 04:15 664.064 SET81.tmp
03.07.2005 04:15 605.696 urlmon.dll
03.07.2005 04:15 39.424 pngfilt.dll
03.07.2005 04:15 448.512 mshtmled.dll
03.07.2005 04:15 448.512 SET87.tmp
03.07.2005 04:15 146.432 msrating.dll
03.07.2005 04:15 251.392 SET8A.tmp
03.07.2005 04:15 251.392 iepeers.dll
03.07.2005 04:15 152.064 cdfview.dll
03.07.2005 04:15 96.768 inseng.dll
03.07.2005 04:15 1.019.904 browseui.dll
03.07.2005 04:15 1.019.904 SET8C.tmp
30.06.2005 04:05 119.296 umpnpmgr.dll
29.06.2005 03:49 254.976 icm32.dll
29.06.2005 03:49 74.240 SET71.tmp
29.06.2005 03:49 74.240 mscms.dll
15.06.2005 19:49 295.936 kerberos.dll

datFind.bat: systemtemp.txt

Datentr„ger in Laufwerk C: ist 65-01-31
Volumeseriennummer: ECAE-D346

Verzeichnis von C:\DOKUME~1\Stefan\LOKALE~1\Temp

12.09.2005 01:09 16.384 ~DF7BB9.tmp
12.09.2005 01:06 392 kb.log
12.09.2005 00:07 16.384 ~DF3E4B.tmp
11.09.2005 23:43 16.384 ~DF6CBC.tmp
11.09.2005 23:20 16.384 ~DF4B50.tmp
11.09.2005 22:56 16.384 ~DFF85A.tmp
11.09.2005 20:27 16.384 ~DF8C12.tmp
10.09.2005 13:32 222 01.03.rm.RAM
10.09.2005 13:31 222 01.01.rm.RAM
10.09.2005 13:30 222 01.02.rm.RAM
04.09.2005 22:44 651.580 _iu14D2N.tmp
11 Datei(en) 750.942 Bytes
0 Verzeichnis(se), 16.545.435.648 Bytes frei

datFind.bat: system.txt

Datentr„ger in Laufwerk C: ist 65-01-31
Volumeseriennummer: ECAE-D346

Verzeichnis von C:\WINDOWS

12.09.2005 01:14 807.590 WindowsUpdate.log
12.09.2005 01:13 0 0.log
12.09.2005 01:13 5.688 ModemLog_GPRS via COM.txt
12.09.2005 01:13 4.240 ModemLog_Agere Systems AC'97 Modem.txt
12.09.2005 01:13 159 wiadebug.log
12.09.2005 01:13 50 wiaservc.log
12.09.2005 01:12 2.048 bootstat.dat
12.09.2005 01:08 589.026 ntbtlog.txt
12.09.2005 01:06 32.588 SchedLgU.Txt
11.09.2005 11:59 2.687 setupapi.log
05.09.2005 00:17 352 wincmd.ini
04.09.2005 21:44 1.022 win.ini
23.08.2005 10:26 911 cdplayer.ini
19.08.2005 21:20 1.125 winamp.ini
07.06.2005 23:31 1.389 HHB.INI
31.05.2005 06:53 545 RAR.PIF
31.05.2005 06:53 545 PKUNZIP.PIF
31.05.2005 06:53 545 UC.PIF
31.05.2005 06:53 545 NOCLOSE.PIF
31.05.2005 06:53 545 LHA.PIF
31.05.2005 06:53 545 PKZIP.PIF
31.05.2005 06:53 545 ARJ.PIF
28.05.2005 20:14 48 ChssBase.ini
28.05.2005 13:40 114.688 UninstallSunbird.exe
28.05.2005 13:40 20.274 mozver.dat
27.05.2005 01:22 10.752 hh.exe
10.03.2005 01:41 17 Missing.ini

datFind.bat: sys.txt

Datentr„ger in Laufwerk C: ist 65-01-31
Volumeseriennummer: ECAE-D346

Verzeichnis von C:\

12.09.2005 01:16 0 sys.txt
12.09.2005 01:15 6.174 system.txt
12.09.2005 01:15 777 systemtemp.txt
12.09.2005 01:14 102.195 system32.txt
12.09.2005 01:12 501.796.864 hiberfil.sys
12.09.2005 01:12 1.409.286.144 pagefile.sys
12.09.2005 01:01 488 hpfr5550.xml
12.09.2005 00:13 36.496 backup.zip
12.09.2005 00:13 7.896 log.txt
12.09.2005 00:09 0 test5.txt
11.09.2005 22:49 9.175 KillBoxFehler.jpg
09.09.2005 01:37 0 windows.txt
09.09.2005 01:34 703 win.txt
09.09.2005 01:27 39 start.txt
04.09.2005 22:40 780 virusscanJotti.txt
07.06.2005 23:31 191 mwmlog.txt

hijackthis.log

Logfile of HijackThis v1.99.1
Scan saved at 01:16:47, on 12.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Apoint2K\Apoint.exe
C:\Progra~1\SwiftBtn\SwiftBtn.EXE
C:\Programme\Iomega\AutoDisk\ADUserMon.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Iomega\DriveIcons\ImgIcon.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\AVPersonal\AVSched32.EXE
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\Apoint2K\Apntex.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Programme\Iomega\AutoDisk\ADService.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\SpybotSearchDestroy\SDHelper.dll
O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\system32\cbxxu.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QT4STBTN] C:\Progra~1\SwiftBtn\SwiftBtn.EXE
O4 - HKLM\..\Run: [ADUserMon] C:\Programme\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Programme\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AS00_Gear511] C:\Programme\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3FE0A418-A61F-401B-8C4F-DEAA62C7CEEC} (Chartist25 Control) - http://www.tradesignal.com/wpa/tsb/2.6.2.2/components/tsbt-2-6-2-2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125841006826
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/de/check/qdiagh.cab?326
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: cbxxu - C:\WINDOWS\SYSTEM32\cbxxu.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Programme\Iomega\AutoDisk\ADService.exe

Beste Grüße,
Stefan
Seitenanfang Seitenende
12.09.2005, 01:38
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 start-->Ausfuehren--> regedit
bearbeiten--> suchen--> cbxxu.dll
loesche alles, was du findest.

1. Öffne notepad (editor) Unter Start/Ausführen den Befehl notepad eingeben,bestätigen,dann erscheint ein notepad editor.
Oder unter Start/Programme/Zubehör/Editor

2. Kopiere diesen Code rein:


@ECHO OFF
attrib -s -r -h "C:\Windows\System32\cbxxu.dll"
del "C:\Windows\System32\cbxxu.dll"
exit

3. Speichere die Datei als Rem.bat auf Desktop

PC in den abgesicherten modus starten

4. Doppelklick auf diese Datei Rem.bat

-----------------------------------------------------------------------

Zitat

Verzeichnis von C:\WINDOWS\system32
07.09.2005 23:38 1.158 wpa.dbl
25.08.2005 00:36 25.088 cbxxu.dll

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
13.09.2005, 02:04
Member

Themenstarter

Beiträge: 17
#7 Hallo@Sabina,

ganz herzlichen Dank für die Hilfe!

Bin leider nicht mehr dazu gekommen, Rem.bat auszuprobieren. Dafür bin ich jetzt anscheinend das Problem losgeworden. :-)

Nachdem alle Versuche mit KillBox vergeblich waren und sich die Registry-Einträge für cbxxu.dll nicht dauerhaft löschen ließen, habe ich VundoFix im abgesicherten Modus auf C:\Windows\System32\cbxxu.dll angewendet (mit umgekehrter Zeichenfolge als zweitem Parameter: C:\Windows\System32\uxxbc.*).

Seitdem erhalte ich keine Meldungen von AntiVir mehr und die zwei hartnäckigen Einträge für cbxxu.dll im hijackthis.log sind auch verschwunden.

Gruß,
Stefan
Seitenanfang Seitenende
13.09.2005, 03:47
Member
Avatar Gool

Beiträge: 4730
#8 Wobei das noch nicht bedeutet, dass Du das Problem los bist.

Scan mit eScanCheck (http://virus-protect.org/escan.html) und poste das Ergebnis.
__________
Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren.
Der Grabsteinschubser
Seitenanfang Seitenende
17.09.2005, 20:04
Member

Themenstarter

Beiträge: 17
#9 Hi,

hat etwas länger gedauert, da ich Probleme mit dem Herunterladen der Virusdefinitionen hatte (mwti.net nicht erreichbar?!).

Hier das Gesamtergebnis von eScan for Windows (Trial) mit default-Einstellungen im abgesicherten Modus:

Sa Sep 17 17:55:15 2005 => Total Number of Files Scanned: 112963
Sa Sep 17 17:55:15 2005 => Total Number of Files Infected: 0
Sa Sep 17 17:55:15 2005 => Total Number of Files Disinfected: 0
Sa Sep 17 17:55:15 2005 => Total Number of Files Renamed: 0
Sa Sep 17 17:55:15 2005 => Total Number of Files Deleted: 0
Sa Sep 17 17:55:15 2005 => Total Number of Errors: 0
Sa Sep 17 17:55:15 2005 => Time Elapsed:: 04:01:32

Unten die Ausgabe MWAV.LOG.

Vielen Dank im voraus für das Feedback!
Stefan



Sat Sep 17 13:53:07 2005 => **********************************************************
Sat Sep 17 13:53:07 2005 => eScan AntiVirus Toolkit Utility.
Sat Sep 17 13:53:07 2005 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Sat Sep 17 13:53:07 2005 => **********************************************************
Sat Sep 17 13:53:07 2005 => Version 4.6.2 (C:\Programme\eScan\mwavscan.com)
Sat Sep 17 13:53:07 2005 => Log File: C:\PROGRA~1\eScan\LOG\MWAV.LOG
Sat Sep 17 13:53:07 2005 => Command Line Options Given: /MEM /REG /STARTUP /SER /SC /S
Sat Sep 17 13:53:07 2005 => Database Path in KL Key: C:\PROGRA~1\eScan.
Sat Sep 17 13:53:08 2005 => Latest Date of files in KL key: 17 Sep 2005 13:33:13.
Sat Sep 17 13:53:08 2005 => Latest Date of files inside MWAV: 17 Sep 2005 13:33:13.
Sat Sep 17 13:53:08 2005 => eScan Install Directory: C:\PROGRA~1\eScan\
Sat Sep 17 13:53:08 2005 => MailScan Install Directory: C:\PROGRA~1\eScan\
Sat Sep 17 13:53:09 2005 => AV Library Loaded...

Sat Sep 17 13:53:09 2005 => **********************************************************
Sat Sep 17 13:53:09 2005 => eScan AntiVirus Toolkit Utility.
Sat Sep 17 13:53:09 2005 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Sat Sep 17 13:53:09 2005 =>
Sat Sep 17 13:53:09 2005 => Support: support@mwti.net
Sat Sep 17 13:53:09 2005 => Web: http://www.mwti.net
Sat Sep 17 13:53:09 2005 => **********************************************************
Sat Sep 17 13:53:09 2005 => Version 4.6.2 (C:\Programme\eScan\mwavscan.com)
Sat Sep 17 13:53:09 2005 => Log File: C:\PROGRA~1\eScan\LOG\MWAV.LOG
Sat Sep 17 13:53:09 2005 => Database Path in KL Key: C:\PROGRA~1\eScan.
Sat Sep 17 13:53:09 2005 => Latest Date of files in KL key: 17 Sep 2005 13:33:13.
Sat Sep 17 13:53:09 2005 => Latest Date of files inside MWAV: 17 Sep 2005 13:33:13.

Sat Sep 17 13:53:09 2005 => Options Selected by User:
Sat Sep 17 13:53:09 2005 => Memory Check: Enabled
Sat Sep 17 13:53:09 2005 => Registry Check: Enabled
Sat Sep 17 13:53:09 2005 => StartUp Folder Check: Enabled
Sat Sep 17 13:53:09 2005 => System Folder Check: Disabled
Sat Sep 17 13:53:09 2005 => System Area Check: Disabled
Sat Sep 17 13:53:09 2005 => Services Check: Enabled
Sat Sep 17 13:53:09 2005 => Drive Check Option Disabled
Sat Sep 17 13:53:09 2005 => Folder Check: Disabled

Sat Sep 17 13:53:09 2005 => ***** Scanning Memory Files *****
Sat Sep 17 13:53:09 2005 => Scanning File C:\WINDOWS\SYSTEM32\CSRSS.EXE
Sat Sep 17 13:53:09 2005 => Scanning File C:\WINDOWS\SYSTEM32\WINLOGON.EXE
Sat Sep 17 13:53:09 2005 => Scanning File C:\WINDOWS\System32\smss.exe
Sat Sep 17 13:53:09 2005 => Scanning File C:\PROGRA~1\eScan\msvlclnt.dll
Sat Sep 17 13:53:09 2005 => Scanning File C:\PROGRA~1\Adobe\ACROBA~3.0\ActiveX\PDFShell.dll
Sat Sep 17 13:53:10 2005 => Scanning File C:\Programme\eScan\escanwin.exe
Sat Sep 17 13:53:10 2005 => Scanning File C:\Programme\eScan\ipc.dll
Sat Sep 17 13:53:10 2005 => Scanning File C:\Programme\eScan\kavss.dll
Sat Sep 17 13:53:10 2005 => Scanning File C:\Programme\eScan\kavss.exe
Sat Sep 17 13:53:10 2005 => Scanning File C:\Programme\eScan\kavssd.dll
Sat Sep 17 13:53:10 2005 => Scanning File C:\Programme\eScan\kavssdi.dll
Sat Sep 17 13:53:10 2005 => Scanning File C:\Programme\eScan\kavssi.dll
Sat Sep 17 13:53:10 2005 => Scanning File C:\Programme\eScan\msvlclnt.dll
Sat Sep 17 13:53:10 2005 => Scanning File C:\Programme\eScan\mwavscan.com
Sat Sep 17 13:53:10 2005 => Scanning File C:\WINDOWS\AppPatch\AcGenral.DLL
Sat Sep 17 13:53:10 2005 => Scanning File C:\WINDOWS\Explorer.EXE
Sat Sep 17 13:53:11 2005 => Scanning File C:\WINDOWS\SPORDER.dll
Sat Sep 17 13:53:11 2005 => Scanning File C:\WINDOWS\system32\ADVAPI32.dll
Sat Sep 17 13:53:11 2005 => Scanning File C:\WINDOWS\system32\Apphelp.dll
Sat Sep 17 13:53:11 2005 => Scanning File C:\WINDOWS\system32\ATL.DLL
Sat Sep 17 13:53:11 2005 => Scanning File C:\WINDOWS\system32\AUTHZ.dll
Sat Sep 17 13:53:11 2005 => Scanning File C:\WINDOWS\system32\basesrv.dll
Sat Sep 17 13:53:11 2005 => Scanning File C:\WINDOWS\system32\BROWSEUI.dll
Sat Sep 17 13:53:11 2005 => Scanning File c:\windows\system32\certcli.dll
Sat Sep 17 13:53:11 2005 => Scanning File C:\WINDOWS\system32\CLBCATQ.DLL
Sat Sep 17 13:53:11 2005 => Scanning File C:\WINDOWS\system32\COMCTL32.dll
Sat Sep 17 13:53:11 2005 => Scanning File C:\WINDOWS\system32\comdlg32.dll
Sat Sep 17 13:53:11 2005 => Scanning File C:\WINDOWS\system32\COMRes.dll
Sat Sep 17 13:53:11 2005 => Scanning File C:\WINDOWS\system32\credui.dll
Sat Sep 17 13:53:11 2005 => Scanning File C:\WINDOWS\system32\CRYPT32.dll
Sat Sep 17 13:53:11 2005 => Scanning File C:\WINDOWS\system32\cryptdll.dll
Sat Sep 17 13:53:11 2005 => Scanning File c:\windows\system32\cryptsvc.dll
Sat Sep 17 13:53:12 2005 => Scanning File C:\WINDOWS\system32\CRYPTUI.dll
Sat Sep 17 13:53:12 2005 => Scanning File C:\WINDOWS\system32\cscdll.dll
Sat Sep 17 13:53:12 2005 => Scanning File C:\WINDOWS\system32\cscui.dll
Sat Sep 17 13:53:12 2005 => Scanning File C:\WINDOWS\system32\CSRSRV.dll
Sat Sep 17 13:53:12 2005 => Scanning File C:\WINDOWS\System32\davclnt.dll
Sat Sep 17 13:53:12 2005 => Scanning File C:\WINDOWS\system32\DNSAPI.dll
Sat Sep 17 13:53:12 2005 => Scanning File C:\WINDOWS\System32\drprov.dll
Sat Sep 17 13:53:12 2005 => Scanning File c:\windows\system32\ESENT.dll
Sat Sep 17 13:53:12 2005 => Scanning File C:\WINDOWS\system32\eventlog.dll
Sat Sep 17 13:53:12 2005 => Scanning File C:\WINDOWS\system32\GDI32.dll
Sat Sep 17 13:53:12 2005 => Scanning File C:\WINDOWS\system32\HHCTRL.OCX
Sat Sep 17 13:53:12 2005 => Scanning File C:\WINDOWS\system32\hnetcfg.dll
Sat Sep 17 13:53:12 2005 => Scanning File C:\WINDOWS\system32\IMAGEHLP.dll
Sat Sep 17 13:53:12 2005 => Scanning File C:\WINDOWS\system32\iphlpapi.dll
Sat Sep 17 13:53:12 2005 => Scanning File C:\WINDOWS\system32\kerberos.dll
Sat Sep 17 13:53:12 2005 => Scanning File C:\WINDOWS\system32\KERNEL32.dll
Sat Sep 17 13:53:13 2005 => Scanning File C:\WINDOWS\system32\LINKINFO.dll
Sat Sep 17 13:53:13 2005 => Scanning File C:\WINDOWS\system32\LSASRV.dll
Sat Sep 17 13:53:13 2005 => Scanning File C:\WINDOWS\system32\lsass.exe
Sat Sep 17 13:53:13 2005 => Scanning File C:\WINDOWS\system32\MPR.dll
Sat Sep 17 13:53:13 2005 => Scanning File C:\WINDOWS\system32\MSACM32.dll
Sat Sep 17 13:53:13 2005 => Scanning File C:\WINDOWS\system32\MSASN1.dll
Sat Sep 17 13:53:13 2005 => Scanning File C:\WINDOWS\System32\MSCTF.dll
Sat Sep 17 13:53:13 2005 => Scanning File C:\WINDOWS\system32\MSGINA.dll
Sat Sep 17 13:53:13 2005 => Scanning File C:\WINDOWS\system32\msi.dll
Sat Sep 17 13:53:13 2005 => Scanning File C:\WINDOWS\system32\MSIMG32.dll
Sat Sep 17 13:53:13 2005 => Scanning File C:\WINDOWS\system32\msprivs.dll
Sat Sep 17 13:53:13 2005 => Scanning File C:\WINDOWS\System32\msutb.dll
Sat Sep 17 13:53:13 2005 => Scanning File C:\WINDOWS\system32\msv1_0.dll
Sat Sep 17 13:53:13 2005 => Scanning File C:\WINDOWS\system32\MSVCP60.dll
Sat Sep 17 13:53:13 2005 => Scanning File C:\WINDOWS\system32\msvcrt.dll
Sat Sep 17 13:53:14 2005 => Scanning File C:\WINDOWS\system32\mswsock.dll
Sat Sep 17 13:53:14 2005 => Scanning File C:\WINDOWS\system32\mui\0007\HHCTRLui.dll
Sat Sep 17 13:53:14 2005 => Scanning File C:\WINDOWS\system32\mwtsp.dll
Sat Sep 17 13:53:14 2005 => Scanning File C:\WINDOWS\system32\NCObjAPI.DLL
Sat Sep 17 13:53:14 2005 => Scanning File C:\WINDOWS\system32\NDdeApi.dll
Sat Sep 17 13:53:14 2005 => Scanning File C:\WINDOWS\system32\NETAPI32.dll
Sat Sep 17 13:53:14 2005 => Scanning File C:\WINDOWS\system32\netlogon.dll
Sat Sep 17 13:53:14 2005 => Scanning File C:\WINDOWS\System32\NETRAP.dll
Sat Sep 17 13:53:14 2005 => Scanning File C:\WINDOWS\system32\netshell.dll
Sat Sep 17 13:53:14 2005 => Scanning File C:\WINDOWS\System32\NETUI0.dll
Sat Sep 17 13:53:14 2005 => Scanning File C:\WINDOWS\System32\NETUI1.dll
Sat Sep 17 13:53:14 2005 => Scanning File C:\WINDOWS\system32\ntdll.dll
Sat Sep 17 13:53:14 2005 => Scanning File C:\WINDOWS\system32\NTDSAPI.dll
Sat Sep 17 13:53:14 2005 => Scanning File C:\WINDOWS\System32\ntlanman.dll
Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\NTMARTA.DLL
Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\ntshrui.dll
Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\ODBC32.dll
Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\odbcint.dll
Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\ole32.dll
Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\OLEAUT32.dll
Sat Sep 17 13:53:15 2005 => Scanning File c:\windows\system32\POWRPROF.dll
Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\PROFMAP.dll
Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\PSAPI.DLL
Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\rasadhlp.dll
Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\REGAPI.dll
Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\RICHED20.dll
Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\RICHED32.DLL
Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\RPCRT4.dll
Sat Sep 17 13:53:15 2005 => Scanning File c:\windows\system32\rpcss.dll
Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\rsaenh.dll
Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\rtutils.dll
Sat Sep 17 13:53:15 2005 => Scanning File C:\WINDOWS\system32\SAMLIB.dll
Sat Sep 17 13:53:16 2005 => Scanning File C:\WINDOWS\system32\SAMSRV.dll
Sat Sep 17 13:53:16 2005 => Scanning File C:\WINDOWS\system32\scecli.dll
Sat Sep 17 13:53:16 2005 => Scanning File C:\WINDOWS\system32\SCESRV.dll
Sat Sep 17 13:53:16 2005 => Scanning File C:\WINDOWS\system32\schannel.dll
Sat Sep 17 13:53:16 2005 => Scanning File C:\WINDOWS\system32\Secur32.dll
Sat Sep 17 13:53:16 2005 => Scanning File C:\WINDOWS\system32\services.exe
Sat Sep 17 13:53:16 2005 => Scanning File C:\WINDOWS\system32\SETUPAPI.dll
Sat Sep 17 13:53:16 2005 => Scanning File C:\WINDOWS\system32\sfc.dll
Sat Sep 17 13:53:16 2005 => Scanning File C:\WINDOWS\system32\sfc_os.dll
Sat Sep 17 13:53:16 2005 => Scanning File C:\WINDOWS\system32\shdoclc.dll
Sat Sep 17 13:53:17 2005 => Scanning File C:\WINDOWS\system32\SHDOCVW.dll
Sat Sep 17 13:53:17 2005 => Scanning File C:\WINDOWS\system32\SHELL32.dll
Sat Sep 17 13:53:17 2005 => Scanning File C:\WINDOWS\system32\ShimEng.dll
Sat Sep 17 13:53:17 2005 => Scanning File C:\WINDOWS\system32\SHLWAPI.dll
Sat Sep 17 13:53:17 2005 => Scanning File C:\WINDOWS\system32\SHSVCS.dll
Sat Sep 17 13:53:17 2005 => Scanning File c:\windows\system32\srsvc.dll
Sat Sep 17 13:53:17 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Sat Sep 17 13:53:17 2005 => Scanning File C:\WINDOWS\system32\sxs.dll
Sat Sep 17 13:53:18 2005 => Scanning File C:\WINDOWS\System32\themeui.dll
Sat Sep 17 13:53:18 2005 => Scanning File C:\WINDOWS\system32\umpnpmgr.dll
Sat Sep 17 13:53:18 2005 => Scanning File C:\WINDOWS\system32\urlmon.dll
Sat Sep 17 13:53:18 2005 => Scanning File C:\WINDOWS\system32\USER32.dll
Sat Sep 17 13:53:18 2005 => Scanning File C:\WINDOWS\system32\USERENV.dll
Sat Sep 17 13:53:18 2005 => Scanning File C:\WINDOWS\system32\UxTheme.dll
Sat Sep 17 13:53:18 2005 => Scanning File C:\WINDOWS\system32\VDMDBG.DLL
Sat Sep 17 13:53:18 2005 => Scanning File C:\WINDOWS\system32\VERSION.dll
Sat Sep 17 13:53:18 2005 => Scanning File C:\WINDOWS\system32\VSSAPI.DLL
Sat Sep 17 13:53:18 2005 => Scanning File C:\WINDOWS\system32\w32time.dll
Sat Sep 17 13:53:18 2005 => Scanning File C:\WINDOWS\System32\wbem\esscli.dll
Sat Sep 17 13:53:18 2005 => Scanning File C:\WINDOWS\System32\wbem\FastProx.dll
Sat Sep 17 13:53:18 2005 => Scanning File C:\WINDOWS\System32\wbem\ncprov.dll
Sat Sep 17 13:53:18 2005 => Scanning File C:\WINDOWS\System32\wbem\repdrvfs.dll
Sat Sep 17 13:53:18 2005 => Scanning File C:\WINDOWS\System32\wbem\wbemcomn.dll
Sat Sep 17 13:53:19 2005 => Scanning File C:\WINDOWS\System32\wbem\wbemcore.dll
Sat Sep 17 13:53:19 2005 => Scanning File C:\WINDOWS\System32\wbem\wbemess.dll
Sat Sep 17 13:53:19 2005 => Scanning File C:\WINDOWS\System32\wbem\wmiprvsd.dll
Sat Sep 17 13:53:19 2005 => Scanning File c:\windows\system32\wbem\wmisvc.dll
Sat Sep 17 13:53:19 2005 => Scanning File C:\WINDOWS\System32\wbem\wmiutils.dll
Sat Sep 17 13:53:19 2005 => Scanning File C:\WINDOWS\system32\wdigest.dll
Sat Sep 17 13:53:19 2005 => Scanning File C:\WINDOWS\system32\WINHTTP.dll
Sat Sep 17 13:53:19 2005 => Scanning File C:\WINDOWS\system32\WININET.dll
Sat Sep 17 13:53:19 2005 => Scanning File C:\WINDOWS\system32\WINMM.dll
Sat Sep 17 13:53:19 2005 => Scanning File C:\WINDOWS\System32\winrnr.dll
Sat Sep 17 13:53:19 2005 => Scanning File C:\WINDOWS\system32\WinSCard.dll
Sat Sep 17 13:53:19 2005 => Scanning File C:\WINDOWS\system32\WINSPOOL.DRV
Sat Sep 17 13:53:19 2005 => Scanning File C:\WINDOWS\system32\winsrv.dll
Sat Sep 17 13:53:19 2005 => Scanning File C:\WINDOWS\system32\WINSTA.dll
Sat Sep 17 13:53:19 2005 => Scanning File C:\WINDOWS\system32\WINTRUST.dll
Sat Sep 17 13:53:20 2005 => Scanning File C:\WINDOWS\system32\WLDAP32.dll
Sat Sep 17 13:53:20 2005 => Scanning File C:\WINDOWS\system32\WlNotify.dll
Sat Sep 17 13:53:20 2005 => Scanning File C:\WINDOWS\system32\WS2_32.dll
Sat Sep 17 13:53:20 2005 => Scanning File C:\WINDOWS\system32\WS2HELP.dll
Sat Sep 17 13:53:20 2005 => Scanning File C:\WINDOWS\System32\wshtcpip.dll
Sat Sep 17 13:53:20 2005 => Scanning File C:\WINDOWS\system32\wsock32.dll
Sat Sep 17 13:53:20 2005 => Scanning File C:\WINDOWS\system32\WTSAPI32.dll
Sat Sep 17 13:53:20 2005 => Scanning File C:\WINDOWS\system32\wzcdlg.dll
Sat Sep 17 13:53:20 2005 => Scanning File C:\WINDOWS\system32\WZCSAPI.DLL
Sat Sep 17 13:53:20 2005 => Scanning File C:\WINDOWS\system32\xpsp2res.dll
Sat Sep 17 13:53:21 2005 => Scanning File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

Sat Sep 17 13:53:21 2005 => ***** Scanning Registry Files *****

Sat Sep 17 13:53:21 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Sat Sep 17 13:53:21 2005 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***
Sat Sep 17 13:53:21 2005 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Sat Sep 17 13:53:21 2005 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***
Sat Sep 17 13:53:21 2005 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Sat Sep 17 13:53:21 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Sat Sep 17 13:53:21 2005 => Scanning File C:\WINDOWS\System32\stobject.dll

Sat Sep 17 13:53:21 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
Sat Sep 17 13:53:21 2005 => {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
Sat Sep 17 13:53:21 2005 => Scanning File C:\PROGRA~1\Adobe\ACROBA~3.0\ActiveX\ACROIE~1.DLL
Sat Sep 17 13:53:21 2005 => {53707962-6F74-2D53-2644-206D7942484F} = C:\Programme\SpybotSearchDestroy\SDHelper.dll
Sat Sep 17 13:53:21 2005 => Scanning File C:\Programme\SpybotSearchDestroy\SDHelper.dll

Sat Sep 17 13:53:21 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sat Sep 17 13:53:21 2005 => Scanning File C:\WINDOWS\system32\Ati2mdxx.exe
Sat Sep 17 13:53:21 2005 => Scanning File C:\WINDOWS\SOUNDMAN.EXE
Sat Sep 17 13:53:22 2005 => Scanning File C:\PROGRA~2\ATITEC~1\ATICON~1\atiptaxx.exe
Sat Sep 17 13:53:22 2005 => Scanning File C:\WINDOWS\AGRSMMSG.exe
Sat Sep 17 13:53:22 2005 => Scanning File C:\Programme\Apoint2K\Apoint.exe
Sat Sep 17 13:53:22 2005 => Scanning File C:\Progra~1\SwiftBtn\SwiftBtn.EXE
Sat Sep 17 13:53:22 2005 => Scanning File C:\Programme\Iomega\AutoDisk\ADUserMon.exe
Sat Sep 17 13:53:22 2005 => Scanning File C:\Programme\Iomega\DriveIcons\ImgIcon.exe
Sat Sep 17 13:53:22 2005 => Scanning File C:\Programme\Iomega\DriveIcons\deskup.exe
Sat Sep 17 13:53:22 2005 => Scanning File C:\WINDOWS\System32\NeroCheck.exe
Sat Sep 17 13:53:23 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\MICROS~1\WORKSS~1\WkUFind.exe
Sat Sep 17 13:53:23 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\Real\UPDATE~1\REALSC~1.EXE
Sat Sep 17 13:53:23 2005 => Scanning File C:\Programme\NETGEAR\WG511SCU\Utility\Gear511.exe
Sat Sep 17 13:53:23 2005 => Scanning File C:\Programme\QuickTime\qttask.exe
Sat Sep 17 13:53:23 2005 => Scanning File C:\Programme\AVPersonal\AVSched32.EXE
Sat Sep 17 13:53:23 2005 => Scanning File C:\Programme\AVPersonal\AVGNT.EXE
Sat Sep 17 13:53:24 2005 => Scanning File C:\Programme\iTunes\iTunesHelper.exe
Sat Sep 17 13:53:24 2005 => *** File C:\Programme\ICQLite\ICQLite.exe having Size Restriction ***
Sat Sep 17 13:53:24 2005 => Scanning File C:\Programme\ICQLite\ICQLite.exe [**]
Sat Sep 17 13:53:24 2005 => Scanning File C:\Programme\eScan\LAUNCH.EXE
Sat Sep 17 13:53:24 2005 => Scanning File C:\PROGRA~1\eScan\TRAYICOS.EXE
Sat Sep 17 13:53:24 2005 => Scanning File C:\PROGRA~1\eScan\AVPMWrap.EXE

Sat Sep 17 13:53:24 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Sat Sep 17 13:53:24 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Sat Sep 17 13:53:24 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Sat Sep 17 13:53:24 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sat Sep 17 13:53:24 2005 => Scanning File C:\WINDOWS\system32\ctfmon.exe
Sat Sep 17 13:53:24 2005 => *** File C:\Programme\Messenger\MSMSGS.EXE having Size Restriction ***
Sat Sep 17 13:53:24 2005 => Scanning File C:\Programme\Messenger\MSMSGS.EXE [**]
Sat Sep 17 13:53:24 2005 => *** File C:\Programme\Skype\Phone\Skype.exe having Size Restriction ***
Sat Sep 17 13:53:24 2005 => Scanning File C:\Programme\Skype\Phone\Skype.exe [**]

Sat Sep 17 13:53:24 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Sat Sep 17 13:53:24 2005 => *** File C:\Programme\ICQLite\ICQLite.exe having Size Restriction ***
Sat Sep 17 13:53:24 2005 => Scanning File C:\Programme\ICQLite\ICQLite.exe [**]

Sat Sep 17 13:53:24 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Sat Sep 17 13:53:24 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Sat Sep 17 13:53:24 2005 => Scanning HKCR\txtfile\shell\open\command
Sat Sep 17 13:53:24 2005 => Scanning File C:\WINDOWS\system32\NOTEPAD.EXE

Sat Sep 17 13:53:24 2005 => Scanning HKCR\comfile\shell\open\command

Sat Sep 17 13:53:24 2005 => Scanning HKCR\exefile\shell\open\command

Sat Sep 17 13:53:24 2005 => Scanning HKCR\dllfile\shell\open\command

Sat Sep 17 13:53:24 2005 => Scanning HKCR\batfile\shell\open\command

Sat Sep 17 13:53:24 2005 => Scanning HKCR\piffile\shell\open\command

Sat Sep 17 13:53:24 2005 => Scanning HKCR\scrfile\shell\open\command

Sat Sep 17 13:53:24 2005 => Scanning HKCR\scrfile\shell\config\command

Sat Sep 17 13:53:24 2005 => Scanning HKCR\regfile\shell\open\command

Sat Sep 17 13:53:24 2005 => Scanning HKCR\htmlfile\shell\open\command
Sat Sep 17 13:53:24 2005 => Scanning File C:\PROGRA~1\INTERN~1\iexplore.exe

Sat Sep 17 13:53:24 2005 => Scanning HKCR\htafile\shell\open\command
Sat Sep 17 13:53:24 2005 => Scanning File C:\WINDOWS\System32\mshta.exe

Sat Sep 17 13:53:25 2005 => Scanning HKCR\jsfile\shell\open\command
Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\System32\WScript.exe

Sat Sep 17 13:53:25 2005 => Scanning HKCR\jsefile\shell\open\command
Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\System32\WScript.exe

Sat Sep 17 13:53:25 2005 => Scanning HKCR\vbsfile\shell\open\command
Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\System32\WScript.exe

Sat Sep 17 13:53:25 2005 => Scanning HKCR\vbefile\shell\open\command
Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\System32\WScript.exe

Sat Sep 17 13:53:25 2005 => Scanning HKCR\wshfile\shell\open\command
Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\System32\WScript.exe

Sat Sep 17 13:53:25 2005 => Scanning HKCR\wsffile\shell\open\command
Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\System32\WScript.exe

Sat Sep 17 13:53:25 2005 => ***** Scanning StartUp Folders *****

Sat Sep 17 13:53:25 2005 => ***** Scanning C:\Dokumente und Einstellungen\Stefan\Startmenü\Programme\Autostart Folder *****
Sat Sep 17 13:53:25 2005 => Scanning Folder: C:\Dokumente und Einstellungen\Stefan\Startmenü\Programme\Autostart\*.*
Sat Sep 17 13:53:25 2005 => Scanning File C:\Dokumente und Einstellungen\Stefan\Startmenü\Programme\Autostart\desktop.ini [**]

Sat Sep 17 13:53:25 2005 => ***** Scanning C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Folder *****
Sat Sep 17 13:53:25 2005 => Scanning Folder: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\*.*
Sat Sep 17 13:53:25 2005 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk [**]
Sat Sep 17 13:53:25 2005 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini [**]
Sat Sep 17 13:53:25 2005 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hp psc 2000 Series.lnk [**]
Sat Sep 17 13:53:25 2005 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hpoddt01.exe.lnk [**]
Sat Sep 17 13:53:25 2005 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk [**]

Sat Sep 17 13:53:25 2005 => ***** Scanning Service Files *****
Sat Sep 17 13:53:25 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\system32\drivers\ac97intc.sys
Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ACPI.sys
Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\adpu160m.sys
Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\system32\drivers\aec.sys
Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\System32\drivers\afd.sys
Sat Sep 17 13:53:25 2005 => *** File C:\WINDOWS\system32\DRIVERS\AGRSM.sys having Size Restriction ***
Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\AGRSM.sys [**]
Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\agp440.sys
Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\aha154x.sys
Sat Sep 17 13:53:25 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\aic78u2.sys
Sat Sep 17 13:53:26 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\aic78xx.sys
Sat Sep 17 13:53:26 2005 => Scanning File C:\WINDOWS\system32\drivers\ALCXWDM.SYS
Sat Sep 17 13:53:26 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:26 2005 => Scanning File C:\WINDOWS\System32\alg.exe
Sat Sep 17 13:53:26 2005 => Scanning File C:\WINDOWS\system32\drivers\ac97ali.sys
Sat Sep 17 13:53:26 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\aliide.sys
Sat Sep 17 13:53:26 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\alim1541.sys
Sat Sep 17 13:53:26 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\amdagp.sys
Sat Sep 17 13:53:26 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\amdk7.sys
Sat Sep 17 13:53:26 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\amsint.sys
Sat Sep 17 13:53:26 2005 => Scanning File C:\Programme\AVPersonal\AVGUARD.EXE
Sat Sep 17 13:53:26 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
Sat Sep 17 13:53:26 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Sat Sep 17 13:53:26 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ar5211.sys
Sat Sep 17 13:53:26 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\arp1394.sys
Sat Sep 17 13:53:26 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\asc.sys
Sat Sep 17 13:53:27 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\asc3350p.sys
Sat Sep 17 13:53:27 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\asc3550.sys
Sat Sep 17 13:53:27 2005 => Scanning File C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
Sat Sep 17 13:53:27 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\asyncmac.sys
Sat Sep 17 13:53:27 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\atapi.sys
Sat Sep 17 13:53:27 2005 => Scanning File C:\WINDOWS\System32\Ati2evxx.exe
Sat Sep 17 13:53:27 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Sat Sep 17 13:53:27 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\atmarpc.sys
Sat Sep 17 13:53:27 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:27 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\audstub.sys
Sat Sep 17 13:53:27 2005 => Scanning File C:\PROGRAMME\AVPERSONAL\AVGNTDW.SYS
Sat Sep 17 13:53:27 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\avmwan.sys
Sat Sep 17 13:53:27 2005 => Scanning File C:\Programme\AVPersonal\AVWUPSRV.EXE
Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\SYSTEM32\AWINDIS5.SYS
Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\atisgkaf.sys
Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\cdrom.sys
Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\system32\cisvc.exe
Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\system32\clipsrv.exe
Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\cmdide.sys
Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\compbatt.sys
Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\System32\dllhost.exe
Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\cpqarray.sys
Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\dac960nt.sys
Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:28 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\disk.sys
Sat Sep 17 13:53:29 2005 => Scanning File C:\WINDOWS\System32\dmadmin.exe
Sat Sep 17 13:53:29 2005 => Scanning File C:\WINDOWS\system32\drivers\dmboot.sys
Sat Sep 17 13:53:29 2005 => Scanning File C:\WINDOWS\system32\drivers\dmio.sys
Sat Sep 17 13:53:29 2005 => Scanning File C:\WINDOWS\system32\drivers\dmload.sys
Sat Sep 17 13:53:29 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:29 2005 => Scanning File C:\WINDOWS\system32\drivers\DMusic.sys
Sat Sep 17 13:53:29 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:29 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\dpti2o.sys
Sat Sep 17 13:53:29 2005 => Scanning File C:\WINDOWS\system32\drivers\drmkaud.sys
Sat Sep 17 13:53:29 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:29 2005 => Scanning File C:\PROGRA~1\eScan\TRAYSSER.EXE
Sat Sep 17 13:53:29 2005 => Scanning File C:\WINDOWS\system32\services.exe
Sat Sep 17 13:53:29 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:29 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:29 2005 => Scanning File C:\WINDOWS\system32\fxssvc.exe
Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\fdc.sys
Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\system32\drivers\fltmgr.sys
Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ftdisk.sys
Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\fxusbase.sys
Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\msgpc.sys
Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\hpn.sys
Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\HPZid412.sys
Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\HPZius12.sys
Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\system32\Drivers\HTTP.sys
Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\i2omp.sys
Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\imapi.sys
Sat Sep 17 13:53:30 2005 => Scanning File C:\WINDOWS\System32\imapi.exe
Sat Sep 17 13:53:31 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ini910u.sys
Sat Sep 17 13:53:31 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\intelide.sys
Sat Sep 17 13:53:31 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\iomdisk.sys
Sat Sep 17 13:53:31 2005 => ERROR!!! Invalid Entry "" in SYSTEM\CurrentControlSet\Services\Iomega Activity Disk2...
Sat Sep 17 13:53:31 2005 => Scanning File C:\PROGRA~1\Iomega\System32\AppServices.exe
Sat Sep 17 13:53:31 2005 => Scanning File C:\WINDOWS\system32\drivers\ip6fw.sys
Sat Sep 17 13:53:31 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
Sat Sep 17 13:53:31 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ipinip.sys
Sat Sep 17 13:53:31 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ipnat.sys
Sat Sep 17 13:53:31 2005 => Scanning File C:\Programme\iPod\bin\iPodService.exe
Sat Sep 17 13:53:31 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ipsec.sys
Sat Sep 17 13:53:31 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\irenum.sys
Sat Sep 17 13:53:31 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\isapnp.sys
Sat Sep 17 13:53:31 2005 => Scanning File C:\PROGRA~1\eScan\avpm.exe
Sat Sep 17 13:53:32 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Sat Sep 17 13:53:32 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\KBFiltr.sys
Sat Sep 17 13:53:32 2005 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\KLIF.SYS
Sat Sep 17 13:53:32 2005 => Scanning File C:\WINDOWS\system32\drivers\kmixer.sys
Sat Sep 17 13:53:32 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:32 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:32 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:32 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
Sat Sep 17 13:53:32 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\MICROS~1\VS7Debug\mdm.exe
Sat Sep 17 13:53:32 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:32 2005 => Scanning File C:\WINDOWS\System32\mnmsrvc.exe
Sat Sep 17 13:53:32 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\mouclass.sys
Sat Sep 17 13:53:32 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\mraid35x.sys
Sat Sep 17 13:53:32 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Sat Sep 17 13:53:32 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\System32\msdtc.exe
Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\system32\msiexec.exe
Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\system32\drivers\MSKSSRV.sys
Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\system32\drivers\MSPCLOCK.sys
Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\system32\drivers\MSPQM.sys
Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\netbios.sys
Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\netbt.sys
Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\system32\netdde.exe
Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\system32\netdde.exe
Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\wg511nd5.sys
Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\System32\lsass.exe
Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:33 2005 => ERROR!!! Invalid Entry System32\DRIVERS\NETPPPOI.SYS in SYSTEM\CurrentControlSet\Services\NETPPPOI...
Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\nic1394.sys
Sat Sep 17 13:53:33 2005 => ERROR!!! Invalid Entry C:\PROGRAMME\NORMAN\Nvc\BIN\nipsvc.exe in SYSTEM\CurrentControlSet\Services\NipSvc...
Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:33 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\nscirda.sys
Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\System32\lsass.exe
Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ohci1394.sys
Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\parport.sys
Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\pci.sys
Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\pciide.sys
Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\pcmcia.sys
Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\perc2.sys
Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\perc2hib.sys
Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\system32\services.exe
Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\System32\HPZipm12.exe
Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\System32\lsass.exe
Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ppa.sys
Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\raspptp.sys
Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\processr.sys
Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\system32\lsass.exe
Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\psched.sys
Sat Sep 17 13:53:34 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ptilink.sys
Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ql1080.sys
Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ql12160.sys
Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ql1240.sys
Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ql1280.sys
Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\rasacd.sys
Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\rasirda.sys
Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\raspti.sys
Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\rdbss.sys
Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\system32\sessmgr.exe
Sat Sep 17 13:53:35 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\redbook.sys
Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\system32\Drivers\RootMdm.sys
Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\System32\locator.exe
Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\System32\rsvp.exe
Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\system32\lsass.exe
Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\system32\drivers\scsiport.sys
Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\secdrv.sys
Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\serenum.sys
Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\Seri*hier nicht!*.sys
Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\sisagp.sys
Sat Sep 17 13:53:36 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\sparrow.sys
Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\system32\drivers\splitter.sys
Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\sr.sys
Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\srv.sys
Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\SSHDRV61.SYS
Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\swenum.sys
Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\system32\drivers\swmidi.sys
Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\System32\dllhost.exe
Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\symc810.sys
Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\symc8xx.sys
Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\sym_hi.sys
Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\sym_u3.sys
Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\system32\drivers\sysaudio.sys
Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\system32\smlogsvc.exe
Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:37 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\tcpip.sys
Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\termdd.sys
Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\toside.sys
Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ultra.sys
Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\system32\wdfmgr.exe
Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\update.sys
Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\System32\ups.exe
Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\usbhub.sys
Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\usbohci.sys
Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\usbprint.sys
Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\usbscan.sys
Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\System32\drivers\vga.sys
Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\viaagp.sys
Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\viaide.sys
Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\System32\vssvc.exe
Sat Sep 17 13:53:38 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\wanarp.sys
Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\system32\drivers\wdmaud.sys
Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\wlluc48.sys
Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\System32\wbem\wmiapsrv.exe
Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\System32\drivers\ws2ifsl.sys
Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Sat Sep 17 13:53:39 2005 => Scanning File C:\Programme\Iomega\AutoDisk\ADService.exe

Sat Sep 17 13:53:39 2005 => ***** Scanning Important System Files *****
Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\system32\winsock.dll
Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\WSSPORD.DAT
Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\system32\ws2help.dll
Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\system32\ws2_32.dll
Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\system32\wscntfy.exe
Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\system32\wscript.exe
Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\system32\wscsvc.dll
Sat Sep 17 13:53:39 2005 => Scanning File C:\WINDOWS\system32\wscui.cpl
Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\wshatm.dll
Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\wshbth.dll
Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\wshcon.dll
Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\wshde.dll
Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\wshext.dll
Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\wship6.dll
Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\wshirda.dll
Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\wshisn.dll
Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\wshnetbs.dll
Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\wshom.ocx
Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\wshrm.dll
Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\wshtcpip.dll
Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\wsnmp32.dll
Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\wsock32.dll
Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\wstdecod.dll
Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\DEFESMS.HTML
Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\explorer.exe
Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\explorer.scf
Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\notepad.exe
Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\notepad.exe
Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\ctfmon.exe
Sat Sep 17 13:53:40 2005 => Scanning File C:\WINDOWS\system32\cmd.exe
Sat Sep 17 13:53:41 2005 => *** File C:\WINDOWS\system32\kernel32.dll having Size Restriction ***
Sat Sep 17 13:53:41 2005 => Scanning File C:\WINDOWS\system32\kernel32.dll [**]
Sat Sep 17 13:53:41 2005 => *** File C:\WINDOWS\system32\ntoskrnl.exe having Size Restriction ***
Sat Sep 17 13:53:41 2005 => Scanning File C:\WINDOWS\system32\ntoskrnl.exe [**]
Sat Sep 17 13:53:41 2005 => *** File C:\WINDOWS\system32\ntkrnlpa.exe having Size Restriction ***
Sat Sep 17 13:53:41 2005 => Scanning File C:\WINDOWS\system32\ntkrnlpa.exe [**]
Sat Sep 17 13:53:41 2005 => Scanning File C:\WINDOWS\system32\HAL.DLL
Sat Sep 17 13:53:41 2005 => *** File C:\WINDOWS\system32\win32k.sys having Size Restriction ***
Sat Sep 17 13:53:41 2005 => Scanning File C:\WINDOWS\system32\win32k.sys [**]
Sat Sep 17 13:53:41 2005 => Scanning File C:\WINDOWS\system32\ntdll.dll
Sat Sep 17 13:53:41 2005 => Scanning File C:\WINDOWS\system32\advapi32.dll
Sat Sep 17 13:53:41 2005 => Scanning File C:\WINDOWS\system32\user32.dll
Sat Sep 17 13:53:41 2005 => Scanning File C:\WINDOWS\system32\gdi32.dll
Sat Sep 17 13:53:41 2005 => Scanning File C:\WINDOWS\system32\bootvid.dll
Sat Sep 17 13:53:41 2005 => Scanning File C:\WINDOWS\system32\command.com

Sat Sep 17 13:53:41 2005 => ***** Checking for specific ITW Viruses *****
Sat Sep 17 13:53:41 2005 => Checking for Welchia Virus...
Sat Sep 17 13:53:41 2005 => Checking for LovGate Virus...
Sat Sep 17 13:53:41 2005 => Checking for CodeRed Virus...
Sat Sep 17 13:53:41 2005 => Checking for OpaServ Virus...
Sat Sep 17 13:53:41 2005 => Checking for Sobig.e Virus...
Sat Sep 17 13:53:41 2005 => Checking for Winupie Virus...
Sat Sep 17 13:53:41 2005 => Checking for Swen Virus...
Sat Sep 17 13:53:41 2005 => Checking for JS.Fortnight Virus...
Sat Sep 17 13:53:41 2005 => Checking for Novarg Virus...
Sat Sep 17 13:53:41 2005 => Checking for Pagabot Virus...
Sat Sep 17 13:53:41 2005 => Checking for Parite.b Virus...
Sat Sep 17 13:53:41 2005 => Checking for Parite.a Virus...

Sat Sep 17 13:53:41 2005 => ***** Scanning complete. *****

Sat Sep 17 13:53:41 2005 => Total Files Scanned: 494
Sat Sep 17 13:53:41 2005 => Total Virus(es) Found: 0
Sat Sep 17 13:53:41 2005 => Total Disinfected Files: 0
Sat Sep 17 13:53:41 2005 => Total Files Renamed: 0
Sat Sep 17 13:53:41 2005 => Total Deleted Files: 0
Sat Sep 17 13:53:41 2005 => Total Errors: 3
Sat Sep 17 13:53:41 2005 => Time Elapsed: 00:00:31
Sat Sep 17 13:53:41 2005 => Virus Database Date: 2005/09/17
Sat Sep 17 13:53:41 2005 => Virus Database Count: 145463

Sat Sep 17 13:53:41 2005 => Scan Completed.

Sat Sep 17 13:53:42 2005 => AV Library Unloaded (3)...
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: