Home » Viren, Trojaner & Malware Forum » click.526, qhost.qr, vidro.u+ your computer might be at risk » Themenansicht

click.526, qhost.qr, vidro.u+ your computer might be at risk

Thema ist geschlossen!
Thema ist geschlossen!
#0
31.10.2005, 17:22
Smiley007
Member

Beiträge: 16
#1 Hallo !

Habe nun seit längerem das Problem mit oben genannten Viren und Spyware.
Nun ist es Zeit was dagegen zu unternehmen, ich hoffe ihr könnt mir helfen !?

Werde in ein paar Minuten mal ein Hijack-Log und ein EScan log posten.

Gruß

Dirk

EDIT:

Hijack-Log:



Logfile of HijackThis v1.99.1
Scan saved at 17:44:13, on 31.10.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\UAService.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Progra~1\ASUS\WLAN Card Utilities\Center.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Asus\Asus ChkMail\ChkMail.exe
C:\Programme\Asus\ASUS Hotkey\Hotkey.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\FRITZ!DSL\FwebProt.exe
C:\Programme\FRITZ!DSL\StCenter.exe
D:\Programme\echeck\eScanCheck110.exe
D:\bases_x\mwavscan.com
D:\bases_x\kavss.exe
C:\Programme\Mozilla Firefox\firefox.exe
D:\Downloads\Programme\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com.tw
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Control Center] C:\Progra~1\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [forces_elite] MsNetHelper.exe
O4 - HKLM\..\Run: [avpmondll] trycrt.exe
O4 - HKLM\..\Run: [dmjyw.exe] C:\WINDOWS\System32\dmjyw.exe
O4 - HKLM\..\Run: [xpos] C:\Programme\DATA BECKER\XP optimal stylen\xpui.exe /tray
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "D:\Programme\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "D:\Programme\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [VC5Player] C:\Programme\HHVcdV5Sys\VC5Play.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SYSTRAV] keybdll.exe
O4 - HKCU\..\Run: [Kargo] prcmon.exe
O4 - HKCU\..\Run: [srbho] UserSp1.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [CursorXP] D:\Programme\Stardock\CursorXP\CursorXP.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe
O4 - Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programme\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Hotkey.lnk = C:\Programme\Asus\ASUS Hotkey\Hotkey.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: SchnapperPro - {D6243B39-211B-440E-B4C5-26D2A579CAC8} - D:\Programme\SchnapperPro\SchnapperPro.exe
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130776066506
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\System32\UAService.exe

Ok das mit dem EScan-Log funktioniert irgendwie nicht.

Bitte helft mir !
Dieser Beitrag wurde am 31.10.2005 um 18:01 Uhr von Smiley007 editiert.
Seitenanfang Seitenende
01.11.2005, 15:48
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 hallo@Smiley007

Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum

C:\WINDOWS\System32\UAService.exe

http://sandbox.norman.no/live_4.html
http://www.virustotal.com/flash/index_en.html

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

O4 - HKLM\..\Run: [forces_elite] MsNetHelper.exe
O4 - HKLM\..\Run: [avpmondll] trycrt.exe
O4 - HKLM\..\Run: [dmjyw.exe] C:\WINDOWS\System32\dmjyw.exe
O4 - HKCU\..\Run: [SYSTRAV] keybdll.exe
O4 - HKCU\..\Run: [Kargo] prcmon.exe
O4 - HKCU\..\Run: [srbho] UserSp1.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (fixen, damit es aus dem Autostart kommt....)er behindert andere Virenscanner

pc neustarten

CCleaner
http://www.ccleaner.com/ccdownload.asp
lösche alle temp-Dateien


Download f-secure-Beta Trial
http://www.f-secure.com/blacklight/
doppelklick: blbeta.exe
nach dem Check klicke -- next
nun findet man eine Textdatei auf dem Desktop: kopiere sie in deinen Thread

Datfinbad - abarbeiten und alle 4 Logs in den Thread kopieren (mit Pfad)
http://virus-protect.org/datfindbat.html

Silentrunners
http://virus-protect.org/silentrunner.html
klicke: output file is in text format. --> Doppelklick und es oeffnet sich der Editor -- und poste alles, was angezeigt wird.

Winpfind
http://virus-protect.org/winpfind.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
01.11.2005, 17:21
Smiley007
Member

Themenstarter

Beiträge: 16
#3 Hallo Sabina !
Erstmal vielen Dank für die Hilfe ! :-)
So und nun zum 1.Teil der Ergebnisse:

1.)C:\WINDOWS\System32\UAService.exe hab ich gescannt wurde nichts gefunden.

2.)F-Secure hat auch nichts gefunden.

Jetzt mach ich mich mal an den Rest.

EDIT:

So Datfind:

1.)
Datentr„ger in Laufwerk C: ist WINDOWS
Volumeseriennummer: 380A-5F2F

Verzeichnis von C:\WINDOWS\system32

31.10.2005 19:14 216.856 FNTCACHE.DAT
31.10.2005 18:50 1.158 wpa.dbl
24.10.2005 12:20 5.632 favme.exe
17.10.2005 20:58 65.536 QuickTimeVR.qtx
17.10.2005 20:57 49.152 QuickTime.qts
06.10.2005 02:42 634.880 NCTAudioEditor2.dll
06.10.2005 02:42 966.144 NCTAudioInformation2.dll
06.10.2005 02:42 522.752 NCTAudioTransform2.dll
06.10.2005 02:42 877.568 NCTAudioFile2.dll
06.10.2005 02:42 467.456 NCTAudioPlayer2.dll
06.10.2005 02:42 467.968 NCTAudioRecord2.dll
05.10.2005 09:36 2.301.792 MRT.exe
04.10.2005 12:33 2.700.288 MSHTML.DLL
27.09.2005 01:41 611.840 xpsp2res.dll
23.09.2005 04:27 8.389.632 shell32.dll
21.09.2005 14:31 197.120 focusstscreensaver.scr
16.09.2005 19:45 6.103.552 logonuiX.exe
10.09.2005 03:04 2.025.984 cdosys.dll
06.09.2005 16:21 54.792 cssjm.exe
02.09.2005 17:31 458.752 URLMON.DLL
02.09.2005 17:31 496.128 MSTIME.DLL
02.09.2005 16:35 192.000 DXTRANS.DLL
02.09.2005 11:07 988.160 DANIM.DLL
01.09.2005 02:51 278.528 winsrv.dll
01.09.2005 02:51 409.600 SHLWAPI.DLL
01.09.2005 02:51 16.384 linkinfo.dll
30.08.2005 09:26 1.233.408 quartz.dll
28.08.2005 07:27 24 DKRNL.JAX
23.08.2005 16:20 1.118 shutdown.log
23.08.2005 16:20 6.958 tracing.log
23.08.2005 04:51 112.128 umpnpmgr.dll
22.08.2005 19:36 154.624 netman.dll
10.08.2005 19:26 3.799 jupdate-1.5.0_04-b05.log
05.08.2005 18:23 234.496 msieftp.dll
03.08.2005 10:33 520.456 LegitCheckControl.DLL
03.08.2005 10:33 23.304 GWFSPidGen.DLL
26.07.2005 05:36 83.456 mtxoci.dll
26.07.2005 05:36 11.776 xolehlp.dll
26.07.2005 05:36 276.992 rpcss.dll
26.07.2005 05:36 68.608 olecli32.dll
26.07.2005 05:36 35.328 olecnv32.dll
26.07.2005 05:36 1.190.912 ole32.dll
26.07.2005 05:36 97.280 txflog.dll
26.07.2005 05:36 1.179.136 comsvcs.dll
26.07.2005 05:36 973.824 msdtctm.dll
26.07.2005 05:36 150.528 msdtcuiu.dll
26.07.2005 05:36 64.512 mtxclu.dll
26.07.2005 05:36 227.328 es.dll
26.07.2005 05:36 499.200 comuid.dll
26.07.2005 05:36 368.640 msdtcprx.dll
26.07.2005 05:36 62.464 colbact.dll
26.07.2005 05:36 497.152 clbcatq.dll
26.07.2005 05:36 110.080 clbcatex.dll
26.07.2005 05:36 89.600 comrepl.dll
26.07.2005 05:36 581.632 catsrvut.dll
26.07.2005 05:36 220.672 catsrv.dll
23.07.2005 14:17 90.112 CmdLineExt.dll
23.07.2005 14:17 126.976 UAService.exe
08.07.2005 17:10 238.592 tapisrv.dll
08.07.2005 17:10 72.704 remotesp.tsp
02.07.2005 12:32 90.112 vbRes.ocx
02.07.2005 12:32 158.208 MSCMCDE.DLL

2.)
Datentr„ger in Laufwerk C: ist WINDOWS
Volumeseriennummer: 380A-5F2F

Verzeichnis von C:\DOKUME~1\Dirk\LOKALE~1\Temp

01.11.2005 17:27 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}22664.html
01.11.2005 17:21 1.487.872 InstallRtc.msi
01.11.2005 17:20 512 ~DF99FA.tmp
01.11.2005 17:20 16.384 ~DF99EF.tmp
01.11.2005 17:20 16.384 ~DF99A2.tmp
01.11.2005 17:20 512 ~DF99B8.tmp
01.11.2005 17:20 16.384 ~DF99C2.tmp
01.11.2005 17:20 512 ~DF99CD.tmp
01.11.2005 17:20 16.384 ~DF99D7.tmp
01.11.2005 17:20 512 ~DF99E5.tmp
01.11.2005 17:20 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}3612.html
01.11.2005 17:20 16.384 ~DF5725.tmp
01.11.2005 17:20 512 ~DF26A3.tmp
01.11.2005 17:20 16.384 ~DF2698.tmp
01.11.2005 17:07 32.768 ~DF7C98.tmp
01.11.2005 17:07 32.768 ~DF3DA6.tmp
01.11.2005 17:07 16.384 ~DF7C99.tmp
17 Datei(en) 1.672.617 Bytes
0 Verzeichnis(se), 13.256.589.312 Bytes frei

3.)
Datentr„ger in Laufwerk C: ist WINDOWS
Volumeseriennummer: 380A-5F2F

Verzeichnis von C:\WINDOWS

01.11.2005 17:07 2.048 bootstat.dat
01.11.2005 17:06 32.620 SchedLgU.Txt
01.11.2005 17:06 254.974 WindowsUpdate.log
01.11.2005 17:06 1.125 winamp.ini
01.11.2005 16:24 1.409 QTFont.for
01.11.2005 16:24 54.156 QTFont.qfn
31.10.2005 14:24 6.400 balloon.wav
28.10.2005 23:57 24 LogonStudio.ini
28.10.2005 23:50 2.560 _MSRSTRT.EXE
07.10.2005 08:57 116 NeroDigital.ini
29.09.2005 19:18 11.718 ModemLog_Motorola USB Modem #2.txt
27.09.2005 20:31 99.970 UninstallFirefox.exe
27.09.2005 20:30 5.382 mozver.dat
11.09.2005 11:15 710 win.ini
11.09.2005 11:15 256 system.ini
06.09.2005 15:38 4.161 ODBCINST.INI
03.09.2005 07:49 259 PSOLAW1.INI
03.09.2005 07:49 429 WPSOLA.INI
28.08.2005 07:44 2.707 u3dedit3.INI
28.08.2005 07:27 152 ULead32.ini
18.08.2005 16:03 0 distlib.ini
04.08.2005 21:42 200 homeDVD-Fotos3_5_dlx.INI
04.08.2005 17:04 73 EurekaLog.ini
03.08.2005 22:49 439 SCSAVERS.INI
17.07.2005 18:35 37 progman.ini
15.07.2005 16:35 7.462 ModemLog_Motorola USB Modem #3.txt
05.07.2005 16:14 908 cdplayer.ini
03.07.2005 15:31 63 MotoSkin.INI
02.07.2005 12:31 290.816 Setup1.exe
02.07.2005 12:31 74.752 ST6UNST.EXE

4.)
Datentr„ger in Laufwerk C: ist WINDOWS
Volumeseriennummer: 380A-5F2F

Verzeichnis von C:\

01.11.2005 17:31 0 sys.txt
01.11.2005 17:30 5.426 system.txt
01.11.2005 17:29 1.169 systemtemp.txt
01.11.2005 17:27 98.131 system32.txt
01.11.2005 17:07 536.268.800 hiberfil.sys
01.11.2005 17:07 805.306.368 PAGEFILE.SYS
31.10.2005 18:36 6 AVPCallback.log
11.09.2005 11:15 194 boot.ini
03.05.2005 20:40 0 DBS.TXT
25.02.2005 07:07 9 Finish.log
25.02.2005 06:50 0 IO.SYS
25.02.2005 06:50 0 MSDOS.SYS
25.02.2005 06:50 0 AUTOEXEC.BAT
25.02.2005 06:50 0 CONFIG.SYS
27.01.2004 19:59 14 RECOVERY.DAT
26.11.2003 17:25 0 A2D_A2DC.30
29.08.2002 14:00 47.580 NTDETECT.COM
29.08.2002 14:00 235.296 ntldr
29.08.2002 14:00 4.952 bootfont.bin
19 Datei(en) 1.341.967.945 Bytes
0 Verzeichnis(se), 13.256.523.776 Bytes frei

EDIT

So und nun das Ergebnis von Silentrunners:

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"CursorXP" = "D:\Programme\Stardock\CursorXP\CursorXP.exe" [file not found]

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"ICQ Lite" = "D:\Programme\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Hcontrol" = "C:\WINDOWS\ATK0100\Hcontrol.exe" [empty string]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."]
"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]
"Power_Gear" = "C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1" ["ASUSTeK Computer Inc."]
"ATIPTA" = "C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"SynTPLpr" = "C:\Programme\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Programme\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"Control Center" = "C:\Progra~1\ASUS\WLAN Card Utilities\Center.exe" ["ASUSTeK COMPUTER INC."]
"SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]
"AVGCtrl" = "C:\Programme\AVPersonal\AVGNT.EXE /min" ["H+BEDV Datentechnik GmbH"]
"xpos" = "C:\Programme\DATA BECKER\XP optimal stylen\xpui.exe /tray" [file not found]
"BootSkin Startup Jobs" = ""D:\Programme\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs" [file not found]
"LogonStudio" = ""D:\Programme\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM" [file not found]
"VC5Player" = "C:\Programme\HHVcdV5Sys\VC5Play.exe" [file not found]
"iTunesHelper" = ""D:\Programme\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRaR\rarext.dll" [null data]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{076394AD-7FDD-44EF-A075-32C68DBAB99B}" = "*X" (unwritable string)
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunExecuteHook.dll" ["Sunbelt Software"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "cskwg.exe" [file not found]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRaR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRaR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRaR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\FOCUSS~1.SCR" (focusstscreensaver.scr) ["ScreenTime Media"]


Startup items in "Dirk" & "All Users" startup folders:
------------------------------------------------------

C:\Dokumente und Einstellungen\Dirk\Startmenü\Programme\Autostart
"Adobe Gamma" -> shortcut to: "C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"FRITZ!DSL Protect" -> shortcut to: "C:\Programme\FRITZ!DSL\FwebProt.exe" ["AVM Berlin"]
"FRITZ!DSL Startcenter" -> shortcut to: "C:\Programme\FRITZ!DSL\StCenter.exe" ["AVM Berlin"]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"ASUS ChkMail" -> shortcut to: "C:\Programme\Asus\Asus ChkMail\ChkMail.exe" ["asus"]
"Hotkey" -> shortcut to: "C:\Programme\Asus\ASUS Hotkey\Hotkey.exe" ["ASUS"]
"Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"InterVideo WinCinema Manager" -> shortcut to: "C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe" ["InterVideo Inc."]
"Adobe Reader Speed Launch" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\Programme\FRITZ!DSL\sarah.dll" ["AVM Berlin"]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Programme\FRITZ!DSL\sarah.dll ["AVM Berlin"], 01 - 03, 26
%SystemRoot%\system32\mswsock.dll [MS], 04 - 07, 10 - 25
%SystemRoot%\system32\rsvpsp.dll [MS], 08 - 09


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "D:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."]

{D6243B39-211B-440E-B4C5-26D2A579CAC8}\
"ButtonText" = "SchnapperPro"
"CLSIDExtension" = "{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
"Exec" = "D:\Programme\SchnapperPro\SchnapperPro.exe" [null data]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Messenger"
"Exec" = "C:\Programme\Messenger\MSMSGS.EXE" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.asus.com.tw

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir Service, AntiVirService, ""C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Programme\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
AVM IGD CTRL Service, AVM IGD CTRL Service, "C:\Programme\FRITZ!DSL\IGDCTRL.EXE" ["AVM Berlin"]
iPodService, iPodService, "C:\Programme\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
SecuROM User Access Service, UserAccess, "C:\WINDOWS\System32\UAService.exe" [null data]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 46 seconds, including 10 seconds for message boxes)

EDIT

Und zu guter Letzt Winpfind:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 29.08.2002 14:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 04.10.2001 15:24:12 13107200 C:\WINDOWS\SYSTEM32\oembios.bin
winsync 29.08.2002 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
PECompact2 05.10.2005 09:36:08 2301792 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 05.10.2005 09:36:08 2301792 C:\WINDOWS\SYSTEM32\MRT.exe
Umonitor 29.08.2002 14:00:00 660480 C:\WINDOWS\SYSTEM32\rasdlg.dll
aspack 21.09.2005 14:31:04 197120 C:\WINDOWS\SYSTEM32\focusstscreensaver.scr
UPX! 24.11.2001 19:31:48 65536 C:\WINDOWS\SYSTEM32\DVDAudio.ax
UPX! 24.11.2001 19:28:14 86528 C:\WINDOWS\SYSTEM32\DVDVideo.ax
PEC2 22.06.2004 18:00:00 121856 C:\WINDOWS\SYSTEM32\VsNetMenu.ocx
PTech 03.08.2005 10:33:42 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
01.11.2005 16:24:04 H 54156 C:\WINDOWS\QTFont.qfn
01.11.2005 17:46:26 S 2048 C:\WINDOWS\bootstat.dat
01.11.2005 17:58:42 H 1024 C:\WINDOWS\system32\config\system.LOG
01.11.2005 17:57:48 H 1024 C:\WINDOWS\system32\config\software.LOG
01.11.2005 17:47:02 H 1024 C:\WINDOWS\system32\config\default.LOG
01.11.2005 17:46:28 H 1024 C:\WINDOWS\system32\config\SAM.LOG
01.11.2005 17:56:34 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
31.10.2005 19:11:48 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
09.09.2005 19:14:58 S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB901017.cat
04.10.2005 13:16:48 S 20086 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688-IE6SP1-20051004.130236.cat
28.09.2005 11:53:22 S 17402 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB900725.cat
31.10.2005 17:29:04 RHS 13698 C:\WINDOWS\system32\Restore\filelist.xml
31.10.2005 17:28:50 H 0 C:\WINDOWS\inf\oem21.inf
01.11.2005 17:46:30 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 29.08.2002 14:00:00 152064 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 29.08.2002 14:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 29.08.2002 14:00:00 566272 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 29.08.2002 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 29.08.2002 14:00:00 259072 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 29.08.2002 14:00:00 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 29.08.2002 14:00:00 111616 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 29.08.2002 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 29.08.2002 14:00:00 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 29.08.2002 14:00:00 132096 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 29.08.2002 14:00:00 583680 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 29.08.2002 14:00:00 293376 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 29.08.2002 14:00:00 125440 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 29.08.2002 14:00:00 66560 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 29.08.2002 14:00:00 272896 C:\WINDOWS\SYSTEM32\sysdm.cpl
Sun Microsystems, Inc. 03.06.2005 03:52:54 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Realtek Semiconductor Corp. 29.01.2004 22:34:24 10435072 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
09.10.2003 19:38:20 141824 C:\WINDOWS\SYSTEM32\ClientCpl.cpl
Microsoft Corporation 18.08.2001 04:55:10 48640 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 29.08.2002 14:00:00 68096 C:\WINDOWS\SYSTEM32\access.cpl
Kristal Studio 03.03.2001 02:39:28 121856 C:\WINDOWS\SYSTEM32\Mp3cnfg.cpl
09.07.2003 01:13:16 176128 C:\WINDOWS\SYSTEM32\ac3filter.cpl
Microsoft Corporation 29.08.2002 14:00:00 583680 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 29.08.2002 14:00:00 132096 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 29.08.2002 14:00:00 152064 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 29.08.2002 14:00:00 125440 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 29.08.2002 14:00:00 293376 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 29.08.2002 14:00:00 66560 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 29.08.2002 14:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 29.08.2002 14:00:00 68096 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 29.08.2002 14:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 29.08.2002 14:00:00 259072 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 29.08.2002 14:00:00 111616 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 29.08.2002 14:00:00 566272 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 29.08.2002 14:00:00 151552 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 29.08.2002 14:00:00 272896 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 29.08.2002 14:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 29.08.2002 14:00:00 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 29.08.2002 14:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
30.10.2005 20:58:10 1648 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk
25.02.2005 06:56:16 1538 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ASUS ChkMail.lnk
25.02.2005 06:50:18 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
25.02.2005 06:59:04 648 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Hotkey.lnk
23.08.2005 16:22:56 1652 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\InterVideo WinCinema Manager.lnk
25.02.2005 16:33:32 1625 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
25.02.2005 06:37:40 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
19.08.2005 14:32:50 913 C:\Dokumente und Einstellungen\Dirk\Startmenü\Programme\Autostart\Adobe Gamma.lnk
25.02.2005 06:50:18 HS 84 C:\Dokumente und Einstellungen\Dirk\Startmenü\Programme\Autostart\desktop.ini
30.10.2005 20:17:12 766 C:\Dokumente und Einstellungen\Dirk\Startmenü\Programme\Autostart\FRITZ!DSL Protect.lnk
30.10.2005 20:27:22 676 C:\Dokumente und Einstellungen\Dirk\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk

Checking files in %USERPROFILE%\Application Data folder...
25.02.2005 06:37:40 HS 62 C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\desktop.ini
23.12.2004 04:43:14 4713 C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\wo.tmp

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AntiVir/Win
{a7cda720-84ee-11d0-b5c0-00001b3ca278} = C:\Programme\AVPersonal\AVShlExt.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} = D:\Programme\ICQLite\ICQLiteShell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRaR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AntiVir/Win
{a7cda720-84ee-11d0-b5c0-00001b3ca278} = C:\Programme\AVPersonal\AVShlExt.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRaR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} = D:\Programme\ICQLite\ICQLiteShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRaR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Programme\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Konsole : C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}
ButtonText = ICQ Lite : D:\Programme\ICQLite\ICQLite.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D6243B39-211B-440E-B4C5-26D2A579CAC8}
ButtonText = SchnapperPro : D:\Programme\SchnapperPro\SchnapperPro.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Programme\Messenger\MSMSGS.EXE

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Hcontrol C:\WINDOWS\ATK0100\Hcontrol.exe
SoundMan SOUNDMAN.EXE
ATIModeChange Ati2mdxx.exe
SiSUSBRG C:\WINDOWS\SiSUSBrg.exe
Power_Gear C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
ATIPTA C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
SynTPLpr C:\Programme\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh C:\Programme\Synaptics\SynTP\SynTPEnh.exe
Control Center C:\Progra~1\ASUS\WLAN Card Utilities\Center.exe
SunJavaUpdateSched C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
AVGCtrl C:\Programme\AVPersonal\AVGNT.EXE /min
xpos C:\Programme\DATA BECKER\XP optimal stylen\xpui.exe /tray
BootSkin Startup Jobs "D:\Programme\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
LogonStudio "D:\Programme\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
VC5Player C:\Programme\HHVcdV5Sys\VC5Play.exe
iTunesHelper "D:\Programme\iTunes\iTunesHelper.exe"
QuickTime Task "C:\Programme\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE C:\WINDOWS\System32\ctfmon.exe
CursorXP D:\Programme\Stardock\CursorXP\CursorXP.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
ICQ Lite D:\Programme\ICQLite\ICQLite.exe -trayboot

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Speed Launch.lnk
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS Live Update
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ALU
hkey HKLM
command C:\Programme\ASUS\ASUS Live Update\ALU.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ALU
hkey HKLM
command C:\Programme\ASUS\ASUS Live Update\ALU.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Programme\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Programme\Messenger\msmsgs.exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinampAgent
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winampa
hkey HKLM
command C:\Programme\Winamp\winampa.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winampa
hkey HKLM
command C:\Programme\Winamp\winampa.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System = cskwg.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 01.11.2005 17:59:23
Dieser Beitrag wurde am 01.11.2005 um 18:00 Uhr von Smiley007 editiert.
Seitenanfang Seitenende
01.11.2005, 19:54
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.

Zitat

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=-
"System"=""
[-HKEY_LOCAL_MACHINE\Software\CLASSES\HCLEAN32.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WareOut]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WareOut]
[-HKEY_CURRENT_USER\Software\WareOut]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoBandCustomize"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion]
"Disabled"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\SearchToolbar]
[-HKEY_CURRENT_USER\Software\SearchToolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{08BEC6AA-49FC-4379-3587-4B21E286C19E}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hclean32.exe"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx]
"Flags"=dword:00000008
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\000]
"runonce1"="\"C:\\HJT\\hijackthis.exe\""
----------------------------------------------------------------------------
KILLBOX
http://virus-protect.org/killbox.html

Delete File on Reboot -- anhaken
reinkopieren:

C:\WINDOWS\SYSTEM32\favme.exe
C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\wo.tmp
C:\WINDOWS\SYSTEM32\cskwg.exe
C:\WINDOWS\SYSTEM32\cssjm.exe
C:\WINDOWS\balloon.wav

und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"

PC neustarten

Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "fixme.reg" auf dem Desktop doppelklicken und der Registry beifuegen

ueberpruefe, ob das geleoscht wurde_
C:\Dokumente und Einstellungen\Dirk\Anwendungsdaten\wo.tmp

scanne mit Kaspersky und poste den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
01.11.2005, 22:05
Smiley007
Member

Themenstarter

Beiträge: 16
#5 Hi !

Also ich hab soweit alles gemacht, außer das ich die Datei C:\WINDOWS\SYSTEM32\cskwg.exe nirgends gefunden habe.

Die Datei wo.tmp gibt´s auch nicht mehr. :-)

Scanreport von Kaspersky kommt gleich...

EDIT

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, November 01, 2005 23:21:31
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 1/11/2005
Kaspersky Anti-Virus database records: 148135
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 63697
Number of viruses found: 5
Number of infected objects: 54
Number of suspicious objects: 0
Duration of the scan process: 4940 sec

Infected Object Name - Virus Name
C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.001 Infected: Trojan.Win32.Qhost.ec
C:\Programme\AVPersonal\INFECTED\A0028505.EXE.VIR Infected: Trojan-Dropper.Win32.Vidro.u
C:\Programme\AVPersonal\INFECTED\A0028512.EXE.VIR Infected: Trojan-Dropper.Win32.Vidro.x
C:\Programme\AVPersonal\INFECTED\A0030554.EXE.VIR Infected: Trojan-Dropper.Win32.Vidro.u
C:\Programme\AVPersonal\INFECTED\A0049904.EXE.VIR Infected: Trojan.Win32.Qhost.ec
C:\Programme\AVPersonal\INFECTED\A0049908.EXE.VIR Infected: Trojan-Dropper.Win32.Vidro.u
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP76\A0028515.exe Infected: Trojan.Win32.Qhost.df
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP76\A0028523.exe Infected: Trojan-Dropper.Win32.Vidro.u
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP76\A0029523.exe Infected: Trojan-Dropper.Win32.Vidro.u
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP76\A0030523.exe Infected: Trojan-Dropper.Win32.Vidro.u
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP76\A0030531.exe Infected: Trojan-Dropper.Win32.Vidro.x
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP76\A0030536.exe Infected: Trojan.Win32.Qhost.df
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP77\A0030562.exe Infected: Trojan-Dropper.Win32.Vidro.x
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP77\A0030568.exe Infected: Trojan-Dropper.Win32.Vidro.u
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP77\A0031568.exe Infected: Trojan-Dropper.Win32.Vidro.u
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP77\A0031576.exe Infected: Trojan-Dropper.Win32.Vidro.x
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP77\A0031580.exe Infected: Trojan.Win32.Qhost.df
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP77\A0031587.exe Infected: Trojan-Dropper.Win32.Vidro.u
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP77\A0031594.exe Infected: Trojan-Dropper.Win32.Vidro.x
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP77\A0031599.exe Infected: Trojan.Win32.Qhost.df
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP78\A0032595.exe Infected: Trojan-Dropper.Win32.Vidro.x
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP78\A0032601.exe Infected: Trojan-Dropper.Win32.Vidro.u
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP78\A0033601.exe Infected: Trojan-Dropper.Win32.Vidro.u
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP78\A0033609.exe Infected: Trojan-Dropper.Win32.Vidro.x
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP78\A0033635.exe Infected: Trojan-Dropper.Win32.Vidro.u
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP78\A0034635.exe Infected: Trojan-Dropper.Win32.Vidro.u
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP78\A0034643.exe Infected: Trojan-Dropper.Win32.Vidro.x
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP78\A0034645.exe Infected: Trojan.Win32.Qhost.df
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP78\A0034657.exe Infected: Trojan-Dropper.Win32.Vidro.u
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP78\A0035657.exe Infected: Trojan-Dropper.Win32.Vidro.u
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP78\A0035665.exe Infected: Trojan-Dropper.Win32.Vidro.x
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP78\A0035673.exe Infected: Trojan-Dropper.Win32.Vidro.u
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP78\A0035681.exe Infected: Trojan-Dropper.Win32.Vidro.x
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP78\A0035685.exe Infected: Trojan.Win32.Qhost.df
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP78\A0035698.exe Infected: Trojan-Dropper.Win32.Vidro.u
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP78\A0035705.exe Infected: Trojan-Dropper.Win32.Vidro.x
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP78\A0035710.exe Infected: Trojan-Dropper.Win32.Vidro.u
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP78\A0035718.exe Infected: Trojan-Dropper.Win32.Vidro.x
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP78\A0035719.exe Infected: Trojan.Win32.Qhost.df
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP80\A0048673.exe Infected: Trojan-Dropper.Win32.Vidro.u
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP80\A0048689.exe Infected: Trojan-Dropper.Win32.Vidro.u
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP80\A0048693.exe Infected: Trojan-Dropper.Win32.Vidro.u
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP80\A0049693.exe Infected: Trojan-Dropper.Win32.Vidro.u
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP80\A0049699.exe Infected: Trojan-Dropper.Win32.Vidro.u
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP80\A0049708.exe Infected: Trojan.Win32.Qhost.ec
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP80\A0049715.exe Infected: Trojan-Dropper.Win32.Vidro.u
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP80\A0049726.exe Infected: Trojan-Dropper.Win32.Vidro.u
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP80\A0049854.exe Infected: Trojan-Dropper.Win32.Vidro.u
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP80\A0049897.exe Infected: Trojan-Dropper.Win32.Vidro.u
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP82\A0049930.exe Infected: Trojan-Dropper.Win32.Vidro.u
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP115\A0051097.exe Infected: Trojan-Dropper.Win32.Vidro.u
C:\System Volume Information\_restore{7D0610EB-FB5D-451F-BE84-4EA40E133A9B}\RP115\A0051098.exe Infected: Trojan.Win32.Favadd.an
C:\!KillBox\favme.exe Infected: Trojan.Win32.Favadd.an
C:\!KillBox\cssjm.exe Infected: Trojan-Dropper.Win32.Vidro.u
Dieser Beitrag wurde am 01.11.2005 um 23:22 Uhr von Smiley007 editiert.
Seitenanfang Seitenende
02.11.2005, 15:55
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 Deaktivieren Wiederherstellung
«XP
Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.

loesche mit der Killbox:
C:\!KillBox\favme.exe
C:\!KillBox\cssjm.exe
C:\Programme\AVPersonal\INFECTED\HCLEAN32.EXE.001
C:\Programme\AVPersonal\INFECTED\A0028505.EXE.VIR
C:\Programme\AVPersonal\INFECTED\A0028512.EXE.VIR
C:\Programme\AVPersonal\INFECTED\A0030554.EXE.VIR
C:\Programme\AVPersonal\INFECTED\A0049904.EXE.VIR
C:\Programme\AVPersonal\INFECTED\A0049908.EXE.VIR

Conterspy
http://virus-protect.org/counterspy.html
nach dem Scan muss man sich entscheiden für:
*Ignore
*Remove
*Quarantaine
wähle immer Remove und starte den PC neu (dann kopiere den Scanreport ab und ins Sicherheitsforum)

und aktiviere wieder die Systemwiederherstellung ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
03.11.2005, 17:09
Smiley007
Member

Themenstarter

Beiträge: 16
#7 OK Counterspy hat jetzt nichts mehr gefunden ! :-)

Muß ich noch was machen ?
Seitenanfang Seitenende
03.11.2005, 18:14
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 http://virus-protect.org/multiavtool.html
scanne und poste die SCanreporte ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
06.11.2005, 16:27
Smiley007
Member

Themenstarter

Beiträge: 16
#9 Hi !
So bin endlich mal wieder dazugekommen zu scannen:



/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/


2005-11-06, 14:56:39, Auto-clean mode specified.
2005-11-06, 14:56:39, Running scanner "c:\AV-CLS\Trend\TSC.BIN"...
2005-11-06, 14:56:57, Scanner "c:\AV-CLS\Trend\TSC.BIN" has finished running.
2005-11-06, 14:56:57, TSC Log:

Damage Cleanup Engine (DCE) 3.9(Build 1020)
Windows XP(Build 2600: Service Pack 1)

Start time : So Nov 06 2005 14:56:40

Load Damage Cleanup Template (DCT) "c:\AV-CLS\Trend\tsc.ptn" (version 672) [success]

Complete time : So Nov 06 2005 14:56:57
Execute pattern count(4504), Virus found count(0), Virus clean count(0), Clean failed count(0)

2005-11-06, 14:58:21, An error occurred while scanning file "C:\WINDOWS\system32\config\system.LOG": Zugriff verweigert
2005-11-06, 14:58:21, An error occurred while scanning file "C:\WINDOWS\system32\config\software.LOG": Zugriff verweigert
2005-11-06, 14:58:21, An error occurred while scanning file "C:\WINDOWS\system32\config\default.LOG": Zugriff verweigert
2005-11-06, 14:58:21, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY": Zugriff verweigert
2005-11-06, 14:58:21, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM": Zugriff verweigert
2005-11-06, 14:58:21, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM.LOG": Zugriff verweigert
2005-11-06, 14:58:21, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY.LOG": Zugriff verweigert
2005-11-06, 14:58:21, An error occurred while scanning file "C:\WINDOWS\system32\config\SYSTEM": Zugriff verweigert
2005-11-06, 14:58:21, An error occurred while scanning file "C:\WINDOWS\system32\config\SOFTWARE": Zugriff verweigert
2005-11-06, 14:58:21, An error occurred while scanning file "C:\WINDOWS\system32\config\DEFAULT": Zugriff verweigert
2005-11-06, 15:03:05, An error occurred while scanning file "C:\WINDOWS\SoftwareDistribution\EventCache\{6BAE1DD2-3892-45E1-A7FD-BCB846C92976}.bin": Zugriff verweigert
2005-11-06, 15:04:29, An error occurred while scanning file "C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT": Zugriff verweigert
2005-11-06, 15:04:29, An error occurred while scanning file "C:\Dokumente und Einstellungen\NetworkService\ntuser.dat.LOG": Zugriff verweigert
2005-11-06, 15:04:29, An error occurred while scanning file "C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat": Zugriff verweigert
2005-11-06, 15:04:29, An error occurred while scanning file "C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG": Zugriff verweigert
2005-11-06, 15:04:29, An error occurred while scanning file "C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT": Zugriff verweigert
2005-11-06, 15:04:29, An error occurred while scanning file "C:\Dokumente und Einstellungen\LocalService\ntuser.dat.LOG": Zugriff verweigert
2005-11-06, 15:04:29, An error occurred while scanning file "C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat": Zugriff verweigert
2005-11-06, 15:04:29, An error occurred while scanning file "C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG": Zugriff verweigert
2005-11-06, 15:04:29, An error occurred while scanning file "C:\Dokumente und Einstellungen\Dirk\NTUSER.DAT": Zugriff verweigert
2005-11-06, 15:04:29, An error occurred while scanning file "C:\Dokumente und Einstellungen\Dirk\ntuser.dat.LOG": Zugriff verweigert
2005-11-06, 15:04:57, An error occurred while scanning file "C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Temp\~DF1759.tmp": Zugriff verweigert
2005-11-06, 15:04:58, An error occurred while scanning file "C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG": Zugriff verweigert
2005-11-06, 15:04:58, An error occurred while scanning file "C:\Dokumente und Einstellungen\Dirk\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat": Zugriff verweigert
2005-11-06, 15:20:13, Running scanner "c:\AV-CLS\Trend\VSCANTM.BIN"...
2005-11-06, 15:38:14, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 11/6/2005 15:20:14
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 929 (112514 Patterns) (2005/11/03) (292900)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend

C:\!KillBox\A0028512.EXE.VIR [TROJ_VIDLO.S]
57144 files have been read.
57144 files have been checked.
45204 files have been scanned.
115202 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/6/2005 15:38:14
---------*---------*---------*---------*---------*---------*---------*---------*
2005-11-06, 15:38:14, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 11/6/2005 15:20:14
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 929 (112514 Patterns) (2005/11/03) (292900)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend

Success Clean [ TROJ_VIDLO.S]( 1) from C:\!KillBox\A0028512.EXE.VIR
57144 files have been read.
57144 files have been checked.
45204 files have been scanned.
115202 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/6/2005 15:38:14 18 minutes (1079.22 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-11-06, 15:38:14, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 11/6/2005 15:20:14
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 929 (112514 Patterns) (2005/11/03) (292900)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend

57144 files have been read.
57144 files have been checked.
45204 files have been scanned.
115202 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/6/2005 15:38:14 18 minutes (1079.22 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-11-06, 15:38:14, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running.
2005-11-06, 15:56:30, Running scanner "c:\AV-CLS\Trend\VSCANTM.BIN"...
2005-11-06, 16:02:25, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 11/6/2005 15:56:31
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 929 (112514 Patterns) (2005/11/03) (292900)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=c:\AV-CLS\Trend

14989 files have been read.
14989 files have been checked.
10722 files have been scanned.
18547 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/6/2005 16:02:25
---------*---------*---------*---------*---------*---------*---------*---------*
2005-11-06, 16:02:25, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 11/6/2005 15:56:31
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 929 (112514 Patterns) (2005/11/03) (292900)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=c:\AV-CLS\Trend

14989 files have been read.
14989 files have been checked.
10722 files have been scanned.
18547 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/6/2005 16:02:25 5 minutes 54 seconds (353.24 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-11-06, 16:02:25, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 11/6/2005 15:56:31
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 929 (112514 Patterns) (2005/11/03) (292900)
Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=c:\AV-CLS\Trend

14989 files have been read.
14989 files have been checked.
10722 files have been scanned.
18547 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/6/2005 16:02:25 5 minutes 54 seconds (353.24 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-11-06, 16:02:25, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running.


Gleich kommt noch McAffee:
Dieser Beitrag wurde am 06.11.2005 um 16:29 Uhr von Smiley007 editiert.
Seitenanfang Seitenende
06.11.2005, 16:32
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 wenn du es gefunden hast...es ist eine txt-Datei, so fahre mit der Maus drueber....kopieren--> einfugen (hier)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
06.11.2005, 17:41
Smiley007
Member

Themenstarter

Beiträge: 16
#11 So Mc Affee hat nichts gefunden.

Und nun ?
Seitenanfang Seitenende
06.11.2005, 18:39
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 nun scanne bitte noch mal mit kaspersky (es muesste nun alles sauber bleiben)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
11.11.2005, 09:41
Smiley007
Member

Themenstarter

Beiträge: 16
#13 Also das Kaspersky von dem Multiavtool geht nicht !?

Kann nichtmal eingeben welches Laufwerk ich scannen will.
Seitenanfang Seitenende
11.11.2005, 09:49
Argus
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#14 http://virus-protect.org/onlinescan.html
Kaspersky lol
__________
MfG Argus
Seitenanfang Seitenende
19.11.2005, 14:17
janno74
...neu hier

Beiträge: 8
#15 Hallo ihr!

Auch habe die Trojanerseuche und bin etwas verzweifelt!
Da weder Antivir noch SearchandDestroy etwas dagegen unternehmen, wende ich mich an euch und hoffe, ihr könnt mir helfen.
Vielen Dank im Voraus und unten ist der aktuelle HJT-Log-file.

Gruß von Jan ;)



Logfile of HijackThis v1.99.1
Scan saved at 14:13:31, on 19.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Teledat\WCOM\SYSTEM\RVSINST.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programme\Teledat\WCOM\SYSTEM\RVSCC.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
D:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Programme\Winamp\winampa.exe
D:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
D:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\Programme\Telekom\Eumex 504PC USB\Capictrl.exe
D:\Programme\WEBDE\SmartSurfer3.0\SmartSurfer.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
D:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe
D:\Programme\Winamp\winampa.exe
D:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\Programme\Telekom\Eumex 504PC USB\Capictrl.exe
D:\Programme\WEBDE\SmartSurfer3.0\SmartSurfer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programme\WinRAR\WinRAR.exe
D:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Jan\LOKALE~1\Temp\Rar$EX00.078\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [routcnf] D:\Programme\Telekom\Eumex 504PC USB\routcnf.exe
O4 - HKLM\..\Run: [AVGCtrl] "D:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LWBMOUSE] D:\Programme\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SmartSurfer.lnk = D:\Programme\WEBDE\SmartSurfer3.0\SmartSurfer.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CAPIControl.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA7EF6FF-BE3A-4FED-94DE-BA9FB815E4DC}: NameServer = 213.20.54.13 193.189.244.205
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - D:\programme\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RVS CommCenter (RvsCC) - Unknown owner - C:\Programme\Teledat\WCOM\SYSTEM\RVSCC.EXE
O23 - Service: RvscomSv - RVS Datentechnik GmbH, München - C:\Programme\Teledat\WCOM\SYSTEM\RVSCOMSV.EXE
O23 - Service: RVS Installer (RVSINST) - RVS Datentechnik GmbH, München - C:\Programme\Teledat\WCOM\SYSTEM\RVSINST.EXE
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 12