SPYSHERIF - wi kriege ichder wieder weg |
||
---|---|---|
#0
| ||
11.12.2005, 23:01
...neu hier
Beiträge: 3 |
||
|
||
13.12.2005, 15:45
Ehrenmitglied
Beiträge: 29434 |
#2
Hallo@FJanek
C:\WINDOWS\bxproxy.exe Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum http://www.virustotal.com/flash/index_en.html wende CleanUp an (genau, mit den einstellungen, wie auf der seite erklaert) http://virus-protect.org/cleanup.html kopiere hier die 4 textdateien (3 Monate vom Datum her genuegen) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
13.12.2005, 18:40
...neu hier
Themenstarter Beiträge: 3 |
#3
Danke für Hilfe
Da sind de Ergebnise This is a report processed by VirusTotal on 12/13/2005 at 18:31:08 (CET) after scanning the file "bxproxy.exe" file. Antivirus Version Update Result AntiVir 6.33.0.61 12.13.2005 BDS/Agent.QS Avast 4.6.695.0 12.13.2005 Win32:Trojano-3006 AVG 718 12.08.2005 BackDoor.Agent.UB Avira 6.33.0.61 12.13.2005 BDS/Agent.QS BitDefender 7.2 12.13.2005 Backdoor.Agent.I CAT-QuickHeal 8.00 12.13.2005 Backdoor.Agent.qs ClamAV devel-20051108 12.12.2005 no virus found DrWeb 4.33 12.13.2005 Trojan.Proxy.576 eTrust-Iris 7.1.194.0 12.13.2005 Win32/Bxproxy.69632!Trojan eTrust-Vet 12.3.3.0 12.13.2005 Win32/Dueesn.A Fortinet 2.54.0.0 12.12.2005 W32/Agent.QS-bdr F-Prot 3.16c 12.12.2005 security risk named W32/Agent.AFK Ikarus 0.2.59.0 12.13.2005 Backdoor.Win32.Agent.QS Kaspersky 4.0.2.24 12.13.2005 Backdoor.Win32.Agent.qs McAfee 4648 12.12.2005 Spam-IXProxy NOD32v2 1.1320 12.12.2005 no virus found Norman 5.70.10 12.13.2005 W32/Agent.LER Panda 8.02.00 12.13.2005 Bck/Agent.AXG Sophos 4.00.0 12.13.2005 Troj/MSpam-C Symantec 8.0 12.13.2005 Backdoor.Trojan TheHacker 5.9.1.054 12.13.2005 Backdoor/Agent.qs VBA32 3.10.5 12.13.2005 Backdoor.Win32.Agent.qs Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 54B0-EA8C Verzeichnis von C:\WINDOWS\system32 12.12.2005 16:55 13.758 wpa.dbl 10.12.2005 23:41 4.081 paytime.exe 10.12.2005 23:41 24.576 RpcxSs.dll 10.12.2005 23:41 69.632 bnmsrv.exe 30.11.2005 22:24 233.576 FNTCACHE.DAT 10.11.2005 23:29 382.026 perfh009.dat 10.11.2005 23:29 53.770 perfc009.dat 10.11.2005 23:29 64.848 perfc007.dat 10.11.2005 23:29 393.086 perfh007.dat 10.11.2005 23:29 900.770 PerfStringBackup.INI 10.11.2005 23:29 525 mapisvc.inf 07.11.2005 16:26 491.520 rundumX.dll 04.11.2005 06:46 1.680 esnecil.ind 03.11.2005 19:27 1.680 esnecil.nlp 03.11.2005 13:22 53.248 CadErrString.dll Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 54B0-EA8C Verzeichnis von C:\DOKUME~1\User\LOKALE~1\Temp 13.12.2005 18:24 4.096 asat0000.tmp 1 Datei(en) 4.096 Bytes 0 Verzeichnis(se), 11.659.284.480 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 54B0-EA8C Verzeichnis von C:\WINDOWS 13.12.2005 18:25 16.793 ODBC.INI 13.12.2005 15:24 1.905.888 WindowsUpdate.log 13.12.2005 13:01 4.876 ModemLog_SoftV92 Data Fax Modem with SmartCP.txt 13.12.2005 13:00 159 wiadebug.log 13.12.2005 13:00 50 wiaservc.log 13.12.2005 13:00 0 0.log 13.12.2005 13:00 2.048 bootstat.dat 12.12.2005 21:14 218.550 setupapi.log 12.12.2005 12:29 32.420 SchedLgU.Txt 11.12.2005 17:41 12 WININIT.INI 10.12.2005 23:42 2.033 hosts 10.12.2005 23:41 3.048 secure32.html 10.12.2005 23:41 1.024 degbes.exe 10.12.2005 23:41 1.024 de.exe 10.12.2005 23:41 69.632 bxproxy.exe 10.12.2005 23:41 29.184 tool2.exe 10.12.2005 23:41 2.048 kl.exe 10.12.2005 23:41 0 uniq 10.12.2005 22:12 0 kamerzysta.log 13.11.2005 18:40 99.970 UninstallFirefox.exe 13.11.2005 18:40 5.047 mozver.dat 13.11.2005 17:28 990 win.ini 13.11.2005 16:10 360.115 iis6.log 13.11.2005 16:10 112.438 comsetup.log 13.11.2005 16:10 66.487 ntdtcsetup.log 13.11.2005 16:10 142.774 tsoc.log 13.11.2005 16:10 1.393 imsins.log 13.11.2005 16:10 15.911 tabletoc.log 13.11.2005 16:10 16.959 ocmsn.log 13.11.2005 16:10 11.974 KB896424.log 13.11.2005 16:10 53.691 netfxocm.log 13.11.2005 16:10 151.784 ocgen.log 13.11.2005 16:10 21.473 MedCtrOC.log 13.11.2005 16:10 15.394 msgsocm.log 13.11.2005 16:10 352.339 FaxSetup.log 13.11.2005 16:10 97.970 msmqinst.log 13.11.2005 16:10 21.589 updspapi.log 10.11.2005 23:56 1.071 AWMODEM.INF 04.11.2005 06:47 34 cdplayer.ini 03.11.2005 19:27 455 TEDIS.INI 03.11.2005 19:18 25 Crypkey.ini 03.11.2005 19:17 286.720 iun507.exe 02.11.2005 08:21 1.374 imsins.BAK Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 54B0-EA8C Verzeichnis von C:\ 13.12.2005 18:40 0 sys.txt 13.12.2005 18:40 9.234 system.txt 13.12.2005 18:39 292 systemtemp.txt 13.12.2005 18:39 101.619 system32.txt 13.12.2005 13:00 535.285.760 hiberfil.sys 13.12.2005 13:00 802.824.192 pagefile.sys 10.12.2005 23:41 3.048 secure32.html 24.11.2005 20:35 0 fehler 13.11.2005 17:26 318 EibTab20.INI 01.02.2005 15:49 6 ISACER.ID 01.02.2005 13:03 0 CONFIG.SYS 01.02.2005 13:03 0 MSDOS.SYS 01.02.2005 13:03 0 IO.SYS 01.02.2005 13:03 0 AUTOEXEC.BAT 01.02.2005 12:56 211 boot.ini 04.08.2004 13:00 4.952 bootfont.bin 04.08.2004 13:00 47.564 NTDETECT.COM 04.08.2004 13:00 251.184 ntldr 18 Datei(en) 1.338.528.380 Bytes 0 Verzeichnis(se), 11.659.284.480 Bytes frei |
|
|
||
14.12.2005, 10:09
Ehrenmitglied
Beiträge: 29434 |
#4
FJanek
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html O4 - HKLM\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe O4 - HKCU\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe PC neustarten KILLBOX - Pocket KillBox http://virus-protect.org/killbox.html Options: Delete on Reboot / Process all in List )--> anhaken reinkopieren: ... und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" C:\WINDOWS\system32\paytime.exe C:\WINDOWS\system32\RpcxSs.dll C:\WINDOWS\system32\bnmsrv.exe C:\WINDOWS\hosts C:\secure32.html C:\WINDOWS\secure32.html C:\WINDOWS\degbes.exe C:\WINDOWS\de.exe C:\WINDOWS\bxproxy.exe C:\WINDOWS\tool2.exe C:\WINDOWS\kl.exe C:\WINDOWS\uniq PC neustarten Hoster.zip http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. scanne mit Kaspersky und poste den scanreport http://virus-protect.org/onlinescan.html Silentrunner http://virus-protect.org/silentrunner.html ----------------- c:\secure32.html http://virus-protect.org/artikel/spyware/secure_32.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.12.2005, 15:59
...neu hier
Themenstarter Beiträge: 3 |
#5
Hallo
Kapersky Scanreport: ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Thursday, December 15, 2005 23:57:28 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 15/12/2005 Kaspersky Anti-Virus database records: 155441 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 52343 Number of viruses found: 11 Number of infected objects: 33 Number of suspicious objects: 0 Duration of the scan process: 4709 sec Infected Object Name - Virus Name C:\Dokumente und Einstellungen\User\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-3670438d.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj C:\Dokumente und Einstellungen\User\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-3670438d.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj C:\Dokumente und Einstellungen\User\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-3670438d.zip Infected: Trojan-Downloader.Java.OpenConnection.aj C:\Dokumente und Einstellungen\User\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv661.jar-897c2ff-24078f44.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c C:\Dokumente und Einstellungen\User\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv661.jar-897c2ff-24078f44.zip Infected: Trojan-Downloader.Java.OpenStream.c C:\Programme\Norton AntiVirus\Quarantine\00A03E73.class Infected: Trojan.Java.ClassLoader.h C:\Programme\Norton AntiVirus\Quarantine\02036D30.class Infected: Trojan.Java.ClassLoader.d C:\Programme\Norton AntiVirus\Quarantine\6B1D1C6E.class Infected: Trojan.Java.ClassLoader.c C:\Programme\Norton AntiVirus\Quarantine\6B20466A.class Infected: Exploit.Java.Bytverify C:\Programme\Norton AntiVirus\Quarantine\6CDF3E7E.class Infected: Trojan.Java.ClassLoader.c C:\Programme\Norton AntiVirus\Quarantine\6CE3687A.class Infected: Trojan.Java.ClassLoader.Dummy.d C:\Programme\Norton AntiVirus\Quarantine\6CE61276.class Infected: Exploit.Java.Bytverify C:\Programme\Norton AntiVirus\Quarantine\79841517.class Infected: Trojan.Java.ClassLoader.Dummy.d C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP129\A0038205.exe Infected: Backdoor.Win32.Agent.qs C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP129\A0039205.exe Infected: Backdoor.Win32.Agent.qs C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP129\A0039380.exe Infected: not-virus:Hoax.Win32.Renos.ae C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP129\A0039393.exe Infected: Backdoor.Win32.Agent.qs C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP129\A0039406.exe Infected: Backdoor.Win32.Agent.qs C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP130\A0039435.exe Infected: Backdoor.Win32.Agent.qs C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP130\A0040435.exe Infected: Backdoor.Win32.Agent.qs C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP131\A0040463.exe Infected: Trojan-Downloader.Win32.PassAlert.d C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP131\A0040465.exe/run.exe Infected: Trojan-Downloader.Win32.PassAlert.d C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP131\A0040465.exe Infected: Trojan-Downloader.Win32.PassAlert.d C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP131\A0040492.exe Infected: Backdoor.Win32.Agent.qs C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP131\A0040543.exe Infected: Backdoor.Win32.Agent.qs C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP131\A0040603.exe Infected: Backdoor.Win32.Agent.qs C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP132\A0040701.exe Infected: Backdoor.Win32.Agent.qs C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP132\A0040714.exe Infected: Backdoor.Win32.Agent.qs C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP132\A0040733.exe Infected: Trojan.Win32.StartPage.agi C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP132\A0040734.dll Infected: Backdoor.Win32.Agent.qs C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP132\A0040735.exe Infected: Backdoor.Win32.Agent.qs C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP132\A0040738.exe Infected: Backdoor.Win32.Agent.qs C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP132\A0040739.exe Infected: not-virus:Hoax.Win32.Renos.ae Scan process completed. Scanreport von silent runners: "Silent Runners.vbs", revision 41, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS] "BeFaster" = "C:\Programme\BeFaster\befaster3.exe" [file not found] "bxproxy" = "C:\WINDOWS\bxproxy.exe" [file not found] "(Default)" = (empty string) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "ATIPTA" = "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "SynTPLpr" = "C:\Programme\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."] "SynTPEnh" = "C:\Programme\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."] "(Default)" = (empty string) "IntelWireless" = "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless" ["Intel Corporation"] "EOUApp" = "C:\Programme\Intel\Wireless\Bin\EOUWiz.exe" ["Intel Corporation"] "LManager" = "C:\Programme\Launch Manager\QtZgAcer.EXE" ["Dritek System Inc."] "EPM-DM" = "c:\acer\epm\epm-dm.exe" ["Acer Value Labs, USA"] "ePowerManagement" = "C:\Acer\ePM\ePM.exe boot" ["Acer Value Labs, Taiwan"] "RemoteControl" = "C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" ["Cyberlink Corp."] "UserFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -u" [MS] "LVCOMS" = "C:\WINDOWS\system32\LVComS.exe" ["Logitech Inc."] "Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."] "PCSuiteTrayApplication" = "C:\Programme\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray" ["Nokia"] "DataLayer" = "C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE" ["Nokia Mobile Phones Ltd."] "SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_01\bin\jusched.exe" ["Sun Microsystems, Inc."] "CorelDRAW Graphics Suite 11b" = "C:\Programme\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=010206 Seri*hier nicht!*=DR12WTX-9999998-YSP lang=DE" [file not found] "Onet.pl AutoUpdate" = "C:\Programme\Common Files\Onet.pl\NewAutoUpdate.exe /tsr" ["Onet.pl"] "bxproxy" = "C:\WINDOWS\bxproxy.exe" [file not found] "KAVPersonal50" = ""C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize" [file not found] "ccApp" = ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"" ["Symantec Corporation"] "URLLSTCK.exe" = "C:\Programme\Norton Internet Security\UrlLstCk.exe" ["Symantec Corporation"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Norton Internet Security 2006" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"] {A8F38D8D-E480-4D52-B7A2-731BB6995FDD}\(Default) = "NAV Helper" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS] "{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk"] "{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "Ikona obslugi nakladki Podpisów cyfrowych AutoCAD" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\AcSignIcon.dll" ["Autodesk"] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{40950107-FEA6-4d53-A65F-B2DCBA57DD58}" = "Nokia Phone Browser" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"] "{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\ContactView.dll" ["Nokia"] "{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] "{00020000-0000-1011-8004-0000C06B5161}" = "WIBU-SYSTEMS Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WIBU-SYSTEMS\System\WibuShellExt.dll" ["WIBU-SYSTEMS AG"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! IntelWireless\DLLName = "C:\Programme\Intel\Wireless\Bin\LgNotify.dll" ["Intel Corporation"] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\sstext3d.scr" [MS] Startup items in "User" & "All Users" startup folders: ------------------------------------------------------ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Adobe Gamma Loader" -> shortcut to: "C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] "Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office10\OSA.EXE -b -l" [MS] "WinZip Quick Pick" -> shortcut to: "C:\Programme\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc."] Enabled Scheduled Tasks: ------------------------ "Norton AntiVirus - Vollständige Systemprüfung ausführen - User" -> launches: "C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exe /TASK:"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"] "Symantec NetDetect" -> launches: "C:\Programme\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 20 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{C4069E3A-68F1-403E-B40E-20066696354B}" = "Norton AntiVirus" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security 2006" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"] "{C4069E3A-68F1-403E-B40E-20066696354B}" = "Norton AntiVirus" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll" ["Sun Microsystems, Inc."] {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [Strings]: START_PAGE_URL=http://www.tiscali.de Missing lines (compared with English-language version): [Strings]: 1 line Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\system32\drivers\CDAC11BA.EXE" ["Macrovision"] Crypkey License, Crypkey License, "crypserv.exe" ["Kenonic Controls Ltd."] EvtEng, EvtEng, "C:\Programme\Intel\Wireless\Bin\EvtEng.exe" ["Intel Corporation"] Norton AntiVirus Auto-Protect-Dienst, navapsvc, ""C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"] Norton Protection Center Service, NSCService, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE"" ["Symantec Corporation"] Notebook Manager Service, anbmService, "C:\Acer\eManager\anbmServ.exe" ["OSA Technologies Inc."] OwnershipProtocol, OwnershipProtocol, "C:\Programme\Intel\Wireless\Bin\OProtSvc.exe" ["Intel Corporation"] RegSrvc, RegSrvc, "C:\Programme\Intel\Wireless\Bin\RegSrvc.exe" ["Intel Corporation"] Spectrum24 Event Monitor, S24EventMonitor, "C:\Programme\Intel\Wireless\Bin\S24EvMon.exe" ["Intel Corporation "] Symantec Core LC, Symantec Core LC, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"] Symantec Event Manager, ccEvtMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"] Symantec Network Drivers Service, SNDSrvc, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"] Symantec Network Proxy, ccProxy, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"] Symantec Settings Manager, ccSetMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"] Symantec SPBBCSvc, SPBBCSvc, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] WLANKEEPER, WLANKEEPER, "C:\Programme\Intel\Wireless\Bin\WLKeeper.exe" ["Intel® Corporation"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Brother PT-9500PC Monitor\Driver = "pt95l.dll" ["Brother Industries, Ltd."] Brother PT/CP USB Port\Driver = "ptusbp2.dll" ["Brother Industries, Ltd."] Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS] UDC\Driver = "udcpm.dll" ["fCoder Group, Inc."] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 54 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 10 seconds. ---------- (total run time: 92 seconds) |
|
|
||
18.12.2005, 20:39
Ehrenmitglied
Beiträge: 29434 |
#6
FJanek
leere das Java-Cache mit: ClearProg http://www.clearprog.de/downloads.php TuneUp 2006 (30 Tage free) Shareware http://virus-protect.org/reinigungstoolsregistry.html wende an: Cleanup repair -- TuneUp Diskcleaner Cleanup repair -- Registry Cleaner Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "fixme.reg" auf dem Desktop doppelklicken Zitat REGEDIT4--------------------------------------------------------------------------- Deaktiviere die systemwiederherstellung, dann aktiviere sie wieder http://virus-protect.org/systemwiederherstellung.html scanne + berichte http://virus-protect.org/cureit.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
Habe mir spy sherif angefangen kriege der aber nicht weg brauche hilfe
Logfile of HijackThis v1.99.1
Scan saved at 22:44:34, on 11.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Intel\Wireless\Bin\OProtSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Intel\Wireless\Bin\EOUWiz.exe
C:\Programme\Launch Manager\QtZgAcer.EXE
C:\acer\epm\epm-dm.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Programme\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
C:\Programme\Common Files\Onet.pl\NewAutoUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.tiscali.de/web/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Programme\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Programme\Gemeinsame Dateien\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\system32\LVComS.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Programme\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=121505 Seri*hier nicht!*=DR12WTX-9999998-YSP lang=DE
O4 - HKLM\..\Run: [Onet.pl AutoUpdate] C:\Programme\Common Files\Onet.pl\NewAutoUpdate.exe /tsr
O4 - HKLM\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BeFaster] C:\Programme\BeFaster\befaster3.exe
O4 - HKCU\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.de
O16 - DPF: {4C0942C1-C405-4805-B3B6-EA16F2DDD1BD} (innova-Panorama-Viewer Object) - http://www.webplaner-innoplus.de/innova/pano/prog/rundum.7.0.2.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D996BE82-3D5B-476B-ABB5-4F72DC7ECF69}: NameServer = 192.168.2.1
O20 - Winlogon Notify: IntelWireless - C:\Programme\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Programme\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
MFG janek