SPYSHERIF - wi kriege ichder wieder weg

#0
11.12.2005, 23:01
...neu hier

Beiträge: 3
#1 Halo

Habe mir spy sherif angefangen kriege der aber nicht weg brauche hilfe

Logfile of HijackThis v1.99.1
Scan saved at 22:44:34, on 11.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Intel\Wireless\Bin\OProtSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Intel\Wireless\Bin\EOUWiz.exe
C:\Programme\Launch Manager\QtZgAcer.EXE
C:\acer\epm\epm-dm.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Programme\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
C:\Programme\Common Files\Onet.pl\NewAutoUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.tiscali.de/web/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Programme\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Programme\Gemeinsame Dateien\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [LVCOMS] C:\WINDOWS\system32\LVComS.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Programme\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=121505 Seri*hier nicht!*=DR12WTX-9999998-YSP lang=DE
O4 - HKLM\..\Run: [Onet.pl AutoUpdate] C:\Programme\Common Files\Onet.pl\NewAutoUpdate.exe /tsr
O4 - HKLM\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BeFaster] C:\Programme\BeFaster\befaster3.exe
O4 - HKCU\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.de
O16 - DPF: {4C0942C1-C405-4805-B3B6-EA16F2DDD1BD} (innova-Panorama-Viewer Object) - http://www.webplaner-innoplus.de/innova/pano/prog/rundum.7.0.2.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D996BE82-3D5B-476B-ABB5-4F72DC7ECF69}: NameServer = 192.168.2.1
O20 - Winlogon Notify: IntelWireless - C:\Programme\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Programme\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe

MFG janek
Seitenanfang Seitenende
13.12.2005, 15:45
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Hallo@FJanek

C:\WINDOWS\bxproxy.exe

Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum
http://www.virustotal.com/flash/index_en.html




wende CleanUp an (genau, mit den einstellungen, wie auf der seite erklaert)
http://virus-protect.org/cleanup.html

kopiere hier die 4 textdateien (3 Monate vom Datum her genuegen)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
13.12.2005, 18:40
...neu hier

Themenstarter

Beiträge: 3
#3 Danke für Hilfe

Da sind de Ergebnise

This is a report processed by VirusTotal on 12/13/2005 at 18:31:08 (CET) after scanning the file "bxproxy.exe" file.

Antivirus Version Update Result
AntiVir 6.33.0.61 12.13.2005 BDS/Agent.QS
Avast 4.6.695.0 12.13.2005 Win32:Trojano-3006
AVG 718 12.08.2005 BackDoor.Agent.UB
Avira 6.33.0.61 12.13.2005 BDS/Agent.QS
BitDefender 7.2 12.13.2005 Backdoor.Agent.I
CAT-QuickHeal 8.00 12.13.2005 Backdoor.Agent.qs
ClamAV devel-20051108 12.12.2005 no virus found
DrWeb 4.33 12.13.2005 Trojan.Proxy.576
eTrust-Iris 7.1.194.0 12.13.2005 Win32/Bxproxy.69632!Trojan
eTrust-Vet 12.3.3.0 12.13.2005 Win32/Dueesn.A
Fortinet 2.54.0.0 12.12.2005 W32/Agent.QS-bdr
F-Prot 3.16c 12.12.2005 security risk named W32/Agent.AFK
Ikarus 0.2.59.0 12.13.2005 Backdoor.Win32.Agent.QS
Kaspersky 4.0.2.24 12.13.2005 Backdoor.Win32.Agent.qs
McAfee 4648 12.12.2005 Spam-IXProxy
NOD32v2 1.1320 12.12.2005 no virus found
Norman 5.70.10 12.13.2005 W32/Agent.LER
Panda 8.02.00 12.13.2005 Bck/Agent.AXG
Sophos 4.00.0 12.13.2005 Troj/MSpam-C
Symantec 8.0 12.13.2005 Backdoor.Trojan
TheHacker 5.9.1.054 12.13.2005 Backdoor/Agent.qs
VBA32 3.10.5 12.13.2005 Backdoor.Win32.Agent.qs

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 54B0-EA8C

Verzeichnis von C:\WINDOWS\system32

12.12.2005 16:55 13.758 wpa.dbl
10.12.2005 23:41 4.081 paytime.exe
10.12.2005 23:41 24.576 RpcxSs.dll
10.12.2005 23:41 69.632 bnmsrv.exe

30.11.2005 22:24 233.576 FNTCACHE.DAT
10.11.2005 23:29 382.026 perfh009.dat
10.11.2005 23:29 53.770 perfc009.dat
10.11.2005 23:29 64.848 perfc007.dat
10.11.2005 23:29 393.086 perfh007.dat
10.11.2005 23:29 900.770 PerfStringBackup.INI
10.11.2005 23:29 525 mapisvc.inf
07.11.2005 16:26 491.520 rundumX.dll
04.11.2005 06:46 1.680 esnecil.ind
03.11.2005 19:27 1.680 esnecil.nlp
03.11.2005 13:22 53.248 CadErrString.dll


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 54B0-EA8C

Verzeichnis von C:\DOKUME~1\User\LOKALE~1\Temp

13.12.2005 18:24 4.096 asat0000.tmp
1 Datei(en) 4.096 Bytes
0 Verzeichnis(se), 11.659.284.480 Bytes frei


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 54B0-EA8C

Verzeichnis von C:\WINDOWS

13.12.2005 18:25 16.793 ODBC.INI
13.12.2005 15:24 1.905.888 WindowsUpdate.log
13.12.2005 13:01 4.876 ModemLog_SoftV92 Data Fax Modem with SmartCP.txt
13.12.2005 13:00 159 wiadebug.log
13.12.2005 13:00 50 wiaservc.log
13.12.2005 13:00 0 0.log
13.12.2005 13:00 2.048 bootstat.dat
12.12.2005 21:14 218.550 setupapi.log
12.12.2005 12:29 32.420 SchedLgU.Txt
11.12.2005 17:41 12 WININIT.INI
10.12.2005 23:42 2.033 hosts
10.12.2005 23:41 3.048 secure32.html
10.12.2005 23:41 1.024 degbes.exe
10.12.2005 23:41 1.024 de.exe
10.12.2005 23:41 69.632 bxproxy.exe
10.12.2005 23:41 29.184 tool2.exe
10.12.2005 23:41 2.048 kl.exe
10.12.2005 23:41 0 uniq

10.12.2005 22:12 0 kamerzysta.log
13.11.2005 18:40 99.970 UninstallFirefox.exe
13.11.2005 18:40 5.047 mozver.dat
13.11.2005 17:28 990 win.ini
13.11.2005 16:10 360.115 iis6.log
13.11.2005 16:10 112.438 comsetup.log
13.11.2005 16:10 66.487 ntdtcsetup.log
13.11.2005 16:10 142.774 tsoc.log
13.11.2005 16:10 1.393 imsins.log
13.11.2005 16:10 15.911 tabletoc.log
13.11.2005 16:10 16.959 ocmsn.log
13.11.2005 16:10 11.974 KB896424.log
13.11.2005 16:10 53.691 netfxocm.log
13.11.2005 16:10 151.784 ocgen.log
13.11.2005 16:10 21.473 MedCtrOC.log
13.11.2005 16:10 15.394 msgsocm.log
13.11.2005 16:10 352.339 FaxSetup.log
13.11.2005 16:10 97.970 msmqinst.log
13.11.2005 16:10 21.589 updspapi.log
10.11.2005 23:56 1.071 AWMODEM.INF
04.11.2005 06:47 34 cdplayer.ini
03.11.2005 19:27 455 TEDIS.INI
03.11.2005 19:18 25 Crypkey.ini
03.11.2005 19:17 286.720 iun507.exe
02.11.2005 08:21 1.374 imsins.BAK

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 54B0-EA8C

Verzeichnis von C:\

13.12.2005 18:40 0 sys.txt
13.12.2005 18:40 9.234 system.txt
13.12.2005 18:39 292 systemtemp.txt
13.12.2005 18:39 101.619 system32.txt
13.12.2005 13:00 535.285.760 hiberfil.sys
13.12.2005 13:00 802.824.192 pagefile.sys
10.12.2005 23:41 3.048 secure32.html
24.11.2005 20:35 0 fehler
13.11.2005 17:26 318 EibTab20.INI
01.02.2005 15:49 6 ISACER.ID
01.02.2005 13:03 0 CONFIG.SYS
01.02.2005 13:03 0 MSDOS.SYS
01.02.2005 13:03 0 IO.SYS
01.02.2005 13:03 0 AUTOEXEC.BAT
01.02.2005 12:56 211 boot.ini
04.08.2004 13:00 4.952 bootfont.bin
04.08.2004 13:00 47.564 NTDETECT.COM
04.08.2004 13:00 251.184 ntldr
18 Datei(en) 1.338.528.380 Bytes
0 Verzeichnis(se), 11.659.284.480 Bytes frei
Seitenanfang Seitenende
14.12.2005, 10:09
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 FJanek

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O4 - HKLM\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe

PC neustarten

KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

Options: Delete on Reboot / Process all in List )--> anhaken
reinkopieren:
...
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"

C:\WINDOWS\system32\paytime.exe
C:\WINDOWS\system32\RpcxSs.dll
C:\WINDOWS\system32\bnmsrv.exe
C:\WINDOWS\hosts
C:\secure32.html
C:\WINDOWS\secure32.html
C:\WINDOWS\degbes.exe
C:\WINDOWS\de.exe
C:\WINDOWS\bxproxy.exe
C:\WINDOWS\tool2.exe
C:\WINDOWS\kl.exe
C:\WINDOWS\uniq

PC neustarten

Hoster.zip
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.

scanne mit Kaspersky und poste den scanreport
http://virus-protect.org/onlinescan.html

Silentrunner
http://virus-protect.org/silentrunner.html

-----------------

c:\secure32.html
http://virus-protect.org/artikel/spyware/secure_32.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
18.12.2005, 15:59
...neu hier

Themenstarter

Beiträge: 3
#5 Hallo

Kapersky Scanreport:
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, December 15, 2005 23:57:28
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 15/12/2005
Kaspersky Anti-Virus database records: 155441
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 52343
Number of viruses found: 11
Number of infected objects: 33
Number of suspicious objects: 0
Duration of the scan process: 4709 sec

Infected Object Name - Virus Name
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-3670438d.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-3670438d.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-3670438d.zip Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv661.jar-897c2ff-24078f44.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Dokumente und Einstellungen\User\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv661.jar-897c2ff-24078f44.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Programme\Norton AntiVirus\Quarantine\00A03E73.class Infected: Trojan.Java.ClassLoader.h
C:\Programme\Norton AntiVirus\Quarantine\02036D30.class Infected: Trojan.Java.ClassLoader.d
C:\Programme\Norton AntiVirus\Quarantine\6B1D1C6E.class Infected: Trojan.Java.ClassLoader.c
C:\Programme\Norton AntiVirus\Quarantine\6B20466A.class Infected: Exploit.Java.Bytverify
C:\Programme\Norton AntiVirus\Quarantine\6CDF3E7E.class Infected: Trojan.Java.ClassLoader.c
C:\Programme\Norton AntiVirus\Quarantine\6CE3687A.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Programme\Norton AntiVirus\Quarantine\6CE61276.class Infected: Exploit.Java.Bytverify
C:\Programme\Norton AntiVirus\Quarantine\79841517.class Infected: Trojan.Java.ClassLoader.Dummy.d
C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP129\A0038205.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP129\A0039205.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP129\A0039380.exe Infected: not-virus:Hoax.Win32.Renos.ae
C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP129\A0039393.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP129\A0039406.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP130\A0039435.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP130\A0040435.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP131\A0040463.exe Infected: Trojan-Downloader.Win32.PassAlert.d
C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP131\A0040465.exe/run.exe Infected: Trojan-Downloader.Win32.PassAlert.d
C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP131\A0040465.exe Infected: Trojan-Downloader.Win32.PassAlert.d
C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP131\A0040492.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP131\A0040543.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP131\A0040603.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP132\A0040701.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP132\A0040714.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP132\A0040733.exe Infected: Trojan.Win32.StartPage.agi
C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP132\A0040734.dll Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP132\A0040735.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP132\A0040738.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{2C6F5F86-FD69-43C9-93C0-0CEC10996C44}\RP132\A0040739.exe Infected: not-virus:Hoax.Win32.Renos.ae

Scan process completed.

Scanreport von silent runners:

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS]
"BeFaster" = "C:\Programme\BeFaster\befaster3.exe" [file not found]
"bxproxy" = "C:\WINDOWS\bxproxy.exe" [file not found]
"(Default)" = (empty string)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATIPTA" = "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"SynTPLpr" = "C:\Programme\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Programme\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"(Default)" = (empty string)
"IntelWireless" = "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless" ["Intel Corporation"]
"EOUApp" = "C:\Programme\Intel\Wireless\Bin\EOUWiz.exe" ["Intel Corporation"]
"LManager" = "C:\Programme\Launch Manager\QtZgAcer.EXE" ["Dritek System Inc."]
"EPM-DM" = "c:\acer\epm\epm-dm.exe" ["Acer Value Labs, USA"]
"ePowerManagement" = "C:\Acer\ePM\ePM.exe boot" ["Acer Value Labs, Taiwan"]
"RemoteControl" = "C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" ["Cyberlink Corp."]
"UserFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -u" [MS]
"LVCOMS" = "C:\WINDOWS\system32\LVComS.exe" ["Logitech Inc."]
"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]
"PCSuiteTrayApplication" = "C:\Programme\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray" ["Nokia"]
"DataLayer" = "C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE" ["Nokia Mobile Phones Ltd."]
"SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_01\bin\jusched.exe" ["Sun Microsystems, Inc."]
"CorelDRAW Graphics Suite 11b" = "C:\Programme\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=010206 Seri*hier nicht!*=DR12WTX-9999998-YSP lang=DE" [file not found]
"Onet.pl AutoUpdate" = "C:\Programme\Common Files\Onet.pl\NewAutoUpdate.exe /tsr" ["Onet.pl"]
"bxproxy" = "C:\WINDOWS\bxproxy.exe" [file not found]
"KAVPersonal50" = ""C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize" [file not found]
"ccApp" = ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"URLLSTCK.exe" = "C:\Programme\Norton Internet Security\UrlLstCk.exe" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Norton Internet Security 2006"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}\(Default) = "NAV Helper"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS]
"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk"]
"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "Ikona obslugi nakladki Podpisów cyfrowych AutoCAD"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\AcSignIcon.dll" ["Autodesk"]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{40950107-FEA6-4d53-A65F-B2DCBA57DD58}" = "Nokia Phone Browser"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\ContactView.dll" ["Nokia"]
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
"{00020000-0000-1011-8004-0000C06B5161}" = "WIBU-SYSTEMS Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WIBU-SYSTEMS\System\WibuShellExt.dll" ["WIBU-SYSTEMS AG"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! IntelWireless\DLLName = "C:\Programme\Intel\Wireless\Bin\LgNotify.dll" ["Intel Corporation"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\sstext3d.scr" [MS]


Startup items in "User" & "All Users" startup folders:
------------------------------------------------------

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Adobe Gamma Loader" -> shortcut to: "C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"WinZip Quick Pick" -> shortcut to: "C:\Programme\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc."]


Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Vollständige Systemprüfung ausführen - User" -> launches: "C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exe /TASK:"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Programme\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 20
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{C4069E3A-68F1-403E-B40E-20066696354B}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security 2006"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

"{C4069E3A-68F1-403E-B40E-20066696354B}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll" ["Sun Microsystems, Inc."]

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.tiscali.de

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\system32\drivers\CDAC11BA.EXE" ["Macrovision"]
Crypkey License, Crypkey License, "crypserv.exe" ["Kenonic Controls Ltd."]
EvtEng, EvtEng, "C:\Programme\Intel\Wireless\Bin\EvtEng.exe" ["Intel Corporation"]
Norton AntiVirus Auto-Protect-Dienst, navapsvc, ""C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Norton Protection Center Service, NSCService, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE"" ["Symantec Corporation"]
Notebook Manager Service, anbmService, "C:\Acer\eManager\anbmServ.exe" ["OSA Technologies Inc."]
OwnershipProtocol, OwnershipProtocol, "C:\Programme\Intel\Wireless\Bin\OProtSvc.exe" ["Intel Corporation"]
RegSrvc, RegSrvc, "C:\Programme\Intel\Wireless\Bin\RegSrvc.exe" ["Intel Corporation"]
Spectrum24 Event Monitor, S24EventMonitor, "C:\Programme\Intel\Wireless\Bin\S24EvMon.exe" ["Intel Corporation "]
Symantec Core LC, Symantec Core LC, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Network Proxy, ccProxy, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
WLANKEEPER, WLANKEEPER, "C:\Programme\Intel\Wireless\Bin\WLKeeper.exe" ["Intel® Corporation"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Brother PT-9500PC Monitor\Driver = "pt95l.dll" ["Brother Industries, Ltd."]
Brother PT/CP USB Port\Driver = "ptusbp2.dll" ["Brother Industries, Ltd."]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
UDC\Driver = "udcpm.dll" ["fCoder Group, Inc."]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 54 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 10 seconds.
---------- (total run time: 92 seconds)
Seitenanfang Seitenende
18.12.2005, 20:39
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 FJanek

leere das Java-Cache mit:
ClearProg
http://www.clearprog.de/downloads.php

TuneUp 2006 (30 Tage free) Shareware

http://virus-protect.org/reinigungstoolsregistry.html
wende an:
Cleanup repair -- TuneUp Diskcleaner
Cleanup repair -- Registry Cleaner

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.

Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "fixme.reg" auf dem Desktop doppelklicken

Zitat

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bxproxy"=-
"BeFaster"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bxproxy"=-
---------------------------------------------------------------------------

Deaktiviere die systemwiederherstellung, dann aktiviere sie wieder
http://virus-protect.org/systemwiederherstellung.html

scanne + berichte
http://virus-protect.org/cureit.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: