unaufgefordertes öffnen von seiten mit der endung yyy102.html und ect. |
||
---|---|---|
#0
| ||
14.12.2005, 12:48
...neu hier
Beiträge: 5 |
||
|
||
19.12.2005, 14:14
Ehrenmitglied
Beiträge: 29434 |
#2
GlobalDeath
das sieht nach einer verseuchung mit Look2Me aus. Arbeite Option 2 ab, und nach den Neustart Option 4 und kopiere hier den scanreport http://virus-protect.org/l2mfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.12.2005, 20:26
...neu hier
Themenstarter Beiträge: 5 |
#3
L2MFIX find log 121605
These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] "Asynchronous"=dword:00000000 "DllName"="" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ThemeManager] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\n8n60i5se8.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{3F45765C-6A24-DC0C-0E30-0688D90A7F18}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Eigenschaften fr Multimediadatei" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite fr Dokumente" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen fr Freigaben" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Grafikkarten" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Bildschirme" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Anzeigeverschiebung" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung fr Datentr„gerkopien" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen fr Microsoft Windows-Netzwerkobjekte" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen fr die Dateikomprimierung" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung fr Webdrucker" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen fr die Verschlsselung" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung fr HyperTerminal-Icons" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen fr Freigaben" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen fr Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverknpfung" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausfhren..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Syntaxanalyse der Adressleiste" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begráungsbildschirm" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abzgen ber das Internet" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverknpfung" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu" "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail" "{F802F260-519B-11D1-BB5D-0060974C6013}"="ICQ Shell Extension" "{330417E8-EF62-4047-82BE-D8305CEFF572}"="AMEncShlExt extension" "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper" "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"="TuneUp Shredder Shell Context Menu Extension" "{B8323370-FF27-11D2-97B6-204C4F4F5020}"="SmartFTP Shell Extension DLL" "{ADF4274D-9E9E-4E14-8E4D-2FB1B8E43A13}"="" "{2E090384-7357-42C2-ABD9-443586D903F6}"="" "{FD0A3521-4EC0-4229-8BEE-18C282F137D8}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{ADF4274D-9E9E-4E14-8E4D-2FB1B8E43A13}] @="" [HKEY_CLASSES_ROOT\CLSID\{ADF4274D-9E9E-4E14-8E4D-2FB1B8E43A13}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{ADF4274D-9E9E-4E14-8E4D-2FB1B8E43A13}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{ADF4274D-9E9E-4E14-8E4D-2FB1B8E43A13}\InprocServer32] @="C:\\WINDOWS\\system32\\nkwrsar.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{2E090384-7357-42C2-ABD9-443586D903F6}] @="" [HKEY_CLASSES_ROOT\CLSID\{2E090384-7357-42C2-ABD9-443586D903F6}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{2E090384-7357-42C2-ABD9-443586D903F6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{2E090384-7357-42C2-ABD9-443586D903F6}\InprocServer32] @="C:\\WINDOWS\\system32\\svredir.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{FD0A3521-4EC0-4229-8BEE-18C282F137D8}] @="" [HKEY_CLASSES_ROOT\CLSID\{FD0A3521-4EC0-4229-8BEE-18C282F137D8}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{FD0A3521-4EC0-4229-8BEE-18C282F137D8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{FD0A3521-4EC0-4229-8BEE-18C282F137D8}\InprocServer32] @="C:\\WINDOWS\\system32\\rmmotepg.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ aoldial.dll Thu 13 Oct 2005 11:45:38 A.... 104.024 101,59 K cmdlin~1.dll Mon 12 Dec 2005 17:24:46 A.... 98.304 96,00 K enpol1~1.dll Fri 16 Dec 2005 18:32:38 ..S.R 236.723 231,17 K fp4003~1.dll Sun 18 Dec 2005 22:18:20 ..S.R 236.822 231,27 K gdi32.dll Thu 6 Oct 2005 4:20:34 A.... 260.608 254,50 K mshtml.dll Tue 4 Oct 2005 11:33:40 A.... 2.700.288 2,57 M n8n60i~1.dll Sat 17 Dec 2005 15:09:20 ..S.R 236.822 231,27 K s32evnt1.dll Thu 1 Dec 2005 12:14:20 A.... 86.091 84,07 K shell32.dll Fri 23 Sep 2005 4:27:42 A.... 8.389.632 8,00 M sirenacm.dll Thu 13 Oct 2005 8:11:06 A.... 118.784 116,00 K svredir.dll Mon 19 Dec 2005 19:16:42 ..... 236.822 231,27 K sysogg.dll Thu 3 Nov 2005 1:59:02 A.... 25 0,02 K xpsp2res.dll Tue 27 Sep 2005 1:41:26 A.... 611.840 597,50 K 13 items found: 13 files (3 H/S), 0 directories. Total of file sizes: 13.316.785 bytes 12,70 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ guard.tmp Mon 19 Dec 2005 19:20:42 ..S.R 236.822 231,27 K 1 item found: 1 file (1 H/S), 0 directories. Total of file sizes: 236.822 bytes 231,27 K ********************************************************************************** Directory Listing of system files: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: A497-4E75 Verzeichnis von C:\WINDOWS\System32 19.12.2005 19:20 236.822 guard.tmp 18.12.2005 22:18 236.822 fp4003hme.dll 17.12.2005 15:09 236.822 n8n60i5se8.dll 16.12.2005 18:32 236.723 enpol1731.dll 16.12.2005 15:47 <DIR> dllcache 17.05.2005 17:26 <DIR> Microsoft 4 Datei(en) 947.189 Bytes 2 Verzeichnis(se), 2.385.874.944 Bytes frei hier 2 log : L2mfix Beta 121605 Creating Account. Der Befehl wurde erfolgreich ausgefhrt. Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Checking for L2MFix account(0=no 1=yes): 0 zip warning: name not matched: dlls\*.* zip error: Nothing to do! (backup.zip) updating: backregs/2E090384-7357-42C2-ABD9-443586D903F6.reg (188 bytes security) (deflated 71%) updating: backregs/ADF4274D-9E9E-4E14-8E4D-2FB1B8E43A13.reg (188 bytes security) (deflated 70%) updating: backregs/FD0A3521-4EC0-4229-8BEE-18C282F137D8.reg (188 bytes security) (deflated 70%) updating: backregs/notibac.reg (140 bytes security) (deflated 87%) hier der log con hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 20:26:04, on 19.12.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\notepad.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\Dit.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe C:\Programme\Winamp\winampa.exe C:\WINDOWS\System32\RunDll32.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\Google\Google Talk\googletalk.exe C:\WINDOWS\DitExp.exe C:\WINDOWS\system\CmSNXeye.exe C:\WINDOWS\system\CmSNXeye.exe C:\WINDOWS\system\CmSNXeye.exe C:\WINDOWS\System32\msiexec.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Messenger\msmsgs.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Dokumente und Einstellungen\BlOoDyDeAtH\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=:0 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [googletalk] "C:\Programme\Google\Google Talk\googletalk.exe" /autostart O8 - Extra context menu item: &Google-Suche - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Ins Deutsche übersetzen - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Download with NetPumper - C:\Programme\NetPumper\AddUrl.htm O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\n8n60i5se8.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe |
|
|
||
20.12.2005, 02:45
Ehrenmitglied
Beiträge: 29434 |
#4
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum
http://www.virustotal.com/flash/index_en.html C:\WINDOWS\system\CmSNXeye.exe -------------------------------------------------------------------- öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\n8n60i5se8.dll PC neustarten KILLBOX - Pocket KillBox http://virus-protect.org/killbox.html Options: Delete on Reboot / Process all in List )--> anhaken reinkopieren: ... und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" C:\WINDOWS\System32\guard.tmp C:\WINDOWS\System32\fp4003hme.dll C:\WINDOWS\System32\n8n60i5se8.dll C:\WINDOWS\system32\svredir.dll C:\WINDOWS\system32\rmmotepg.dll C:\WINDOWS\System32\enpol1731.dll PC neustarten Hoster.zip -> anwenden http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. VX2Finder XP/2000 http://www.downloads.subratam.org/VX2Finder.exe kopiere hier den scanreport spysweeper trial (kopiere den scanreport) http://virus-protect.org/spysweeper.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.12.2005, 21:09
...neu hier
Themenstarter Beiträge: 5 |
#5
This is a report processed by VirusTotal on 12/20/2005 at 20:20:23 (CET) after scanning the file "cmsnxeye.exe" file.
Antivirus Version Update Result AntiVir 6.33.0.70 12.20.2005 no virus found Avast 4.6.695.0 12.20.2005 no virus found AVG 718 12.20.2005 no virus found Avira 6.33.0.70 12.20.2005 no virus found BitDefender 7.2 12.20.2005 no virus found CAT-QuickHeal 8.00 12.19.2005 no virus found ClamAV devel-20051108 12.19.2005 no virus found DrWeb 4.33 12.20.2005 no virus found eTrust-Iris 7.1.194.0 12.19.2005 no virus found eTrust-Vet 12.3.3.0 12.20.2005 no virus found Fortinet 2.54.0.0 12.20.2005 no virus found F-Prot 3.16c 12.20.2005 no virus found Ikarus 0.2.59.0 12.20.2005 no virus found Kaspersky 4.0.2.24 12.20.2005 no virus found McAfee 4654 12.20.2005 no virus found NOD32v2 1.1330 12.20.2005 no virus found Norman 5.70.10 12.20.2005 no virus found Panda 8.02.00 12.20.2005 no virus found Sophos 4.01.0 12.20.2005 no virus found Symantec 8.0 12.20.2005 no virus found TheHacker 5.9.1.059 12.19.2005 no virus found VBA32 3.10.5 12.20.2005 no virus found VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. Log for VX2.BetterInternet File Finder (ALL) Files Found--- Additional Files--- Keys Under Notify--- crypt32chain cryptnet cscdll ScCertProp Schedule sclgntfy SensLogn Syncmgr termsrv wlballoon Guardian Key--- is called: Guardian Key--- : User Agent String--- {3F45765C-6A24-DC0C-0E30-0688D90A7F18} ******** 20:45: | Start of Session, Dienstag, 20. Dezember 2005 | 20:45: Spy Sweeper started 20:45: Sweep initiated using definitions version 556 20:45: Found Adware: look2me 20:45: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\syncmgr\ || dllname (ID = 129987) 20:45: hrjq0515e.dll (ID = 129987) 20:45: Starting Memory Sweep 20:46: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:46: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:47: Memory Sweep Complete, Elapsed Time: 00:01:24 20:47: Starting Registry Sweep 20:47: Found Adware: azsearch toolbar 20:47: HKCR\azentretien.loader\ (5 subtraces) (ID = 103886) 20:47: HKCR\clsid\{0d2def3a-f4f1-42ec-ac4f-132e7ba6e292}\ (6 subtraces) (ID = 103887) 20:47: HKLM\software\azentretienco\ (3 subtraces) (ID = 103905) 20:47: HKLM\software\classes\azentretien.loader.1\ (3 subtraces) (ID = 103909) 20:47: HKLM\software\classes\azentretien.loader\ (5 subtraces) (ID = 103910) 20:47: HKLM\software\classes\clsid\{0d2def3a-f4f1-42ec-ac4f-132e7ba6e292}\ (6 subtraces) (ID = 103911) 20:47: Found Adware: winad 20:47: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll\ (1 subtraces) (ID = 763026) 20:47: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:47: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:47: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:47: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:47: Registry Sweep Complete, Elapsed Time:00:00:13 20:47: Starting Cookie Sweep 20:47: Found Spy Cookie: adtech cookie 20:47: bloodydeath@adtech[1].txt (ID = 2155) 20:47: Found Spy Cookie: falkag cookie 20:47: bloodydeath@as1.falkag[2].txt (ID = 2650) 20:47: Found Spy Cookie: atwola cookie 20:47: bloodydeath@atwola[1].txt (ID = 2255) 20:47: Found Spy Cookie: paypopup cookie 20:47: bloodydeath@paypopup[2].txt (ID = 3119) 20:47: Found Spy Cookie: tradedoubler cookie 20:47: bloodydeath@tradedoubler[2].txt (ID = 3575) 20:47: Found Spy Cookie: zedo cookie 20:47: bloodydeath@zedo[2].txt (ID = 3762) 20:47: Cookie Sweep Complete, Elapsed Time: 00:00:00 20:47: Starting File Sweep 20:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:49: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:49: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:49: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:49: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:49: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:49: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:49: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:49: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:49: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:49: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:50: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:50: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:53: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:53: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:53: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:53: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:53: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:53: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:53: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:53: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:58: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:58: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:58: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:58: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:58: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:58: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:58: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:58: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 20:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 20:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 21:00: File Sweep Complete, Elapsed Time: 00:12:38 21:00: Full Sweep has completed. Elapsed time 00:14:23 21:00: Traces Found: 44 21:00: Removal process initiated 21:00: Quarantining All Traces: look2me 21:00: look2me is in use. It will be removed on reboot. 21:00: hrjq0515e.dll is in use. It will be removed on reboot. 21:00: Quarantining All Traces: azsearch toolbar 21:00: Quarantining All Traces: winad 21:00: Quarantining All Traces: adtech cookie 21:00: Quarantining All Traces: atwola cookie 21:00: Quarantining All Traces: falkag cookie 21:00: Quarantining All Traces: paypopup cookie 21:00: Quarantining All Traces: tradedoubler cookie 21:00: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 21:00: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 21:00: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 21:00: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 21:00: Quarantining All Traces: zedo cookie 21:01: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 21:01: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 21:01: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 21:01: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 21:02: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 21:02: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 21:02: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 21:02: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 21:02: Preparing to restart your computer. Please wait... 21:02: Removal process completed. Elapsed time 00:01:58 21:06: Your spyware definitions have been updated. 21:06: Updating spyware definitions 21:07: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later. ******** 20:44: | Start of Session, Dienstag, 20. Dezember 2005 | 20:44: Spy Sweeper started |
|
|
||
21.12.2005, 00:53
Ehrenmitglied
Beiträge: 29434 |
#6
GlobalDeath
wende Cleanup nach Anleitung auf der Seite an http://virus-protect.org/cleanup.html kopiere hier die 4 Textdateien (3 Monate vom Datum her genuegen) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
21.12.2005, 19:24
...neu hier
Beiträge: 2 |
#7
huhu,
ich habe genau das selbe problem wie GlobalDeath, habe gelesen was hier gepostet wurde doch verstehen tue ich das ganze nicht so könntet ihr mir da ein wenig unter die arme greifen ? wäre nett.... mfg mc_HH |
|
|
||
21.12.2005, 20:19
...neu hier
Themenstarter Beiträge: 5 |
#8
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: A497-4E75 Verzeichnis von C:\WINDOWS\system32 21.12.2005 20:15 29.965 nvapps.xml 21.12.2005 20:15 236.024 guard.tmp 21.12.2005 20:06 236.024 qc-mt331.dll 20.12.2005 22:07 234.021 e820lifm182a.dll 20.12.2005 21:03 236.024 hp0023dmg.dll 19.12.2005 20:21 236.822 nqth.dll 19.12.2005 20:19 59 direct.txt 19.12.2005 20:18 236.887 hr6005jme.dll 18.12.2005 22:16 2.206 wpa.dbl 14.12.2005 19:17 492.544 WRLogonNtf.dll 14.12.2005 19:17 8.192 ssiefr.EXE 14.12.2005 19:17 17.920 wrlzma.dll 14.12.2005 12:11 311.604 perfh009.dat 14.12.2005 12:11 39.992 perfc009.dat 14.12.2005 12:11 48.156 perfc007.dat 14.12.2005 12:11 316.594 perfh007.dat 14.12.2005 12:11 721.390 PerfStringBackup.INI 12.12.2005 17:24 98.304 CmdLineExt.dll 11.12.2005 19:24 2.550 Uninstall.ico 11.12.2005 19:24 1.406 Help.ico 11.12.2005 19:24 1.718 Open.ico 11.12.2005 19:24 1.406 AddQuit.ico 11.12.2005 19:24 5.350 IE.ico 11.12.2005 19:24 9.470 Desktop.ico 11.12.2005 19:24 1.718 Quick.ico 09.12.2005 01:21 2.723.680 MRT.exe 01.12.2005 12:14 86.091 S32EVNT1.DLL 28.11.2005 00:03 231.184 FNTCACHE.DAT 27.11.2005 11:39 17.409 azebar.xml 24.11.2005 01:18 2.780 qtplugin.log 22.11.2005 17:39 2.700.288 MSHTML.DLL 03.11.2005 01:59 25 sysogg.dll 02.11.2005 00:44 127.574 tsuninst.exe 27.10.2005 20:07 229.888 srrstr.dll 21.10.2005 16:49 461.312 URLMON.DLL 21.10.2005 16:49 496.640 MSTIME.DLL 21.10.2005 16:49 582.144 WININET.DLL 21.10.2005 15:36 1.339.392 SHDOCVW.DLL 21.10.2005 12:49 192.512 DXTRANS.DLL 20.10.2005 23:33 1.003.008 esent.dll 20.10.2005 19:08 988.160 DANIM.DLL 19.10.2005 18:50 16.384 restart.exe 2: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: A497-4E75 Verzeichnis von C:\DOKUME~1\BLOODY~1\LOKALE~1\Temp 21.12.2005 20:16 284 MSIadaaf.LOG 1 Datei(en) 284 Bytes 0 Verzeichnis(se), 2.286.247.936 Bytes frei 3: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: A497-4E75 Verzeichnis von C:\WINDOWS 21.12.2005 20:16 467.551 setupapi.log 21.12.2005 20:06 1.682.294 WindowsUpdate.log 21.12.2005 20:05 0 0.log 21.12.2005 20:04 159 wiadebug.log 21.12.2005 20:04 50 wiaservc.log 20.12.2005 22:07 32.540 SchedLgU.Txt 20.12.2005 20:43 975 win.ini 19.12.2005 20:33 63.734 iis6.log 19.12.2005 20:33 150.929 comsetup.log 19.12.2005 20:33 91.803 ntdtcsetup.log 19.12.2005 20:33 9.366 KB910437.log 19.12.2005 20:33 168.974 tsoc.log 19.12.2005 20:33 1.393 imsins.log 19.12.2005 20:33 15.846 ocmsn.log 19.12.2005 20:33 240.407 ocgen.log 19.12.2005 20:33 21.012 msgsocm.log 19.12.2005 20:33 417.550 FaxSetup.log 19.12.2005 20:33 23.858 updspapi.log 19.12.2005 20:33 1.393 imsins.BAK 19.12.2005 20:33 6.398 KB905915-IE6SP1-20051122.175908.log 19.12.2005 20:32 7.759 KB835409.log 19.12.2005 20:31 96.855 wmsetup.log 19.12.2005 20:21 283.372 ntbtlog.txt 16.12.2005 23:38 167 cod2demo.ini 15.12.2005 15:33 12.584 mozver.dat 14.12.2005 19:17 478.720 WRUninstall.dll 14.12.2005 12:12 107.132 UninstallFirefox.exe 13.12.2005 13:23 195.928 Directx.log 12.12.2005 17:24 316.640 WMSysPr9.prx 11.12.2005 19:24 32 pavsig.txt 11.12.2005 18:18 227 system.ini 27.11.2005 18:59 201.293 setupact.log 25.11.2005 19:35 60.416 ALCFDRTM.VER 23.11.2005 01:06 541 bobdown.ini 22.11.2005 00:25 75 gfscore.ini 16.11.2005 17:22 110 gui.INI 12.11.2005 17:52 248 accessdll.log 12.11.2005 16:27 399 nsw.log 12.11.2005 14:37 323 doom3.ini 10.11.2005 19:03 12.386 KB896424.log 30.10.2005 19:17 192 winamp.ini 15.10.2005 02:54 16.846 KB901017.log 15.10.2005 02:54 10.366 KB896688-IE6SP1-20051004.130236.log 15.10.2005 02:53 12.528 KB905495.log 15.10.2005 02:53 12.488 KB904706.log 15.10.2005 02:51 15.697 KB905414.log 15.10.2005 02:51 15.724 KB900725.log 15.10.2005 02:50 12.481 KB905749.log 13.10.2005 18:21 23.448 KB902400.log 11.10.2005 18:17 1.146.285 setupapi.log.0.old 09.10.2005 18:06 293.131 ESL Funmapladder Mappack - have more fun Uninstaller.exe 04.10.2005 20:46 73.605 War3Unin.dat 01.10.2005 18:39 26 NeoSetup.INI 22.09.2005 17:16 851 eReg.dat 15.09.2005 21:29 0 setuperr.log 11.09.2005 14:48 1.024 PPENGINE.INI 08.09.2005 21:46 26 popcinfo.dat 08.09.2005 21:11 169 RtlRack.ini 27.08.2005 22:25 220 SIERRA.INI 11.08.2005 20:02 2.829 War3Unin.pif 11.08.2005 20:02 139.264 War3Unin.exe 10.08.2005 15:06 17.125 SYMEVENT.LOG 10.08.2005 14:58 18.266 KB899587.log 10.08.2005 14:58 17.836 KB899591.log 10.08.2005 14:58 18.016 KB893756.log 10.08.2005 14:58 17.283 KB896423.log 10.08.2005 14:57 16.395 KB899588.log 10.08.2005 14:57 7.657 KB896727-IE6SP1-20050719.165959.log 14.07.2005 00:24 12.852 KB901214.log 09.07.2005 12:28 4.096 d3dx.dat 4: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: A497-4E75 Verzeichnis von C:\ 21.12.2005 20:19 0 sys.txt 21.12.2005 20:19 11.052 system.txt 21.12.2005 20:18 296 systemtemp.txt 21.12.2005 20:16 100.422 system32.txt 21.12.2005 20:04 608 sti.log 21.12.2005 20:04 805.306.368 pagefile.sys 19.12.2005 20:23 59 direct.txt 11.12.2005 18:18 194 boot.ini 27.11.2005 11:40 3.031 secure32.html 15.11.2005 21:06 16 SYSBOOT.DAT 08.10.2005 19:51 224 hllog.txt 17.05.2005 17:29 1.354 CtDrvStp.log 17.05.2005 17:29 97 CtDrvIns.log 17.05.2005 17:06 0 MSDOS.SYS 17.05.2005 17:06 0 CONFIG.SYS 17.05.2005 17:06 0 IO.SYS 17.05.2005 17:06 0 AUTOEXEC.BAT 02.04.2003 13:00 4.952 bootfont.bin 02.04.2003 13:00 47.580 NTDETECT.COM 02.04.2003 13:00 235.296 ntldr 20 Datei(en) 805.711.549 Bytes 0 Verzeichnis(se), 2.286.227.456 Bytes frei |
|
|
||
21.12.2005, 21:36
Ehrenmitglied
Beiträge: 29434 |
#9
KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html Options: Delete on Reboot / Process all in List )--> anhaken reinkopieren: ... und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" C:\WINDOWS\system32\nvapps.xml C:\WINDOWS\system32\guard.tmp C:\WINDOWS\system32\qc-mt331.dll C:\WINDOWS\system32\direct.txt C:\WINDOWS\system32\e820lifm182a.dll C:\WINDOWS\system32\hp0023dmg.dll C:\WINDOWS\system32\nqth.dll C:\WINDOWS\system32\azebar.xml C:\WINDOWS\system32\tsuninst.exe C:\secure32.html PC neustarten scanne mit panda und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
LogFile:
Logfile of HijackThis v1.99.1
Scan saved at 12:46:57, on 14.12.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Gemeinsame Dateien\AOL\1130974616\ee\aolsoftware.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\BlOoDyDeAtH\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\Programme\WinSweep\ws.js
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=:0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Programme\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &Google-Suche - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download with NetPumper - C:\Programme\NetPumper\AddUrl.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\i2240cfqef2e0.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe