C://secure32.html "Your computer is infected" + unerwünschte popups |
||
---|---|---|
#0
| ||
14.12.2005, 13:49
Member
Beiträge: 60 |
||
|
||
19.12.2005, 14:17
Ehrenmitglied
Beiträge: 29434 |
#2
Hallo@dr.ago
wende CleanUp genau nach Anweisung auf der Seite ab http://virus-protect.org/cleanup.html kopiere die 4Textdateien (2 Monate genuegen) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.12.2005, 14:58
Member
Themenstarter Beiträge: 60 |
#3
Hallo @Sabina,
Danke für obige Nachricht, hab aber seit meiner Anfrage versucht selbst was zu entfernen. EinTeil hat scheinbar geklappt aber alles so wie es aussieht nicht, denn er bringt mir alle 2 mal wenn ich hochfahren einen c://secure32 fehler (weiß jetzt die genaue bezeichnung nicht) und dann kommt ein bluescreen und der rechner geht aus. Wäre die für die Hilfe sehr Dankbar. Anbei aktuelles HijackThis Log: Logfile of HijackThis v1.99.1 Scan saved at 14:55:15, on 19.12.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\E_S00RP1.EXE C:\Programme\ewido\security suite\ewidoctrl.exe C:\WINDOWS\system32\LckFldService.exe C:\Programme\Eset\nod32krn.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\slserv.exe C:\Programme\RealVNC\WinVNC4.exe O:\PROGRA~1\TOBITI~1\David\APPS\REPLICA\CODE\REPLICA.EXE O:\PROGRA~1\TOBITI~1\David\CODE\SL.EXE C:\Programme\D-Tools\daemon.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Java\jre1.5.0_04\bin\jusched.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Eset\nod32kui.exe P:\Programme\Sony Ericsson\Mobile\audevicemgr.exe p:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE P:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE O:\Programme\Tobit InfoCenter\DVWIN32.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\mstsc.exe C:\Dokumente und Einstellungen\Drago\Desktop\virenprogs\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ftp://vfmmosbach.homeip.net/ O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - P:\Programme\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] P:\Programme\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=122705 Seri*hier nicht!*=DR12WTX-9999998-YSP lang=DE O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [\\toljaj\EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P32 "\\toljaj\EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88" O4 - HKLM\..\Run: [nod32kui] "C:\Programme\Eset\nod32kui.exe" /WAITSERVICE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Telefonverbindungsmonitor.lnk = ? O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121763403038 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = office.local O17 - HKLM\Software\..\Telephony: DomainName = office.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = office.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = office.local O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\f8l00i3me8.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: DvISE Replica (DavidReplica) - Tobit Software - O:\PROGRA~1\TOBITI~1\David\APPS\REPLICA\CODE\REPLICA.EXE O23 - Service: DvISE Service Layer (DavidServiceLayer) - Tobit Software - O:\PROGRA~1\TOBITI~1\David\CODE\SL.EXE O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programme\Eset\nod32krn.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programme\RealVNC\WinVNC4.exe" -service (file missing) Vielen Dank |
|
|
||
19.12.2005, 15:27
Ehrenmitglied
Beiträge: 29434 |
#4
Zitat Sabina postete __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.12.2005, 15:59
Member
Themenstarter Beiträge: 60 |
#5
Also, hier die gewünschten log-dateien vom datfindbat:
Datentr„ger in Laufwerk C: ist C Volumeseriennummer: B870-CB17 Verzeichnis von C:\WINDOWS\system32 19.12.2005 15:52 3.416 lckfldservicelog.txt 19.12.2005 15:52 236.110 irv6mon.dll 19.12.2005 10:58 236.148 lvj0091me.dll 19.12.2005 10:57 48.552 perfc007.dat 19.12.2005 10:57 40.326 perfc009.dat 19.12.2005 10:57 317.168 perfh007.dat 19.12.2005 10:57 311.938 perfh009.dat 19.12.2005 10:57 723.744 PerfStringBackup.INI 19.12.2005 10:53 13.646 wpa.dbl 18.12.2005 22:47 236.110 o648lghu1648.dll 16.12.2005 17:35 55 mslck.dat 16.12.2005 17:03 236.506 i4060edseh060.dll 16.12.2005 16:29 44 imon1.dat 15.12.2005 12:04 270.336 imon.dll 15.12.2005 11:58 29.184 jvvcjvv.exe 15.12.2005 11:43 442 mapisvc.inf 15.12.2005 11:43 114.688 nms32.dll 14.12.2005 12:56 58 svcp.csv 09.12.2005 16:06 227.208 FNTCACHE.DAT 06.12.2005 00:51 16 Mlkf.dll 06.12.2005 00:51 5.927 FldLckINSTALL.LOG 02.12.2005 19:08 319.488 lame_enc.dll 10.11.2005 21:17 2.377.568 MRT.exe 10.11.2005 16:24 0 CanadaUtilEuro.log 08.11.2005 16:40 0 asfiles.txt 08.11.2005 16:27 2.550 Uninstall.ico 08.11.2005 16:27 1.406 Help.ico 08.11.2005 16:27 1.718 Open.ico 08.11.2005 16:27 5.350 IE.ico 08.11.2005 16:27 9.470 Desktop.ico 08.11.2005 16:27 1.718 Quick.ico 04.11.2005 16:27 534.280 LegitCheckControl.DLL 02.11.2005 00:44 127.574 tsuninst.exe 02.11.2005 00:00 225.280 HDX4mp4Source.ax 02.11.2005 00:00 503.808 hdx4_dshow.dll 02.11.2005 00:00 73.728 EmAcmMp3Wrapper.ax 02.11.2005 00:00 151.552 HDX4AACDecoder.ax 02.11.2005 00:00 147.456 HDX4AMRDecoder.ax 02.11.2005 00:00 237.568 OggDS.dll 02.11.2005 00:00 45.056 ogg.dll 02.11.2005 00:00 188.416 vorbis.dll 02.11.2005 00:00 921.600 vorbisenc.dll 06.10.2005 04:18 280.064 gdi32.dll 06.10.2005 04:08 1.839.616 win32k.sys 04.10.2005 17:26 3.013.120 mshtml.dll 01.10.2005 23:14 1.682 KGyGaAvL.sys Datentr„ger in Laufwerk C: ist C Volumeseriennummer: B870-CB17 Verzeichnis von C:\DOKUME~1\Drago\LOKALE~1\Temp 19.12.2005 15:52 206 jusched.log 1 Datei(en) 206 Bytes 0 Verzeichnis(se), 2.270.187.520 Bytes frei Datentr„ger in Laufwerk C: ist C Volumeseriennummer: B870-CB17 Verzeichnis von C:\WINDOWS 19.12.2005 15:52 0 0.log 19.12.2005 15:51 2.048 bootstat.dat 19.12.2005 15:51 313.859 WindowsUpdate.log 19.12.2005 10:58 839 Tobit.ini 19.12.2005 09:45 192 winamp.ini 18.12.2005 22:47 43.265 setupapi.log 18.12.2005 15:51 116 NeroDigital.ini 16.12.2005 18:49 50 wiaservc.log 16.12.2005 18:49 159 wiadebug.log 16.12.2005 17:30 14.120 DirectX.log 16.12.2005 17:29 276 game.ini 15.12.2005 14:03 148.028 ntbtlog.txt 15.12.2005 12:14 8.586 SchedLgU.Txt 15.12.2005 12:08 216 tputt.dll 15.12.2005 12:04 998 win.ini 15.12.2005 12:04 227 system.ini 15.12.2005 11:04 2.838 KB905915.log 14.12.2005 12:57 53 ncepne.dat 14.12.2005 12:57 0 hosts 14.12.2005 12:56 1.024 tool5.exe 14.12.2005 12:56 1.024 tool4.exe 14.12.2005 12:56 1.024 tool1.exe 14.12.2005 12:56 1.024 country.exe 12.12.2005 19:41 60 setupact.log 12.12.2005 18:34 0 uniq 09.12.2005 16:02 24.898 ntdtcsetup.log 09.12.2005 16:02 38.072 comsetup.log 09.12.2005 16:02 1.374 imsins.log 09.12.2005 16:02 170.825 iis6.log 09.12.2005 16:02 57.253 tsoc.log 09.12.2005 16:02 6.760 ocmsn.log 09.12.2005 16:02 5.287 tabletoc.log 09.12.2005 16:02 30.898 KB896424.log 09.12.2005 16:02 8.643 MedCtrOC.log 09.12.2005 16:02 20.274 netfxocm.log 09.12.2005 16:02 69.350 ocgen.log 09.12.2005 16:02 6.153 msgsocm.log 09.12.2005 16:02 113.300 FaxSetup.log 09.12.2005 16:02 47.176 msmqinst.log 09.12.2005 16:02 12.754 updspapi.log 09.12.2005 16:01 1.374 imsins.BAK 09.12.2005 16:01 31.179 KB900725.log 09.12.2005 16:01 27.540 KB905749.log 09.12.2005 16:01 22.279 KB896688.log 09.12.2005 16:01 18.555 KB904706.log 09.12.2005 16:01 19.452 KB905414.log 09.12.2005 16:00 19.030 KB901017.log 09.12.2005 16:00 19.013 KB899589.log 09.12.2005 16:00 24.574 KB902400.log 09.12.2005 15:59 15.432 KB894391.log 09.12.2005 15:59 16.352 KB896423.log 09.12.2005 15:59 13.125 KB899587.log 09.12.2005 15:59 12.613 KB899591.log 09.12.2005 15:59 13.087 KB893756.log 09.12.2005 15:58 4.095 KB885884.log 09.12.2005 11:18 0 plclient.INI 05.12.2005 11:06 76 DVWIN32.INI 22.11.2005 11:24 9.692 VFRAME32.INI 22.11.2005 11:24 1.052 CAF.INI 22.11.2005 10:56 36 VFORTSCH.INI 22.11.2005 10:55 600 VPMS.INI 22.11.2005 02:13 0 setuperr.log 08.11.2005 15:38 0 Sti_Trace.log 25.10.2005 19:44 116 ConverterCore.INI 24.10.2005 12:19 468.480 WRUninstall.dll 24.10.2005 11:01 10.866 ModemLog_Smart Link 56K Modem.txt 21.10.2005 15:55 155.648 ssleay32.dll 21.10.2005 15:55 684.032 libeay32.dll 10.10.2005 22:07 156 gugel-pos.INI 10.10.2005 22:06 192 cangoorank.INI 07.10.2005 16:48 479.232 Setup1.exe 07.10.2005 16:47 74.752 ST6UNST.EXE 07.10.2005 15:51 3 VMAPO.DAT 07.10.2005 15:48 518 DOCS.INI 07.10.2005 14:57 1.615 ODBC.INI 07.10.2005 14:57 4.161 ODBCINST.INI 06.10.2005 11:29 73 EurekaLog.ini 05.10.2005 12:29 45.056 NCUNINST.EXE 04.10.2005 20:27 316.640 WMSysPr9.prx Datentr„ger in Laufwerk C: ist C Volumeseriennummer: B870-CB17 Verzeichnis von C:\ 19.12.2005 15:59 0 sys.txt 19.12.2005 15:59 8.723 system.txt 19.12.2005 15:59 280 systemtemp.txt 19.12.2005 15:54 108.786 system32.txt 19.12.2005 15:51 805.306.368 pagefile.sys 15.12.2005 12:04 211 boot.ini 03.11.2005 15:09 6.899 cltest.txt 03.11.2005 03:08 5.238 data 04.10.2005 00:58 708 os848618.bin 28.07.2005 11:52 3 TCPCheckResult.txt 20.07.2005 11:44 17.188 mmxmlparserprotokoll.txt 20.07.2005 11:44 3.792 mmisscriptprotokoll.txt 18.07.2005 22:41 0 MSDOS.SYS 18.07.2005 22:41 0 CONFIG.SYS 18.07.2005 22:41 0 IO.SYS 18.07.2005 22:41 0 AUTOEXEC.BAT 04.08.2004 13:00 4.952 bootfont.bin 04.08.2004 13:00 47.564 NTDETECT.COM 04.08.2004 13:00 251.184 ntldr 19 Datei(en) 805.761.896 Bytes 0 Verzeichnis(se), 2.270.183.424 Bytes frei |
|
|
||
20.12.2005, 02:00
Ehrenmitglied
Beiträge: 29434 |
#6
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum
http://www.virustotal.com/flash/index_en.html C:\WINDOWS\system32\Mlkf.dll C:\WINDOWS\Tobit.ini C:\WINDOWS\NCUNINST.EXE C:\os848618.bin ------------------------------------------------------------------------------ KILLBOX - Pocket KillBox http://virus-protect.org/killbox.html Options: Delete on Reboot / Process all in List )--> anhaken reinkopieren: ... und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" C:\WINDOWS\tputt.dll C:\WINDOWS\ncepne.dat C:\WINDOWS\hosts C:\WINDOWS\tool5.exe C:\WINDOWS\tool4.exe C:\WINDOWS\tool1.exe C:\WINDOWS\country.exe C:\WINDOWS\uniq C:\WINDOWS\system32\tsuninst.exe C:\WINDOWS\system32\lckfldservicelog.txt C:\WINDOWS\system32\irv6mon.dll C:\WINDOWS\system32\lvj0091me.dll C:\WINDOWS\system32\o648lghu1648.dll C:\WINDOWS\system32\mslck.dat C:\WINDOWS\system32\i4060edseh060.dll C:\WINDOWS\system32\f8l00i3me8.dll C:\WINDOWS\system32\imon1.dat C:\WINDOWS\system32\imon.dll C:\WINDOWS\system32\jvvcjvv.exe C:\WINDOWS\system32\mapisvc.inf C:\WINDOWS\system32\nms32.dll C:\WINDOWS\system32\svcp.csv PC neustarten Hoster.zip -> anwenden http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. arbeite die Option 2 ab und poste nach neustart den scanreport http://virus-protect.org/l2mfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.12.2005, 22:12
Member
Themenstarter Beiträge: 60 |
#7
hier die gewünschten logs,
@ c.//WINDOWS/Tobit.ini (das ist sowas wie outlook, nur besser) This is a report processed by VirusTotal on 12/20/2005 at 21:28:37 (CET) after scanning the file "Mlkf.dll" file. Antivirus Version Update Result AntiVir 6.33.0.70 12.20.2005 no virus found Avast 4.6.695.0 12.20.2005 no virus found AVG 718 12.20.2005 no virus found Avira 6.33.0.70 12.20.2005 no virus found BitDefender 7.2 12.20.2005 no virus found CAT-QuickHeal 8.00 12.19.2005 no virus found ClamAV devel-20051108 12.19.2005 no virus found DrWeb 4.33 12.20.2005 no virus found eTrust-Iris 7.1.194.0 12.20.2005 no virus found eTrust-Vet 12.3.3.0 12.20.2005 no virus found Fortinet 2.54.0.0 12.20.2005 no virus found F-Prot 3.16c 12.20.2005 no virus found Ikarus 0.2.59.0 12.20.2005 no virus found Kaspersky 4.0.2.24 12.20.2005 no virus found McAfee 4654 12.20.2005 no virus found NOD32v2 1.1330 12.20.2005 no virus found Norman 5.70.10 12.20.2005 no virus found Panda 8.02.00 12.20.2005 no virus found Sophos 4.01.0 12.20.2005 no virus found Symantec 8.0 12.20.2005 no virus found TheHacker 5.9.1.059 12.19.2005 no virus found VBA32 3.10.5 12.20.2005 no virus found This is a report processed by VirusTotal on 12/20/2005 at 21:32:43 (CET) after scanning the file "Tobit.ini" file. Antivirus Version Update Result AntiVir 6.33.0.70 12.20.2005 no virus found Avast 4.6.695.0 12.20.2005 no virus found AVG 718 12.20.2005 no virus found Avira 6.33.0.70 12.20.2005 no virus found BitDefender 7.2 12.20.2005 no virus found CAT-QuickHeal 8.00 12.19.2005 no virus found ClamAV devel-20051108 12.19.2005 no virus found DrWeb 4.33 12.20.2005 no virus found eTrust-Iris 7.1.194.0 12.20.2005 no virus found eTrust-Vet 12.3.3.0 12.20.2005 no virus found Fortinet 2.54.0.0 12.20.2005 no virus found F-Prot 3.16c 12.20.2005 no virus found Ikarus 0.2.59.0 12.20.2005 no virus found Kaspersky 4.0.2.24 12.20.2005 no virus found McAfee 4654 12.20.2005 no virus found NOD32v2 1.1330 12.20.2005 no virus found Norman 5.70.10 12.20.2005 no virus found Panda 8.02.00 12.20.2005 no virus found Sophos 4.01.0 12.20.2005 no virus found Symantec 8.0 12.20.2005 no virus found TheHacker 5.9.1.059 12.19.2005 no virus found VBA32 3.10.5 12.20.2005 no virus found This is a report processed by VirusTotal on 12/20/2005 at 21:34:24 (CET) after scanning the file "NCUNINST.EXE" file. Antivirus Version Update Result AntiVir 6.33.0.70 12.20.2005 no virus found Avast 4.6.695.0 12.20.2005 no virus found AVG 718 12.20.2005 no virus found Avira 6.33.0.70 12.20.2005 no virus found BitDefender 7.2 12.20.2005 no virus found CAT-QuickHeal 8.00 12.19.2005 no virus found ClamAV devel-20051108 12.19.2005 no virus found DrWeb 4.33 12.20.2005 no virus found eTrust-Iris 7.1.194.0 12.20.2005 no virus found eTrust-Vet 12.3.3.0 12.20.2005 no virus found Fortinet 2.54.0.0 12.20.2005 no virus found F-Prot 3.16c 12.20.2005 no virus found Ikarus 0.2.59.0 12.20.2005 no virus found Kaspersky 4.0.2.24 12.20.2005 no virus found McAfee 4654 12.20.2005 no virus found NOD32v2 1.1330 12.20.2005 no virus found Norman 5.70.10 12.20.2005 no virus found Panda 8.02.00 12.20.2005 no virus found Sophos 4.01.0 12.20.2005 no virus found Symantec 8.0 12.20.2005 no virus found TheHacker 5.9.1.059 12.19.2005 no virus found VBA32 3.10.5 12.20.2005 no virus found This is a report processed by VirusTotal on 12/20/2005 at 21:35:39 (CET) after scanning the file "os848618.bin" file. Antivirus Version Update Result AntiVir 6.33.0.70 12.20.2005 no virus found Avast 4.6.695.0 12.20.2005 no virus found AVG 718 12.20.2005 no virus found Avira 6.33.0.70 12.20.2005 no virus found BitDefender 7.2 12.20.2005 no virus found CAT-QuickHeal 8.00 12.19.2005 no virus found ClamAV devel-20051108 12.19.2005 no virus found DrWeb 4.33 12.20.2005 no virus found eTrust-Iris 7.1.194.0 12.20.2005 no virus found eTrust-Vet 12.3.3.0 12.20.2005 no virus found Fortinet 2.54.0.0 12.20.2005 no virus found F-Prot 3.16c 12.20.2005 no virus found Ikarus 0.2.59.0 12.20.2005 no virus found Kaspersky 4.0.2.24 12.20.2005 no virus found McAfee 4654 12.20.2005 no virus found NOD32v2 1.1330 12.20.2005 no virus found Norman 5.70.10 12.20.2005 no virus found Panda 8.02.00 12.20.2005 no virus found Sophos 4.01.0 12.20.2005 no virus found Symantec 8.0 12.20.2005 no virus found TheHacker 5.9.1.059 12.19.2005 no virus found VBA32 3.10.5 12.20.2005 no virus found ------------------------------------------------------------------------------------------------------------- L2mfix Beta 121605 Creating Account. Der Befehl wurde erfolgreich ausgefhrt. Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Running From: C:\WINDOWS\system32 Killing Processes! Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 648 'smss.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 732 'winlogon.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 400 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 2920 'rundll32.exe' Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1789 Granting SeDebugPrivilege to Administrateurs ... failed (GetAccountSid(Administrateurs)=1789 Granting SeDebugPrivilege to Administrat÷rer ... failed (GetAccountSid(Administrat÷rer)=1789 Granting SeDebugPrivilege to Administradores ... failed (GetAccountSid(Administradores)=1789 Granting SeDebugPrivilege to Amministratore ... failed (GetAccountSid(Amministratore)=1789 Granting SeDebugPrivilege to Administratoren ... successful Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! moving: C:\WINDOWS\system32\ir0ml5d11.dll Successfully Moved: C:\WINDOWS\system32\ir0ml5d11.dll moving: C:\WINDOWS\system32\lv4209hoe.dll Successfully Moved: C:\WINDOWS\system32\lv4209hoe.dll moving: C:\WINDOWS\system32\nomsdba.dll Successfully Moved: C:\WINDOWS\system32\nomsdba.dll moving: C:\WINDOWS\system32\guard.tmp Successfully Moved: C:\WINDOWS\system32\guard.tmp Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] "DLLName"="Ati2evxx.dll" "Asynchronous"=dword:00000000 "Impersonate"=dword:00000001 "Lock"="AtiLockEvent" "Logoff"="AtiLogoffEvent" "Logon"="AtiLogonEvent" "Disconnect"="AtiDisConnectEvent" "Reconnect"="AtiReConnectEvent" "Safe"=dword:00000000 "Shutdown"="AtiShutdownEvent" "StartScreenSaver"="AtiStartScreenSaverEvent" "StartShell"="AtiStartShellEvent" "Startup"="AtiStartupEvent" "StopScreenSaver"="AtiStopScreenSaverEvent" "Unlock"="AtiUnLockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CSCSettings] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\ir0ml5d11.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier] "Asynchronous"=dword:00000000 "DllName"="WRLogonNTF.dll" "Impersonate"=dword:00000001 "Lock"="WRLock" "StartScreenSaver"="WRStartScreenSaver" "StartShell"="WRStartShell" "Startup"="WRStartup" "StopScreenSaver"="WRStopScreenSaver" "Unlock"="WRUnlock" "Shutdown"="WRShutdown" "Logoff"="WRLogoff" "Logon"="WRLogon" The following are the files found: **************************************************************************** C:\WINDOWS\system32\ir0ml5d11.dll C:\WINDOWS\system32\lv4209hoe.dll C:\WINDOWS\system32\nomsdba.dll C:\WINDOWS\system32\guard.tmp Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{4A0C38D6-CF0C-45A5-B424-F7A21BD8D7C2}] @="" [HKEY_CLASSES_ROOT\CLSID\{4A0C38D6-CF0C-45A5-B424-F7A21BD8D7C2}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{4A0C38D6-CF0C-45A5-B424-F7A21BD8D7C2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{4A0C38D6-CF0C-45A5-B424-F7A21BD8D7C2}\InprocServer32] @="C:\\WINDOWS\\system32\\nomsdba.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{B09C773E-B5A6-4559-9070-900790AA50C5}] @="" [HKEY_CLASSES_ROOT\CLSID\{B09C773E-B5A6-4559-9070-900790AA50C5}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{B09C773E-B5A6-4559-9070-900790AA50C5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{B09C773E-B5A6-4559-9070-900790AA50C5}\InprocServer32] @="C:\\WINDOWS\\system32\\snc_os.dll" "ThreadingModel"="Apartment" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{4A0C38D6-CF0C-45A5-B424-F7A21BD8D7C2}"=- "{B09C773E-B5A6-4559-9070-900790AA50C5}"=- [-HKEY_CLASSES_ROOT\CLSID\{4A0C38D6-CF0C-45A5-B424-F7A21BD8D7C2}] [-HKEY_CLASSES_ROOT\CLSID\{B09C773E-B5A6-4559-9070-900790AA50C5}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" **************************************************************************** Desktop.ini Contents: **************************************************************************** **************************************************************************** Checking for L2MFix account(0=no 1=yes): 0 adding: dlls/guard.tmp (148 bytes security) (deflated 5%) adding: backregs/4A0C38D6-CF0C-45A5-B424-F7A21BD8D7C2.reg (212 bytes security) (deflated 70%) adding: backregs/B09C773E-B5A6-4559-9070-900790AA50C5.reg (212 bytes security) (deflated 70%) adding: backregs/notibac.reg (200 bytes security) (deflated 88%) adding: backregs/shell.reg (200 bytes security) (deflated 73%) Ich glaub das ist das was du wolltest. Hier auch gleich noch ne hijekthis wie es in der Anleitung stand: Logfile of HijackThis v1.99.1 Scan saved at 22:14:16, on 20.12.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\E_S00RP1.EXE C:\Programme\ewido\security suite\ewidoctrl.exe C:\WINDOWS\system32\LckFldService.exe C:\WINDOWS\Explorer.EXE C:\Programme\Eset\nod32krn.exe C:\WINDOWS\system32\slserv.exe C:\Programme\RealVNC\WinVNC4.exe C:\WINDOWS\system32\notepad.exe O:\PROGRA~1\TOBITI~1\David\APPS\REPLICA\CODE\REPLICA.EXE C:\Programme\D-Tools\daemon.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe O:\PROGRA~1\TOBITI~1\David\CODE\SL.EXE C:\Programme\Java\jre1.5.0_04\bin\jusched.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Eset\nod32kui.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Dokumente und Einstellungen\Drago\Desktop\virenprogs\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ftp://vfmmosbach.homeip.net/ O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - P:\Programme\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] P:\Programme\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=122705 Seri*hier nicht!*=DR12WTX-9999998-YSP lang=DE O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [\\toljaj\EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P32 "\\toljaj\EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88" O4 - HKLM\..\Run: [nod32kui] "C:\Programme\Eset\nod32kui.exe" /WAITSERVICE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Telefonverbindungsmonitor.lnk = ? O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121763403038 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = office.local O17 - HKLM\Software\..\Telephony: DomainName = office.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = office.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = office.local O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\ir0ml5d11.dll (file missing) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: DvISE Replica (DavidReplica) - Tobit Software - O:\PROGRA~1\TOBITI~1\David\APPS\REPLICA\CODE\REPLICA.EXE O23 - Service: DvISE Service Layer (DavidServiceLayer) - Tobit Software - O:\PROGRA~1\TOBITI~1\David\CODE\SL.EXE O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programme\Eset\nod32krn.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programme\RealVNC\WinVNC4.exe" -service (file missing) Danke für die Hilfe |
|
|
||
21.12.2005, 01:07
Ehrenmitglied
Beiträge: 29434 |
#8
dr.ago
ueberpruefe mit der killbox, ob das geloescht ist: C:\WINDOWS\system32\ir0ml5d11.dll C:\WINDOWS\system32\lv4209hoe.dll C:\WINDOWS\system32\nomsdba.dll C:\WINDOWS\system32\guard.tmp fixe mit dem HijackThis: R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank O20 - Winlogon Notify: CSCSettings - C:\WINDOWS\system32\ir0ml5d11.dll (file missing) PC neustarten scanne mit Panda und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
21.12.2005, 08:44
Member
Themenstarter Beiträge: 60 |
#9
hier das Panda log:
Incident Status Location Spyware:spyware/cydoor Not desinfected C:\WINDOWS\SYSTEM32\AdCache Adware:adware/dollarrevenue Not desinfected Windows Registry Adware:Adware/Sqwire Not desinfected C:\!KillBox\tsuninst.exe |
|
|
||
21.12.2005, 12:07
Ehrenmitglied
Beiträge: 29434 |
#10
loesche:
C:\!KillBox\tsuninst.exe C:\WINDOWS\SYSTEM32\AdCache TuneUp 2006 (30 Tage free) Shareware http://virus-protect.org/reinigungstoolsregistry.html wende an: Cleanup repair -- TuneUp Diskcleaner Cleanup repair -- Registry Cleaner dann scanne mit:Online Spyware Detector (Zone Labs) und berichte http://virus-protect.org/antispytools.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
21.12.2005, 12:55
Member
Themenstarter Beiträge: 60 |
#11
Also hab mal alles was oben stand gemacht.
Online Spyware Detector (Zone Labs) hat folgende Spyware gefunden: Adtech - 3rd Party Cookie URL - Cookie:drago@adtech.de/ Morpheus - Adware RegistryKey - HKEY_CLASSES_ROOT\PluggableIP.ResourceProtocol ProgID - Proto.ResourceProtocol.1 GUID - {F5382384-CC9B-432C-B5DA-6666D477D21E} File Name - P:\Programme\Morpheus\Proto.dll RegistryKey - HKEY_CLASSES_ROOT\CLSID\{F5382384-CC9B-432C-B5DA-6666D477D21E} RegistryKey - AppID\Proto.DLL RegistryKey - AppID\{1E280034-9463-4458-B23D-7EDADE25D77A} RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Morpheus\ RegistryKey - HKEY_CLASSES_ROOT\Morpheus\ RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Morpheus\ Kann das aber mit dem prog nicht entfernen, oder???? Merke auch immer noch, dass mein rechner verhältnismäßig lange brauch bis er hochgefahren hat. Komisch. Anbei noch ein aktuelles HijackThis log: Logfile of HijackThis v1.99.1 Scan saved at 12:57:09, on 21.12.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\E_S00RP1.EXE C:\Programme\ewido\security suite\ewidoctrl.exe C:\WINDOWS\system32\LckFldService.exe C:\Programme\Eset\nod32krn.exe C:\WINDOWS\system32\slserv.exe C:\Programme\RealVNC\WinVNC4.exe O:\PROGRA~1\TOBITI~1\David\APPS\REPLICA\CODE\REPLICA.EXE C:\WINDOWS\Explorer.EXE O:\PROGRA~1\TOBITI~1\David\CODE\SL.EXE C:\Programme\D-Tools\daemon.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Java\jre1.5.0_04\bin\jusched.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Eset\nod32kui.exe P:\Programme\Sony Ericsson\Mobile\audevicemgr.exe p:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE P:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE C:\Programme\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\mstsc.exe C:\Dokumente und Einstellungen\Drago\Desktop\virenprogs\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ftp://vfmmosbach.homeip.net/ O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - P:\Programme\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] P:\Programme\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=122705 Seri*hier nicht!*=DR12WTX-9999998-YSP lang=DE O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [\\toljaj\EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P32 "\\toljaj\EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88" O4 - HKLM\..\Run: [nod32kui] "C:\Programme\Eset\nod32kui.exe" /WAITSERVICE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Telefonverbindungsmonitor.lnk = ? O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121763403038 O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37480.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = office.local O17 - HKLM\Software\..\Telephony: DomainName = office.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = office.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = office.local O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: DvISE Replica (DavidReplica) - Tobit Software - O:\PROGRA~1\TOBITI~1\David\APPS\REPLICA\CODE\REPLICA.EXE O23 - Service: DvISE Service Layer (DavidServiceLayer) - Tobit Software - O:\PROGRA~1\TOBITI~1\David\CODE\SL.EXE O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programme\Eset\nod32krn.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programme\RealVNC\WinVNC4.exe" -service (file missing) Danke danke für die Hilfe!! |
|
|
||
21.12.2005, 13:16
Ehrenmitglied
Beiträge: 29434 |
#12
wenn du Morpheus nicht behalten willst, dann loesche in der Registry:
Start-->Ausfuehren--> regedit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Morpheus\ HKEY_LOCAL_MACHINE\SOFTWARE\Morpheus HKEY_CLASSES_ROOT\Morpheus HKEY_CLASSES_ROOT\CLSID\{F5382384-CC9B-432C-B5DA-6666D477D21E} PC neustarten, dann Morpheus deinstallieren ------------------------------------------------------------------------ damit es aus dem Autostart kommt: öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] P:\Programme\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=122705 Seri*hier nicht!*=DR12WTX-9999998-YSP lang=DE O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe dann muesste wieder alles in Ordnung sein __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
21.12.2005, 15:49
Member
Themenstarter Beiträge: 60 |
#13
So, hab das mit HijackThis gemacht, anbei auch das aktuelle Log. Morpheus, würde ich gerne belassen, wenn das nicht mein größtes Problem ist.
Ist mein Rechner jetzt wieder soweit OK?! Oder muß ich noch was machen? Hab immer noch das problem dass er nach Anmeldung sehr lange brauch bis mein Desktop erscheint... Logfile of HijackThis v1.99.1 Scan saved at 15:48:12, on 21.12.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\E_S00RP1.EXE C:\Programme\ewido\security suite\ewidoctrl.exe C:\WINDOWS\system32\LckFldService.exe C:\Programme\Eset\nod32krn.exe C:\WINDOWS\system32\slserv.exe C:\Programme\RealVNC\WinVNC4.exe O:\PROGRA~1\TOBITI~1\David\APPS\REPLICA\CODE\REPLICA.EXE C:\WINDOWS\Explorer.EXE O:\PROGRA~1\TOBITI~1\David\CODE\SL.EXE C:\Programme\D-Tools\daemon.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Eset\nod32kui.exe P:\Programme\Sony Ericsson\Mobile\audevicemgr.exe p:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE P:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE C:\WINDOWS\system32\svchost.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Dokumente und Einstellungen\Drago\Desktop\virenprogs\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ftp://vfmmosbach.homeip.net/ O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - P:\Programme\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [\\toljaj\EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P32 "\\toljaj\EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88" O4 - HKLM\..\Run: [nod32kui] "C:\Programme\Eset\nod32kui.exe" /WAITSERVICE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Telefonverbindungsmonitor.lnk = ? O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121763403038 O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37480.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = office.local O17 - HKLM\Software\..\Telephony: DomainName = office.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = office.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = office.local O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: DvISE Replica (DavidReplica) - Tobit Software - O:\PROGRA~1\TOBITI~1\David\APPS\REPLICA\CODE\REPLICA.EXE O23 - Service: DvISE Service Layer (DavidServiceLayer) - Tobit Software - O:\PROGRA~1\TOBITI~1\David\CODE\SL.EXE O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programme\Eset\nod32krn.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programme\RealVNC\WinVNC4.exe" -service (file missing) |
|
|
||
21.12.2005, 16:10
Ehrenmitglied
Beiträge: 29434 |
#14
du hast programme aktiv, die lange benoetigen, bis sie geladen werden.
Sauber ist der PC. das kommt wahrscheinlich fuer dich nicht in Frage......denn du hast den Drucker im Autostart..... Zitat Schnelleres booten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
Hab das obige problem, unten rechts roter kreis weißes kreuz und mein explorer versucht immer die seite www.ad-w-a-r-e.com zu öffnen. Das mit dem PopUp wird immer schlimmer. Bitte helft mir.
Hatte vor geraumer Zeit fast das gleiche problem...
anbei die hijackthis log. vielen dank für jegliche form von hilfe
Logfile of HijackThis v1.99.1
Scan saved at 13:51:12, on 14.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRAMME\ANTIVIR\AVGUARD.EXE
C:\Programme\AntiVir\AVWUPSRV.EXE
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\LckFldService.exe
C:\WINDOWS\system32\slserv.exe
C:\Programme\RealVNC\WinVNC4.exe
O:\PROGRA~1\TOBITI~1\David\APPS\REPLICA\CODE\REPLICA.EXE
O:\PROGRA~1\TOBITI~1\David\CODE\SL.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\AntiVir\AVGNT.EXE
C:\Programme\D-Tools\daemon.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\paytime.exe
C:\WINDOWS\system32\paytime.exe
C:\PROGRA~1\GEMEIN~1\imum\imumm.exe
P:\Programme\Sony Ericsson\Mobile\audevicemgr.exe
p:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
P:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Drago\Desktop\virenprogs\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ftp://vfmmosbach.homeip.net/
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - P:\Programme\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AntiVir\AVGNT.EXE" /min
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] P:\Programme\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=122705 Seri*hier nicht!*=DR12WTX-9999998-YSP lang=DE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [\\toljaj\EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE /P32 "\\toljaj\EPSON Stylus D88 Series" /O6 "USB001" /M "Stylus D88"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [DNS7reminder] "P:\Programme\ScanSoft\NaturallySpeaking8\Program\ereg.exe" -r "P:\Programme\ScanSoft\NaturallySpeaking8\Program\ereg.ini"
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\paqkpq.exe reg_run
O4 - HKLM\..\Run: [timessquare] C:\windows\timessquare.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [CU1] C:\Programme\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Programme\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [imum] C:\PROGRA~1\GEMEIN~1\imum\imumm.exe ??
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Telefonverbindungsmonitor.lnk = ?
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121763403038
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = office.local
O17 - HKLM\Software\..\Telephony: DomainName = office.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = office.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = office.local
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\cpsetACL.dll ????
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\ANTIVIR\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AntiVir\AVWUPSRV.EXE
O23 - Service: DvISE Replica (DavidReplica) - Tobit Software - O:\PROGRA~1\TOBITI~1\David\APPS\REPLICA\CODE\REPLICA.EXE
O23 - Service: DvISE Service Layer (DavidServiceLayer) - Tobit Software - O:\PROGRA~1\TOBITI~1\David\CODE\SL.EXE
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programme\RealVNC\WinVNC4.exe" -service (file missing)