Winfix oder verwanter bringt mich zum wahnsinn |
||
---|---|---|
#0
| ||
07.01.2006, 22:44
...neu hier
Beiträge: 7 |
||
|
||
08.01.2006, 00:11
Ehrenmitglied
Beiträge: 29434 |
#2
dark-hawk
wende CleanUp genau nach Anleitung auf der Seite an http://virus-protect.org/cleanup.html datfindbat (kopiere die 4 Textdateien) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.01.2006, 01:51
...neu hier
Themenstarter Beiträge: 7 |
#3
ok, danke für die schnelle antwort.
übrigens hat "Microsoft AntiSpyware" bisher als einziges tool überhaupt erkannt das "look2me" auf meinem system war/ist es wurde von dem tool zwar entfernt (laut dem tool) es finden "look2me" nun auch nichtmehr, aber die url's gehen auf wie zuvor auch. besonders gewundert hat mich dass das MS tool "look2me" gefunden hat obwohl das symantec-tool nichts deartiges gefunden hat. hier der gewünschte inhalt der dateien: system32.txt: c:windows\system32 08.01.2006 01:37 235.576 iYsrecst.dll 08.01.2006 01:37 13.646 wpa.dbl 07.01.2006 22:13 235.576 guard.tmp 07.01.2006 19:55 235.576 ilput.dll 07.01.2006 12:30 235.607 ir5331.dll 29.12.2005 03:54 280.064 gdi32.dll 21.12.2005 19:14 87 nt32200ax.dll 18.12.2005 21:36 86.016 pxwma.dll 18.12.2005 21:36 53.248 pxhpinst.exe 18.12.2005 21:36 286.720 pxwave.dll 18.12.2005 21:36 143.360 pxmas.dll 18.12.2005 21:36 462.848 px.dll 18.12.2005 01:17 45 initdebug.nfo 16.12.2005 18:29 386.448 perfh009.dat 16.12.2005 18:29 54.956 perfc009.dat 16.12.2005 18:29 397.694 perfh007.dat 16.12.2005 18:29 65.946 perfc007.dat 16.12.2005 18:29 916.170 PerfStringBackup.INI 14.12.2005 18:53 34.064 lhacm.acm 09.12.2005 01:21 2.723.680 MRT.exe 07.12.2005 18:05 716.800 divxdec.ax 07.12.2005 18:05 573.952 DivX.dll 07.12.2005 18:05 679.936 divx_xx07.dll 07.12.2005 18:05 679.936 divx_xx0c.dll 07.12.2005 18:05 663.552 divx_xx11.dll 05.12.2005 21:51 10.716 dsm_ja.qm 05.12.2005 21:51 15.331 dsm_de.qm 05.12.2005 21:51 15.172 dsm_fr.qm 02.12.2005 22:28 41.237 nvapps.xml 02.12.2005 18:03 7.006 jupdate-1.5.0_06-b05.log 01.12.2005 12:14 86.091 S32EVNT1.DLL 01.12.2005 04:31 1.492.480 shdocvw.dll 24.11.2005 00:58 1.022.464 browseui.dll 24.11.2005 00:58 3.013.632 mshtml.dll 23.11.2005 05:00 778.240 DivXsm.exe 23.11.2005 05:00 4.276 divxsm.tlb 15.11.2005 20:14 13.312 ceutil.dll 15.11.2005 19:42 122.880 rapi.dll 15.11.2005 12:12 117.976 hashlib.dll 15.11.2005 12:12 126.680 GCCollection.dll 15.11.2005 12:12 95.448 gcUnCompress.dll 14.11.2005 17:45 306.808 FNTCACHE.DAT 11.11.2005 14:49 180.224 nvuaudio.exe 11.11.2005 14:49 180.224 nvuenet.exe 11.11.2005 14:49 180.224 nvugart.exe systemtemp.txt: Verzeichnis von C:\DOKUME~1\DARK-H~1\LOKALE~1\Temp 08.01.2006 01:40 16.384 Perflib_Perfdata_1708.dat 08.01.2006 01:39 16.384 Perflib_Perfdata_eec.dat 08.01.2006 01:39 32.768 ~DFF137.tmp 08.01.2006 01:39 282 WCESLog.log 08.01.2006 01:39 559 WCESCOMM.LOG 08.01.2006 01:39 32.768 ~DFDC72.tmp 08.01.2006 01:39 32.768 ~DF8D4A.tmp 08.01.2006 01:38 32.768 ~DF8B5C.tmp system.txt: Verzeichnis von C:\WINDOWS 08.01.2006 01:38 0 0.log 08.01.2006 01:37 2.048 bootstat.dat 08.01.2006 01:36 1.805.201 WindowsUpdate.log 07.01.2006 22:32 202 NeroDigital.ini 07.01.2006 22:17 619.621 setupapi.log 07.01.2006 22:12 149.108 ntbtlog.txt 07.01.2006 20:13 50.912 iconu.exe 07.01.2006 20:07 24.296 icont.exe 07.01.2006 12:33 0 enewsletterpro1.dat 07.01.2006 01:27 596 win.ini 07.01.2006 01:27 227 system.ini 06.01.2006 19:10 38 drsmartloadb.dat 06.01.2006 19:00 438.991 iis6.log 06.01.2006 19:00 167.892 tsoc.log 06.01.2006 19:00 128.524 comsetup.log 06.01.2006 19:00 77.263 ntdtcsetup.log 06.01.2006 19:00 1.355 imsins.log 06.01.2006 19:00 18.576 tabletoc.log 06.01.2006 19:00 20.076 ocmsn.log 06.01.2006 19:00 10.972 KB912919.log 06.01.2006 19:00 62.350 netfxocm.log 06.01.2006 19:00 184.391 ocgen.log 06.01.2006 19:00 25.851 medctroc.Log 06.01.2006 19:00 18.124 msgsocm.log 06.01.2006 19:00 350.250 FaxSetup.log 06.01.2006 19:00 118.594 msmqinst.log 06.01.2006 19:00 21.474 updspapi.log 04.01.2006 19:47 0 drsmartloadb1.dat 04.01.2006 19:47 0 timessquare1.dat 04.01.2006 19:47 69.888 banmanpro.exe 04.01.2006 19:47 41.216 enewsletterpro.exe 04.01.2006 19:43 50 wiaservc.log 04.01.2006 19:43 216 wiadebug.log 21.12.2005 19:14 32 ntcheck3232bx.dll 16.12.2005 23:25 0 PestPatrol5.INI 16.12.2005 23:00 145 installer.exe 15.12.2005 22:05 997 avmcoins.log 14.12.2005 17:53 9.891 KB910437.log 14.12.2005 17:53 15.855 KB905915.log 12.12.2005 19:08 4.753 KB909394.log 12.12.2005 19:08 11.666 KB894476.log 12.12.2005 19:06 193.711 setupact.log 17.11.2005 22:53 113.326 DirectX.log 09.11.2005 22:52 11.746 KB896424.log 07.11.2005 20:18 1.224 MeineTraffic_Uninstall.ins 06.11.2005 15:59 8.192 REGULOCS.OLD 05.11.2005 22:58 19 SoundConverter.INI 04.11.2005 19:08 21.004 KB902400.log 04.11.2005 19:07 11.585 KB896688.log 04.11.2005 15:00 12.663 KB901017.log 04.11.2005 15:00 13.668 KB900725.log 04.11.2005 15:00 10.834 KB904706.log 01.11.2005 23:17 988 vpd.properties 01.11.2005 21:59 11.112 KB899589.log 01.11.2005 21:58 11.624 KB905414.log 29.10.2005 13:10 11.819 KB905749.log 02.10.2005 10:01 3.251 mozver.dat 01.10.2005 19:51 2.557 identitydb.obj 22.09.2005 16:55 43.798 wmsetup.log 21.09.2005 20:16 75 cdplayer.ini 08.09.2005 18:30 121 GEARInstall.log 30.08.2005 18:37 0 PowerReg.dat 29.08.2005 14:42 90 ML.log 29.08.2005 14:41 316.640 WMSysPr9.prx 29.08.2005 14:41 86 ke.log 24.08.2005 22:57 57.344 uneng.exe 22.08.2005 18:03 11.944 SYMEVENT.LOG 17.08.2005 18:59 0 WinPM.INI 10.08.2005 21:16 18.685 KB899587.log 10.08.2005 21:16 18.183 KB899591.log 10.08.2005 21:16 18.297 KB893756.log 10.08.2005 21:16 17.644 KB896423.log 10.08.2005 21:15 18.190 KB896727.log 10.08.2005 21:15 13.526 KB899588.log 10.08.2005 21:15 5.438 KB885884.log 10.08.2005 20:30 13.208 KB894391.log 09.08.2005 15:31 1.209.767 setupapi.log.0.old 01.08.2005 15:37 145.783 UNNeroVision.cfg sys.txt: Verzeichnis von C:\ 08.01.2006 01:48 0 sys.txt 08.01.2006 01:46 9.645 system.txt 08.01.2006 01:44 666 systemtemp.txt 08.01.2006 01:41 113.260 system32.txt 08.01.2006 01:36 1.610.141.696 hiberfil.sys 08.01.2006 01:36 1.610.612.736 pagefile.sys 07.01.2006 20:11 11 direct.txt 07.01.2006 19:00 127.432 noscript.exe 07.01.2006 01:27 211 boot.ini 15.12.2005 22:07 192 BcBtRmv.log 02.10.2005 11:24 532 hpfr5550.xml 02.10.2005 11:24 17.931 hpfr5550.log 01.09.2005 15:44 6.184 devicetable.log 30.08.2005 19:34 62 savedir.ini 13.07.2005 12:13 3.026 skysetup.log 10.07.2005 12:45 27.262.976 VIRTPART.DAT 09.07.2005 17:33 47.564 NTDETECT.COM 09.07.2005 17:33 251.184 ntldr 09.07.2005 17:04 0 CONFIG.SYS 09.07.2005 17:04 0 IO.SYS 09.07.2005 17:04 0 MSDOS.SYS 09.07.2005 17:04 0 AUTOEXEC.BAT 02.04.2003 13:00 4.952 bootfont.bin Dieser Beitrag wurde am 08.01.2006 um 01:56 Uhr von dark-hawk editiert.
|
|
|
||
08.01.2006, 14:47
Ehrenmitglied
Beiträge: 29434 |
#4
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum
http://www.virustotal.com/flash/index_en.html c:\windows\system32\gdi32.dll c:\noscript.exe c:\windows\system32\nt32200ax.dll c:\windows\ntcheck3232bx.dll ------------------------------------------------------------------------ KILLBOX - Pocket KillBox http://virus-protect.org/killbox.html Options: Delete on Reboot --> anhaken reinkopieren: ... und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" c:\windows\system32\iYsrecst.dll c:\windows\system32\guard.tmp c:\windows\system32\ilput.dll c:\windows\system32\ir5331.dll --> schreibe die korrekte dll per Hand: i r l o l 5 3 3 1.dll (ohne Zwischenraum)...ich musste es so schreiben, weil sonst ein erscheint C:\WINDOWS\drsmartloadb1.dat C:\WINDOWS\timessquare1.dat C:\WINDOWS\banmanpro.exe C:\WINDOWS\enewsletterpro.exe C:\WINDOWS\iconu.exe C:\WINDOWS\icont.exe C:\WINDOWS\enewsletterpro1.dat C:\WINDOWS\drsmartloadb.dat pc neustarten L2MRemover.zip - Look2Me Remover http://www.simplytech.it/L2MRemover/index_de.htm Entpacke das Programm mit einem Ziptool in den neu zu erstellenden Ordner C:\Programme\Look2meRemover. 1. Klicke auf die L2MRemover.exe, um das Programm zu starten. 2. Klicke auf "About" "Check for updates..." im Menu des Programms und aktualisiere das Programm. 3. Drücke auf den "Scan" Button und lasse dein gesamtes System, Speicher und Registry scannen. (Wenn es eine bekannte Variante der Malware findet, wird es sie ermitteln und sie unbrauchbar machen, indem es den ST-Code während des Scannens in die Malware injiziert. Dann wird es die Registry Schlüssel auflisten, die die Malware bei jedem Systemstart neu laden.) 4. Betätige den "Delete Keys" Button, um die Registry von den Schlüsseln zu bereinigen, die dafür sorgen, dass die Malware sich mit jedem Neustart wieder neu auflädt. (Wenn dir das Entfernen der Registerschlüssel zu riskant ist, kannst du ein Häkchen setzen bei "Save before delete", damit ein Backuo-File *.reg gespeichert werden kann, für den Fall, dass du die gelöschten Schlüssel neu erstellen möchtest.) Hinweis: Der "Look2me Remover" entfernt nur die Variationen der Look2Me Malware, die seit November 2005 im Umlauf sind. 5. Speichere das Logfile des Removers ----------------------------------------------- Hoster.zip http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. L2mfix http://virus-protect.org/l2mfix.html arbeite Option 2 ab und nache dem Boten und neustart+ scannen, kopiere hier den scanreport __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.01.2006, 15:53
...neu hier
Themenstarter Beiträge: 7 |
#5
nochmals danke, bisher sieht es sehr gut aus, keine popups mehr.
hier die verschiedenen log's : VirusTotal: This is a report processed by VirusTotal on 01/08/2006 at 14:57:58 (CET) after scanning the file "gdi32.dll" file. Antivirus Version Update Result AntiVir 6.33.0.75 01.06.2006 no virus found Avast 4.6.695.0 01.06.2006 no virus found AVG 718 01.06.2006 no virus found Avira 6.33.0.75 01.06.2006 no virus found BitDefender 7.2 01.08.2006 no virus found CAT-QuickHeal 8.00 01.05.2006 no virus found ClamAV devel-20051123 01.06.2006 no virus found DrWeb 4.33 01.08.2006 no virus found eTrust-Iris 7.1.194.0 01.06.2006 no virus found eTrust-Vet 12.4.1.0 01.06.2006 no virus found Ewido 3.5 01.07.2006 no virus found Fortinet 2.54.0.0 01.07.2006 no virus found F-Prot 3.16c 01.07.2006 no virus found Ikarus 0.2.59.0 01.05.2006 no virus found Kaspersky 4.0.2.24 01.08.2006 no virus found McAfee 4669 01.06.2006 no virus found NOD32v2 1.1356 01.08.2006 no virus found Norman 5.70.10 01.06.2006 no virus found Panda 9.0.0.4 01.08.2006 no virus found Sophos 4.01.0 01.07.2006 no virus found Symantec 8.0 01.08.2006 no virus found TheHacker 5.9.2.069 01.06.2006 no virus found UNA 1.83 01.06.2006 no virus found VBA32 3.10.5 01.06.2006 no virus found This is a report processed by VirusTotal on 01/08/2006 at 15:00:16 (CET) after scanning the file "noscript.exe" file. Antivirus Version Update Result AntiVir 6.33.0.75 01.06.2006 no virus found Avast 4.6.695.0 01.06.2006 no virus found AVG 718 01.06.2006 no virus found Avira 6.33.0.75 01.06.2006 no virus found BitDefender 7.2 01.08.2006 no virus found CAT-QuickHeal 8.00 01.05.2006 no virus found ClamAV devel-20051123 01.06.2006 no virus found DrWeb 4.33 01.08.2006 no virus found eTrust-Iris 7.1.194.0 01.06.2006 no virus found eTrust-Vet 12.4.1.0 01.06.2006 no virus found Ewido 3.5 01.07.2006 no virus found Fortinet 2.54.0.0 01.07.2006 no virus found F-Prot 3.16c 01.07.2006 no virus found Ikarus 0.2.59.0 01.05.2006 no virus found Kaspersky 4.0.2.24 01.08.2006 no virus found McAfee 4669 01.06.2006 no virus found NOD32v2 1.1356 01.08.2006 no virus found Norman 5.70.10 01.06.2006 no virus found Panda 9.0.0.4 01.08.2006 no virus found Sophos 4.01.0 01.07.2006 no virus found Symantec 8.0 01.08.2006 no virus found TheHacker 5.9.2.069 01.06.2006 no virus found UNA 1.83 01.06.2006 no virus found VBA32 3.10.5 01.06.2006 no virus found This is a report processed by VirusTotal on 01/08/2006 at 15:24:00 (CET) after scanning the file "nt32200ax1.dll" file. Antivirus Version Update Result AntiVir 6.33.0.75 01.06.2006 no virus found Avast 4.6.695.0 01.06.2006 no virus found AVG 718 01.06.2006 no virus found Avira 6.33.0.75 01.06.2006 no virus found BitDefender 7.2 01.08.2006 no virus found CAT-QuickHeal 8.00 01.05.2006 no virus found ClamAV devel-20051123 01.06.2006 no virus found DrWeb 4.33 01.08.2006 no virus found eTrust-Iris 7.1.194.0 01.06.2006 no virus found eTrust-Vet 12.4.1.0 01.06.2006 no virus found Ewido 3.5 01.08.2006 no virus found Fortinet 2.54.0.0 01.07.2006 no virus found F-Prot 3.16c 01.07.2006 no virus found Ikarus 0.2.59.0 01.05.2006 no virus found Kaspersky 4.0.2.24 01.08.2006 no virus found McAfee 4669 01.06.2006 no virus found NOD32v2 1.1356 01.08.2006 no virus found Norman 5.70.10 01.06.2006 no virus found Panda 9.0.0.4 01.08.2006 no virus found Sophos 4.01.0 01.07.2006 no virus found Symantec 8.0 01.08.2006 no virus found TheHacker 5.9.2.069 01.06.2006 no virus found UNA 1.83 01.06.2006 no virus found VBA32 3.10.5 01.06.2006 no virus found This is a report processed by VirusTotal on 01/08/2006 at 15:24:10 (CET) after scanning the file "ntcheck3232bx1.dll" file. Antivirus Version Update Result AntiVir 6.33.0.75 01.06.2006 no virus found Avast 4.6.695.0 01.06.2006 no virus found AVG 718 01.06.2006 no virus found Avira 6.33.0.75 01.06.2006 no virus found BitDefender 7.2 01.08.2006 no virus found CAT-QuickHeal 8.00 01.05.2006 no virus found ClamAV devel-20051123 01.06.2006 no virus found DrWeb 4.33 01.08.2006 no virus found eTrust-Iris 7.1.194.0 01.06.2006 no virus found eTrust-Vet 12.4.1.0 01.06.2006 no virus found Ewido 3.5 01.08.2006 no virus found Fortinet 2.54.0.0 01.07.2006 no virus found F-Prot 3.16c 01.07.2006 no virus found Ikarus 0.2.59.0 01.05.2006 no virus found Kaspersky 4.0.2.24 01.08.2006 no virus found McAfee 4669 01.06.2006 no virus found NOD32v2 1.1356 01.08.2006 no virus found Norman 5.70.10 01.06.2006 no virus found Panda 9.0.0.4 01.08.2006 no virus found Sophos 4.01.0 01.07.2006 no virus found Symantec 8.0 01.08.2006 no virus found TheHacker 5.9.2.069 01.06.2006 no virus found UNA 1.83 01.06.2006 no virus found VBA32 3.10.5 01.06.2006 no virus found This is a report processed by VirusTotal on 01/08/2006 at 15:28:53 (CET) after scanning the file "ntcheck3232bx.dll" file. Antivirus Version Update Result AntiVir 6.33.0.75 01.06.2006 no virus found Avast 4.6.695.0 01.06.2006 no virus found AVG 718 01.06.2006 no virus found Avira 6.33.0.75 01.06.2006 no virus found BitDefender 7.2 01.08.2006 no virus found CAT-QuickHeal 8.00 01.05.2006 no virus found ClamAV devel-20051123 01.06.2006 no virus found DrWeb 4.33 01.08.2006 no virus found eTrust-Iris 7.1.194.0 01.06.2006 no virus found eTrust-Vet 12.4.1.0 01.06.2006 no virus found Ewido 3.5 01.08.2006 no virus found Fortinet 2.54.0.0 01.07.2006 no virus found F-Prot 3.16c 01.07.2006 no virus found Ikarus 0.2.59.0 01.05.2006 no virus found Kaspersky 4.0.2.24 01.08.2006 no virus found McAfee 4669 01.06.2006 no virus found NOD32v2 1.1356 01.08.2006 no virus found Norman 5.70.10 01.06.2006 no virus found Panda 9.0.0.4 01.08.2006 no virus found Sophos 4.01.0 01.07.2006 no virus found Symantec 8.0 01.08.2006 no virus found TheHacker 5.9.2.069 01.06.2006 no virus found UNA 1.83 01.06.2006 no virus found VBA32 3.10.5 01.06.2006 no virus found ---------------------------------------------------------------------------------------------------------------------------------------- L2MRemover: 15:15:24 -> WARNING! The program must be stopped and the system re-started before continue... 15:15:32 -> Start scanning procedures... 15:15:32 -> Start checking running tasks... 15:16:26 -> Malware found in memory: guard.tmp,wvwfax.dll, (belonging to category: Look2Me) 15:18:07 -> End of the scan process. Now delete the keys found!! 15:18:32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF2D44A9-7F5A-47AB-985D-2CC3C1815765}\InprocServer32\@ deleted! 15:18:32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A844B571-4FA4-47CF-84BB-5F8F6393EA2B}\InprocServer32\@ deleted! 15:18:32 -> HKEY_CLASSES_ROOT\CLSID\{BF2D44A9-7F5A-47AB-985D-2CC3C1815765}\InprocServer32\@ deleted! 15:18:32 -> HKEY_CLASSES_ROOT\CLSID\{A844B571-4FA4-47CF-84BB-5F8F6393EA2B}\InprocServer32\@ deleted! 15:18:38 -> Key(s) deleted! Please, reboot the machine now! ---------------------------------------------------------------------------------------------------------------------------------------- l2mfix: C:\ C:\ System Rebooted! Running From: C:\ killing explorer and rundll32.exe Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 364 'explorer.exe' . . . Killing PID 364 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 2680 'rundll32.exe' . . . Killing PID 2680 'rundll32.exe' Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! Backing Up: C:\WINDOWS\system32\guard.tmp 1 Datei(en) kopiert. deleting: C:\WINDOWS\system32\guard.tmp Successfully Deleted: C:\WINDOWS\system32\guard.tmp Zipping up files for submission: adding: guard.tmp (188 bytes security) (deflated 5%) adding: clear.reg (188 bytes security) (deflated 46%) adding: savedir.ini (188 bytes security) (deflated 3%) adding: lo2.txt (188 bytes security) (deflated 87%) adding: sys.txt (188 bytes security) (deflated 59%) adding: system.txt (188 bytes security) (deflated 71%) adding: system32.txt (188 bytes security) (deflated 79%) adding: systemtemp.txt (188 bytes security) (deflated 56%) adding: test.txt (188 bytes security) (stored 0%) adding: test2.txt (188 bytes security) (deflated 30%) adding: test3.txt (188 bytes security) (deflated 30%) adding: test5.txt (188 bytes security) (deflated 30%) adding: xfind.txt (188 bytes security) (stored 0%) Restoring Registry Permissions: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Revoking access for predefined group "Administrators" Inherited ACE can not be revoked here! Inherited ACE can not be revoked here! Registry permissions set too: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-NI) ALLOW Read VORDEFINIERT\Benutzer (ID-IO) ALLOW Read VORDEFINIERT\Benutzer (ID-NI) ALLOW Read VORDEFINIERT\Hauptbenutzer (ID-IO) ALLOW Read VORDEFINIERT\Hauptbenutzer (ID-NI) ALLOW Full access VORDEFINIERT\Administratoren (ID-IO) ALLOW Full access VORDEFINIERT\Administratoren (ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access ERSTELLER-BESITZER Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332 deleting local copy: guard.tmp The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] "DLLName"="Ati2evxx.dll" "Asynchronous"=dword:00000000 "Impersonate"=dword:00000001 "Lock"="AtiLockEvent" "Logoff"="AtiLogoffEvent" "Logon"="AtiLogonEvent" "Disconnect"="AtiDisConnectEvent" "Reconnect"="AtiReConnectEvent" "Safe"=dword:00000000 "Shutdown"="AtiShutdownEvent" "StartScreenSaver"="AtiStartScreenSaverEvent" "StartShell"="AtiStartShellEvent" "Startup"="AtiStartupEvent" "StopScreenSaver"="AtiStopScreenSaverEvent" "Unlock"="AtiUnLockEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 The following are the files found: **************************************************************************** C:\WINDOWS\system32\guard.tmp Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{BF2D44A9-7F5A-47AB-985D-2CC3C1815765}"=- "{A844B571-4FA4-47CF-84BB-5F8F6393EA2B}"=- "{4C3DCDA5-C883-4144-931B-FEB6B6F235E7}"=- [-HKEY_CLASSES_ROOT\CLSID\{BF2D44A9-7F5A-47AB-985D-2CC3C1815765}] [-HKEY_CLASSES_ROOT\CLSID\{A844B571-4FA4-47CF-84BB-5F8F6393EA2B}] [-HKEY_CLASSES_ROOT\CLSID\{4C3DCDA5-C883-4144-931B-FEB6B6F235E7}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" **************************************************************************** Desktop.ini Contents: **************************************************************************** **************************************************************************** |
|
|
||
08.01.2006, 16:31
Ehrenmitglied
Beiträge: 29434 |
#6
es muesste wieder alles in Ordnung sein, nicht wahr
da aber der PC noch mit anderer Malware verseucht war: http://virus-protect.org/multiavtool.html klicke "3" - McAfee -- es erscheint ein leeres DOS-Fenster. - man muss eingeben, was gescannt werden soll - C:\Windows\System32 dann beginnt der Scan, man sollte dann auch scannen lassen: - C:\Windows - C:\ kopiere die 3 Scanreporte --------------------------------------------------------------------------- scanne mit panda und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.01.2006, 20:29
...neu hier
Themenstarter Beiträge: 7 |
#7
ok, hier erstmal die ergebnisse von McAfee, Panda dauert noch etwas ;-)
McAfee VirusScan for Win32 v4.40.0 Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights reserved. (408) 988-3832 LICENSED COPY - Sep 23 2004 Scan engine v4.4.00 for Win32. Virus data file v4669 created Jan 06 2006 Scanning for 169582 viruses, trojans and variants. Virus Scan Results 01/08/2006 18:38:53 Options: "C:\WINDOWS\SYSTEM32" /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML" Scanning C: [] C:\WINDOWS\SYSTEM32\admdll.dll ... Found potentially unwanted program RemAdm-RemoteAdmin. C:\WINDOWS\SYSTEM32\kill.exe ... Found potentially unwanted program ProcKill-AN. The file or process has been deleted. C:\WINDOWS\SYSTEM32\raddrv.dll ... Found potentially unwanted program RemAdm-RemoteAdmin. The file or process has been deleted. C:\WINDOWS\SYSTEM32\r_server.exe ... Found potentially unwanted program RemAdm-RemoteAdmin. Scanning C:\WINDOWS\SYSTEM32\*.* C:\WINDOWS\SYSTEM32\admdll.dll ... Found potentially unwanted program RemAdm-RemoteAdmin. C:\WINDOWS\SYSTEM32\r_server.exe ... Found potentially unwanted program RemAdm-RemoteAdmin. A file(s) requires a reboot to complete the repair. You are recommended to reboot the computer. Summary report on C:\WINDOWS\SYSTEM32\*.* File(s) Total files: ........... 7669 Clean: ................. 7659 Possibly Infected: ..... 0 Cleaned: ............... 0 Deleted: ............... 2 Non-critical Error(s): 1 ------------------------------------------------------------------------------------------------ 01/08/2006 18:49:03 Options: "C:\WINDOWS\" /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML" Scanning C: [] C:\WINDOWS\kill.exe ... Found potentially unwanted program ProcKill-AN. The file or process has been deleted. Scanning C:\WINDOWS\*.* C:\WINDOWS\system32\admdll.dll ... Found potentially unwanted program RemAdm-RemoteAdmin. C:\WINDOWS\system32\r_server.exe ... Found potentially unwanted program RemAdm-RemoteAdmin. A file(s) requires a reboot to complete the repair. You are recommended to reboot the computer. Summary report on C:\WINDOWS\*.* File(s) Total files: ........... 29258 Clean: ................. 29247 Possibly Infected: ..... 0 Cleaned: ............... 0 Deleted: ............... 1 Non-critical Error(s): 1 ------------------------------------------------------------------------------------------------ Scanning C: [] C:\backup.zip\GUARD.TMP ... Found potentially unwanted program Adware-Look2Me. Scanning C:\*.* C:\backup.zip\GUARD.TMP ... Found potentially unwanted program Adware-Look2Me. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0DINCT6N\AppWrap[1].exe ... Found potentially unwanted program Adware-NicTech. The file or process has been deleted. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0PANWHQ7\AppWrap[1].exe\AppWrap[1].exe ... Found the QUrl-3 trojan !!! The file or process has been deleted. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\G1EV0LIF\AppWrap[1].exe\AppWrap[1].exe ... Found the QUrl-3 trojan !!! The file or process has been deleted. C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Atari\Civilization III Conquests\Conquests online mit Gamespy Arcade spielen!.url ... Found potentially unwanted program Adware-Url.gen. The file or process has been deleted. C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\EA GAMES\Battlefield 2\Battlefield 2 online mit GameSpy Arcade spielen.url ... Found potentially unwanted program Adware-Url.gen. The file or process has been deleted. C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\EA GAMES\Battlefield 2 Special Forces\Battlefield 2 Special Forces online mit GameSpy Arcade spielen.url ... Found potentially unwanted program Adware-Url.gen. The file or process has been deleted. C:\Dokumente und Einstellungen\Dark-Hawk\Desktop\Radmin.rar\RADMIN VIEWER 3.0.ZIP\RADMIN.EXE ... Found potentially unwanted program RemAdm-RemoteAdmin. C:\Dokumente und Einstellungen\Dark-Hawk\Lokale Einstellungen\Temporary Internet Files\LLF3KA3B\ESD5QNKC\Offline\i\0000057d.rar\RADMIN VIEWER 3.0.ZIP\RADMIN.EXE ... Found potentially unwanted program RemAdm-RemoteAdmin. C:\Dokumente und Einstellungen\Dark-Hawk\Startmenü\Programme\GameSpy Arcade\GameSpy Arcade Help.url ... Found potentially unwanted program Adware-Url.gen. The file or process has been deleted. C:\Dokumente und Einstellungen\Dark-Hawk\Startmenü\Programme\GameSpy Arcade\GameSpy Arcade Website.url ... Found potentially unwanted program Adware-GameSpyArcade.url. The file or process has been deleted. C:\Dokumente und Einstellungen\Dark-Hawk\Startmenü\Programme\GameSpy Arcade\GameSpy.com Gaming's Homepage.url ... Found potentially unwanted program Adware-GameSpyArcade.url. The file or process has been deleted. C:\Dokumente und Einstellungen\Dark-Hawk\Startmenü\Programme\GameSpy Arcade\Register GameSpy Arcade.url ... Found potentially unwanted program Adware-GameSpyArcade.url. The file or process has been deleted. C:\Programme\GameSpy Arcade\GameSpy Arcade Help.url ... Found potentially unwanted program Adware-Url.gen. The file or process has been deleted. C:\Programme\GameSpy Arcade\GameSpy Arcade Website.url ... Found potentially unwanted program Adware-GameSpyArcade.url. The file or process has been deleted. C:\Programme\GameSpy Arcade\GameSpy.com Gaming's Homepage.url ... Found potentially unwanted program Adware-GameSpyArcade.url. The file or process has been deleted. C:\Programme\GameSpy Arcade\GSAPak.exe ... Found potentially unwanted program Adware-GameSpyArcade. The file or process has been deleted. C:\Programme\GameSpy Arcade\pw32.dll ... Found potentially unwanted program Adware-GameSpyArcade. The file or process has been deleted. C:\Programme\GameSpy Arcade\Register GameSpy Arcade.url ... Found potentially unwanted program Adware-GameSpyArcade.url. The file or process has been deleted. C:\Programme\GameSpy Arcade\Services\_common\PortraitLoader.dll ... Found potentially unwanted program Adware-GameSpyArcade. The file or process has been deleted. C:\Programme\Radmin\raddrv.dll ... Found potentially unwanted program RemAdm-RemoteAdmin. The file or process has been deleted. C:\Programme\Radmin\r_server.exe ... Found potentially unwanted program RemAdm-RemoteAdmin. The file or process has been deleted. C:\RECYCLER\S-1-5-21-299502267-616249376-839522115-1003\Dc21.exe\KILL.EXE ... Found potentially unwanted program ProcKill-AN. C:\RECYCLER\S-1-5-21-299502267-616249376-839522115-500\Dc1.url ... Found the QUrl-3.url trojan !!! The file or process has been deleted. C:\RECYCLER\S-1-5-21-299502267-616249376-839522115-500\Dc2.url ... Found potentially unwanted program Adware-Url.gen. The file or process has been deleted. C:\RECYCLER\S-1-5-21-299502267-616249376-839522115-500\Dc3.url ... Found potentially unwanted program Adware-Url.gen. The file or process has been deleted. C:\RECYCLER\S-1-5-21-299502267-616249376-839522115-500\Dc4.url ... Found potentially unwanted program Adware-Url.gen. The file or process has been deleted. C:\RECYCLER\S-1-5-21-299502267-616249376-839522115-500\Dc54.com ... Found potentially unwanted program Adware-NicTech. The file or process has been deleted. C:\WINDOWS\system32\admdll.dll ... Found potentially unwanted program RemAdm-RemoteAdmin. C:\WINDOWS\system32\r_server.exe ... Found potentially unwanted program RemAdm-RemoteAdmin. A file(s) requires a reboot to complete the repair. You are recommended to reboot the computer. Summary report on C:\*.* File(s) Total files: ........... 378108 Clean: ................. 377842 Possibly Infected: ..... 3 Cleaned: ............... 0 Deleted: ............... 24 Non-critical Error(s): 2 |
|
|
||
08.01.2006, 20:56
Ehrenmitglied
Beiträge: 29434 |
#8
erst einmal starte den PC neu, damit der scanner alle gefundenen Dateien loescht.
dann loesche....falls es noch vorhanden ist... C:\backup.zip __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.01.2006, 21:19
...neu hier
Themenstarter Beiträge: 7 |
#9
ok, hab ich gemacht bevor ich panda gestartet hatte.
aber ich bin echt schockiert, die antivirentools wie norton und co. finden ja wirklich vergleichsweise wenig. zum glück bin ich eh grad dabei auf apple umzusteigen, da ist das ja bisher noch recht unkritisch mit viren usw. panda hat ein viertel meines systems gescannt und hat bisher folgendes gefunden: Detected Disinfected Virus 3 3 Spyware 33 0 Hacking Tools and potentially unwanted tools 2 0 |
|
|
||
08.01.2006, 21:23
Ehrenmitglied
Beiträge: 29434 |
#10
panda zeigt auch den Pfad der Viren an.... (der groesste Teil wird zum Systemrestore gehoeren....)
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.01.2006, 22:40
...neu hier
Themenstarter Beiträge: 7 |
#11
ok hier nun der pandascan, da einiges aus den firefox cache stammt hab ich die firefoxdaten wie cookies cache usw schonmal gelöscht.
Incident Status Location Spyware:Cookie/Paypopup Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[.paypopup.com/] Spyware:Cookie/YieldManager Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Tradedoubler Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[.tradedoubler.com/] Spyware:Cookie/YieldManager Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Tradedoubler Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[.tradedoubler.com/] Spyware:Cookie/YieldManager Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/RealMedia Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[.realmedia.com/] Spyware:Cookie/onestat.com Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[stat.onestat.com/] Spyware:Cookie/Reliablestats Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[stats1.reliablestats.com/] Spyware:Cookie/2o7.net Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[.2o7.net/] Spyware:Cookie/Apmebf Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[.apmebf.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Clickbank Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[.clickbank.net/] Spyware:Cookie/PointRoll Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Adtech Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[.adtech.de/] Spyware:Cookie/BurstNet Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[.burstnet.com/] Spyware:Cookie/Cd Freaks Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[.cdfreaks.com/] Spyware:Cookie/CentrPort Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[.centrport.net/] Spyware:Cookie/Com.com Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[.com.com/] Spyware:Cookie/Maxserving Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[.maxserving.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/SpyLog Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[.spylog.com/] Spyware:Cookie/Statcounter Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Yadro Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[.yadro.ru/] Spyware:Cookie/Bilbo.counted Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[bilbo.counted.com/] Spyware:Cookie/fe.lea.lycos Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[fe.lea.lycos.de/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[server.iad.liveperson.net/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[server.iad.liveperson.net/hc/31953349] Adware:Adware/Look2Me Not disinfected C:\backup.zip[guard.tmp] Spyware:Cookie/YieldManager Not disinfected C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\zipxetrc.default\cookies.txt[] Spyware:Cookie/Paypopup Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\3tr7yvf5.default\cookies.txt[31953349] Virus:W32/Bugbear Disinfected Persönliche Ordner\Posteingang\Ihre Auktion ist beendet - Artikelnr. 1628423722 (elektronischer fahrtregler jamara hf-40 II)\photo.exe Virus:W32/Sober.AH.worm Disinfected Persönliche Ordner\Posteingang\Sehr geehrter Ebay-Kunde\Ebay-User32603_RegC.zip[File-packed_dataInfo.exe] Virus:W32/Sober.AH.worm Disinfected Persönliche Ordner\Posteingang\SMTP Mail gescheitert\Email_text.zip[File-packed_dataInfo.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-299502267-616249376-839522115-1003\Dc12\VundoFix\process.exe Potentially unwanted tool:Application/KillApp.B Not disinfected C:\RECYCLER\S-1-5-21-299502267-616249376-839522115-1003\Dc21.exe[kill.exe] Virus:W32/Bugbear Disinfected Persönliche Ordner\Posteingang\Ihre Auktion ist beendet - Artikelnr. 1628423722 (elektronischer fahrtregler jamara hf-40 II)\photo.exe Dialerialer.Gen Not disinfected Persönliche Ordner\Junk-E-Mail\Dark-hawk, Family sex archive volume 2.1\family-sex-private-archive-click-here.exe Virus:Trj/Downloader.S Disinfected Persönliche Ordner\Junk-E-Mail\Re: Your balance application\www.usbank.com.stats.personals.balance.pif.pif Virus:W32/Dumaru.Y.worm Disinfected Persönliche Ordner\Junk-E-Mail\Important information for you. Read it immediately !\ATT00002.txt[myphoto.jpg .exe] Virus:W32/Sober.E.worm Disinfected Persönliche Ordner\Junk-E-Mail\Hi\Text7501.zip[Graphic_Textdocument.pif] Potentially unwanted tool:Application/Processor Not disinfected G:\l2mfix\Process.exe |
|
|
||
08.01.2006, 23:32
Ehrenmitglied
Beiträge: 29434 |
#12
W32/Sober.E.worm ...schau an....
------------------------------------------- loesche alle "boesen" Cookies unter: C:\Dokumente und Einstellungen\Dark-Hawk\Anwendungsdaten\Mozilla\Firefox\Profiles\ -------------------------------------------- Zitat so kann man die Mail restlos aus der Inbox zu entfernen:Persönliche Ordner\Posteingang\Ihre Auktion ist beendet - Artikelnr. 1628423722 (elektronischer fahrtregler jamara hf-40 II)\photo.exe Persönliche Ordner\Posteingang\Sehr geehrter Ebay-Kunde\Ebay-User32603_RegC.zip[File-packed_dataInfo.exe Persönliche Ordner\Junk-E-Mail\Dark-hawk, Family sex archive volume 2.1\family-sex-private-archive-click-here.exe Persönliche Ordner\Junk-E-Mail\Re: Your balance application\www.usbank.com.stats.personals.balance.pif.pif Persönliche Ordner\Junk-E-Mail\Important information for you. Read it immediately !\ATT00002.txt Persönliche Ordner\Junk-E-Mail\Hi\Text7501.zip __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.01.2006, 19:42
...neu hier
Themenstarter Beiträge: 7 |
#13
Ok, vielen dank. jetzt sollte ich erstmal den mist los sein.
kannst du mir ettl. antiviren software empfehlen die wirklich hält was sie verspricht? norton antivirus 2005 hat mich jedenfallst nicht beschützt... |
|
|
||
10.01.2006, 00:17
Ehrenmitglied
Beiträge: 29434 |
#14
dark-hawk
bester Schutz: gewisse Seiten meiden Eingeschränktes Benutzerkonto/Administratorrechte unter Windows http://virus-protect.org/administrator.html http://virus-protect.org/ms.html Microsoft Windows Antispy --> den Guard aktivieren Kaspersky-Antivirus (ist das beste, was ich derzeit kenne, allerdings solltest du dann den Norton restlos deinstallieren) http://virus-protect.org/antivirshare.html manchmal wird das System mit kaspersky langsam...probiere es aus... du hast ja eine Testzeit Alles Gute fuer dich + PC __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
Zusatzinfo: auffallend viele adressen beinhalten "yyy102.html"
Logfile of HijackThis v1.99.1
Scan saved at 22:43:18, on 07.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\avmclient\avmbtservice.exe
C:\Programme\avmclient\AvmObexService.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\r_server.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\TELES\skyDSL\Proxy\craxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\TELES\skyDSL\tskymtpc.exe
C:\Programme\TELES\skyDSL\tkpsrv.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Motherboard Monitor 5\MBM5.EXE
C:\Programme\avmclient\bluefritz.exe
C:\Programme\avmclient\AvmObex.exe
C:\Programme\avmclient\AvmObex.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programme\Logitech\MediaLife\MediaLifeService.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Anti-Blaxx\Anti-Blaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe
C:\Programme\Gemeinsame Dateien\Nokia\Tools\NclTray.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTvRc.exe
C:\Programme\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\DLink\Bluetooth Software\BTTray.exe
C:\Programme\jalcds\jaLCDs.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Pixoria\Konfabulator\Konfabulator.exe
C:\Programme\Pixoria\Konfabulator\Konfabulator.exe
C:\Programme\Pixoria\Konfabulator\Konfabulator.exe
C:\Programme\Pixoria\Konfabulator\Konfabulator.exe
C:\Programme\Pixoria\Konfabulator\Konfabulator.exe
C:\Programme\Pixoria\Konfabulator\Konfabulator.exe
C:\Programme\Pixoria\Konfabulator\Konfabulator.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\jvm\jre1.4\1.4\bin\javaw.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Programme\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\NOTEPAD.EXE
G:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.de
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MBM 5] "C:\Programme\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVMBlueClient] C:\Programme\avmclient\bluefritz.exe
O4 - HKLM\..\Run: [AVMBLUEOBEX] C:\Programme\avmclient\AvmObex.exe -pushclient -ftpclient
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Programme\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programme\Gemeinsame Dateien\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Programme\VideoraiPodConverter\VideoraConverter.exe -t
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TerraTec Remote Control] "C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTvRc.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Programme\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Konfabulator.lnk = C:\Programme\Pixoria\Konfabulator\Konfabulator.exe
O4 - Startup: QCast Station.LNK = C:\Programme\BroadQ\QCastStation.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: jaLCDs (2).lnk = C:\Programme\jalcds\jaLCDs.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Mit FDM herunterladen - file://C:\Programme\Free Download Manager\dllink.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\DLink\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Webseiten mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlpage.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\DLink\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\DLink\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: skyDSL++ - {F7522CA2-3DDA-11d3-8560-0060977792B1} - C:\Programme\TELES\skyDSL\sky2sky.exe
O9 - Extra button: skyDSL- - - {F7522CA8-3DDA-11d3-8560-0060977792B1} - C:\Programme\TELES\skyDSL\sky2fon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\skysocks.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\skysocks.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\skysocks.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\skysocks.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\skysocks.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\skysocks.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{41A14147-CA56-463E-9EA0-F1E3B569CE77}: NameServer = 192.168.111.111
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVM BT Connection Service - AVM Berlin - C:\Programme\avmclient\avmbtservice.exe
O23 - Service: AVM BT PAN Service - AVM Berlin - C:\Programme\avmclient\panapp.exe
O23 - Service: AVM BT OBEX Service (AvmObexService) - AVM Berlin - C:\Programme\avmclient\AvmObexService.exe
O23 - Service: Bonjour Dienst (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\DLink\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PMounter - Unknown owner - C:\WINDOWS\system32\PMounter.exe
O23 - Service: Radmin Communication Server (rcomsrv) - Unknown owner - C:\WINDOWS\system32\rcomsrv30\rcomsrv.exe" /service (file missing)
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: skyDSL-Proxy (tntcraxy) - Unknown owner - C:\Programme\TELES\skyDSL\Proxy\craxy.exe" service (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programme\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: TridiaVNC Server (winvnc) - Tridia Corporation - C:\Programme\TridiaVNC\win32\WinVNC.exe