Popups mit irgenwelcher werbung |
||
---|---|---|
#0
| ||
11.01.2006, 20:22
Member
Beiträge: 276 |
||
|
||
13.01.2006, 13:48
Ehrenmitglied
Beiträge: 29434 |
#2
markussa
stelle den Cleaner genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html kopiere hier die 4 Textdateien (2 Monate vom Datum her genuegen) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
15.01.2006, 14:44
Member
Themenstarter Beiträge: 276 |
#3
Hat nichts geholfen
angeblich ist es das programm look 2 me wie wird man das los? habe echt schon alles versucht was ich habe 10.00 sachen deaktiveirt und deinstalliert ad aware lmspfix microsoft anti spyware ... und alle anderen ähnlichen programme die ich irgendwo gefunden habe + firefox deinstalliert alle datein gelöscht und eine andere version installiert ( seit dem kommen zumindest die fenster zu anderen zeitpunkten) ein aktueller hijack this log Logfile of HijackThis v1.99.1 Scan saved at 20:08:28, on 15.01.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Programme\Network Associates\Common Framework\UpdaterUI.exe C:\Programme\Network Associates\VirusScan\SHSTAT.EXE C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\Programme\Network Associates\Common Framework\FrameworkService.exe C:\Programme\Network Associates\VirusScan\Mcshield.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Network Associates\VirusScan\VsTskMgr.exe C:\Programme\Microsoft AntiSpyware\gcasServ.exe C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe C:\WINDOWS\system32\CAPRPCSK.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Programme\Outlook Express\msimn.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE C:\PROGRA~1\ICQ\ICQ.exe C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe C:\Programme\Winamp\Winamp.exe C:\Dokumente und Einstellungen\Markus\Eigene Dateien\PRIVAT\Software\hijackthis\HijackThis.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart O4 - Startup: Outlook Express.lnk = C:\Programme\Outlook Express\msimn.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee Framework-Dienst (McAfeeFramework) - Network Associates, Inc. - C:\Programme\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe Dieser Beitrag wurde am 15.01.2006 um 20:11 Uhr von markussa editiert.
|
|
|
||
16.01.2006, 13:44
Ehrenmitglied
Beiträge: 29434 |
#4
markussa
nun ja, ich haette gern die dateien gesehen, die sich auf dem Rechner befinden, desahlb die datfindab. ohne die, kann ich dir nicht helfen (es scheint kein Look2 me zu sein) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.01.2006, 16:08
Member
Themenstarter Beiträge: 276 |
#5
wo finde ich die datfindab?
|
|
|
||
16.01.2006, 23:27
Ehrenmitglied
Beiträge: 29434 |
#6
Zitat stelle den Cleaner genauso ein, wie hier angegeben: __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
17.01.2006, 16:07
Member
Themenstarter Beiträge: 276 |
#7
Sorry
Datentr„ger in Laufwerk C: ist FESTPLATTE Volumeseriennummer: 1335-10E0 Verzeichnis von C:\WINDOWS\SYSTEM32 17.01.2006 15:57 41.237 nvapps.xml 17.01.2006 15:57 234.272 akdiosrv.dll 15.01.2006 14:50 64.796 perfc007.dat 15.01.2006 14:50 394.830 perfh007.dat 15.01.2006 14:50 383.390 perfh009.dat 15.01.2006 14:50 53.744 perfc009.dat 15.01.2006 14:50 906.552 PerfStringBackup.INI 15.01.2006 14:48 252.680 FNTCACHE.DAT 15.01.2006 10:55 219.648 uxtheme.dll 11.01.2006 16:34 234.272 pfrfdisk.dll 11.01.2006 13:53 2.278 wpa.dbl 05.01.2006 17:20 7.006 jupdate-1.5.0_06-b05.log 04.01.2006 19:46 2.836.320 MRT.exe 29.12.2005 03:54 280.064 gdi32.dll 01.12.2005 04:31 1.492.480 shdocvw.dll 29.11.2005 18:52 2.323.072 TUKernel.exe 24.11.2005 00:58 1.022.464 browseui.dll 24.11.2005 00:58 3.013.632 mshtml.dll 15.11.2005 12:12 117.976 hashlib.dll 15.11.2005 12:12 126.680 GCCollection.dll 15.11.2005 12:12 95.448 gcUnCompress.dll 10.11.2005 13:03 127.078 javaws.exe 10.11.2005 13:03 49.265 jpicpl32.cpl 10.11.2005 11:27 49.250 javaw.exe 10.11.2005 11:27 49.248 java.exe 05.11.2005 04:16 606.208 urlmon.dll 05.11.2005 04:16 1.056.256 danim.dll 04.11.2005 19:03 180.224 NVUNINST.EXE 04.11.2005 18:03 286.720 nvnt4cpl.dll 04.11.2005 18:03 7.307.264 nvcpl.dll 04.11.2005 18:03 5.394.432 nvoglnt.dll 04.11.2005 18:03 35.328 nvcod.dll 04.11.2005 18:03 35.328 nvcodins.dll 04.11.2005 18:03 425.984 keystone.exe 04.11.2005 18:03 180.224 nvudisp.exe 04.11.2005 18:03 16.356 nvdisp.nvu 04.11.2005 18:03 86.016 nvapi.dll 04.11.2005 18:03 81.920 nvwddi.dll 04.11.2005 18:03 147.456 nvcolor.exe 04.11.2005 18:03 1.339.392 nvdspsch.exe 04.11.2005 18:03 1.466.368 nview.dll 04.11.2005 18:03 466.944 nvshell.dll 04.11.2005 18:03 73.728 nvtuicpl.cpl 04.11.2005 18:03 1.662.976 nvwdmcpl.dll 04.11.2005 18:03 1.019.904 nvwimg.dll 04.11.2005 18:03 1.519.616 nwiz.exe 04.11.2005 18:03 45.056 nvmccsrs.dll 04.11.2005 18:03 573.440 nvhwvid.dll 04.11.2005 18:03 442.368 nvappbar.exe 04.11.2005 18:03 86.016 nvmctray.dll 04.11.2005 18:03 131.139 nvsvc32.exe 04.11.2005 18:03 3.924.096 nv4_disp.dll 04.11.2005 18:03 229.376 nvmccs.dll 03.11.2005 19:38 5.618 jupdate-1.5.0_05-b05.log 27.10.2005 20:37 53.248 dpuGUI10.dll 27.10.2005 20:37 86.016 dpl100.dll 27.10.2005 20:37 593.920 dpuGUI11.dll 27.10.2005 20:37 200.704 dtu100.dll 27.10.2005 20:37 294.912 dpu11.dll 27.10.2005 20:37 57.344 dpv11.dll 27.10.2005 20:37 294.912 dpu10.dll 27.10.2005 20:37 339.968 dpus11.dll 21.10.2005 15:40 176.167 rmoc3260.dll 21.10.2005 15:40 6.656 pndx5016.dll 21.10.2005 15:40 5.632 pndx5032.dll 21.10.2005 15:40 278.528 pncrt.dll 21.10.2005 04:40 664.064 wininet.dll 21.10.2005 04:40 474.112 shlwapi.dll 21.10.2005 04:40 448.512 mshtmled.dll 21.10.2005 04:40 530.944 mstime.dll 21.10.2005 04:40 146.432 msrating.dll 21.10.2005 04:40 39.424 pngfilt.dll 21.10.2005 04:40 152.064 cdfview.dll 21.10.2005 04:40 96.768 inseng.dll 21.10.2005 04:40 251.392 iepeers.dll 21.10.2005 04:40 55.808 extmgr.dll 21.10.2005 04:40 205.312 dxtrans.dll 20.10.2005 23:25 1.094.144 esent.dll 19.10.2005 20:28 235.184 guard.tmp 19.10.2005 20:10 507.392 winlogon.exe 19.10.2005 17:13 237.011 h4j40e1qeh.dll 17.10.2005 22:20 80.896 fontsub.dll 17.10.2005 22:20 118.272 t2embed.dll 17.10.2005 20:58 65.536 QuickTimeVR.qtx 17.10.2005 20:57 49.152 QuickTime.qts 17.10.2005 16:35 261 $winnt$.inf 17.10.2005 16:25 2.951 CONFIG.NT 17.10.2005 16:25 23.392 nscompat.tlb 17.10.2005 16:25 16.832 amcompat.tlb 17.10.2005 16:22 488 logonui.exe.manifest 17.10.2005 16:22 488 WindowsLogon.manifest 17.10.2005 16:22 749 nwc.cpl.manifest 17.10.2005 16:22 749 wuaucpl.cpl.manifest 17.10.2005 16:22 749 cdplayer.exe.manifest 17.10.2005 16:22 749 sapi.cpl.manifest 17.10.2005 16:22 749 ncpa.cpl.manifest 17.10.2005 16:19 21.740 emptyregdb.dat 17.10.2005 16:12 0 h323log.txt Datentr„ger in Laufwerk C: ist FESTPLATTE Volumeseriennummer: 1335-10E0 Verzeichnis von C:\DOKUME~1\MARKUS~2.MAR\LOKALE~1\Temp 17.01.2006 16:03 512 ~DF4819.tmp 17.01.2006 15:59 0 icqA.tmp 17.01.2006 15:59 0 icqB.tmp 17.01.2006 15:59 0 icqC.tmp 17.01.2006 15:59 970 TempICQCLImage9319361927998.html 17.01.2006 15:59 0 icq9.tmp 17.01.2006 15:59 512 ~DF359A.tmp 17.01.2006 15:59 16.384 ~DF358D.tmp 17.01.2006 15:58 16.384 Perflib_Perfdata_154.dat 17.01.2006 15:57 32.768 ~DF3D72.tmp 17.01.2006 15:57 32.768 ~DF1BC7.tmp 16.01.2006 21:26 229.376 ~DF880E.tmp 16.01.2006 21:26 32.768 ~DF3997.tmp 16.01.2006 21:26 32.768 ~DF6B70.tmp 16.01.2006 20:29 16.384 ~DF6DA2.tmp 16.01.2006 20:29 16.384 ~DFD115.tmp 16.01.2006 20:29 16.384 ~DF6BFA.tmp 16.01.2006 20:29 16.384 ~DF6DD0.tmp 16.01.2006 20:29 16.384 ~DF6A3F.tmp 16.01.2006 20:29 16.384 ~DF6E4C.tmp 16.01.2006 17:24 0 Stp29.tmp 16.01.2006 16:07 2.266 jusched.log 15.01.2006 22:16 229.376 ~DF56EB.tmp 15.01.2006 22:16 32.768 ~DF36E2.tmp 15.01.2006 22:16 32.768 ~DF5501.tmp 15.01.2006 22:10 2.928 mower.rgn 15.01.2006 22:00 7.008 medicine01.rgn 15.01.2006 21:50 2.016 internet03.rgn 15.01.2006 21:03 1.072 auto02.rgn 15.01.2006 20:53 6.816 shopping01.rgn 15.01.2006 20:43 4.848 porkys.rgn 15.01.2006 19:50 768 online_learning.rgn 15.01.2006 17:47 229.376 ~DF7258.tmp 15.01.2006 17:47 16.384 ~DF259E.tmp 15.01.2006 17:47 32.768 ~DF5752.tmp 15.01.2006 17:47 32.768 ~DF4627.tmp 15.01.2006 16:35 2.512 software03.rgn 15.01.2006 14:46 32.768 ~DF8E62.tmp 15.01.2006 14:46 16.384 ~DF377C.tmp 15.01.2006 14:46 32.768 ~DF61C1.tmp 15.01.2006 13:28 1.456 jobs03.rgn 15.01.2006 12:56 16.384 ~DF5256.tmp 15.01.2006 12:56 32.768 ~DF9F04.tmp 15.01.2006 12:56 32.768 ~DF8F3C.tmp 15.01.2006 12:48 2.128 dating03.rgn 15.01.2006 12:36 32.768 ~DF9274.tmp 15.01.2006 12:36 229.376 ~DFA90F.tmp 15.01.2006 12:36 32.768 ~DFB58F.tmp 15.01.2006 11:39 512 ~DF9354.tmp 15.01.2006 11:39 512 ~DF7C04.tmp 15.01.2006 11:39 16.384 ~DF7BF7.tmp 15.01.2006 11:33 16.384 Perflib_Perfdata_e4.dat 15.01.2006 11:32 32.768 ~DF81A3.tmp 15.01.2006 11:32 32.768 ~DF5283.tmp 15.01.2006 11:30 1.096 2045250.cvr 15.01.2006 11:30 180.224 ~DFE599.tmp 15.01.2006 11:30 32.768 ~DF1D86.tmp 15.01.2006 11:30 32.768 ~DFD4CC.tmp 15.01.2006 11:30 16.384 ~DF6879.tmp 15.01.2006 10:55 16.384 ~DFCE72.tmp 15.01.2006 10:38 4.432 newhouseregion.rgn 14.01.2006 22:16 16.384 ~DF7D37.tmp 14.01.2006 22:16 16.384 ~DF8C6F.tmp 14.01.2006 17:19 919.931 tmp.xpi 14.01.2006 17:06 16.384 ~DF9342.tmp 14.01.2006 17:06 16.384 ~DFCD5B.tmp 14.01.2006 16:09 2.128 jobs01.rgn 14.01.2006 15:59 1.616 newspaper.rgn 14.01.2006 15:49 9.168 slots.rgn 14.01.2006 14:39 3.904 auto01.rgn 14.01.2006 14:24 416 java_install_reg.log 14.01.2006 13:32 4.944 jobs02.rgn 13.01.2006 21:26 16.384 ~DFC1D.tmp 13.01.2006 21:26 16.384 ~DFFA5.tmp 13.01.2006 16:02 3.264 travel06.rgn 13.01.2006 14:32 4.960 news01.rgn 11.01.2006 01:17 149 FEE5E75C.TMP 09.01.2006 23:37 142 DFC5A2B2.TMP 78 Datei(en) 3.024.602 Bytes 0 Verzeichnis(se), 6.566.903.808 Bytes frei Datentr„ger in Laufwerk C: ist FESTPLATTE Volumeseriennummer: 1335-10E0 Verzeichnis von C:\WINDOWS 17.01.2006 15:59 517.875 setupapi.log 17.01.2006 15:57 0 0.log 17.01.2006 15:57 2.048 bootstat.dat 16.01.2006 21:27 1.371.477 WindowsUpdate.log 16.01.2006 21:27 32.638 SchedLgU.Txt 16.01.2006 17:09 512 randseed.rnd 15.01.2006 19:48 116 NeroDigital.ini 15.01.2006 17:48 213 wiadebug.log 15.01.2006 17:48 50 wiaservc.log 15.01.2006 13:41 71.780 ntdtcsetup.log 15.01.2006 13:41 149.381 tsoc.log 15.01.2006 13:41 16.134 tabletoc.log 15.01.2006 13:41 17.420 ocmsn.log 15.01.2006 13:41 43.880 KB899587.log 15.01.2006 13:41 1.374 imsins.log 15.01.2006 13:41 391.703 iis6.log 15.01.2006 13:41 117.008 comsetup.log 15.01.2006 13:41 54.782 netfxocm.log 15.01.2006 13:41 22.262 MedCtrOC.log 15.01.2006 13:41 163.297 ocgen.log 15.01.2006 13:41 15.687 msgsocm.log 15.01.2006 13:41 306.054 FaxSetup.log 15.01.2006 13:41 108.072 msmqinst.log 15.01.2006 13:41 19.166 updspapi.log 15.01.2006 13:40 42.690 KB896422.log 15.01.2006 13:40 1.374 imsins.BAK 15.01.2006 13:38 43.032 KB885835.log 15.01.2006 13:38 41.472 KB885836.log 15.01.2006 13:37 42.756 KB885250.log 15.01.2006 13:37 42.827 KB901017.log 15.01.2006 13:36 42.993 KB899591.log 15.01.2006 13:36 33.376 KB896424.log 15.01.2006 13:35 43.200 KB893756.log 15.01.2006 13:35 43.003 KB896423.log 15.01.2006 13:34 40.822 KB873339.log 15.01.2006 13:34 41.099 KB888113.log 15.01.2006 13:34 41.401 KB887742.log 15.01.2006 13:33 42.191 KB896358.log 15.01.2006 13:33 24.634 KB910437.log 15.01.2006 13:32 34.789 KB905915.log 15.01.2006 13:31 36.361 KB891781.log 15.01.2006 13:30 42.593 KB902400.log 15.01.2006 13:28 33.227 KB890046.log 15.01.2006 13:27 32.037 KB893066.log 15.01.2006 13:27 31.979 KB899589.log 15.01.2006 13:26 32.306 KB905414.log 15.01.2006 13:26 31.297 KB901214.log 15.01.2006 13:25 30.559 KB888302.log 15.01.2006 13:25 34.594 KB900725.log 15.01.2006 13:24 20.829 KB912919.log 15.01.2006 13:24 12.830 KB886185.log 15.01.2006 13:24 31.795 KB904706.log 15.01.2006 13:23 31.418 KB905749.log 15.01.2006 13:23 30.207 KB896428.log 15.01.2006 13:22 38.852 KB894391.log 15.01.2006 13:22 18.410 KB908519.log 15.01.2006 13:21 39.320 KB890859.log 15.01.2006 12:46 14.601 KB893803v2.log 15.01.2006 12:45 17.950 KB898461.log 15.01.2006 12:36 96.890 ntbtlog.txt 14.01.2006 17:19 5.130 mozver.dat 14.01.2006 17:17 107.132 UninstallFirefox.exe 14.01.2006 13:54 54.156 QTFont.qfn 12.01.2006 16:23 227 system.tmp 12.01.2006 16:23 573 win.tmp 12.01.2006 16:23 573 win.ini 12.01.2006 16:23 227 system.ini 05.01.2006 19:46 6.837 wmsetup.log 08.12.2005 21:19 1.409 QTFont.for 08.12.2005 21:17 544 GEARInstall.log 19.11.2005 17:45 46 hmview.ini 17.11.2005 14:35 159 Directx.log 17.11.2005 14:35 770 Sof2.INI 16.11.2005 19:47 290.816 Setup1.exe 16.11.2005 19:46 74.752 ST6UNST.EXE 16.11.2005 19:18 1.785 ST6UNST.003 16.11.2005 19:00 716 ST6UNST.002 16.11.2005 18:54 716 ST6UNST.001 16.11.2005 18:51 1.661 ST6UNST.000 16.11.2005 18:48 540.747 setupact.log 06.11.2005 11:25 177 winamp.ini 24.10.2005 21:00 374 nsw.log 23.10.2005 15:03 9.027 KB893803v2Uninst.log 23.10.2005 15:03 6.762 KB898461Uninst.log 23.10.2005 15:02 6.605 KB890859Uninst.log 23.10.2005 15:02 3.157 KB894391Uninst.log 19.10.2005 20:11 837.868 setuplog.txt 17.10.2005 19:23 1.456 COM+.log 17.10.2005 17:52 0 nsreg.dat 17.10.2005 17:33 400 ODBC.INI 17.10.2005 17:07 59 vbaddin.ini 17.10.2005 16:42 829 OEWABLog.txt 17.10.2005 16:37 8.192 REGLOCS.OLD 17.10.2005 16:25 0 control.ini 17.10.2005 16:25 316.640 WMSysPr9.prx 17.10.2005 16:24 4.161 ODBCINST.INI 17.10.2005 16:22 749 WindowsShell.Manifest 17.10.2005 16:20 1.023 sessmgr.setup.log 17.10.2005 16:18 36 vb.ini 17.10.2005 16:18 133 DtcInstall.log 17.10.2005 16:16 200 cmsetacl.log 17.10.2005 15:58 4.026 regopt.log Datentr„ger in Laufwerk C: ist FESTPLATTE Volumeseriennummer: 1335-10E0 Verzeichnis von C:\ 17.01.2006 16:06 0 sys.txt 17.01.2006 16:05 7.092 system.txt 17.01.2006 16:04 4.126 systemtemp.txt 17.01.2006 16:03 97.694 system32.txt 17.01.2006 15:56 402.231.296 hiberfil.sys 17.01.2006 15:56 603.979.776 pagefile.sys 12.01.2006 16:23 483 boot.ini 18.10.2005 21:07 25.105 mte3ndi6odoxng.exe 16.10.2005 18:59 0 CONFIG.SYS 16.10.2005 18:55 285 BOOT.BAK 25.03.2005 17:55 6.082 data 04.10.2004 14:44 22.650 devicetable.log 16.09.2004 18:06 40 CROSS.BAT 04.08.2004 14:00 469.166 txtsetup.sif 04.08.2004 14:00 262.448 $LDR$ 04.08.2004 12:00 47.564 ntdetect.com 04.08.2004 12:00 4.952 bootfont.bin 04.08.2004 12:00 251.184 ntldr 20.12.2003 01:03 194 AUTOEXEC.BAT 05.12.2003 18:58 512 BOOTSECT.DOS 24.05.2001 12:59 162.304 UNWISE.EXE 08.05.2001 12:00 150.528 arcldr.exe 08.05.2001 12:00 163.328 arcsetup.exe 06.09.2000 09:35 1.660 MSDOS.SYS 30.08.2000 21:41 129.078 LOGO.SYS 08.06.2000 17:00 110.592 io.sys 26 Datei(en) 1.008.128.139 Bytes 0 Verzeichnis(se), 6.566.363.136 Bytes frei |
|
|
||
17.01.2006, 16:30
Ehrenmitglied
Beiträge: 29434 |
#8
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum
http://www.virustotal.com/flash/index_en.html C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\SYSTEM32\fontsub.dll C:\mte3ndi6odoxng.exe es ist ein Look2Me da, 19.10.2005 20:28 235.184 guard.tmp 19.10.2005 17:13 237.011 h4j40e1qeh.dll aber das Problem ist die verseuchte winlogon.exe, man darf sie nicht loeschen, man kann sie nur durch eine saubere ersetzen. ich habe raman schon geschrieben, mal sehen, was er meint. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
17.01.2006, 16:54
Member
Themenstarter Beiträge: 276 |
#9
this is a report processed by VirusTotal on 01/17/2006 at 16:38:29 (CET) after scanning the file "winlogon.exe" file.
Antivirus Version Update Result AntiVir 6.33.0.77 01.17.2006 no virus found Avast 4.6.695.0 01.17.2006 no virus found AVG 718 01.17.2006 no virus found Avira 6.33.0.77 01.17.2006 no virus found BitDefender 7.2 01.17.2006 no virus found CAT-QuickHeal 8.00 01.17.2006 no virus found ClamAV devel-20051123 01.17.2006 no virus found DrWeb 4.33 01.17.2006 no virus found eTrust-InoculateIT 23.71.50 01.16.2006 no virus found eTrust-Vet 12.4.2046 01.17.2006 no virus found Ewido 3.5 01.17.2006 no virus found Fortinet 2.54.0.0 01.17.2006 suspicious F-Prot 3.16c 01.16.2006 no virus found Ikarus 0.2.59.0 01.17.2006 no virus found Kaspersky 4.0.2.24 01.17.2006 no virus found McAfee 4675 01.16.2006 no virus found NOD32v2 1.1368 01.16.2006 no virus found Norman 5.70.10 01.17.2006 no virus found Panda 9.0.0.4 01.17.2006 no virus found Sophos 4.01.0 01.17.2006 no virus found Symantec 8.0 01.17.2006 no virus found TheHacker 5.9.2.075 01.17.2006 no virus found UNA 1.83 01.16.2006 no virus found VBA32 3.10.5 01.17.2006 no virus found VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. This is a report processed by VirusTotal on 01/17/2006 at 16:48:15 (CET) after scanning the file "fontsub.dll" file. Antivirus Version Update Result AntiVir 6.33.0.77 01.17.2006 no virus found Avast 4.6.695.0 01.17.2006 no virus found AVG 718 01.17.2006 no virus found Avira 6.33.0.77 01.17.2006 no virus found BitDefender 7.2 01.17.2006 no virus found CAT-QuickHeal 8.00 01.17.2006 no virus found ClamAV devel-20051123 01.17.2006 no virus found DrWeb 4.33 01.17.2006 no virus found eTrust-InoculateIT 23.71.50 01.16.2006 no virus found eTrust-Vet 12.4.2046 01.17.2006 no virus found Ewido 3.5 01.17.2006 no virus found Fortinet 2.54.0.0 01.17.2006 no virus found F-Prot 3.16c 01.16.2006 no virus found Ikarus 0.2.59.0 01.17.2006 no virus found Kaspersky 4.0.2.24 01.17.2006 no virus found McAfee 4675 01.16.2006 no virus found NOD32v2 1.1368 01.16.2006 no virus found Norman 5.70.10 01.17.2006 no virus found Panda 9.0.0.4 01.17.2006 no virus found Sophos 4.01.0 01.17.2006 no virus found Symantec 8.0 01.17.2006 no virus found TheHacker 5.9.2.075 01.17.2006 no virus found UNA 1.83 01.16.2006 no virus found VBA32 3.10.5 01.17.2006 no virus found VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. This is a report processed by VirusTotal on 01/17/2006 at 16:51:12 (CET) after scanning the file "mte3ndi6odoxng.exe" file. Antivirus Version Update Result AntiVir 6.33.0.77 01.17.2006 ADSPY/ToolBar.ISearch.D.2 Avast 4.6.695.0 01.17.2006 Win32:Trojan-gen. {UPX!} AVG 718 01.17.2006 Adware Generic.GML Avira 6.33.0.77 01.17.2006 ADSPY/ToolBar.ISearch.D.2 BitDefender 7.2 01.17.2006 Application.Cmdservices.B CAT-QuickHeal 8.00 01.17.2006 AdWare.ToolBar.ISearch.d (Not a Virus) ClamAV devel-20051123 01.17.2006 no virus found DrWeb 4.33 01.17.2006 Trojan.DownLoader.4537 eTrust-InoculateIT 23.71.50 01.16.2006 Win32/SillyDl.TQ!Trojan eTrust-Vet 12.4.2046 01.17.2006 Win32/SillyDl.ZP Ewido 3.5 01.17.2006 Spyware.ISearch Fortinet 2.54.0.0 01.17.2006 Adware/Isearch F-Prot 3.16c 01.16.2006 no virus found Ikarus 0.2.59.0 01.17.2006 no virus found Kaspersky 4.0.2.24 01.17.2006 not-a-virus:AdWare.Win32.ISearch.d McAfee 4675 01.16.2006 potentially unwanted program Adware-Isearch NOD32v2 1.1368 01.16.2006 probably a variant of Win32/Adware.ISearch Norman 5.70.10 01.17.2006 W32/ISearch.E Panda 9.0.0.4 01.17.2006 Adware/ISearch Sophos 4.01.0 01.17.2006 no virus found Symantec 8.0 01.17.2006 no virus found TheHacker 5.9.2.075 01.17.2006 Adware/ISearch.d UNA 1.83 01.16.2006 Adware.ToolBar.ISearch VBA32 3.10.5 01.17.2006 AdWare.ToolBar.ISearch.d VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. |
|
|
||
17.01.2006, 17:11
Moderator
Beiträge: 7805 |
#10
Schicke die fontsub.dll und die winlogon.exe bitte an virus@protecus.de ich kann mir das dann mal anschauen....
Nachtrag, diese Datei auch bitte: mte3ndi6odoxng.exe Ds koennte der Downloader sein. __________ MfG Ralf SEO-Spam Hunter |
|
|
||
17.01.2006, 18:19
Moderator
Beiträge: 7805 |
#11
Die Winlogon.exe ist zwar nicht die orginal(deutsche)winlogon.exe, aber sie ist nicht so weit modifiziert, das es Malware sein koennte. Die DLL ist auch sauber...
Die mte3ndi6odoxng.exe kannst du auch schicken, oder gleich bei Jotti pruefen, denn das ist Malware. __________ MfG Ralf SEO-Spam Hunter |
|
|
||
17.01.2006, 20:50
Member
Themenstarter Beiträge: 276 |
#12
Datei: mte3ndi6odoxng.exe
Status: INFIZIERT/MALWARE (Anmerkung: diese Datei wurde bereits vorher gescannt. Die Scanergebnisse werden daher nicht in der Datenbank gespeichert.) Entdeckte Packprogramme: UPX AntiVir Adware-Spyware/ToolBar.ISearch.D.2 adware gefunden ArcaVir Adware.Spysherif.B6 gefunden Avast Win32:Trojan-gen. gefunden AVG Antivirus Generic.GML gefunden BitDefender Keine Viren gefunden ClamAV Keine Viren gefunden Dr.Web Trojan.DownLoader.4537 gefunden F-Prot Antivirus Keine Viren gefunden Fortinet Adware/Isearch gefunden Kaspersky Anti-Virus not-a-virus:AdWare.Win32.ISearch.d gefunden NOD32 probably a variant of Win32/Adware.ISearch application gefunden (mögliche Variante) Norman Virus Control W32/ISearch.E gefunden UNA Adware.ToolBar.ISearch gefunden VBA32 AdWare.ToolBar.ISearch.d gefunden |
|
|
||
17.01.2006, 23:46
Ehrenmitglied
Beiträge: 29434 |
#13
loesche mit hilfe der killbox:
KILLBOX - Pocket KillBox http://virus-protect.org/killbox.html C:\WINDOWS\SYSTEM32\guard.tmp C:\WINDOWS\SYSTEM32h4j40e1qeh.dll C:\mte3ndi6odoxng.exe pc neustarten arbeite das ab: L2MRemover.zip - Look2Me Remover http://virus-protect.org/l2mfix.html stelle den Cleaner genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html danach arbeite option 2 ab L2mfix von diesem Scan poste den scanreport http://virus-protect.org/l2mfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.01.2006, 14:47
Member
Themenstarter Beiträge: 276 |
#14
L2MFIX find log 010406
These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] "DLLName"="wzcdlg.dll" "Logon"="WZCEventLogon" "Logoff"="WZCEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000000 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{4F9C9E09-DF8A-937C-C755-A445E0D07273}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Eigenschaften fr Multimediadatei" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite fr Dokumente" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen fr Freigaben" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Grafikkarten" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Bildschirme" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung fr Anzeigeverschiebung" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung fr Datentr„gerkopien" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen fr Microsoft Windows-Netzwerkobjekte" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen fr die Dateikomprimierung" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung fr Webdrucker" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen fr die Verschlsselung" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung fr HyperTerminal-Icons" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen fr Freigaben" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen fr Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverknpfung" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausfhren..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Eigenschaftenseite fr vorherige Versionen" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Vorherige Versionen" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begráungsbildschirm" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abzgen ber das Internet" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverknpfung" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{F802F260-519B-11D1-BB5D-0060974C6013}"="ICQ Shell Extension" "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"="TuneUp Shredder Shell Context Menu Extension" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Webordner" "{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{79CA52AC-7416-4E1B-90D2-58C80548A620}"="" "{8151CCED-17E8-4CAD-A6CA-9F770A0E0DDA}"="" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="Universelle Plug & Play-Ger„te" "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"="ICQ Lite Shell Extension" "{ADB1C4CF-6C7D-4C8C-9D0C-7BC7C5C94D26}"="" "{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class" "{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu" "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{C0EFE404-9BE9-4881-9488-20B04062F6AF}"="" "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{C0EFE404-9BE9-4881-9488-20B04062F6AF}] @="" [HKEY_CLASSES_ROOT\CLSID\{C0EFE404-9BE9-4881-9488-20B04062F6AF}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{C0EFE404-9BE9-4881-9488-20B04062F6AF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{C0EFE404-9BE9-4881-9488-20B04062F6AF}\InprocServer32] @="C:\\WINDOWS\\system32\\pfrfdisk.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ mmi.dll Wed 18 Jan 2006 13:47:28 ..S.R 234.272 228,78 K nnrrhook.dll Wed 18 Jan 2006 14:33:12 ..S.R 234.272 228,78 K wininet.dll Fri 21 Oct 2005 4:40:36 A.... 664.064 648,50 K browseui.dll Thu 24 Nov 2005 0:58:28 A.... 1.022.464 998,50 K cdfview.dll Fri 21 Oct 2005 4:40:32 A.... 152.064 148,50 K danim.dll Sat 5 Nov 2005 4:16:24 A.... 1.056.256 1,00 M esent.dll Thu 20 Oct 2005 23:25:06 A.... 1.094.144 1,04 M iepeers.dll Fri 21 Oct 2005 4:40:32 A.... 251.392 245,50 K gdi32.dll Thu 29 Dec 2005 3:54:38 A.... 280.064 273,50 K mshtmled.dll Fri 21 Oct 2005 4:40:34 A.... 448.512 438,00 K msrating.dll Fri 21 Oct 2005 4:40:34 A.... 146.432 143,00 K mstime.dll Fri 21 Oct 2005 4:40:34 A.... 530.944 518,50 K dpu11.dll Thu 27 Oct 2005 20:37:44 A.... 294.912 288,00 K dpv11.dll Thu 27 Oct 2005 20:37:44 A.... 57.344 56,00 K dpus11.dll Thu 27 Oct 2005 20:37:44 A.... 339.968 332,00 K dpl100.dll Thu 27 Oct 2005 20:37:46 A.... 86.016 84,00 K dtu100.dll Thu 27 Oct 2005 20:37:44 A.... 200.704 196,00 K pncrt.dll Fri 21 Oct 2005 15:40:10 A.... 278.528 272,00 K pndx5016.dll Fri 21 Oct 2005 15:40:20 A.... 6.656 6,50 K pndx5032.dll Fri 21 Oct 2005 15:40:20 A.... 5.632 5,50 K rmoc3260.dll Fri 21 Oct 2005 15:40:42 A.... 176.167 172,04 K dpugui11.dll Thu 27 Oct 2005 20:37:46 A.... 593.920 580,00 K nv4_disp.dll Fri 4 Nov 2005 18:03:00 A.... 3.924.096 3,74 M dpu10.dll Thu 27 Oct 2005 20:37:44 A.... 294.912 288,00 K dpugui10.dll Thu 27 Oct 2005 20:37:48 A.... 53.248 52,00 K nvhwvid.dll Fri 4 Nov 2005 18:03:00 A.... 573.440 560,00 K nvapi.dll Fri 4 Nov 2005 18:03:00 A.... 86.016 84,00 K nvoglnt.dll Fri 4 Nov 2005 18:03:00 A.... 5.394.432 5,14 M nvcpl.dll Fri 4 Nov 2005 18:03:00 A.... 7.307.264 6,97 M nvmctray.dll Fri 4 Nov 2005 18:03:00 A.... 86.016 84,00 K nvwddi.dll Fri 4 Nov 2005 18:03:00 A.... 81.920 80,00 K nvnt4cpl.dll Fri 4 Nov 2005 18:03:00 A.... 286.720 280,00 K nvmccs.dll Fri 4 Nov 2005 18:03:00 A.... 229.376 224,00 K nvcod.dll Fri 4 Nov 2005 18:03:00 A.... 35.328 34,50 K nvcodins.dll Fri 4 Nov 2005 18:03:00 A.... 35.328 34,50 K nview.dll Fri 4 Nov 2005 18:03:00 A.... 1.466.368 1,40 M nvshell.dll Fri 4 Nov 2005 18:03:00 A.... 466.944 456,00 K nvwdmcpl.dll Fri 4 Nov 2005 18:03:00 A.... 1.662.976 1,59 M nvwimg.dll Fri 4 Nov 2005 18:03:00 A.... 1.019.904 996,00 K nvmccsrs.dll Fri 4 Nov 2005 18:03:00 A.... 45.056 44,00 K pfrfdisk.dll Wed 11 Jan 2006 16:34:16 ..S.R 234.272 228,78 K uxtheme.dll Sun 15 Jan 2006 10:55:08 A.... 219.648 214,50 K urlmon.dll Sat 5 Nov 2005 4:16:28 A.... 606.208 592,00 K hashlib.dll Tue 15 Nov 2005 12:12:08 A.... 117.976 115,21 K gcunco~1.dll Tue 15 Nov 2005 12:12:06 A.... 95.448 93,21 K gccoll~1.dll Tue 15 Nov 2005 12:12:08 A.... 126.680 123,71 K shlwapi.dll Fri 21 Oct 2005 4:40:36 A.... 474.112 463,00 K shdocvw.dll Thu 1 Dec 2005 4:31:06 A.... 1.492.480 1,42 M pngfilt.dll Fri 21 Oct 2005 4:40:34 A.... 39.424 38,50 K mshtml.dll Thu 24 Nov 2005 0:58:28 A.... 3.013.632 2,87 M inseng.dll Fri 21 Oct 2005 4:40:32 A.... 96.768 94,50 K dxtrans.dll Fri 21 Oct 2005 4:40:32 A.... 205.312 200,50 K extmgr.dll Fri 21 Oct 2005 4:40:32 A.... 55.808 54,50 K 53 items found: 53 files (3 H/S), 0 directories. Total of file sizes: 37.981.839 bytes 36,22 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Datentr„ger in Laufwerk C: ist FESTPLATTE Volumeseriennummer: 1335-10E0 Verzeichnis von C:\WINDOWS\System32 18.01.2006 14:33 234.272 nNrrhook.dll 18.01.2006 13:47 234.272 mmi.dll 11.01.2006 16:34 234.272 pfrfdisk.dll 19.10.2005 17:13 237.011 h4j40e1qeh.dll 05.12.2003 19:35 <DIR> Microsoft 05.12.2003 19:03 <DIR> dllcache 4 Datei(en) 939.827 Bytes 2 Verzeichnis(se), 6.559.940.608 Bytes frei |
|
|
||
18.01.2006, 15:15
Ehrenmitglied
Beiträge: 29434 |
#15
loesche mit der Killbox:
C:\WINDOWS\System32\nNrrhook.dll C:\WINDOWS\System32\mmi.dll C:\WINDOWS\System32\pfrfdisk.dll C:\WINDOWS\System32\h4j40e1qeh.dll PC neustarten dann versuche noch mal die Option 2 von L2MFIX abzuarbeiten (mit neustart), denn was du hier gepostet hast, was die Option 1. danach scanne mit Spysweeper (trial) und kopiere hier ebenfalls den scanreport http://virus-protect.org/spysweeper.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
bin schon verzwiefielt habe alles ausprobiert
Logfile of HijackThis v1.99.1
Scan saved at 20:19:15, on 11.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Network Associates\VirusScan\SHSTAT.EXE
C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\Programme\Network Associates\Common Framework\FrameworkService.exe
C:\Programme\Network Associates\VirusScan\Mcshield.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Programme\Outlook Express\msimn.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programme\Winamp\Winamp.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Markus\Eigene Dateien\PRIVAT\Software\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programme\Gemeinsame Dateien\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [NBJ] "C:\Programme\nero\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Outlook Express.lnk = C:\Programme\Outlook Express\msimn.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework-Dienst (McAfeeFramework) - Network Associates, Inc. - C:\Programme\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe