Trojaner macht Startleiste weg

#1 hallo!
bei mir hat sich ein trojaner eingenistet, der meine Startleiste kappt. also erst öffnet sich diese kurz und dann wird sie sofort ausgeblendet und mein rechner braucht auch zum runterfahren ewigkeiten.

hier die hijack file:

Logfile of HijackThis v1.99.1
Scan saved at 16:44:14, on 29.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\iRiver\HSeries\iHPDetect.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\ObjectDock\ObjectDock.exe
C:\Programme\WinRoll\winroll.exe
C:\Programme\YzShadow\YzShadow.exe
H:\Programme\Adobe\Adobe Acrobat\Distillr\acrotray.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\ANNEGR~1\LOKALE~1\Temp\Rar$EX00.033\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.10.1:3128
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Programme\ICQToolbar\toolbaru.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Programme\Adobe\Adobe Acrobat\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Programme\Adobe\Adobe Acrobat\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Programme\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Programme\Adobe\Adobe Acrobat\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iHP-100] C:\Programme\iRiver\HSeries\iHPDetect.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\ServicePackFiles\i386\msconfig.exe /auto
O4 - HKCU\..\Run: [ObjectDock] C:\Programme\ObjectDock\ObjectDock.exe
O4 - HKCU\..\Run: [WinRoll] C:\Programme\WinRoll\winroll.exe
O4 - HKCU\..\Run: [Yz Shadow] C:\Programme\YzShadow\YzShadow.exe
O4 - Global Startup: Acrobat Assistant.lnk = H:\Programme\Adobe\Adobe Acrobat\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://H:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{37226A6A-F369-49B6-A2EB-C2A5E05558BB}: NameServer = 192.168.20.201
O17 - HKLM\System\CS1\Services\Tcpip\..\{37226A6A-F369-49B6-A2EB-C2A5E05558BB}: NameServer = 192.168.20.201
O17 - HKLM\System\CS2\Services\Tcpip\..\{37226A6A-F369-49B6-A2EB-C2A5E05558BB}: NameServer = 192.168.20.201
O17 - HKLM\System\CS3\Services\Tcpip\..\{37226A6A-F369-49B6-A2EB-C2A5E05558BB}: NameServer = 192.168.20.201
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

was kann ich tun?
vielen vielen dank für eine hilfe, ich weiß echt nicht was ich tun soll.

#2 abstract86

stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

Kopiere diese 4 Textdateien. Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html

Download f-secure-Beta Trial
http://www.f-secure.com/blacklight/
doppelklick: blbeta.exe
nach dem Check klicke -- next
nun findet man eine log-datei auf dem Desktop: kopiere sie in deinen Thread

-
__________
MfG Sabina

rund um die PC-Sicherheit

#3 das is bei blbeta.exe rausgekommen:

12/29/05 17:45:58 [Info]: BlackLight Engine 1.0.30 initialized
12/29/05 17:45:58 [Info]: OS: 5.1 build 2600 (Service Pack 2)
12/29/05 17:45:59 [Note]: 7019 4
12/29/05 17:45:59 [Note]: 7005 0
12/29/05 17:46:03 [Note]: 7006 0
12/29/05 17:46:03 [Note]: 7011 1464
12/29/05 17:46:04 [Note]: FSRAW library version 1.7.1014
12/29/05 17:47:47 [Note]: 7007 0

#4 stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

Kopiere diese 4 Textdateien. Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit

#5 ich hab ihn selber rausgekriegt, aber fragt nich wie, da hab ich keine ahnung

danke

#6 Hi, also soll ich jetzt einfach den log hier reinposten oder wie?
danke im Voraus ^^

#7

Zitat

Phoen1x16 postete
Hi, also soll ich jetzt einfach den log hier reinposten oder wie?
danke im Voraus ^^

kannst du machen
__________
MfG Sabina

rund um die PC-Sicherheit

#8 15.02.2006 17:59 35.870 vsconfig.xml
15.02.2006 17:58 43.573 nvapps.xml
14.02.2006 17:55 2.206 wpa.dbl
28.01.2006 11:02 39.992 perfc009.dat
28.01.2006 11:02 311.604 perfh009.dat
28.01.2006 11:02 316.594 perfh007.dat
28.01.2006 11:02 48.156 perfc007.dat
28.01.2006 11:02 723.744 PerfStringBackup.INI
28.01.2006 10:59 255 spupdwxp.log
28.01.2006 10:58 92.680 FNTCACHE.DAT
27.01.2006 15:08 98.304 CmdLineExt.dll
10.01.2006 16:47 23.392 nscompat.tlb
10.01.2006 16:47 16.832 amcompat.tlb
09.01.2006 18:29 4.212 zllictbl.dat
09.01.2006 18:16 25.065 wmpscheme.xml
09.01.2006 18:13 261 $winnt$.inf
09.01.2006 18:10 2.951 CONFIG.NT
09.01.2006 18:08 488 WindowsLogon.manifest
09.01.2006 18:08 488 logonui.exe.manifest
09.01.2006 18:08 749 nwc.cpl.manifest
09.01.2006 18:08 749 wuaucpl.cpl.manifest
09.01.2006 18:08 749 ncpa.cpl.manifest
09.01.2006 18:08 749 sapi.cpl.manifest
09.01.2006 18:08 749 cdplayer.exe.manifest
09.01.2006 18:06 21.740 emptyregdb.dat
09.01.2006 18:03 0 h323log.txt
14.12.2005 00:24 118.784 sirenacm.dll
10.12.2005 04:16 180.224 NVUNINST.EXE
10.12.2005 03:06 425.984 keystone.exe
10.12.2005 03:06 299.008 nvwrssk.dll
10.12.2005 03:06 315.392 nvwrsru.dll
10.12.2005 03:06 319.488 nvwrsptb.dll
10.12.2005 03:06 3.955.456 nv4_disp.dll
10.12.2005 03:06 110.592 nvapi.dll
10.12.2005 03:06 323.584 nvwrspt.dll
10.12.2005 03:06 442.368 nvappbar.exe
10.12.2005 03:06 35.840 nvcod.dll
10.12.2005 03:06 35.840 nvcodins.dll
10.12.2005 03:06 147.456 nvcolor.exe
10.12.2005 03:06 303.104 nvwrssl.dll
10.12.2005 03:06 294.912 nvwrssv.dll
10.12.2005 03:06 7.311.360 nvcpl.dll
10.12.2005 03:06 294.912 nvwrspl.dll
10.12.2005 03:06 16.356 nvdisp.nvu
10.12.2005 03:06 1.339.392 nvdspsch.exe
10.12.2005 03:06 573.440 nvhwvid.dll
10.12.2005 03:06 1.466.368 nview.dll
10.12.2005 03:06 229.376 nvmccs.dll
10.12.2005 03:06 45.056 nvmccsrs.dll
10.12.2005 03:06 303.104 nvwrstr.dll
10.12.2005 03:06 286.720 nvnt4cpl.dll
10.12.2005 03:06 5.402.624 nvoglnt.dll
10.12.2005 03:06 319.488 nvrsar.dll
10.12.2005 03:06 299.008 nvwrsno.dll
10.12.2005 03:06 319.488 nvwrsnl.dll
10.12.2005 03:06 241.664 nvrscs.dll
10.12.2005 03:06 245.760 nvrsda.dll
10.12.2005 03:06 270.336 nvrsde.dll
10.12.2005 03:06 274.432 nvrsel.dll
10.12.2005 03:06 241.664 nvrseng.dll
10.12.2005 03:06 274.432 nvrses.dll
10.12.2005 03:06 163.840 nvwrszhc.dll
10.12.2005 03:06 266.240 nvrsesm.dll
10.12.2005 03:06 196.608 nvwrsko.dll
10.12.2005 03:06 212.992 nvwrsja.dll
10.12.2005 03:06 241.664 nvrsfi.dll
10.12.2005 03:06 323.584 nvwrsit.dll
10.12.2005 03:06 278.528 nvrsfr.dll
10.12.2005 03:06 319.488 nvrshe.dll
10.12.2005 03:06 253.952 nvrshu.dll
10.12.2005 03:06 274.432 nvrsit.dll
10.12.2005 03:06 258.048 nvrsja.dll
10.12.2005 03:06 167.936 nvwrszht.dll
10.12.2005 03:06 315.392 nvwrshu.dll
10.12.2005 03:06 253.952 nvrsko.dll
10.12.2005 03:06 266.240 nvrsnl.dll
10.12.2005 03:06 278.528 nvwrshe.dll
10.12.2005 03:06 1.519.616 nwiz.exe
10.12.2005 03:06 249.856 nvrsno.dll
10.12.2005 03:06 249.856 nvrspl.dll
10.12.2005 03:06 327.680 nvwrsfr.dll
10.12.2005 03:06 86.016 nvmctray.dll
10.12.2005 03:06 303.104 nvwrsfi.dll
10.12.2005 03:06 266.240 nvrspt.dll
10.12.2005 03:06 262.144 nvrsptb.dll
10.12.2005 03:06 262.144 nvrsru.dll
10.12.2005 03:06 327.680 nvwrsesm.dll
10.12.2005 03:06 249.856 nvrssk.dll
10.12.2005 03:06 249.856 nvrssl.dll
10.12.2005 03:06 245.760 nvrssv.dll
10.12.2005 03:06 249.856 nvrstr.dll
10.12.2005 03:06 217.088 nvrszhc.dll
10.12.2005 03:06 335.872 nvwrses.dll
10.12.2005 03:06 286.720 nvwrseng.dll
10.12.2005 03:06 466.944 nvshell.dll
10.12.2005 03:06 131.139 nvsvc32.exe
10.12.2005 03:06 73.728 nvtuicpl.cpl
10.12.2005 03:06 180.224 nvudisp.exe
10.12.2005 03:06 118.784 nvrszht.dll
10.12.2005 03:06 81.920 nvwddi.dll
10.12.2005 03:06 1.662.976 nvwdmcpl.dll
10.12.2005 03:06 1.019.904 nvwimg.dll
10.12.2005 03:06 282.624 nvwrsar.dll
10.12.2005 03:06 286.720 nvwrscs.dll
10.12.2005 03:06 335.872 nvwrsel.dll
10.12.2005 03:06 294.912 nvwrsda.dll
10.12.2005 03:06 311.296 nvwrsde.dll
08.12.2005 13:56 65.536 QuickTimeVR.qtx
08.12.2005 13:56 49.152 QuickTime.qts

So ungefähr?

#9 Phoen1x16

nun ja...es sind vier Logs und der Pfad obendran waere auch nett... sonst kann ich damit nichts anfangen
+
Hijackthis
http://computercops.biz/zx/Merijn/hijackthis.zip
http://virus-protect.org/hjtkurz.html
Lade/entpacke HijackThis in einem Ordner
--> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
__________
MfG Sabina

rund um die PC-Sicherheit

#10 So hab Hijack gestartet, und dies kam raus:

Logfile of HijackThis v1.99.1
Scan saved at 15:45:25, on 16.02.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Programme\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Programme\Internet Explorer\iexplore.exe
D:\Programme\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.net/de
O4 - HKLM\..\Run: [AVPCC] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: F-Secure 2006.lnk = C:\Programme\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.hotbar.com/installs/hbtools/programs/hbtools.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /Service (file missing)
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programme\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe" /Service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Ich hoffe, ich habs richtig gemacht ^^

#11 Phoen1x16

warum soll ich dein HijackThis durcharbeiten ? Gibt es Hinweise auf Viren?
__________
MfG Sabina

rund um die PC-Sicherheit

#12 Sorry, dass ich vielleicht Deinen Anweisungen falsch gefolgt bin aber ich glaube, dass bei mir alles wieder normal läuft. Kann es vielleicht sein, dass "Object Dock" das Problem dafür war? Denn als ich das deinstalliert habe, so war alles wieder bei Altem . Danke trotzdem für die Fachkompetente Hilfe ^^. Alles in allem: Mein Problem hat sich "von alleine" gelöst, indem ich unter Anderem auch Object Dock gelöscht habe ^^.

#13 @ sabina:
@ all:

erstmal wünsche ich allen ein frohes neues jahr.
und zu meinem einstand ein "hallo" an alle.

wegen dem selben problem, hole ich diesen thread noch mal aus dem keller.

also meine startleiste ist weg, alles schon probiert, spybot findet nichts, avg findet nichts, cleanUp! ausgeführt, kaspersky online läuft noch.

hier die .txt files:

Logfile of HijackThis v1.99.1
Scan saved at 18:20:17, on 01.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
D:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Microsoft ActiveSync\wcescomm.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
D:\MICROS~3\rapimgr.exe
D:\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\DOKUME~1\Dennis\LOKALE~1\Temp\Rar$EX00.390\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KONICA MINOLTA magicolor 2400W STD] C:\WINDOWS\system32\MSTMON_S.EXE STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\MICROS~3\INetRepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


blbeta:

12/27/06 12:02:48 [Info]: BlackLight Engine 1.0.47 initialized
12/27/06 12:02:48 [Info]: OS: 5.1 build 2600 (Service Pack 2)
12/27/06 12:02:48 [Note]: 7019 4
12/27/06 12:02:48 [Note]: 7005 0
12/27/06 12:02:49 [Note]: 7006 0
12/27/06 12:02:49 [Note]: 7011 676
12/27/06 12:02:49 [Note]: 7026 0
12/27/06 12:02:49 [Note]: 7026 0
12/27/06 12:02:57 [Note]: FSRAW library version 1.7.1020
12/27/06 12:06:23 [Note]: 2000 1012
12/27/06 12:06:23 [Note]: 2000 1012
12/27/06 12:06:23 [Note]: 2000 1012
12/27/06 12:06:23 [Note]: 7007 0


Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: ECE9-5574

Verzeichnis von C:\WINDOWS\system32

01.01.2007 18:19 43.573 nvapps.xml
29.12.2006 19:50 2.278 wpa.dbl
13.12.2006 18:15 131.072 SpoonUninstall.exe
08.12.2006 00:13 10.716.584 MRT.exe
07.12.2006 07:40 2.362.184 wmvcore.dll
28.11.2006 15:49 314.644 perfh009.dat
28.11.2006 15:49 732.342 PerfStringBackup.INI
28.11.2006 15:49 320.424 perfh007.dat
28.11.2006 15:49 49.372 perfc007.dat
28.11.2006 15:49 40.972 perfc009.dat
15.11.2006 13:51 8.891 jupdate-1.5.0_09-b03.log
08.11.2006 06:06 679.424 inetcomm.dll
04.11.2006 14:14 1.245.696 msxml4.dll
25.10.2006 19:15 65.536 QuickTimeVR.qtx
25.10.2006 19:15 49.152 QuickTime.qts
23.10.2006 16:17 1.494.528 shdocvw.dll
23.10.2006 16:17 664.576 wininet.dll
23.10.2006 16:17 474.624 shlwapi.dll
23.10.2006 16:17 615.936 urlmon.dll
23.10.2006 16:17 448.512 mshtmled.dll
23.10.2006 16:17 3.076.096 mshtml.dll
23.10.2006 16:17 39.424 pngfilt.dll
23.10.2006 16:17 532.480 mstime.dll
23.10.2006 16:17 146.432 msrating.dll
23.10.2006 16:17 152.064 cdfview.dll
23.10.2006 16:17 205.312 dxtrans.dll
23.10.2006 16:17 1.056.256 danim.dll
23.10.2006 16:17 96.768 inseng.dll
23.10.2006 16:17 1.022.976 browseui.dll
23.10.2006 16:17 251.392 iepeers.dll
23.10.2006 16:17 357.888 dxtmsft.dll
23.10.2006 16:17 16.384 jsproxy.dll
23.10.2006 16:17 55.808 extmgr.dll
23.10.2006 12:42 123.392 xpsp3res.dll
20.10.2006 02:38 715.776 sxs.dll
13.10.2006 17:43 247.104 FNTCACHE.DAT
13.10.2006 13:35 146.432 nwprovau.dll
13.10.2006 13:35 65.536 nwwks.dll
13.10.2006 13:35 64.000 nwapi32.dll
13.10.2006 08:31 110.592 avgfwafu.dll
12.10.2006 03:10 127.078 javaws.exe
12.10.2006 03:10 49.265 jpicpl32.cpl
12.10.2006 01:35 53.346 javaw.exe
12.10.2006 01:35 49.248 java.exe
13.09.2006 06:02 1.084.416 msxml3.dll


Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: ECE9-5574

Verzeichnis von C:\DOKUME~1\Dennis\LOKALE~1\Temp

01.01.2007 18:32 32.772 AVPFE.tmp
01.01.2007 18:32 0 AVP100.tmp
01.01.2007 18:32 0 AVPFF.tmp
01.01.2007 18:24 173 jusched.log
01.01.2007 18:19 277 WCESLog.log
01.01.2007 18:19 375 WCESCOMM.LOG
6 Datei(en) 33.597 Bytes
0 Verzeichnis(se), 12.585.676.800 Bytes frei


Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: ECE9-5574

Verzeichnis von C:\WINDOWS

01.01.2007 18:24 738.252 setupapi.log
01.01.2007 18:19 0 0.log
01.01.2007 18:18 1.120.858 WindowsUpdate.log
01.01.2007 18:18 159 wiadebug.log
01.01.2007 18:18 50 wiaservc.log
01.01.2007 18:18 2.048 bootstat.dat
01.01.2007 17:35 512.604 ntbtlog.txt
01.01.2007 17:33 32.618 SchedLgU.Txt
29.12.2006 19:51 780.506 setuplog.txt
22.12.2006 11:19 29.122 wmsetup.log
17.12.2006 15:25 709.291 iis6.log
17.12.2006 15:25 1.393 imsins.log
17.12.2006 15:25 217.482 comsetup.log
17.12.2006 15:25 32.041 tabletoc.log
17.12.2006 15:25 291.236 tsoc.log
17.12.2006 15:25 130.435 ntdtcsetup.log
17.12.2006 15:25 34.528 ocmsn.log
17.12.2006 15:25 18.222 KB925454.log
17.12.2006 15:25 306.276 ocgen.log
17.12.2006 15:25 43.856 MedCtrOC.log
17.12.2006 15:25 110.516 netfxocm.log
17.12.2006 15:25 31.206 msgsocm.log
17.12.2006 15:25 624.206 FaxSetup.log
17.12.2006 15:25 197.142 msmqinst.log
17.12.2006 15:25 41.378 updspapi.log
17.12.2006 15:25 1.393 imsins.BAK
17.12.2006 15:25 10.010 KB925398.log
17.12.2006 15:25 11.841 KB923980.log
17.12.2006 15:25 11.269 KB923689.log
17.12.2006 15:24 11.507 KB926255.log
17.12.2006 15:24 11.329 KB923694.log
16.12.2006 21:04 182.835 setupact.log
13.12.2006 07:37 23.201 KB924191.log
13.12.2006 07:37 22.806 KB922819.log
13.12.2006 07:37 21.016 KB923414.log
13.12.2006 07:37 20.882 KB920685.log
13.12.2006 07:37 23.276 KB924270.log
13.12.2006 07:37 20.193 KB924496.log
13.12.2006 07:36 21.838 KB920872.log
13.12.2006 07:36 19.685 KB919007.log
13.12.2006 07:36 16.926 KB923191.log
13.12.2006 07:36 14.048 KB922582.log
13.12.2006 07:35 16.515 KB925486.log
13.12.2006 07:35 17.207 KB920213.log
13.12.2006 07:35 19.343 KB922760.log
12.12.2006 18:24 116 NeroDigital.ini
12.12.2006 18:11 484 GEARInstall.log
10.12.2006 15:29 2.622 ie7_main.log
16.11.2006 19:21 52.333 DirectX.log
16.11.2006 19:13 8.246 hhdrvi.log
13.10.2006 11:28 21 TemplateWizard.INI
06.10.2006 12:00 170 wininit.ini
28.09.2006 12:14 0 nsreg.dat
28.09.2006 12:13 5.543 mozver.dat
25.09.2006 17:09 652 win.ini


Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: ECE9-5574

Verzeichnis von C:\

01.01.2007 18:33 0 sys.txt
01.01.2007 18:33 873 down.txt
01.01.2007 18:32 111 tmp.txt
01.01.2007 18:32 11.291 system.txt
01.01.2007 18:32 528 systemtemp.txt
01.01.2007 18:31 118.005 system32.txt
01.01.2007 18:17 1.157.627.904 pagefile.sys
29.12.2006 19:21 662 ChangeVLKeySP1.vbs.txt
13.10.2006 11:25 13.030 PDOXUSRS.NET
27.08.2006 21:08 13.312 dvb.GRF
29.08.2005 09:41 210 boot.ini
28.08.2005 12:06 0 MSDOS.SYS
28.08.2005 12:06 0 AUTOEXEC.BAT
28.08.2005 12:06 0 CONFIG.SYS
28.08.2005 12:06 0 IO.SYS
03.08.2004 21:59 251.184 ntldr
03.08.2004 21:38 47.564 NTDETECT.COM
23.08.2001 13:00 4.952 bootfont.bin
18 Datei(en) 1.158.089.626 Bytes
0 Verzeichnis(se), 12.603.412.480 Bytes frei


ich hoffe ihr könnt mir helfen.

gruß DennisK

#14 DennisK

poste dieses log
http://virus-protect.org/silentrunner.html
__________
MfG Sabina

rund um die PC-Sicherheit

#15 @ sabina: danke für das turboschnelle antworten. thx DennisK


"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"" [file not found]
"H/PC Connection Agent" = ""D:\Microsoft ActiveSync\wcescomm.exe"" [MS]
"swg" = "C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SunJavaUpdateSched" = ""C:\Programme\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"Acrobat Assistant 7.0" = ""D:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"" ["Adobe Systems Inc."]
"(Default)" = "(empty string)" [file not found]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"KONICA MINOLTA magicolor 2400W STD" = "C:\WINDOWS\system32\MSTMON_S.EXE STARTUP" ["KONICA MINOLTA BUSINESS TECHNOLOGIES, INC."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "D:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Germany GmbH"]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Conversion Toolbar Helper"
\InProcServer32\(Default) = "D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "D:\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "D:\MICROS~1\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung"
\InProcServer32\(Default) = "D:\MICROS~1\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "D:\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{6B19FEC2-A45B-11CF-9045-00A0C9039735}" = "Registered ActiveX Controls"
-> {HKLM...CLSID} = "Registered ActiveX Controls"
\InProcServer32\(Default) = "D:\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL" [MS]
"{D545EBD1-BD92-11CF-8772-00A0C9039735}" = "Developer Studio Components"
-> {HKLM...CLSID} = "Developer Studio Components"
\InProcServer32\(Default) = "D:\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL" [MS]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
"{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device"
-> {HKLM...CLSID} = "Mobiles Gerät"
\InProcServer32\(Default) = "D:\MICROS~3\Wcesview.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "D:\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "D:\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
WS_FTP\(Default) = "{797F3885-5429-11D4-8823-0050DA59922B}"
-> {HKLM...CLSID} = "RtClkCtxMenu Class"
\InProcServer32\(Default) = "d:\Ipswitch\WS_FTP Professional\wsftpsi.dll" ["Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
WS_FTP\(Default) = "{797F3885-5429-11D4-8823-0050DA59922B}"
-> {HKLM...CLSID} = "RtClkCtxMenu Class"
\InProcServer32\(Default) = "d:\Ipswitch\WS_FTP Professional\wsftpsi.dll" ["Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421"]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\Dennis\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"


Startup items in "Dennis" & "All Users" startup folders:
--------------------------------------------------------

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Adobe Acrobat - Schnellstart" -> shortcut to: "C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe" [null data]


Enabled Scheduled Tasks:
------------------------

"WebReg 20050909171735" -> launches: "d:\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe /TaskName 20050909171735 /N "HP psc 1200 Series" /M Q1662A /S MY33LB22NV5H /AP 303 /F /T " [file not found]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\avgfwafu.dll ["GRISOFT, s.r.o."], 01 - 05
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 26
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Germany GmbH"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Germany GmbH"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Germany GmbH"]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\MICROS~1\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_09"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."]

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Create Mobile Favorite"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "D:\MICROS~3\INetRepl.dll" [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Mobilen Favoriten erstellen..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "D:\MICROS~3\INetRepl.dll" [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherchieren"

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG Firewall, AVGFwSrv, "C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe /srvfsys" ["GRISOFT, s.r.o."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."]
Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]
Canon BJ Language Monitor iP5200R\Driver = "CNMLM7A.DLL" ["CANON INC."]
Canon BJNP Port\Driver = "CNMNPPM.DLL" ["CANON INC."]
EPSON V6 2KMonitor\Driver = "EBPMON24.DLL" ["SEIKO EPSON CORPORATION"]
FaxWare Monitor\Driver = "faxwarmo.dll" ["Tobit Software"]
hpzsnt07\Driver = "hpzsnt07.dll" ["HP"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
MLMON__S\Driver = "MLMON__S.DLL" ["KONICA MINOLTA BUSINESS TECHNOLOGIES, INC."]
Tobit Color Monitor\Driver = "IMGMSGMO.dll" [null data]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 47 seconds, including 11 seconds for message boxes)