bitte meinen HijackLog anschauen wenn ihr Zeit habt |
||
---|---|---|
#0
| ||
26.01.2006, 20:38
Member
Beiträge: 16 |
||
|
||
27.01.2006, 01:35
Ehrenmitglied
Beiträge: 29434 |
#2
alex16021988
Download f-secure-Beta Trial http://www.f-secure.com/blacklight/ doppelklick: blbeta.exe nach dem Check klicke -- next nun findet man eine log-datei auf dem Desktop: kopiere sie in deinen Thread stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html Kopiere diese 4 Textdateien. Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
27.01.2006, 14:26
Member
Themenstarter Beiträge: 16 |
#3
hallo!
danke erst mals... also hier sit die auswertung vom ersten Schritt 01/27/06 14:16:16 [Info]: BlackLight Engine 1.0.30 initialized 01/27/06 14:16:16 [Info]: OS: 5.1 build 2600 (Service Pack 2) 01/27/06 14:16:16 [Note]: 7019 4 01/27/06 14:16:16 [Note]: 7005 0 01/27/06 14:16:18 [Note]: 7006 0 01/27/06 14:16:18 [Note]: 7011 596 01/27/06 14:16:18 [Note]: FSRAW library version 1.7.1014 01/27/06 14:17:43 [Note]: 7007 0 ich habe nämlich gestern ein paar datein mithilfe der einen webseite die sie auswertet gelöscht... aber ich hab noch immer das Problem dass der Pc auf eine andere Suchseite springt..... Verzeichnis von C:\WINDOWS\system32 26.01.2006 21:50 39.992 perfc009.dat 26.01.2006 21:50 311.604 perfh009.dat 26.01.2006 21:50 316.594 perfh007.dat 26.01.2006 21:50 48.156 perfc007.dat 26.01.2006 21:50 723.744 PerfStringBackup.INI 26.01.2006 21:46 28.930 nvapps.xml 26.01.2006 19:00 2.206 wpa.dbl 10.01.2006 20:31 5.632 favset.exe 10.01.2006 20:11 51.200 cssiz.exe 10.01.2006 20:05 28.160 jtcqd.exe 24.12.2005 15:32 34.064 lhacm.acm 22.10.2005 10:50 138.056 FNTCACHE.DAT 17.09.2005 13:53 705 woinst32.exe 17.09.2005 13:16 1.409 PGMUS.FOT 10.08.2005 11:48 3.799 jupdate-1.5.0_04-b05.log 02.08.2005 15:35 466.944 nvshell.dll 02.08.2005 15:35 81.920 nvwddi.dll 02.08.2005 15:35 286.720 nvnt4cpl.dll 02.08.2005 15:35 86.016 nvmctray.dll 02.08.2005 15:35 1.466.368 nview.dll 02.08.2005 15:35 540.672 nvhwvid.dll 02.08.2005 15:35 1.662.976 nvwdmcpl.dll 02.08.2005 15:35 127.043 nvsvc32.exe 02.08.2005 15:35 393.216 keystone.exe 02.08.2005 15:35 1.019.904 nvwimg.dll 02.08.2005 15:35 1.519.616 nwiz.exe 02.08.2005 15:35 1.339.392 nvdspsch.exe 02.08.2005 15:35 14.757 nvdisp.nvu 02.08.2005 15:35 7.110.656 nvcpl.dll 02.08.2005 15:35 147.456 nvcolor.exe 02.08.2005 15:35 3.908.864 nv4_disp.dll 02.08.2005 15:35 176.128 nvudisp.exe 02.08.2005 15:35 5.140.480 nvoglnt.dll 02.08.2005 15:35 442.368 nvappbar.exe 02.08.2005 15:35 73.728 nvtuicpl.cpl 02.08.2005 15:35 32.768 nvcod.dll 02.08.2005 15:35 32.768 nvcodins.dll 27.07.2005 19:35 1.797.606 cryptiso.dll 27.07.2005 15:12 102.912 islzma.dll 03.07.2005 14:20 0 MX_SHARE.DAT 22.06.2005 20:30 16.832 amcompat.tlb 22.06.2005 20:30 23.392 nscompat.tlb 22.06.2005 20:30 2.272 w95inf16.dll 22.06.2005 20:30 4.608 w95inf32.dll 13.06.2005 16:50 289 service.exe Verzeichnis von C:\WINDOWS 27.01.2006 09:02 32.512 SchedLgU.Txt 26.01.2006 21:52 390.694 WindowsUpdate.log 26.01.2006 21:46 157 wiadebug.log 26.01.2006 21:46 50 wiaservc.log 26.01.2006 21:46 2.048 bootstat.dat 26.01.2006 20:26 227 system.ini 26.01.2006 20:26 1.083 win.ini 13.01.2006 14:52 202 NeroDigital.ini 10.01.2006 19:59 1.409 QTFont.for 10.01.2006 19:59 54.156 QTFont.qfn 29.12.2005 09:46 335 videodeLuxe.INI 21.11.2005 20:22 25.713 CSTBox.INI 19.09.2005 18:53 74 BBW_INFO.INI 17.09.2005 13:53 6.018 ModemLog_Bluetooth Fax Modem.txt 11.09.2005 19:30 4.096 d3dx.dat 30.08.2005 17:22 316.640 WMSysPr9.prx 22.08.2005 14:53 0 distlib.ini 21.08.2005 13:10 509 MAXLINK.INI 21.08.2005 12:48 0 MSREGUSR.INI 16.08.2005 08:55 38.704 unvpeye.ini 10.08.2005 15:54 2.510 Microsoft.MIF 10.08.2005 15:54 2.464 $_hpcst$.hpc 03.08.2005 00:36 424.960 WRServices.dll 28.07.2005 09:03 0 Sti_Trace.log 04.07.2005 17:52 46 mxcdr.INI 03.07.2005 14:04 161 magix.ini 12.06.2005 09:24 224 Clony2.ini 06.06.2005 19:09 17 MovingPicture.ini 25.05.2005 13:10 403 ODBC.INI 20.05.2005 16:32 142.653 UNNeroVision.cfg 19.05.2005 19:30 0 nsreg.dat 19.05.2005 19:30 99.965 UninstallFirefox.exe 19.05.2005 19:29 3.089 mozver.dat 17.05.2005 22:40 59 vbaddin.ini 17.05.2005 21:58 8.192 REGLOCS.OLD 17.05.2005 21:55 0 control.ini 17.05.2005 21:55 299.552 WMSysPrx.prx 17.05.2005 21:55 4.161 ODBCINST.INI 17.05.2005 21:54 749 WindowsShell.Manifest 17.05.2005 21:52 36 vb.ini Verzeichnis von C:\ 27.01.2006 14:25 0 sys.txt 27.01.2006 14:24 5.933 system.txt 27.01.2006 14:24 733 systemtemp.txt 27.01.2006 14:24 109.664 system32.txt 26.01.2006 21:46 1.609.801.728 pagefile.sys 26.01.2006 20:26 211 boot.ini 10.01.2006 20:27 5.632 ms32.sys 29.12.2005 09:45 0 getframes.log 03.07.2005 14:20 0 vstcdbg.log 30.06.2005 08:02 137 BcBtRmv.log 29.06.2005 21:07 3 TCPCheckResult.txt 13.06.2005 19:50 0 23990098.$$$ 13.06.2005 19:50 4 AVPCallback.log 12.06.2005 09:24 299 clony.txt 17.05.2005 22:33 3.222 update.log 17.05.2005 22:08 47.564 NTDETECT.COM 17.05.2005 22:08 251.184 ntldr 17.05.2005 21:55 0 CONFIG.SYS 17.05.2005 21:55 0 AUTOEXEC.BAT 17.05.2005 21:55 0 IO.SYS 17.05.2005 21:55 0 MSDOS.SYS 31.10.2004 12:11 159.078 Crack.exe 01.09.2000 09:39 4.952 bootfont.bin 23 Datei(en) 1.610.390.344 Bytes 0 Verzeichnis(se), 518.189.056 Bytes frei Verzeichnis von C:\DOKUME~1\alex\LOKALE~1\Temp 27.01.2006 14:14 54.272 ginstall.dll 26.01.2006 21:50 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}27972.html 26.01.2006 21:47 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}1021.html 26.01.2006 21:47 16.384 ~DF72F5.tmp 26.01.2006 21:47 512 ~DFF837.tmp 26.01.2006 21:47 16.384 ~DFF82B.tmp 26.01.2006 21:46 224 WCESCOMM.LOG 26.01.2006 21:46 412 jusched.log 8 Datei(en) 90.149 Bytes 0 Verzeichnis(se), 518.189.056 Bytes frei |
|
|
||
27.01.2006, 14:55
Ehrenmitglied
Beiträge: 29434 |
#4
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum
http://www.virustotal.com/flash/index_en.html C:\WINDOWS\system32\config\service.exe C:\WINDOWS\system32\config\smss.exe ------------------------------------------------------------------------ lade: KILLBOX - Pocket KillBox http://virus-protect.org/killbox.htm ------------------------------------------------------------------------------- damit wird auch deine Internetverbindung (die korumpiert ist) geloecht...du musst nach Neustarte eine neue erstellen) öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten R3 - URLSearchHook: (no name) - {B0DE96BE-BC6F-BD03-EA27-928BB2448D92} - WinInitDll.dll (file missing) R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file) O4 - HKLM\..\Run: [Service Process] C:\WINDOWS\system32\config\service.exe O4 - HKLM\..\Run: [Services Process] C:\WINDOWS\system32\config\smss.exe O4 - HKLM\..\Run: [dmhim.exe] C:\WINDOWS\system32\dmhim.exe O4 - HKLM\..\Run: [dmyrg.exe] C:\WINDOWS\system32\dmyrg.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{015038E5-F5B9-4BC5-9229-2FC362476F07}: NameServer = 85.255.116.109,85.255.112.214 O17 - HKLM\System\CCS\Services\Tcpip\..\{5D2451C1-7873-4DD5-97FC-4DADC0FF233D}: NameServer = 85.255.116.109,85.255.112.214 O17 - HKLM\System\CCS\Services\Tcpip\..\{AF6CE0A9-7CBD-4596-B67D-03D79390D219}: NameServer = 85.255.116.109,85.255.112.214 O17 - HKLM\System\CCS\Services\Tcpip\..\{F078767F-73F9-45F7-B6C7-80DEB408C7D1}: NameServer = 85.255.116.109,85.255.112.214 O17 - HKLM\System\CS1\Services\Tcpip\..\{015038E5-F5B9-4BC5-9229-2FC362476F07}: NameServer = 85.255.116.109,85.255.112.214 KILLBOX - Pocket KillBox Options: Delete on Reboot --> anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" reinkopieren: C:\WINDOWS\system32\dmhim.exe C:\WINDOWS\system32\dmyrg.exe C:\WINDOWS\system32\favset.exe C:\WINDOWS\system32\cssiz.exe C:\WINDOWS\system32\jtcqd.exe C:\WINDOWS\system32\woinst32.exe C:\DOKUME~1\alex\LOKALE~1\Temp\ginstall.dll C:\ms32.sys C:\Crack.exe PC neustarten Download FixWareout: http://swandog46.geekstogo.com/Fixwareout.exe Fixwareout.exe --> next --> Install --> Run fixit --> Finish / der PC wird neustarten --> C:\fixwareout\report.txt http://virus-protect.org/multiavtool.html klicke "3" - McAfee -- es erscheint ein leeres DOS-Fenster. - man muss eingeben, was gescannt werden soll - C:\Windows\System32 dann beginnt der Scan, man sollte dann auch scannen lassen: - C:\Windows - C:\ klicke "6 --> der PC wird neustarten --> suche die 3 Scanreporte in C:\AV-CLS und kopiere sie hier. ------------------------------------------------------------------------------ kopiere hier das Log vom Silentrunner http://virus-protect.org/silentrunner.html ---------------------------------------------------------------------------- Info (ist fuer mich) http://www.sophos.com/virusinfo/analyses/trojfdowna.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
27.01.2006, 20:33
Member
Themenstarter Beiträge: 16 |
#5
wow thx for helping me!!!
aber der punkt mit dem Mcaffee geht nicht so richtig, der will da was downloaden! muss ich das zulassen? aja und ich hab vergessen zu sagen dass ich übers netzwerk im inet bin.... ist mein server befallen? This is a report processed by VirusTotal on 01/27/2006 at 19:37:28 (CET) after scanning the file "service.exe" file. Antivirus Version Update Result AntiVir 6.33.0.77 01.27.2006 no virus found Avast 4.6.695.0 01.27.2006 no virus found AVG 718 01.27.2006 no virus found Avira 6.33.0.81 01.27.2006 no virus found BitDefender 7.2 01.27.2006 no virus found CAT-QuickHeal 8.00 01.27.2006 no virus found ClamAV devel-20051123 01.27.2006 no virus found DrWeb 4.33 01.27.2006 no virus found eTrust-InoculateIT 23.71.61 01.27.2006 no virus found eTrust-Vet 12.4.2058 01.27.2006 no virus found Ewido 3.5 01.27.2006 no virus found Fortinet 2.54.0.0 01.27.2006 no virus found F-Prot 3.16c 01.26.2006 no virus found Ikarus 0.2.59.0 01.27.2006 no virus found Kaspersky 4.0.2.24 01.27.2006 no virus found McAfee 4683 01.26.2006 no virus found NOD32v2 1.1383 01.27.2006 no virus found Norman 5.70.10 01.27.2006 no virus found Panda 9.0.0.4 01.27.2006 no virus found Sophos 4.01.0 01.27.2006 no virus found Symantec 8.0 01.27.2006 no virus found TheHacker 5.9.3.082 01.27.2006 no virus found UNA 1.83 01.27.2006 no virus found VBA32 3.10.5 01.27.2006 no virus found This is a report processed by VirusTotal on 01/27/2006 at 19:39:41 (CET) after scanning the file "smss.exe" file. Antivirus Version Update Result AntiVir 6.33.0.77 01.27.2006 no virus found Avast 4.6.695.0 01.27.2006 no virus found AVG 718 01.27.2006 no virus found Avira 6.33.0.81 01.27.2006 no virus found BitDefender 7.2 01.27.2006 no virus found CAT-QuickHeal 8.00 01.27.2006 no virus found ClamAV devel-20051123 01.27.2006 no virus found DrWeb 4.33 01.27.2006 no virus found eTrust-InoculateIT 23.71.61 01.27.2006 no virus found eTrust-Vet 12.4.2058 01.27.2006 no virus found Ewido 3.5 01.27.2006 no virus found Fortinet 2.54.0.0 01.27.2006 no virus found F-Prot 3.16c 01.26.2006 no virus found Ikarus 0.2.59.0 01.27.2006 no virus found Kaspersky 4.0.2.24 01.27.2006 no virus found McAfee 4683 01.26.2006 no virus found NOD32v2 1.1383 01.27.2006 no virus found Norman 5.70.10 01.27.2006 no virus found Panda 9.0.0.4 01.27.2006 no virus found Sophos 4.01.0 01.27.2006 no virus found Symantec 8.0 01.27.2006 no virus found TheHacker 5.9.3.082 01.27.2006 no virus found UNA 1.83 01.27.2006 no virus found VBA32 3.10.5 01.27.2006 no virus found Fixwareout ver 1.003 Last edited 1/12/2006 Post this report in the forums please Reg Entries that were deleted HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\1dedoc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwh HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\domdnb HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\orcimlh HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23tsniow HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\mihmd HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\xedocne HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwoh HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23plhps HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\mgcppp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\tesvaf HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\32refaselif HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\sjjmd HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1dedoc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llams_ogol HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwh HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ytpme HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\domdnb HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\orcimlh HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23tsniow HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\golmedi HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Search by size and names... C:\WINDOWS\SYSTEM32\DMJJS.EXE »»»»» Misc files »»»»» Checking for older varients covered by the Rem3 tool C:\WINDOWS\System32\service.exe "Silent Runners.vbs", revision 43, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "H/PC Connection Agent" = ""C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"" [MS] "MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS] HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++} "ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "AudioDeck" = "C:\Programme\VIA Technologies, Inc\Audio Deck\ADeck.exe" ["VIA Technologies, Inc."] "ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -minimize" ["ICQ Ltd."] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "ccApp" = ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"" ["Symantec Corporation"] "URLLSTCK.exe" = "C:\Programme\Norton Internet Security\UrlLstCk.exe" ["Symantec Corporation"] "Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"] "ServiceLayer" = "C:\Programme\Gemeinsame Dateien\Nokia\Services\ServiceLayer.exe" [file not found] "Nokia Tray Application" = "C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe" [file not found] "SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."] "Omnipage" = "C:\Programme\ScanSoft\OmniPageSE\opware32.exe" ["ScanSoft, Inc"] "Services Process" = "C:\WINDOWS\system32\config\smss.exe" [file not found] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "AnyDVD" = "C:\Programme\SlySoft\AnyDVD\AnyDVD.exe" ["SlySoft, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"] {9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Web assistant" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"] {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"] "{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.2 Context Menu Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"] "{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.2 DragDrop Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"] "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.2 Context Menu Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"] "{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.2 Property Sheet Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"] "{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["WIDCOMM Inc."] "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ "System" = (value not set) HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."] Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Startup items in "alex" & "All Users" startup folders: ------------------------------------------------------ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Adobe Reader Speed Launch" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office\OSA9.EXE -b -l" [MS] "WinZip Quick Pick" -> shortcut to: "C:\Programme\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc. and H.C. Top Systems B.V."] Enabled Scheduled Tasks: ------------------------ "Norton AntiVirus - Scan my computer" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /task:"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"] "Symantec NetDetect" -> launches: "C:\Programme\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{855F3B16-6D32-4FE6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."] "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Web assistant" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{855F3B16-6D32-4FE6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."] "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Web assistant" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"] "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."] {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\ "ButtonText" = "Mobilen Favoriten erstellen" "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft ActiveSync\INETREPL.DLL" [MS] {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\ "MenuText" = "Mobilen Favoriten erstellen..." "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft ActiveSync\INETREPL.DLL" [MS] {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ Missing lines (compared with English-language version): "{855F3B16-6D32-4fe6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir Update, AVWUpSrv, ""C:\Programme\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"] MrobeService, MrobeService, ""C:\WINDOWS\system32\MrobeService.exe"" ["OLYMPUS IMAGING CORP."] Norton AntiVirus Auto Protect Service, navapsvc, ""C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] SAVScan, SAVScan, ""C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe"" ["Symantec Corporation"] Symantec Event Manager, ccEvtMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"] Symantec Network Drivers Service, SNDSrvc, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"] Symantec Network Proxy, ccProxy, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"] Symantec Settings Manager, ccSetMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"] SymWMI Service, SymWSC, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe"" ["Symantec Corporation"] Webroot Spy Sweeper Engine, svcWRSSSDK, "C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe" ["Webroot Software, Inc."] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 29 seconds, including 2 seconds for message boxes) |
|
|
||
28.01.2006, 00:24
Ehrenmitglied
Beiträge: 29434 |
#6
der PC ist/war mit Wareout verseucht...aber wir bekommen das schon wieder hin
Mcaffee--> den Download musst du zulassen, das Tool sucht die neusten Virenupdates....kopiere dann hier den scanreport Poste das log von Winpfind http://virus-protect.org/winpfind.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
28.01.2006, 17:53
Member
Themenstarter Beiträge: 16 |
#7
danke dass du dir wegen mir so viel antust!
aja ein prob hab ich noch : wenn ich etwas ins word kopieren möchte taucht da immer ein kleines handy statt dem text auf, dann muss ich immer alles nochmals kopieren und dann gehts erst! Virus Scan Report File ------------------------------------------------------------------------ Virus Scan Information ------------------------------------------------------------------------ McAfee VirusScan for Win32 v4.40.0 Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights reserved. (408) 988-3832 LICENSED COPY - Sep 23 2004 Scan engine v4.4.00 for Win32. Virus data file v4684 created Jan 27 2006 Scanning for 173736 viruses, trojans and variants. ------------------------------------------------------------------------ Virus Scan Results ------------------------------------------------------------------------ 01/28/2006 11:07:47 Options: "C:\WINDOWS\SYSTEM32" /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /MIME /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML" Scanning C: [] Scanning C:\WINDOWS\SYSTEM32\*.* Summary report on C:\WINDOWS\SYSTEM32\*.* File(s) Total files: ........... 6946 Clean: ................. 6934 Possibly Infected: ..... 0 Cleaned: ............... 0 Non-critical Error(s): 1 Time: 00:06.05 ------------------------------------------------------------------------ Visit the McAfee Online Web Site Need some help or advice? Send email to Technical Support. Virus Scan Report File ------------------------------------------------------------------------ Virus Scan Information ------------------------------------------------------------------------ McAfee VirusScan for Win32 v4.40.0 Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights reserved. (408) 988-3832 LICENSED COPY - Sep 23 2004 Scan engine v4.4.00 for Win32. Virus data file v4684 created Jan 27 2006 Scanning for 173736 viruses, trojans and variants. ------------------------------------------------------------------------ Virus Scan Results ------------------------------------------------------------------------ 01/28/2006 11:15:26 Options: "C:\WINDOWS" /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /MIME /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML" Scanning C: [] Scanning C:\WINDOWS\*.* Summary report on C:\WINDOWS\*.* File(s) Total files: ........... 24840 Clean: ................. 24828 Possibly Infected: ..... 0 Cleaned: ............... 0 Non-critical Error(s): 1 Time: 00:10.59 ------------------------------------------------------------------------ Visit the McAfee Online <http://www.mcafee.com> Web Site Need some help or advice? Send email <mailto:techsupport@mcafee.com> to Technical Support. Virus Scan Report File ------------------------------------------------------------------------ Virus Scan Information ------------------------------------------------------------------------ McAfee VirusScan for Win32 v4.40.0 Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights reserved. (408) 988-3832 LICENSED COPY - Sep 23 2004 Scan engine v4.4.00 for Win32. Virus data file v4684 created Jan 27 2006 Scanning for 173736 viruses, trojans and variants. ------------------------------------------------------------------------ Virus Scan Results ------------------------------------------------------------------------ 01/28/2006 12:13:13 Options: "C:\" /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /MIME /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML" Scanning C: [] Scanning C:\*.* C:\!KillBox\jtcqd.exe ... Found the DNSChanger.a trojan !!! The file or process has been deleted. C:\!KillBox\ms32.sys\ms32.sys ... Found the Generic Downloader.ao trojan !!! The file or process has been deleted. C:\Programme\ICQToolbar\toolbaru.inf ... Found potentially unwanted program Adware-Softomate. The file or process has been deleted. C:\Programme\TallStick\TS-AudioToMIDI 3.30\patch.exe ... Found potentially unwanted program Tool-TPatch. The file or process has been deleted. Summary report on C:\*.* File(s) Total files: ........... 138586 Clean: ................. 138501 Possibly Infected: ..... 2 Cleaned: ............... 0 Deleted: ............... 4 Non-critical Error(s): 3 Time: 00:41.27 ------------------------------------------------------------------------ Visit the McAfee Online <http://www.mcafee.com> Web Site Need some help or advice? Send email <mailto:techsupport@mcafee.com> to Technical Support. Winpfind WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600 Internet Explorer Version: 6.0.2900.2180 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... UPX! 12.12.2003 00:52:36 278668 C:\WINDOWS\epsuninst.exe Checking %System% folder... aspack 26.05.2005 15:34:52 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll PEC2 01.09.2000 09:40:14 41118 C:\WINDOWS\SYSTEM32\dfrg.msc PEC2 09.06.2005 21:32:28 692736 C:\WINDOWS\SYSTEM32\DivX.dll PECompact2 09.06.2005 21:32:28 692736 C:\WINDOWS\SYSTEM32\DivX.dll aspack 03.08.2004 23:57:10 733696 C:\WINDOWS\SYSTEM32\ntdll.dll Umonitor 03.08.2004 23:57:34 686592 C:\WINDOWS\SYSTEM32\rasdlg.dll winsync 01.09.2000 09:42:26 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu Checking %System%\Drivers folder and sub-folders... PTech 03.08.2004 21:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 28.01.2006 17:45:32 S 2048 C:\WINDOWS\bootstat.dat 10.01.2006 19:59:50 H 54156 C:\WINDOWS\QTFont.qfn 22.01.2006 20:18:34 H 39590 C:\WINDOWS\Help\peg.GID 28.01.2006 17:50:30 H 1024 C:\WINDOWS\system32\config\default.LOG 28.01.2006 17:46:58 H 1024 C:\WINDOWS\system32\config\SAM.LOG 28.01.2006 17:46:10 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG 28.01.2006 17:52:36 H 12288 C:\WINDOWS\system32\config\software.LOG 28.01.2006 17:52:34 H 1024 C:\WINDOWS\system32\config\system.LOG 28.01.2006 17:45:36 H 6 C:\WINDOWS\Tasks\SA.DAT Checking for CPL files... Microsoft Corporation 03.08.2004 23:58:24 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl WIDCOMM Inc. 22.04.2002 12:25:36 208951 C:\WINDOWS\SYSTEM32\btcpl.cpl Microsoft Corporation 03.08.2004 23:58:24 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl Microsoft Corporation 03.08.2004 23:58:24 138240 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 03.08.2004 23:58:24 80384 C:\WINDOWS\SYSTEM32\firewall.cpl Microsoft Corporation 03.08.2004 23:58:24 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Microsoft Corporation 03.08.2004 23:58:24 359424 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 03.08.2004 23:58:24 133120 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 03.08.2004 23:58:24 381440 C:\WINDOWS\SYSTEM32\irprops.cpl Microsoft Corporation 03.08.2004 23:58:24 69632 C:\WINDOWS\SYSTEM32\joy.cpl Sun Microsystems, Inc. 03.06.2005 02:52:54 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl Microsoft Corporation 01.09.2000 09:41:22 189440 C:\WINDOWS\SYSTEM32\main.cpl AvantGo, Inc. 17.08.2003 11:14:22 69632 C:\WINDOWS\SYSTEM32\MBLLNK.CPL Microsoft Corporation 03.08.2004 23:58:24 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 01.09.2000 09:41:42 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 03.08.2004 23:58:24 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl Microsoft Corporation 03.08.2004 23:58:24 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl 02.08.2005 15:35:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl Microsoft Corporation 01.09.2000 09:41:52 38400 C:\WINDOWS\SYSTEM32\nwc.cpl Microsoft Corporation 03.08.2004 23:58:24 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation 03.08.2004 23:58:24 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl Apple Computer, Inc. 16.04.2004 15:00:22 324608 C:\WINDOWS\SYSTEM32\QuickTime.cpl Microsoft Corporation 03.08.2004 23:58:24 303104 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 01.09.2000 09:42:18 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 03.08.2004 23:58:24 94208 C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation 03.08.2004 23:58:24 148480 C:\WINDOWS\SYSTEM32\wscui.cpl Microsoft Corporation 03.08.2004 23:58:24 162816 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 01.09.2000 09:41:22 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl Microsoft Corporation 01.09.2000 09:41:42 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl Microsoft Corporation 01.09.2000 09:41:52 38400 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl Microsoft Corporation 01.09.2000 09:42:18 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 23.05.2005 15:00:44 1737 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk 17.05.2005 21:55:54 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini 17.05.2005 22:40:08 1709 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk 25.12.2005 12:04:44 1498 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk Checking files in %ALLUSERSPROFILE%\Application Data folder... 17.05.2005 22:32:36 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini Checking files in %USERPROFILE%\Startup folder... 17.05.2005 21:55:54 HS 84 C:\Dokumente und Einstellungen\alex\Startmenü\Programme\Autostart\desktop.ini Checking files in %USERPROFILE%\Application Data folder... 23.05.2005 14:59:42 1552 C:\Dokumente und Einstellungen\alex\Anwendungsdaten\AdobeDLM.log 17.05.2005 22:32:36 HS 62 C:\Dokumente und Einstellungen\alex\Anwendungsdaten\desktop.ini 23.05.2005 14:59:42 0 C:\Dokumente und Einstellungen\alex\Anwendungsdaten\dm.ini »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] SV1 = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] = [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ICQLiteMenu {73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\IPSContMenu {EBDF1F20-C829-11D1-8233-0020AF3E97A9} = HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ZFAdd {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Programme\WinAce\arcext.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\IPSContMenu {EBDF1F20-C829-11D1-8233-0020AF3E97A9} = HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu {73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\IPSContMenu {EBDF1F20-C829-11D1-8233-0020AF3E97A9} = HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ZFAdd {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Programme\WinAce\arcext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627} = C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} AcroIEHlprObj Class = C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F} = C:\Programme\Spybot - Search & Destroy\SDHelper.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1} CNisExtBho Class = C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872} CNavExtBho Class = C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tipps und Tricks = %SystemRoot%\system32\shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {855F3B16-6D32-4fe6-8A56-BBB695989046} = ICQ Toolbar : C:\Programme\ICQToolbar\toolbaru.dll {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} = Web assistant : C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} MenuText = Sun Java Konsole : C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} ButtonText = Mobilen Favoriten erstellen : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} MenuText = Mobilen Favoriten erstellen... : C:\Programme\Microsoft ActiveSync\INETREPL.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9} ButtonText = ICQ Lite : C:\Programme\ICQLite\ICQLite.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} ButtonText = Messenger : C:\Programme\Messenger\msmsgs.exe [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38} Search Band = %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} Favorites Band = %SystemRoot%\system32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} History Band = %SystemRoot%\system32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} Explorer-Band = %SystemRoot%\system32\shdocvw.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll {855F3B16-6D32-4FE6-8A56-BBB695989046} = ICQ Toolbar : C:\Programme\ICQToolbar\toolbaru.dll {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = Web assistant : C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] AudioDeck C:\Programme\VIA Technologies, Inc\Audio Deck\ADeck.exe ICQ Lite C:\Programme\ICQLite\ICQLite.exe -minimize NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup nwiz nwiz.exe /install NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe ccApp "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" URLLSTCK.exe C:\Programme\Norton Internet Security\UrlLstCk.exe Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer ServiceLayer C:\Programme\Gemeinsame Dateien\Nokia\Services\ServiceLayer.exe Nokia Tray Application C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe SunJavaUpdateSched C:\Programme\Java\jre1.5.0_04\bin\jusched.exe Omnipage C:\Programme\ScanSoft\OmniPageSE\opware32.exe Services Process C:\WINDOWS\system32\config\smss.exe NvMediaCenter RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit AnyDVD C:\Programme\SlySoft\AnyDVD\AnyDVD.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] CTFMON.EXE C:\WINDOWS\system32\ctfmon.exe H/PC Connection Agent "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" MSMSGS "C:\Programme\Messenger\msmsgs.exe" /background [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] ICQ Lite C:\Programme\ICQLite\ICQLite.exe -trayboot [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandFrom HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandTo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^BTTray.lnk path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk backup C:\WINDOWS\pss\BTTray.lnkCommon Startup location Common Startup command C:\PROGRA~1\Widcomm\BLUETO~1\BTTray.exe item BTTray path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk backup C:\WINDOWS\pss\BTTray.lnkCommon Startup location Common Startup command C:\PROGRA~1\Widcomm\BLUETO~1\BTTray.exe item BTTray HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^m-trip Launcher.lnk path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\m-trip Launcher.lnk backup C:\WINDOWS\pss\m-trip Launcher.lnkCommon Startup location Common Startup command C:\PROGRA~1\OLYMPUS\m-trip\Bin\M-TRIP~1.EXE item m-trip Launcher path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\m-trip Launcher.lnk backup C:\WINDOWS\pss\m-trip Launcher.lnkCommon Startup location Common Startup command C:\PROGRA~1\OLYMPUS\m-trip\Bin\M-TRIP~1.EXE item m-trip Launcher HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^PCSuiteForNokia3650 Detect.lnk path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PCSuiteForNokia3650 Detect.lnk backup C:\WINDOWS\pss\PCSuiteForNokia3650 Detect.lnkCommon Startup location Common Startup command D:\PROGRA~1\Nokia\PCSUIT~1\CONNMN~1.EXE item PCSuiteForNokia3650 Detect path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PCSuiteForNokia3650 Detect.lnk backup C:\WINDOWS\pss\PCSuiteForNokia3650 Detect.lnkCommon Startup location Common Startup command D:\PROGRA~1\Nokia\PCSUIT~1\CONNMN~1.EXE item PCSuiteForNokia3650 Detect HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^PCSuiteForNokia3650 TS.lnk path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PCSuiteForNokia3650 TS.lnk backup C:\WINDOWS\pss\PCSuiteForNokia3650 TS.lnkCommon Startup location Common Startup command D:\PROGRA~1\Nokia\PCSUIT~1\ECTASK~1.EXE item PCSuiteForNokia3650 TS path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PCSuiteForNokia3650 TS.lnk backup C:\WINDOWS\pss\PCSuiteForNokia3650 TS.lnkCommon Startup location Common Startup command D:\PROGRA~1\Nokia\PCSUIT~1\ECTASK~1.EXE item PCSuiteForNokia3650 TS HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Pinnacle Scheduler.lnk path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Pinnacle Scheduler.lnk backup C:\WINDOWS\pss\Pinnacle Scheduler.lnkCommon Startup location Common Startup command C:\PROGRA~1\Pinnacle\SHARED~1\Programs\SCHEDU~1\PCLESC~1.EXE item Pinnacle Scheduler path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Pinnacle Scheduler.lnk backup C:\WINDOWS\pss\Pinnacle Scheduler.lnkCommon Startup location Common Startup command C:\PROGRA~1\Pinnacle\SHARED~1\Programs\SCHEDU~1\PCLESC~1.EXE item Pinnacle Scheduler HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hkey HKCU command inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\abrek key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item NopeZ hkey HKLM command NopeZ.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item NopeZ hkey HKLM command NopeZ.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BigDogPath key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item VM_STI hkey HKLM command C:\WINDOWS\VM_STI.EXE USB PC Camera 301P inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item VM_STI hkey HKLM command C:\WINDOWS\VM_STI.EXE USB PC Camera 301P inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\clamav key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item MONITER hkey HKCU command MONITER.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item MONITER hkey HKCU command MONITER.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\H/PC Connection Agent key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item WCESCOMM hkey HKCU command "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item WCESCOMM hkey HKCU command "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item msmsgs hkey HKCU command "C:\Programme\Messenger\msmsgs.exe" /background inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item msmsgs hkey HKCU command "C:\Programme\Messenger\msmsgs.exe" /background inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\panel_its key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item mozilla-text hkey HKCU command mozilla-text.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item mozilla-text hkey HKCU command mozilla-text.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item qttask hkey HKLM command "C:\Programme\QuickTime\qttask.exe" -atboottime inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item qttask hkey HKLM command "C:\Programme\QuickTime\qttask.exe" -atboottime inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotSD TeaTimer key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item TeaTimer hkey HKCU command C:\Programme\Spybot - Search & Destroy\TeaTimer.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item TeaTimer hkey HKCU command C:\Programme\Spybot - Search & Destroy\TeaTimer.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpySweeper key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item SpySweeper hkey HKLM command "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /startintray inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item SpySweeper hkey HKLM command "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /startintray inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spyware Doctor key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item swdoctor hkey HKCU command "C:\Programme\Spyware Doctor\swdoctor.exe" /Q inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item swdoctor hkey HKCU command "C:\Programme\Spyware Doctor\swdoctor.exe" /Q inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCpl key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item gabber hkey HKLM command gabber.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item gabber hkey HKLM command gabber.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hkey HKCU command inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hkey HKCU command inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\___ key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item FLKPT hkey HKCU command FLKPT.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item FLKPT hkey HKCU command FLKPT.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state system.ini 0 win.ini 0 bootini 0 services 0 startup 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun 145 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = userinit.exe Shell = Explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 28.01.2006 17:52:40 |
|
|
||
28.01.2006, 20:04
Ehrenmitglied
Beiträge: 29434 |
#8
Gehe in die registry
Start-->Ausfuehren--> regedit bearbeiten--> suchen--> NopeZ <--loeschen, was du findest bearbeiten--> suchen--> MONITER <--loeschen, was du findest bearbeiten--> suchen--> mozilla-text.exe <--loeschen, was du findest bearbeiten--> suchen--> gabber.exe <--loeschen, was du findest bearbeiten--> suchen--> FLKPT.exe <--loeschen, was du findest ------------------------------------------------------------------ Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Zitat REGEDIT4Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "fixme.reg" auf dem Desktop doppelklicken SmitRem2.8 http://noahdfear.geekstogo.com/click%20counter/click.php?id=1 öffne smitRem folder,Doppelklick: RunThis.bat warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal) scanne und berichte, was noch gefunden wurde http://virus-protect.org/cureit.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
28.01.2006, 20:52
Member
Themenstarter Beiträge: 16 |
#9
hi
also nochmals DANKE!!! den schritt mit regedit und löschen hab ich gemacht aber wenn ich die fixme.reg ausführen will kommt immer eine fehlermeldung den scan mit smit rem hab ich auch durchgeführt und einen expressscan mir dr.web und der hat noch was gefunden C:\windows\system32\mrobeservive.exe |
|
|
||
28.01.2006, 21:08
Ehrenmitglied
Beiträge: 29434 |
#10
ich habe die reg-Datei veraendert...versuche es noch mal und berichte...nenne die reg-Datei... fixe.reg
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
28.01.2006, 22:30
Member
Themenstarter Beiträge: 16 |
#11
es geht mit der veränderten reg datei leider a nit....
is das sehr wichtig? da kommt immer die Meldung " fehler beim öffnen der datei möglicherweise ein Datenträger- oder Dateifehler" aja der dr.web hat noch ein paar daten gelöscht, ich weiß jetz aber nicht welche.... ein paar viruse halt.... soll ich noch etwas machen?? nochmals THX |
|
|
||
29.01.2006, 00:23
Ehrenmitglied
Beiträge: 29434 |
#12
ich will doch gern mal wissen, woran es liegt:
erstelle eine fix.reg , klicken und berichte Zitat REGEDIT4 __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
29.01.2006, 10:41
Member
Themenstarter Beiträge: 16 |
#13
hi
also das mit der fix.reg hat funktioniert aber erst nachdem ich die reg datei vom desktop auf meinen C teil der festplatte geschoben hab.... aber die fixe.reg hat trotzdem nocht geklappt (liegt aber glaub ich daran dass sie schon im mistkübel war.... |
|
|
||
29.01.2006, 16:12
Ehrenmitglied
Beiträge: 29434 |
#14
nun gut... eigenartig, dass die reg-Dateien bei dir nicht funktionieren...
scanne mit ewido und kopiere hier den scanreport http://virus-protect.org/ewido.html + poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.01.2006, 15:36
Member
Themenstarter Beiträge: 16 |
#15
---------------------------------------------------------
ewido anti-malware - Scan Report --------------------------------------------------------- + Erstellt am: 15:35:06, 30.01.2006 + Report-Checksumme: D3F50BE4 + Scanergebnis: C:\!KillBox\cssiz.exe -> Downloader.Agent.uj : Gesäubert mit Backup C:\Dokumente und Einstellungen\alex\Cookies\alex@2o7[2].txt -> Spyware.Cookie.2o7 : Gesäubert mit Backup C:\Dokumente und Einstellungen\alex\Cookies\alex@ehg-nokiafin.hitbox[1].txt -> Spyware.Cookie.Hitbox : Gesäubert mit Backup C:\Dokumente und Einstellungen\alex\Cookies\alex@hitbox[1].txt -> Spyware.Cookie.Hitbox : Gesäubert mit Backup C:\Dokumente und Einstellungen\alex\Cookies\alex@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Gesäubert mit Backup C:\Dokumente und Einstellungen\Eltern\Cookies\eltern@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Gesäubert mit Backup C:\Dokumente und Einstellungen\Eltern\Cookies\eltern@oewabox[1].txt -> Spyware.Cookie.Oewabox : Gesäubert mit Backup :mozilla.8:C:\Dokumente und Einstellungen\manuela\Anwendungsdaten\Mozilla\Firefox\Profiles\tx3fmi19.default\cookies.txt -> Spyware.Cookie.Ivwbox : Gesäubert mit Backup C:\WINDOWS\system32\dmjjs.exe -> Trojan.Pakes : Gesäubert mit Backup ::Report Ende Logfile of HijackThis v1.99.1 Scan saved at 15:35:39, on 30.01.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\Programme\VIA Technologies, Inc\Audio Deck\ADeck.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Java\jre1.5.0_04\bin\jusched.exe C:\Programme\ScanSoft\OmniPageSE\opware32.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\WinZip\WZQKPICK.EXE C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\Programme\VIA Technologies, Inc\Audio Deck\ADeck.exe C:\Programme\ICQLite\ICQLite.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Programme\ScanSoft\OmniPageSE\opware32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\Programme\VIA Technologies, Inc\Audio Deck\ADeck.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Java\jre1.5.0_04\bin\jusched.exe C:\Programme\ScanSoft\OmniPageSE\opware32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Spyware Doctor\swdoctor.exe C:\Programme\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\wscntfy.exe C:\Programme\ewido anti-malware\ewidoctrl.exe C:\Programme\ewido anti-malware\SecuritySuite.exe C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\HJT\HijackThis.exe R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [AudioDeck] C:\Programme\VIA Technologies, Inc\Audio Deck\ADeck.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programme\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [ServiceLayer] C:\Programme\Gemeinsame Dateien\Nokia\Services\ServiceLayer.exe O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [Services Process] C:\WINDOWS\system32\config\smss.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O12 - Plugin for .mid: C:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll O12 - Plugin for .wav: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{F078767F-73F9-45F7-B6C7-80DEB408C7D1}: NameServer = 192.168.0.1 O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe O23 - Service: MrobeService - Unknown owner - C:\WINDOWS\system32\MrobeService.exe (file missing) O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe so :-) hat ein bisschen gedauert aber schlussendlich die beiden reprots :-) |
|
|
||
Thx im Voraus
Logfile of HijackThis v1.99.1
Scan saved at 20:29:55, on 26.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\MrobeService.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\VIA Technologies, Inc\Audio Deck\ADeck.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\VIA Technologies, Inc\Audio Deck\ADeck.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\alex\Lokale Einstellungen\Temp\HijackThis.exe
C:\Programme\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: (no name) - {B0DE96BE-BC6F-BD03-EA27-928BB2448D92} - WinInitDll.dll (file missing)
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Programme\VIA Technologies, Inc\Audio Deck\ADeck.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programme\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ServiceLayer] C:\Programme\Gemeinsame Dateien\Nokia\Services\ServiceLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Service Process] C:\WINDOWS\system32\config\service.exe
O4 - HKLM\..\Run: [Services Process] C:\WINDOWS\system32\config\smss.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [dmhim.exe] C:\WINDOWS\system32\dmhim.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [dmyrg.exe] C:\WINDOWS\system32\dmyrg.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .wav: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{015038E5-F5B9-4BC5-9229-2FC362476F07}: NameServer = 85.255.116.109,85.255.112.214
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D2451C1-7873-4DD5-97FC-4DADC0FF233D}: NameServer = 85.255.116.109,85.255.112.214
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF6CE0A9-7CBD-4596-B67D-03D79390D219}: NameServer = 85.255.116.109,85.255.112.214
O17 - HKLM\System\CCS\Services\Tcpip\..\{F078767F-73F9-45F7-B6C7-80DEB408C7D1}: NameServer = 85.255.116.109,85.255.112.214
O17 - HKLM\System\CS1\Services\Tcpip\..\{015038E5-F5B9-4BC5-9229-2FC362476F07}: NameServer = 85.255.116.109,85.255.112.214
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: MrobeService - OLYMPUS IMAGING CORP. - C:\WINDOWS\system32\MrobeService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe