bitte meinen HijackLog anschauen wenn ihr Zeit habt

#0
26.01.2006, 20:38
Member

Beiträge: 16
#1 Hi würde gern wissen wie es um mich steht da mein browser mich manchmal auf ganz komische Suchseiten leitet und außerdem waren in meinem Autostart sehr komische .exe Dateien.....
Thx im Voraus

Logfile of HijackThis v1.99.1
Scan saved at 20:29:55, on 26.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\MrobeService.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\VIA Technologies, Inc\Audio Deck\ADeck.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\VIA Technologies, Inc\Audio Deck\ADeck.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\alex\Lokale Einstellungen\Temp\HijackThis.exe
C:\Programme\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: (no name) - {B0DE96BE-BC6F-BD03-EA27-928BB2448D92} - WinInitDll.dll (file missing)
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Programme\VIA Technologies, Inc\Audio Deck\ADeck.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programme\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ServiceLayer] C:\Programme\Gemeinsame Dateien\Nokia\Services\ServiceLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Service Process] C:\WINDOWS\system32\config\service.exe
O4 - HKLM\..\Run: [Services Process] C:\WINDOWS\system32\config\smss.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [dmhim.exe] C:\WINDOWS\system32\dmhim.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [dmyrg.exe] C:\WINDOWS\system32\dmyrg.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .wav: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{015038E5-F5B9-4BC5-9229-2FC362476F07}: NameServer = 85.255.116.109,85.255.112.214
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D2451C1-7873-4DD5-97FC-4DADC0FF233D}: NameServer = 85.255.116.109,85.255.112.214
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF6CE0A9-7CBD-4596-B67D-03D79390D219}: NameServer = 85.255.116.109,85.255.112.214
O17 - HKLM\System\CCS\Services\Tcpip\..\{F078767F-73F9-45F7-B6C7-80DEB408C7D1}: NameServer = 85.255.116.109,85.255.112.214
O17 - HKLM\System\CS1\Services\Tcpip\..\{015038E5-F5B9-4BC5-9229-2FC362476F07}: NameServer = 85.255.116.109,85.255.112.214

O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: MrobeService - OLYMPUS IMAGING CORP. - C:\WINDOWS\system32\MrobeService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
Seitenanfang Seitenende
27.01.2006, 01:35
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 alex16021988

Download f-secure-Beta Trial
http://www.f-secure.com/blacklight/
doppelklick: blbeta.exe
nach dem Check klicke -- next
nun findet man eine log-datei auf dem Desktop: kopiere sie in deinen Thread

stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

Kopiere diese 4 Textdateien. Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
27.01.2006, 14:26
Member

Themenstarter

Beiträge: 16
#3 hallo!
danke erst mals...
also hier sit die auswertung vom ersten Schritt

01/27/06 14:16:16 [Info]: BlackLight Engine 1.0.30 initialized
01/27/06 14:16:16 [Info]: OS: 5.1 build 2600 (Service Pack 2)
01/27/06 14:16:16 [Note]: 7019 4
01/27/06 14:16:16 [Note]: 7005 0
01/27/06 14:16:18 [Note]: 7006 0
01/27/06 14:16:18 [Note]: 7011 596
01/27/06 14:16:18 [Note]: FSRAW library version 1.7.1014
01/27/06 14:17:43 [Note]: 7007 0

ich habe nämlich gestern ein paar datein mithilfe der einen webseite die sie auswertet gelöscht...
aber ich hab noch immer das Problem dass der Pc auf eine andere Suchseite springt.....


Verzeichnis von C:\WINDOWS\system32

26.01.2006 21:50 39.992 perfc009.dat
26.01.2006 21:50 311.604 perfh009.dat
26.01.2006 21:50 316.594 perfh007.dat
26.01.2006 21:50 48.156 perfc007.dat
26.01.2006 21:50 723.744 PerfStringBackup.INI
26.01.2006 21:46 28.930 nvapps.xml
26.01.2006 19:00 2.206 wpa.dbl
10.01.2006 20:31 5.632 favset.exe
10.01.2006 20:11 51.200 cssiz.exe
10.01.2006 20:05 28.160 jtcqd.exe

24.12.2005 15:32 34.064 lhacm.acm
22.10.2005 10:50 138.056 FNTCACHE.DAT
17.09.2005 13:53 705 woinst32.exe
17.09.2005 13:16 1.409 PGMUS.FOT
10.08.2005 11:48 3.799 jupdate-1.5.0_04-b05.log
02.08.2005 15:35 466.944 nvshell.dll
02.08.2005 15:35 81.920 nvwddi.dll
02.08.2005 15:35 286.720 nvnt4cpl.dll
02.08.2005 15:35 86.016 nvmctray.dll
02.08.2005 15:35 1.466.368 nview.dll
02.08.2005 15:35 540.672 nvhwvid.dll
02.08.2005 15:35 1.662.976 nvwdmcpl.dll
02.08.2005 15:35 127.043 nvsvc32.exe
02.08.2005 15:35 393.216 keystone.exe
02.08.2005 15:35 1.019.904 nvwimg.dll
02.08.2005 15:35 1.519.616 nwiz.exe
02.08.2005 15:35 1.339.392 nvdspsch.exe
02.08.2005 15:35 14.757 nvdisp.nvu
02.08.2005 15:35 7.110.656 nvcpl.dll
02.08.2005 15:35 147.456 nvcolor.exe
02.08.2005 15:35 3.908.864 nv4_disp.dll
02.08.2005 15:35 176.128 nvudisp.exe
02.08.2005 15:35 5.140.480 nvoglnt.dll
02.08.2005 15:35 442.368 nvappbar.exe
02.08.2005 15:35 73.728 nvtuicpl.cpl
02.08.2005 15:35 32.768 nvcod.dll
02.08.2005 15:35 32.768 nvcodins.dll
27.07.2005 19:35 1.797.606 cryptiso.dll
27.07.2005 15:12 102.912 islzma.dll
03.07.2005 14:20 0 MX_SHARE.DAT
22.06.2005 20:30 16.832 amcompat.tlb
22.06.2005 20:30 23.392 nscompat.tlb
22.06.2005 20:30 2.272 w95inf16.dll
22.06.2005 20:30 4.608 w95inf32.dll
13.06.2005 16:50 289 service.exe


Verzeichnis von C:\WINDOWS

27.01.2006 09:02 32.512 SchedLgU.Txt
26.01.2006 21:52 390.694 WindowsUpdate.log
26.01.2006 21:46 157 wiadebug.log
26.01.2006 21:46 50 wiaservc.log
26.01.2006 21:46 2.048 bootstat.dat
26.01.2006 20:26 227 system.ini
26.01.2006 20:26 1.083 win.ini

13.01.2006 14:52 202 NeroDigital.ini
10.01.2006 19:59 1.409 QTFont.for
10.01.2006 19:59 54.156 QTFont.qfn
29.12.2005 09:46 335 videodeLuxe.INI
21.11.2005 20:22 25.713 CSTBox.INI
19.09.2005 18:53 74 BBW_INFO.INI
17.09.2005 13:53 6.018 ModemLog_Bluetooth Fax Modem.txt
11.09.2005 19:30 4.096 d3dx.dat
30.08.2005 17:22 316.640 WMSysPr9.prx
22.08.2005 14:53 0 distlib.ini
21.08.2005 13:10 509 MAXLINK.INI
21.08.2005 12:48 0 MSREGUSR.INI
16.08.2005 08:55 38.704 unvpeye.ini
10.08.2005 15:54 2.510 Microsoft.MIF
10.08.2005 15:54 2.464 $_hpcst$.hpc
03.08.2005 00:36 424.960 WRServices.dll
28.07.2005 09:03 0 Sti_Trace.log
04.07.2005 17:52 46 mxcdr.INI
03.07.2005 14:04 161 magix.ini
12.06.2005 09:24 224 Clony2.ini
06.06.2005 19:09 17 MovingPicture.ini
25.05.2005 13:10 403 ODBC.INI
20.05.2005 16:32 142.653 UNNeroVision.cfg
19.05.2005 19:30 0 nsreg.dat
19.05.2005 19:30 99.965 UninstallFirefox.exe
19.05.2005 19:29 3.089 mozver.dat
17.05.2005 22:40 59 vbaddin.ini
17.05.2005 21:58 8.192 REGLOCS.OLD
17.05.2005 21:55 0 control.ini
17.05.2005 21:55 299.552 WMSysPrx.prx
17.05.2005 21:55 4.161 ODBCINST.INI
17.05.2005 21:54 749 WindowsShell.Manifest
17.05.2005 21:52 36 vb.ini



Verzeichnis von C:\

27.01.2006 14:25 0 sys.txt
27.01.2006 14:24 5.933 system.txt
27.01.2006 14:24 733 systemtemp.txt
27.01.2006 14:24 109.664 system32.txt
26.01.2006 21:46 1.609.801.728 pagefile.sys
26.01.2006 20:26 211 boot.ini
10.01.2006 20:27 5.632 ms32.sys
29.12.2005 09:45 0 getframes.log
03.07.2005 14:20 0 vstcdbg.log
30.06.2005 08:02 137 BcBtRmv.log
29.06.2005 21:07 3 TCPCheckResult.txt
13.06.2005 19:50 0 23990098.$$$
13.06.2005 19:50 4 AVPCallback.log
12.06.2005 09:24 299 clony.txt
17.05.2005 22:33 3.222 update.log
17.05.2005 22:08 47.564 NTDETECT.COM
17.05.2005 22:08 251.184 ntldr
17.05.2005 21:55 0 CONFIG.SYS
17.05.2005 21:55 0 AUTOEXEC.BAT
17.05.2005 21:55 0 IO.SYS
17.05.2005 21:55 0 MSDOS.SYS
31.10.2004 12:11 159.078 Crack.exe
01.09.2000 09:39 4.952 bootfont.bin
23 Datei(en) 1.610.390.344 Bytes
0 Verzeichnis(se), 518.189.056 Bytes frei


Verzeichnis von C:\DOKUME~1\alex\LOKALE~1\Temp

27.01.2006 14:14 54.272 ginstall.dll
26.01.2006 21:50 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}27972.html
26.01.2006 21:47 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}1021.html
26.01.2006 21:47 16.384 ~DF72F5.tmp
26.01.2006 21:47 512 ~DFF837.tmp
26.01.2006 21:47 16.384 ~DFF82B.tmp
26.01.2006 21:46 224 WCESCOMM.LOG
26.01.2006 21:46 412 jusched.log
8 Datei(en) 90.149 Bytes
0 Verzeichnis(se), 518.189.056 Bytes frei
Seitenanfang Seitenende
27.01.2006, 14:55
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten --> kopiere das Ergebnis in das Sicherheitsforum
http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\system32\config\service.exe
C:\WINDOWS\system32\config\smss.exe

------------------------------------------------------------------------
lade:
KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.htm

-------------------------------------------------------------------------------
damit wird auch deine Internetverbindung (die korumpiert ist) geloecht...du musst nach Neustarte eine neue erstellen)

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

R3 - URLSearchHook: (no name) - {B0DE96BE-BC6F-BD03-EA27-928BB2448D92} - WinInitDll.dll (file missing)
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O4 - HKLM\..\Run: [Service Process] C:\WINDOWS\system32\config\service.exe
O4 - HKLM\..\Run: [Services Process] C:\WINDOWS\system32\config\smss.exe
O4 - HKLM\..\Run: [dmhim.exe] C:\WINDOWS\system32\dmhim.exe
O4 - HKLM\..\Run: [dmyrg.exe] C:\WINDOWS\system32\dmyrg.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{015038E5-F5B9-4BC5-9229-2FC362476F07}: NameServer = 85.255.116.109,85.255.112.214
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D2451C1-7873-4DD5-97FC-4DADC0FF233D}: NameServer = 85.255.116.109,85.255.112.214
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF6CE0A9-7CBD-4596-B67D-03D79390D219}: NameServer = 85.255.116.109,85.255.112.214
O17 - HKLM\System\CCS\Services\Tcpip\..\{F078767F-73F9-45F7-B6C7-80DEB408C7D1}: NameServer = 85.255.116.109,85.255.112.214
O17 - HKLM\System\CS1\Services\Tcpip\..\{015038E5-F5B9-4BC5-9229-2FC362476F07}: NameServer = 85.255.116.109,85.255.112.214

KILLBOX - Pocket KillBox

Options: Delete on Reboot --> anhaken
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"
reinkopieren:

C:\WINDOWS\system32\dmhim.exe
C:\WINDOWS\system32\dmyrg.exe
C:\WINDOWS\system32\favset.exe
C:\WINDOWS\system32\cssiz.exe
C:\WINDOWS\system32\jtcqd.exe
C:\WINDOWS\system32\woinst32.exe
C:\DOKUME~1\alex\LOKALE~1\Temp\ginstall.dll
C:\ms32.sys
C:\Crack.exe

PC neustarten

Download FixWareout:
http://swandog46.geekstogo.com/Fixwareout.exe
Fixwareout.exe --> next --> Install --> Run fixit --> Finish / der PC wird neustarten --> C:\fixwareout\report.txt

http://virus-protect.org/multiavtool.html
klicke "3" - McAfee -- es erscheint ein leeres DOS-Fenster.
- man muss eingeben, was gescannt werden soll
- C:\Windows\System32 dann beginnt der Scan, man sollte dann auch scannen lassen:
- C:\Windows
- C:\

klicke "6 --> der PC wird neustarten --> suche die 3 Scanreporte in C:\AV-CLS und kopiere sie hier.
------------------------------------------------------------------------------


kopiere hier das Log vom Silentrunner
http://virus-protect.org/silentrunner.html
----------------------------------------------------------------------------
Info (ist fuer mich)
http://www.sophos.com/virusinfo/analyses/trojfdowna.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
27.01.2006, 20:33
Member

Themenstarter

Beiträge: 16
#5 wow thx for helping me!!!
aber der punkt mit dem Mcaffee geht nicht so richtig, der will da was downloaden! muss ich das zulassen?
aja und ich hab vergessen zu sagen dass ich übers netzwerk im inet bin.... ist mein server befallen?

This is a report processed by VirusTotal on 01/27/2006 at 19:37:28 (CET) after scanning the file "service.exe" file.
Antivirus Version Update Result
AntiVir 6.33.0.77 01.27.2006 no virus found
Avast 4.6.695.0 01.27.2006 no virus found
AVG 718 01.27.2006 no virus found
Avira 6.33.0.81 01.27.2006 no virus found
BitDefender 7.2 01.27.2006 no virus found
CAT-QuickHeal 8.00 01.27.2006 no virus found
ClamAV devel-20051123 01.27.2006 no virus found
DrWeb 4.33 01.27.2006 no virus found
eTrust-InoculateIT 23.71.61 01.27.2006 no virus found
eTrust-Vet 12.4.2058 01.27.2006 no virus found
Ewido 3.5 01.27.2006 no virus found
Fortinet 2.54.0.0 01.27.2006 no virus found
F-Prot 3.16c 01.26.2006 no virus found
Ikarus 0.2.59.0 01.27.2006 no virus found
Kaspersky 4.0.2.24 01.27.2006 no virus found
McAfee 4683 01.26.2006 no virus found
NOD32v2 1.1383 01.27.2006 no virus found
Norman 5.70.10 01.27.2006 no virus found
Panda 9.0.0.4 01.27.2006 no virus found
Sophos 4.01.0 01.27.2006 no virus found
Symantec 8.0 01.27.2006 no virus found
TheHacker 5.9.3.082 01.27.2006 no virus found
UNA 1.83 01.27.2006 no virus found
VBA32 3.10.5 01.27.2006 no virus found


This is a report processed by VirusTotal on 01/27/2006 at 19:39:41 (CET) after scanning the file "smss.exe" file.
Antivirus Version Update Result
AntiVir 6.33.0.77 01.27.2006 no virus found
Avast 4.6.695.0 01.27.2006 no virus found
AVG 718 01.27.2006 no virus found
Avira 6.33.0.81 01.27.2006 no virus found
BitDefender 7.2 01.27.2006 no virus found
CAT-QuickHeal 8.00 01.27.2006 no virus found
ClamAV devel-20051123 01.27.2006 no virus found
DrWeb 4.33 01.27.2006 no virus found
eTrust-InoculateIT 23.71.61 01.27.2006 no virus found
eTrust-Vet 12.4.2058 01.27.2006 no virus found
Ewido 3.5 01.27.2006 no virus found
Fortinet 2.54.0.0 01.27.2006 no virus found
F-Prot 3.16c 01.26.2006 no virus found
Ikarus 0.2.59.0 01.27.2006 no virus found
Kaspersky 4.0.2.24 01.27.2006 no virus found
McAfee 4683 01.26.2006 no virus found
NOD32v2 1.1383 01.27.2006 no virus found
Norman 5.70.10 01.27.2006 no virus found
Panda 9.0.0.4 01.27.2006 no virus found
Sophos 4.01.0 01.27.2006 no virus found
Symantec 8.0 01.27.2006 no virus found
TheHacker 5.9.3.082 01.27.2006 no virus found
UNA 1.83 01.27.2006 no virus found
VBA32 3.10.5 01.27.2006 no virus found

Fixwareout ver 1.003
Last edited 1/12/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\1dedoc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\domdnb
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\orcimlh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23tsniow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\mihmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\sjjmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1dedoc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llams_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ytpme
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\domdnb
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\orcimlh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23tsniow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\golmedi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\DMJJS.EXE

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool
C:\WINDOWS\System32\service.exe




"Silent Runners.vbs", revision 43, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"H/PC Connection Agent" = ""C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"" [MS]
"MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS]

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"AudioDeck" = "C:\Programme\VIA Technologies, Inc\Audio Deck\ADeck.exe" ["VIA Technologies, Inc."]
"ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -minimize" ["ICQ Ltd."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"ccApp" = ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"URLLSTCK.exe" = "C:\Programme\Norton Internet Security\UrlLstCk.exe" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"ServiceLayer" = "C:\Programme\Gemeinsame Dateien\Nokia\Services\ServiceLayer.exe" [file not found]
"Nokia Tray Application" = "C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe" [file not found]
"SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]
"Omnipage" = "C:\Programme\ScanSoft\OmniPageSE\opware32.exe" ["ScanSoft, Inc"]
"Services Process" = "C:\WINDOWS\system32\config\smss.exe" [file not found]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"AnyDVD" = "C:\Programme\SlySoft\AnyDVD\AnyDVD.exe" ["SlySoft, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Web assistant"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.2 Context Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.2 DragDrop Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.2 Context Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.2 Property Sheet Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"]
"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["WIDCOMM Inc."]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
"System" = (value not set)


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "alex" & "All Users" startup folders:
------------------------------------------------------

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Adobe Reader Speed Launch" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"WinZip Quick Pick" -> shortcut to: "C:\Programme\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc. and H.C. Top Systems B.V."]


Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Scan my computer" -> launches: "C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe /task:"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Programme\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{855F3B16-6D32-4FE6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Web assistant" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{855F3B16-6D32-4FE6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."]

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Web assistant"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Mobilen Favoriten erstellen"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft ActiveSync\INETREPL.DLL" [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Mobilen Favoriten erstellen..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft ActiveSync\INETREPL.DLL" [MS]

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

Missing lines (compared with English-language version):
"{855F3B16-6D32-4fe6-8A56-BBB695989046}" = "ICQ Toolbar" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir Update, AVWUpSrv, ""C:\Programme\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
MrobeService, MrobeService, ""C:\WINDOWS\system32\MrobeService.exe"" ["OLYMPUS IMAGING CORP."]
Norton AntiVirus Auto Protect Service, navapsvc, ""C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
SAVScan, SAVScan, ""C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Network Proxy, ccProxy, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
SymWMI Service, SymWSC, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe"" ["Symantec Corporation"]
Webroot Spy Sweeper Engine, svcWRSSSDK, "C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe" ["Webroot Software, Inc."]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 29 seconds, including 2 seconds for message boxes)
Seitenanfang Seitenende
28.01.2006, 00:24
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 der PC ist/war mit Wareout verseucht...aber wir bekommen das schon wieder hin ;)

Mcaffee--> den Download musst du zulassen, das Tool sucht die neusten Virenupdates....kopiere dann hier den scanreport

Poste das log von Winpfind
http://virus-protect.org/winpfind.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
28.01.2006, 17:53
Member

Themenstarter

Beiträge: 16
#7 danke dass du dir wegen mir so viel antust!
aja ein prob hab ich noch : wenn ich etwas ins word kopieren möchte taucht da immer ein kleines handy statt dem text auf, dann muss ich immer alles nochmals kopieren und dann gehts erst!

Virus Scan Report File ------------------------------------------------------------------------ Virus Scan Information ------------------------------------------------------------------------ McAfee VirusScan for Win32 v4.40.0 Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights reserved. (408) 988-3832 LICENSED COPY - Sep 23 2004 Scan engine v4.4.00 for Win32. Virus data file v4684 created Jan 27 2006 Scanning for 173736 viruses, trojans and variants. ------------------------------------------------------------------------ Virus Scan Results ------------------------------------------------------------------------ 01/28/2006 11:07:47 Options: "C:\WINDOWS\SYSTEM32" /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /MIME /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML" Scanning C: [] Scanning C:\WINDOWS\SYSTEM32\*.* Summary report on C:\WINDOWS\SYSTEM32\*.* File(s) Total files: ........... 6946 Clean: ................. 6934 Possibly Infected: ..... 0 Cleaned: ............... 0 Non-critical Error(s): 1 Time: 00:06.05 ------------------------------------------------------------------------ Visit the McAfee Online Web Site Need some help or advice? Send email to Technical Support.




Virus Scan Report File


------------------------------------------------------------------------
Virus Scan Information
------------------------------------------------------------------------

McAfee VirusScan for Win32 v4.40.0
Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights reserved.
(408) 988-3832 LICENSED COPY - Sep 23 2004

Scan engine v4.4.00 for Win32.
Virus data file v4684 created Jan 27 2006
Scanning for 173736 viruses, trojans and variants.


------------------------------------------------------------------------
Virus Scan Results
------------------------------------------------------------------------




01/28/2006 11:15:26


Options:
"C:\WINDOWS" /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /MIME /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML"

Scanning C: []
Scanning C:\WINDOWS\*.*

Summary report on C:\WINDOWS\*.*
File(s)
Total files: ........... 24840
Clean: ................. 24828
Possibly Infected: ..... 0
Cleaned: ............... 0
Non-critical Error(s): 1


Time: 00:10.59

------------------------------------------------------------------------
Visit the McAfee Online <http://www.mcafee.com> Web Site
Need some help or advice? Send email <mailto:techsupport@mcafee.com> to
Technical Support.




Virus Scan Report File


------------------------------------------------------------------------
Virus Scan Information
------------------------------------------------------------------------

McAfee VirusScan for Win32 v4.40.0
Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights reserved.
(408) 988-3832 LICENSED COPY - Sep 23 2004

Scan engine v4.4.00 for Win32.
Virus data file v4684 created Jan 27 2006
Scanning for 173736 viruses, trojans and variants.


------------------------------------------------------------------------
Virus Scan Results
------------------------------------------------------------------------




01/28/2006 12:13:13


Options:
"C:\" /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /MIME /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML"

Scanning C: []
Scanning C:\*.*
C:\!KillBox\jtcqd.exe ... Found the DNSChanger.a trojan !!!
The file or process has been deleted.
C:\!KillBox\ms32.sys\ms32.sys ... Found the Generic Downloader.ao trojan !!!
The file or process has been deleted.
C:\Programme\ICQToolbar\toolbaru.inf ... Found potentially unwanted program Adware-Softomate.
The file or process has been deleted.
C:\Programme\TallStick\TS-AudioToMIDI 3.30\patch.exe ... Found potentially unwanted program Tool-TPatch.
The file or process has been deleted.

Summary report on C:\*.*
File(s)
Total files: ........... 138586
Clean: ................. 138501
Possibly Infected: ..... 2
Cleaned: ............... 0
Deleted: ............... 4
Non-critical Error(s): 3


Time: 00:41.27

------------------------------------------------------------------------
Visit the McAfee Online <http://www.mcafee.com> Web Site
Need some help or advice? Send email <mailto:techsupport@mcafee.com> to
Technical Support.



Winpfind

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 12.12.2003 00:52:36 278668 C:\WINDOWS\epsuninst.exe

Checking %System% folder...
aspack 26.05.2005 15:34:52 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll
PEC2 01.09.2000 09:40:14 41118 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 09.06.2005 21:32:28 692736 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 09.06.2005 21:32:28 692736 C:\WINDOWS\SYSTEM32\DivX.dll
aspack 03.08.2004 23:57:10 733696 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 03.08.2004 23:57:34 686592 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 01.09.2000 09:42:26 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 03.08.2004 21:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
28.01.2006 17:45:32 S 2048 C:\WINDOWS\bootstat.dat
10.01.2006 19:59:50 H 54156 C:\WINDOWS\QTFont.qfn
22.01.2006 20:18:34 H 39590 C:\WINDOWS\Help\peg.GID
28.01.2006 17:50:30 H 1024 C:\WINDOWS\system32\config\default.LOG
28.01.2006 17:46:58 H 1024 C:\WINDOWS\system32\config\SAM.LOG
28.01.2006 17:46:10 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
28.01.2006 17:52:36 H 12288 C:\WINDOWS\system32\config\software.LOG
28.01.2006 17:52:34 H 1024 C:\WINDOWS\system32\config\system.LOG
28.01.2006 17:45:36 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 03.08.2004 23:58:24 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl
WIDCOMM Inc. 22.04.2002 12:25:36 208951 C:\WINDOWS\SYSTEM32\btcpl.cpl
Microsoft Corporation 03.08.2004 23:58:24 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 03.08.2004 23:58:24 138240 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 03.08.2004 23:58:24 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 03.08.2004 23:58:24 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 03.08.2004 23:58:24 359424 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 03.08.2004 23:58:24 133120 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 03.08.2004 23:58:24 381440 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 03.08.2004 23:58:24 69632 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 03.06.2005 02:52:54 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 01.09.2000 09:41:22 189440 C:\WINDOWS\SYSTEM32\main.cpl
AvantGo, Inc. 17.08.2003 11:14:22 69632 C:\WINDOWS\SYSTEM32\MBLLNK.CPL
Microsoft Corporation 03.08.2004 23:58:24 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 01.09.2000 09:41:42 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 03.08.2004 23:58:24 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 03.08.2004 23:58:24 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
02.08.2005 15:35:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 01.09.2000 09:41:52 38400 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 03.08.2004 23:58:24 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 03.08.2004 23:58:24 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 16.04.2004 15:00:22 324608 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 03.08.2004 23:58:24 303104 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 01.09.2000 09:42:18 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 03.08.2004 23:58:24 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 03.08.2004 23:58:24 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 03.08.2004 23:58:24 162816 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 01.09.2000 09:41:22 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 01.09.2000 09:41:42 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 01.09.2000 09:41:52 38400 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 01.09.2000 09:42:18 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
23.05.2005 15:00:44 1737 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk
17.05.2005 21:55:54 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
17.05.2005 22:40:08 1709 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
25.12.2005 12:04:44 1498 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
17.05.2005 22:32:36 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
17.05.2005 21:55:54 HS 84 C:\Dokumente und Einstellungen\alex\Startmenü\Programme\Autostart\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
23.05.2005 14:59:42 1552 C:\Dokumente und Einstellungen\alex\Anwendungsdaten\AdobeDLM.log
17.05.2005 22:32:36 HS 62 C:\Dokumente und Einstellungen\alex\Anwendungsdaten\desktop.ini
23.05.2005 14:59:42 0 C:\Dokumente und Einstellungen\alex\Anwendungsdaten\dm.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\IPSContMenu
{EBDF1F20-C829-11D1-8233-0020AF3E97A9} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Programme\WinAce\arcext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\IPSContMenu
{EBDF1F20-C829-11D1-8233-0020AF3E97A9} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\IPSContMenu
{EBDF1F20-C829-11D1-8233-0020AF3E97A9} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Programme\WinAce\arcext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Programme\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}
CNisExtBho Class = C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tipps und Tricks = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} = ICQ Toolbar : C:\Programme\ICQToolbar\toolbaru.dll
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} = Web assistant : C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Konsole : C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}
ButtonText = Mobilen Favoriten erstellen :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}
MenuText = Mobilen Favoriten erstellen... : C:\Programme\Microsoft ActiveSync\INETREPL.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}
ButtonText = ICQ Lite : C:\Programme\ICQLite\ICQLite.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Programme\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\system32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer-Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{855F3B16-6D32-4FE6-8A56-BBB695989046} = ICQ Toolbar : C:\Programme\ICQToolbar\toolbaru.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = Web assistant : C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AudioDeck C:\Programme\VIA Technologies, Inc\Audio Deck\ADeck.exe
ICQ Lite C:\Programme\ICQLite\ICQLite.exe -minimize
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz nwiz.exe /install
NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
ccApp "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
URLLSTCK.exe C:\Programme\Norton Internet Security\UrlLstCk.exe
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
ServiceLayer C:\Programme\Gemeinsame Dateien\Nokia\Services\ServiceLayer.exe
Nokia Tray Application C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe
SunJavaUpdateSched C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
Omnipage C:\Programme\ScanSoft\OmniPageSE\opware32.exe
Services Process C:\WINDOWS\system32\config\smss.exe
NvMediaCenter RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
AnyDVD C:\Programme\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE C:\WINDOWS\system32\ctfmon.exe
H/PC Connection Agent "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
MSMSGS "C:\Programme\Messenger\msmsgs.exe" /background

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
ICQ Lite C:\Programme\ICQLite\ICQLite.exe -trayboot

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandFrom

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandTo

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^BTTray.lnk
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk
backup C:\WINDOWS\pss\BTTray.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Widcomm\BLUETO~1\BTTray.exe
item BTTray
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk
backup C:\WINDOWS\pss\BTTray.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Widcomm\BLUETO~1\BTTray.exe
item BTTray

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^m-trip Launcher.lnk
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\m-trip Launcher.lnk
backup C:\WINDOWS\pss\m-trip Launcher.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\OLYMPUS\m-trip\Bin\M-TRIP~1.EXE
item m-trip Launcher
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\m-trip Launcher.lnk
backup C:\WINDOWS\pss\m-trip Launcher.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\OLYMPUS\m-trip\Bin\M-TRIP~1.EXE
item m-trip Launcher

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^PCSuiteForNokia3650 Detect.lnk
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PCSuiteForNokia3650 Detect.lnk
backup C:\WINDOWS\pss\PCSuiteForNokia3650 Detect.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\Nokia\PCSUIT~1\CONNMN~1.EXE
item PCSuiteForNokia3650 Detect
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PCSuiteForNokia3650 Detect.lnk
backup C:\WINDOWS\pss\PCSuiteForNokia3650 Detect.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\Nokia\PCSUIT~1\CONNMN~1.EXE
item PCSuiteForNokia3650 Detect

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^PCSuiteForNokia3650 TS.lnk
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PCSuiteForNokia3650 TS.lnk
backup C:\WINDOWS\pss\PCSuiteForNokia3650 TS.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\Nokia\PCSUIT~1\ECTASK~1.EXE
item PCSuiteForNokia3650 TS
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PCSuiteForNokia3650 TS.lnk
backup C:\WINDOWS\pss\PCSuiteForNokia3650 TS.lnkCommon Startup
location Common Startup
command D:\PROGRA~1\Nokia\PCSUIT~1\ECTASK~1.EXE
item PCSuiteForNokia3650 TS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Pinnacle Scheduler.lnk
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Pinnacle Scheduler.lnk
backup C:\WINDOWS\pss\Pinnacle Scheduler.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Pinnacle\SHARED~1\Programs\SCHEDU~1\PCLESC~1.EXE
item Pinnacle Scheduler
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Pinnacle Scheduler.lnk
backup C:\WINDOWS\pss\Pinnacle Scheduler.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Pinnacle\SHARED~1\Programs\SCHEDU~1\PCLESC~1.EXE
item Pinnacle Scheduler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKCU
command
inimapping 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\abrek
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NopeZ
hkey HKLM
command NopeZ.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NopeZ
hkey HKLM
command NopeZ.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BigDogPath
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item VM_STI
hkey HKLM
command C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item VM_STI
hkey HKLM
command C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\clamav
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MONITER
hkey HKCU
command MONITER.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MONITER
hkey HKCU
command MONITER.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\H/PC Connection Agent
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WCESCOMM
hkey HKCU
command "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WCESCOMM
hkey HKCU
command "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Programme\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Programme\Messenger\msmsgs.exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\panel_its
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mozilla-text
hkey HKCU
command mozilla-text.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mozilla-text
hkey HKCU
command mozilla-text.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Programme\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Programme\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotSD TeaTimer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TeaTimer
hkey HKCU
command C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TeaTimer
hkey HKCU
command C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpySweeper
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SpySweeper
hkey HKLM
command "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SpySweeper
hkey HKLM
command "C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spyware Doctor
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item swdoctor
hkey HKCU
command "C:\Programme\Spyware Doctor\swdoctor.exe" /Q
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item swdoctor
hkey HKCU
command "C:\Programme\Spyware Doctor\swdoctor.exe" /Q
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCpl
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item gabber
hkey HKLM
command gabber.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item gabber
hkey HKLM
command gabber.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKCU
command
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKCU
command
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\___
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item FLKPT
hkey HKCU
command FLKPT.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item FLKPT
hkey HKCU
command FLKPT.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = userinit.exe
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 28.01.2006 17:52:40
Seitenanfang Seitenende
28.01.2006, 20:04
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 Gehe in die registry
Start-->Ausfuehren--> regedit

bearbeiten--> suchen--> NopeZ <--loeschen, was du findest

bearbeiten--> suchen--> MONITER <--loeschen, was du findest

bearbeiten--> suchen--> mozilla-text.exe <--loeschen, was du findest

bearbeiten--> suchen--> gabber.exe <--loeschen, was du findest

bearbeiten--> suchen--> FLKPT.exe <--loeschen, was du findest


------------------------------------------------------------------

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.

Zitat

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoBandCustomize"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=-
"System"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Services Process"=-
Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "fixme.reg" auf dem Desktop doppelklicken

SmitRem2.8
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
öffne smitRem folder,Doppelklick: RunThis.bat
warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal)

scanne und berichte, was noch gefunden wurde
http://virus-protect.org/cureit.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
28.01.2006, 20:52
Member

Themenstarter

Beiträge: 16
#9 hi
also nochmals DANKE!!!
den schritt mit regedit und löschen hab ich gemacht
aber wenn ich die fixme.reg ausführen will kommt immer eine fehlermeldung

den scan mit smit rem hab ich auch durchgeführt
und einen expressscan mir dr.web und der hat noch was gefunden
C:\windows\system32\mrobeservive.exe
Seitenanfang Seitenende
28.01.2006, 21:08
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 ich habe die reg-Datei veraendert...versuche es noch mal und berichte...nenne die reg-Datei... fixe.reg
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
28.01.2006, 22:30
Member

Themenstarter

Beiträge: 16
#11 es geht mit der veränderten reg datei leider a nit....
is das sehr wichtig?
da kommt immer die Meldung " fehler beim öffnen der datei
möglicherweise ein Datenträger- oder Dateifehler"
aja der dr.web hat noch ein paar daten gelöscht, ich weiß jetz aber nicht welche.... ein paar viruse halt....
soll ich noch etwas machen??
nochmals THX
Seitenanfang Seitenende
29.01.2006, 00:23
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 ich will doch gern mal wissen, woran es liegt:

erstelle eine fix.reg , klicken und berichte

Zitat

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=-
"System"=""

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
29.01.2006, 10:41
Member

Themenstarter

Beiträge: 16
#13 hi
also das mit der fix.reg hat funktioniert aber erst nachdem ich die reg datei vom desktop auf meinen C teil der festplatte geschoben hab....
aber die fixe.reg hat trotzdem nocht geklappt (liegt aber glaub ich daran dass sie schon im mistkübel war....
Seitenanfang Seitenende
29.01.2006, 16:12
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#14 nun gut... eigenartig, dass die reg-Dateien bei dir nicht funktionieren...

scanne mit ewido und kopiere hier den scanreport
http://virus-protect.org/ewido.html
+
poste das neue Log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
30.01.2006, 15:36
Member

Themenstarter

Beiträge: 16
#15 ---------------------------------------------------------
ewido anti-malware - Scan Report
---------------------------------------------------------

+ Erstellt am: 15:35:06, 30.01.2006
+ Report-Checksumme: D3F50BE4

+ Scanergebnis:

C:\!KillBox\cssiz.exe -> Downloader.Agent.uj : Gesäubert mit Backup
C:\Dokumente und Einstellungen\alex\Cookies\alex@2o7[2].txt -> Spyware.Cookie.2o7 : Gesäubert mit Backup
C:\Dokumente und Einstellungen\alex\Cookies\alex@ehg-nokiafin.hitbox[1].txt -> Spyware.Cookie.Hitbox : Gesäubert mit Backup
C:\Dokumente und Einstellungen\alex\Cookies\alex@hitbox[1].txt -> Spyware.Cookie.Hitbox : Gesäubert mit Backup
C:\Dokumente und Einstellungen\alex\Cookies\alex@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Eltern\Cookies\eltern@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Eltern\Cookies\eltern@oewabox[1].txt -> Spyware.Cookie.Oewabox : Gesäubert mit Backup
:mozilla.8:C:\Dokumente und Einstellungen\manuela\Anwendungsdaten\Mozilla\Firefox\Profiles\tx3fmi19.default\cookies.txt -> Spyware.Cookie.Ivwbox : Gesäubert mit Backup
C:\WINDOWS\system32\dmjjs.exe -> Trojan.Pakes : Gesäubert mit Backup


::Report Ende





Logfile of HijackThis v1.99.1
Scan saved at 15:35:39, on 30.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\VIA Technologies, Inc\Audio Deck\ADeck.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\VIA Technologies, Inc\Audio Deck\ADeck.exe
C:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Programme\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\VIA Technologies, Inc\Audio Deck\ADeck.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Spyware Doctor\swdoctor.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\ewido anti-malware\ewidoctrl.exe
C:\Programme\ewido anti-malware\SecuritySuite.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Programme\VIA Technologies, Inc\Audio Deck\ADeck.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programme\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ServiceLayer] C:\Programme\Gemeinsame Dateien\Nokia\Services\ServiceLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programme\Gemeinsame Dateien\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Services Process] C:\WINDOWS\system32\config\smss.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .wav: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{F078767F-73F9-45F7-B6C7-80DEB408C7D1}: NameServer = 192.168.0.1
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe
O23 - Service: MrobeService - Unknown owner - C:\WINDOWS\system32\MrobeService.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe


so :-)
hat ein bisschen gedauert aber schlussendlich die beiden reprots :-)
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: