Trojaner/Virus erstellt win**.tmp.exe dateien - folge: systemüberlastung

#196 Dyslex

dann warte und poste dann den report.
danach poste die logs, um die ich gebeten habe
__________
MfG Sabina

rund um die PC-Sicherheit

#197 Schritt 4 :

10)DPF????
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: EC2D-2583

Verzeichnis von C:\WINDOWS\Downloaded Program Files

17.09.2006 22:47 <DIR> CONFLICT.1
17.09.2006 13:30 <DIR> CONFLICT.2
17.09.2006 19:16 <DIR> CONFLICT.3
30.09.2006 18:25 <DIR> CONFLICT.4
30.09.2006 18:25 <DIR> CONFLICT.5
29.09.2006 23:44 <DIR> CONFLICT.6
01.10.2006 19:18 <DIR> CONFLICT.7
14.10.1997 18:52 697 DirectAnimation Java Classes.osd
25.07.2002 18:13 24.576 dwusplay.dll
25.07.2002 18:13 196.608 dwusplay.exe
16.06.2004 06:02 323.584 isusweb.dll
27.07.2005 22:38 366 KALogoutComponent.inf
20.01.2000 15:25 1.162 Microsoft XML Parser for Java.osd
11.09.2006 19:08 205.264 speedtest2.dll
22.06.2006 11:41 5.032 swflash.inf
24.07.2006 10:24 85.504 UERSU_0001_N91M2407NetInstaller.exe
21.07.2006 14:58 86.528 UWA6PU_0001_N91M2107NetInstaller.exe
18.07.2006 19:08 82.432 UWA6P_0001_N91M1807NetInstaller.exe
11 Datei(en) 1.011.753 Bytes

Verzeichnis von C:\WINDOWS\Downloaded Program Files\CONFLICT.1

17.09.2006 22:47 <DIR> .
17.09.2006 22:47 <DIR> ..
24.07.2006 10:24 85.504 UERSU_0001_N91M2407NetInstaller.exe
21.07.2006 14:58 86.528 UWA6PU_0001_N91M2107NetInstaller.exe
18.07.2006 19:08 82.432 UWA6P_0001_N91M1807NetInstaller.exe
3 Datei(en) 254.464 Bytes

Verzeichnis von C:\WINDOWS\Downloaded Program Files\CONFLICT.2

17.09.2006 13:30 <DIR> .
17.09.2006 13:30 <DIR> ..
24.07.2006 10:24 85.504 UERSU_0001_N91M2407NetInstaller.exe
21.07.2006 14:58 86.528 UWA6PU_0001_N91M2107NetInstaller.exe
2 Datei(en) 172.032 Bytes

Verzeichnis von C:\WINDOWS\Downloaded Program Files\CONFLICT.3

17.09.2006 19:16 <DIR> .
17.09.2006 19:16 <DIR> ..
24.07.2006 10:24 85.504 UERSU_0001_N91M2407NetInstaller.exe
21.07.2006 14:58 86.528 UWA6PU_0001_N91M2107NetInstaller.exe
2 Datei(en) 172.032 Bytes

Verzeichnis von C:\WINDOWS\Downloaded Program Files\CONFLICT.4

30.09.2006 18:25 <DIR> .
30.09.2006 18:25 <DIR> ..
24.07.2006 10:24 85.504 UERSU_0001_N91M2407NetInstaller.exe
21.07.2006 14:58 86.528 UWA6PU_0001_N91M2107NetInstaller.exe
2 Datei(en) 172.032 Bytes

Verzeichnis von C:\WINDOWS\Downloaded Program Files\CONFLICT.5

30.09.2006 18:25 <DIR> .
30.09.2006 18:25 <DIR> ..
24.07.2006 10:24 85.504 UERSU_0001_N91M2407NetInstaller.exe
21.07.2006 14:58 86.528 UWA6PU_0001_N91M2107NetInstaller.exe
2 Datei(en) 172.032 Bytes

Verzeichnis von C:\WINDOWS\Downloaded Program Files\CONFLICT.6

29.09.2006 23:44 <DIR> .
29.09.2006 23:44 <DIR> ..
21.07.2006 14:58 86.528 UWA6PU_0001_N91M2107NetInstaller.exe
1 Datei(en) 86.528 Bytes

Verzeichnis von C:\WINDOWS\Downloaded Program Files\CONFLICT.7

01.10.2006 19:18 <DIR> .
01.10.2006 19:18 <DIR> ..
21.07.2006 14:58 86.528 UWA6PU_0001_N91M2107NetInstaller.exe
1 Datei(en) 86.528 Bytes

Anzahl der angezeigten Dateien:
24 Datei(en) 2.127.401 Bytes
21 Verzeichnis(se), 29.990.895.616 Bytes frei

-------
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlm
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmfu32


C:\WINDOWS\Downloaded Program Files\speedtest2.dll
C:\WINDOWS\Downloaded Program Files\UERSU_0001_N91M2407NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\UWA6PU_0001_N91M2107NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERSU_0001_N91M2407NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6PU_0001_N91M2107NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERSU_0001_N91M2407NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6PU_0001_N91M2107NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UERSU_0001_N91M2407NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6PU_0001_N91M2107NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UERSU_0001_N91M2407NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA6PU_0001_N91M2107NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UERSU_0001_N91M2407NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWA6PU_0001_N91M2107NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWA6PU_0001_N91M2107NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWA6PU_0001_N91M2107NetInstaller.exe
C:\WINDOWS\PrintViewUninstall.exe
C:\WINDOWS\system32\SpOrder.dll
C:\WINDOWS\system32\mlnmp.ini2
C:\WINDOWS\system32\mlnmp.bak2
C:\WINDOWS\system32\pjvijalx.dll
C:\WINDOWS\system32\rbhbamdj.dll
C:\WINDOWS\system32\stera.job
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\mlnmp.bak1
C:\WINDOWS\system32\slfikiet.dll
C:\WINDOWS\system32\url.dat
C:\WINDOWS\system32\jgyeminf.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\skqeemqm.dll
C:\WINDOWS\system32\plugin1.dat
C:\WINDOWS\system32\uwjtinwk.dll
C:\WINDOWS\system32\wtssvsu.exe
C:\WINDOWS\system32\mlnmp.ini
C:\WINDOWS\system32\mlnmp.tmp
C:\WINDOWS\system32\pmnlm.dll
C:\WINDOWS\system32\iifgffg.dll
C:\WINDOWS\system32\winmfu32.dll
C:\WINDOWS\system32\Chip.dll
C:\WINDOWS\system32\vssms32.exe
C:\WINDOWS\system32\drivers\oreans32.sys
C:\WINDOWS\system32\nvnsc32.exe
C:\WINDOWS\system32\uwjtinwk.dll

C:\WINDOWS\viruallty jenna.exe
C:\WINDOWS\30002.exe
C:\WINDOWS\RunDLL32.exe
C:\WINDOWS\plugin1.dat
C:\WINDOWS\PrintViewUninstall.exe

C:\Dokumente und Einstellungen\Sondermann\Lokale Einstellungen\Temp\ErrorSafeScannerSetup.exe
C:\Dokumente und Einstellungen\Sondermann\Lokale Einstellungen\Temp\!update.exe
C:\Dokumente und Einstellungen\Sondermann\Lokale Einstellungen\Temp\b124.exe
C:\Dokumente und Einstellungen\Sondermann\Lokale Einstellungen\Temp\~DFD299.tmp
C:\Dokumente und Einstellungen\Sondermann\Lokale Einstellungen\Temp\mc-110-12-0000904.exe
C:\Dokumente und Einstellungen\Sondermann\Lokale Einstellungen\Temp\installer.exe

C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006
C:\Dokumente und Einstellungen\Sondermann\Anwendungsdaten\WinAntiVirus Pro 2006
C:\Programme\Error Safe Free
C:\Programme\XoftSpy
C:\Programme\PrintView
C:\Programme\VSToolbar
C:\Dokumente und Einstellungen\Sondermann\Anwendungsdaten\SearchToolbarCorp




«

#198 Dyslex

poste das log
http://virus-protect.org/artikel/tools/combofix.html
__________
__________
MfG Sabina

rund um die PC-Sicherheit

#199 Sondermann - 06-10-04 1:40:15.56 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Dokumente und Einstellungen\Sondermann\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components
C:\Programme\Gemeinsame Dateien\{EC2D2583-0707-1031-0125-050503050031}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Dokumente und Einstellungen\Sondermann\Anwendungsdaten\DOBE~1


((((((((((((((((((((((((((((((( Files Created from 2006-09-04 to 2006-10-04 ))))))))))))))))))))))))))))))))))


2006-10-04 00:11 86,036 --a------ C:\WINDOWS\system32\pjvijalx.dll
2006-10-03 23:37 5,632 --a------ C:\WINDOWS\PrintViewUninstall.exe
2006-10-03 21:16 45,525 --a------ C:\WINDOWS\system32\rbhbamdj.dll
2006-10-01 19:19 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2006-10-01 16:26 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-10-01 16:26 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-10-01 16:11 270,848 --a------ C:\WINDOWS\Unwise32.exe
2006-09-30 12:49 45,525 --a------ C:\WINDOWS\system32\slfikiet.dll
2006-09-26 13:58 143,380 --a------ C:\WINDOWS\system32\jgyeminf.exe
2006-09-24 21:16 90,112 --a------ C:\WINDOWS\unvise32.exe
2006-09-23 21:13 720,896 --a------ C:\WINDOWS\iun6002ev.exe
2006-09-23 12:50 45,525 --a------ C:\WINDOWS\system32\skqeemqm.dll
2006-09-21 15:27 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2006-09-20 14:24 68,992 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2006-09-20 14:24 52,992 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2006-09-20 14:24 13,056 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2006-09-17 01:14 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2006-09-17 01:14 24,192 --a------ C:\WINDOWS\system32\drivers\usbsermptxp.sys
2006-09-16 17:56 89,800 --a------ C:\WINDOWS\system32\nvnsc32.exe
2006-09-16 17:53 30,182,912 C:\WINDOWSviruallty jenna.exe
2006-09-16 17:53 1,264,832 --a------ C:\WINDOWS\RunDLL32.exe
2006-09-16 17:53 1,264,832 --a------ C:\WINDOWS\30002.exe
2006-09-16 12:04 86,068 --a------ C:\WINDOWS\system32\uwjtinwk.dll
2006-09-14 22:17 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-09-14 08:27 2 --a------ C:\WINDOWS\system32\wtssvsu.exe
2006-09-13 09:48 20,480 --a------ C:\WINDOWS\system32\UnInstall_KAccess.exe
2006-09-13 09:44 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2006-09-13 09:44 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2006-09-13 09:44 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2006-09-13 09:44 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2006-09-13 09:43 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2006-09-13 09:43 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2006-09-13 09:43 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2006-09-13 09:43 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2006-09-13 09:43 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2006-09-13 09:43 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2006-09-13 09:43 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2006-09-13 09:43 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2006-09-13 09:43 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2006-09-13 09:43 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2006-09-13 09:43 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2006-09-13 09:43 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2006-09-13 09:43 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2006-09-13 09:42 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2006-09-13 09:42 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2006-09-13 09:42 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2006-09-13 09:42 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2006-09-13 09:42 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2006-09-13 09:42 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2006-09-12 21:50 102,400 --a------ C:\WINDOWS\system32\tsccvid.dll
2006-09-12 21:49 45,056 --a------ C:\WINDOWS\system32\CSvidcap.dll
2006-09-09 23:24 931,155 ---hs---- C:\WINDOWS\system32\mlnmp.ini2
2006-09-08 19:17 10,578 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2006-09-06 16:15 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2006-09-06 16:11 96,256 --a------ C:\WINDOWS\system32\drivers\sptd6605.sys
2006-09-06 16:11 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-04 01:41 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-10-04 01:39 931155 ---hs---- C:\WINDOWS\system32\mlnmp.bak2
2006-10-04 01:31 -------- d-------- C:\Programme\Mozilla Firefox
2006-10-04 01:19 -------- d-------- C:\Programme\CleanUp!
2006-10-03 23:35 -------- d-------- C:\Programme\Security Task Manager
2006-10-03 23:35 -------- d-------- C:\Dokumente und Einstellungen\Sondermann\Anwendungsdaten\Help
2006-10-03 23:00 -------- d-------- C:\Programme\Gemeinsame Dateien\Buhl Data Service
2006-10-03 22:58 -------- d-------- C:\Programme\D
2006-10-03 12:47 -------- d-------- C:\Programme\ICQLite
2006-10-01 22:30 -------- d-------- C:\Programme\Oberon Media
2006-10-01 22:29 -------- d-------- C:\Programme\FunPause Atlantis
2006-10-01 20:55 -------- d-------- C:\Programme\SHOUTcast
2006-10-01 19:19 -------- d-------- C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006
2006-10-01 19:19 -------- d-------- C:\Dokumente und Einstellungen\Sondermann\Anwendungsdaten\WinAntiVirus Pro 2006
2006-10-01 16:52 -------- d-------- C:\Programme\Winamp
2006-10-01 12:20 910681 ---hs---- C:\WINDOWS\system32\mlnmp.bak1
2006-09-30 22:54 -------- d-------- C:\Dokumente und Einstellungen\Sondermann\Anwendungsdaten\Apple Computer
2006-09-30 22:51 -------- d-------- C:\Programme\Error Safe Free
2006-09-30 21:42 -------- d-------- C:\Programme\XoftSpy
2006-09-26 13:58 -------- d-------- C:\Programme\VSToolbar
2006-09-26 13:58 -------- d-------- C:\Dokumente und Einstellungen\Sondermann\Anwendungsdaten\SearchToolbarCorp
2006-09-25 22:12 -------- d-------- C:\Programme\Die Gilde 2
2006-09-24 23:09 -------- d-------- C:\Programme\PopCap Games
2006-09-24 23:09 -------- d-------- C:\Programme\GameHouse
2006-09-24 23:08 -------- d-------- C:\Programme\Yahoo! Games
2006-09-24 11:46 -------- d-------- C:\Programme\San Andreas Mod Installer
2006-09-21 21:51 -------- d-------- C:\Programme\Gemeinsame Dateien\Oberon Media
2006-09-21 17:23 -------- d-------- C:\Programme\EA GAMES
2006-09-20 14:25 -------- d-------- C:\Dokumente und Einstellungen\Sondermann\Anwendungsdaten\Logitech
2006-09-20 14:24 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-09-20 14:24 -------- d-------- C:\Programme\Logitech
2006-09-20 14:24 -------- d-------- C:\Programme\Gemeinsame Dateien\Logitech
2006-09-18 17:16 -------- d-------- C:\Programme\Bad Day LA
2006-09-18 00:15 -------- d-------- C:\Programme\mobile PhoneTools
2006-09-17 22:13 -------- d-------- C:\Programme\LiveUpdate
2006-09-17 19:15 -------- d-------- C:\Programme\QuickTime
2006-09-17 19:14 -------- d-------- C:\Programme\Apple Software Update
2006-09-17 17:43 -------- d-------- C:\Programme\TuneUp Utilities 2006
2006-09-17 01:15 -------- d-------- C:\Programme\Avanquest update
2006-09-16 17:54 -------- d-------- C:\Programme\thriXXX
2006-09-16 17:53 30182912 --a------ C:\WINDOWS\viruallty jenna.exe
2006-09-15 22:53 -------- d-------- C:\Programme\Atari
2006-09-15 22:19 -------- d-------- C:\Programme\Elaborate Bytes
2006-09-15 22:16 -------- d-------- C:\Programme\SlySoft
2006-09-14 22:13 -------- d-------- C:\Programme\Firefly Studios
2006-09-13 22:17 -------- d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2006-09-13 22:13 -------- d---s---- C:\Dokumente und Einstellungen\Sondermann\Anwendungsdaten\Microsoft
2006-09-12 21:49 -------- d-------- C:\Programme\TechSmith
2006-09-12 20:47 -------- d-------- C:\Programme\Anti-Blaxx 1.18
2006-09-11 20:03 -------- d-------- C:\Programme\MSN Messenger
2006-09-11 19:34 -------- d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2006-09-08 22:21 -------- d-------- C:\Dokumente und Einstellungen\Sondermann\Anwendungsdaten\Hamachi
2006-09-08 20:19 -------- d-------- C:\Programme\EA SPORTS
2006-09-08 19:18 -------- d-------- C:\Programme\Hamachi
2006-09-07 23:29 -------- d-------- C:\Dokumente und Einstellungen\Sondermann\Anwendungsdaten\Sun
2006-09-07 23:28 -------- d-------- C:\Programme\Java
2006-09-07 23:27 -------- d-------- C:\Programme\Gemeinsame Dateien\Java
2006-09-06 16:50 -------- d-------- C:\Programme\Sierra
2006-09-06 16:15 -------- d-------- C:\Programme\DAEMON Tools
2006-09-03 16:40 -------- d-------- C:\Programme\Gemeinsame Dateien\AVSMedia
2006-09-03 16:40 -------- d-------- C:\Programme\AVSMedia
2006-09-03 16:37 33952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2006-08-30 20:40 -------- d-------- C:\Programme\WowCartographe
2006-08-30 17:48 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-08-30 17:47 -------- d-------- C:\Programme\Alcohol Soft
2006-08-29 23:15 -------- d-------- C:\Programme\Messenger Plus! Live
2006-08-29 14:48 573492 ---hs---- C:\WINDOWS\system32\pmnlm.dll
2006-08-29 14:42 40973 ---hs---- C:\WINDOWS\system32\iifgffg.dll
2006-08-29 14:42 18944 --a------ C:\WINDOWS\system32\winmfu32.dll
2006-08-28 23:27 -------- d-------- C:\Programme\DivX
2006-08-28 22:29 -------- d-------- C:\Programme\Gemeinsame Dateien\Jasc Software Inc
2006-08-28 22:29 -------- d-------- C:\Programme\Gemeinsame Dateien\InstallShield
2006-08-28 22:28 -------- d-------- C:\Programme\Jasc Software Inc
2006-08-28 22:28 -------- d-------- C:\Dokumente und Einstellungen\Sondermann\Anwendungsdaten\Jasc Software Inc
2006-08-28 22:26 -------- d-------- C:\Programme\WinRAR
2006-08-28 22:25 34308 --a------ C:\WINDOWS\system32\Chip.dll
2006-08-28 20:22 -------- d-------- C:\Programme\MessengerPlus! 3
2006-08-28 20:21 45640 --a------ C:\WINDOWS\system32\MsgPlusLoader.dll
2006-08-28 19:53 -------- d-------- C:\Programme\Internet Explorer
2006-08-28 16:35 1449472 ---hs---- C:\WINDOWS\system32\vssms32.exe
2006-08-27 19:26 -------- d-------- C:\Programme\World of Warcraft
2006-08-27 16:47 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-08-27 14:41 -------- d-------- C:\Programme\Gemeinsame Dateien\Blizzard Entertainment
2006-08-27 14:37 -------- d-------- C:\Programme\iColorFolder
2006-08-27 12:39 -------- d-------- C:\Dokumente und Einstellungen\Sondermann\Anwendungsdaten\ICQLite
2006-08-27 11:40 -------- d-------- C:\Programme\IncrediMail
2006-08-27 11:39 -------- d-------- C:\Dokumente und Einstellungen\Sondermann\Anwendungsdaten\Macromedia
2006-08-27 04:22 -------- d-------- C:\Programme\Realtek Sound Manager
2006-08-27 04:22 -------- d-------- C:\Programme\AvRack
2006-08-27 03:37 -------- d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared
2006-08-27 03:35 -------- d-------- C:\Programme\Symantec
2006-08-27 03:32 -------- d-------- C:\Dokumente und Einstellungen\Sondermann\Anwendungsdaten\Symantec
2006-08-27 03:07 -------- d-------- C:\Dokumente und Einstellungen\Sondermann\Anwendungsdaten\Drivelove
2006-08-27 02:17 -------- d-------- C:\Programme\Windows Script Control
2006-08-27 02:17 -------- d-------- C:\Programme\Messenger
2006-08-27 02:16 -------- d-------- C:\Programme\Outlook Express
2006-08-27 02:16 -------- d-------- C:\Programme\Gemeinsame Dateien\System
2006-08-27 01:50 -------- d-------- C:\Programme\Windows Media Player
2006-08-26 23:27 -------- d-------- C:\Programme\BitComet
2006-08-26 23:19 -------- d-------- C:\Programme\WinZip
2006-08-26 23:14 -------- d-------- C:\Dokumente und Einstellungen\Sondermann\Anwendungsdaten\TuneUp Software
2006-08-26 23:08 -------- d-------- C:\Dokumente und Einstellungen\Sondermann\Anwendungsdaten\Mozilla
2006-08-26 23:01 -------- d-------- C:\Programme\TGTSoft
2006-08-26 21:57 -------- d-------- C:\Programme\Movie Maker
2006-08-26 21:56 -------- d-------- C:\Programme\Windows NT
2006-08-26 21:56 -------- d-------- C:\Programme\NetMeeting
2006-08-26 21:50 -------- d--h----- C:\Programme\WindowsUpdate
2006-08-26 15:37 -------- d-------- C:\Programme\Marvell
2006-08-26 14:30 -------- d--h----- C:\Programme\Uninstall Information
2006-08-26 14:30 -------- d-------- C:\Dokumente und Einstellungen\Sondermann\Anwendungsdaten\Identities
2006-08-26 14:25 -------- d-------- C:\Programme\xerox
2006-08-26 14:25 -------- d-------- C:\Programme\microsoft frontpage
2006-08-26 14:24 0 -rahs---- C:\MSDOS.SYS
2006-08-26 14:24 0 -rahs---- C:\IO.SYS
2006-08-26 14:24 0 --a------ C:\CONFIG.SYS
2006-08-26 14:24 0 --a------ C:\AUTOEXEC.BAT
2006-08-26 14:23 -------- d-------- C:\Programme\Online-Dienste
2006-08-26 14:22 -------- d-------- C:\Programme\Gemeinsame Dateien\MSSoap
2006-08-26 14:22 -------- d-------- C:\Programme\Gemeinsame Dateien\Dienste
2006-08-26 14:21 -------- d-------- C:\Programme\Online Services
2006-08-26 14:21 -------- d-------- C:\Programme\MSN Gaming Zone
2006-08-26 14:21 -------- d-------- C:\Programme\MSN
2006-08-26 14:21 -------- d-------- C:\Programme\ComPlus Applications
2006-08-26 14:14 -------- d-------- C:\Programme\Gemeinsame Dateien\SpeechEngines
2006-08-26 14:14 -------- d-------- C:\Programme\Gemeinsame Dateien\ODBC
2006-08-26 14:13 62 --ahs---- C:\Dokumente und Einstellungen\Sondermann\Anwendungsdaten\desktop.ini
2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 11:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-27 04:05 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-07-27 04:05 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-07-27 04:05 192512 --a------ C:\WINDOWS\system32\dtu100.dll
2006-07-27 04:05 109568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-07-27 04:05 108544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RunDLL32"="C:\\WINDOWS\\RunDLL32.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"RunDLL32"="C:\\WINDOWS\\RunDLL32.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e7,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlm
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmfu32

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\XoftSpy.job

Completion time: 04.10.2006 1:41:54.51
ComboFix.txt

#200 Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlm
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmfu32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FWSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FWSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FWSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FWSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_FWSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FWSVC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FOPN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FOPN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FOPN
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006
HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiVirus Pro 2006
HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\WinAntiVirus Pro 2006
HKEY_LOCAL_MACHINE\SOFTWARE\SupportUninstall\WinAntiVirus Pro 2006
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B646F5E2-0A48-421d-AC91-F96C92BFC17A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E69F0D6A-1C69-4A04-8709-5EAC2019D9BE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5141620-C2B2-4d95-9F0F-134D99C87AB0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0903FECD-7F7A-4790-A819-A3CE08416732}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85C99188-BEFD-4c61-A54B-5D7CB0204C1E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B32FE740-8B67-409A-BCA8-3297263C354E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC0B8EB8-AE24-4FD6-B479-E2B464F32DA6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinAntiVirusPro2006
HKEY_LOCAL_MACHINE\Software\ErrorSafe
HKEY_CURRENT_USER\Software\ErrorSafe

Files to delete:
C:\Windows\System32\drivers\erssdd.sys
C:\WINDOWS\system32\drivers\vspf5.sys
C:\WINDOWS\system32\drivers\vspf_hk5.sys
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\av.cpl
C:\WINDOWS\Downloaded Program Files\speedtest2.dll
C:\WINDOWS\Downloaded Program Files\UERSU_0001_N91M2407NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\UWA6PU_0001_N91M2107NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERSU_0001_N91M2407NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6PU_0001_N91M2107NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERSU_0001_N91M2407NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6PU_0001_N91M2107NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UERSU_0001_N91M2407NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6PU_0001_N91M2107NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UERSU_0001_N91M2407NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA6PU_0001_N91M2107NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UERSU_0001_N91M2407NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWA6PU_0001_N91M2107NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWA6PU_0001_N91M2107NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWA6PU_0001_N91M2107NetInstaller.exe
C:\WINDOWS\PrintViewUninstall.exe
C:\WINDOWS\system32\SpOrder.dll
C:\WINDOWS\system32\mlnmp.ini2
C:\WINDOWS\system32\mlnmp.bak2
C:\WINDOWS\system32\pjvijalx.dll
C:\WINDOWS\system32\rbhbamdj.dll
C:\WINDOWS\system32\stera.job
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\mlnmp.bak1
C:\WINDOWS\system32\slfikiet.dll
C:\WINDOWS\system32\url.dat
C:\WINDOWS\system32\jgyeminf.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\skqeemqm.dll
C:\WINDOWS\system32\plugin1.dat
C:\WINDOWS\system32\uwjtinwk.dll
C:\WINDOWS\system32\wtssvsu.exe
C:\WINDOWS\system32\mlnmp.ini
C:\WINDOWS\system32\mlnmp.tmp
C:\WINDOWS\system32\pmnlm.dll
C:\WINDOWS\system32\iifgffg.dll
C:\WINDOWS\system32\winmfu32.dll
C:\WINDOWS\system32\Chip.dll
C:\WINDOWS\system32\vssms32.exe
C:\WINDOWS\system32\drivers\oreans32.sys
C:\WINDOWS\system32\nvnsc32.exe
C:\WINDOWS\system32\uwjtinwk.dll
C:\WINDOWS\viruallty jenna.exe
C:\WINDOWS\30002.exe
C:\WINDOWS\RunDLL32.exe
C:\WINDOWS\plugin1.dat
C:\WINDOWS\PrintViewUninstall.exe
C:\Dokumente und Einstellungen\Sondermann\Lokale Einstellungen\Temp\ErrorSafeScannerSetup.exe
C:\Dokumente und Einstellungen\Sondermann\Lokale Einstellungen\Temp\!update.exe
C:\Dokumente und Einstellungen\Sondermann\Lokale Einstellungen\Temp\b124.exe
C:\Dokumente und Einstellungen\Sondermann\Lokale Einstellungen\Temp\~DFD299.tmp
C:\Dokumente und Einstellungen\Sondermann\Lokale Einstellungen\Temp\mc-110-12-0000904.exe
C:\Dokumente und Einstellungen\Sondermann\Lokale Einstellungen\Temp\installer.exe

Folders to delete:
C:\Programme\WinAntiVirus Pro 2006
C:\Programme\Common Files\Companion Wizard
C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006
C:\Dokumente und Einstellungen\Sondermann\Anwendungsdaten\WinAntiVirus Pro 2006
C:\Programme\Error Safe Free
C:\Programme\XoftSpy
C:\Programme\PrintView
C:\Programme\VSToolbar
C:\Dokumente und Einstellungen\Sondermann\Anwendungsdaten\SearchToolbarCorp

poste das log vom avenger, was nach neustart erscheint

------
««
cleanup anwenden
http://virus-protect.org/cleanup.html

««
Start - Programme - Zubehör - Systemprogramme - Datenträgerbereinigung
- Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k.
- Click:Temporäre Dateien, o.k

««
Klicke: Start -Ausfuehren- schreib rein: cmd
dann kopiere in das schwarze DOS-Fenster:

Zitat

del %windir%\temp\*.* /f

klicke "enter"
schreibe Y

-----------------------------------------------------

**
scanne, stelle nach dem scan alles auf remove und poste den scanreport
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit

#201 //////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CURRENT_USER\Software\ErrorSafe


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\gecfolyq

*******************

Script file located at: \??\C:\wlgqfqmc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FWSvc not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FWSvc failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FWSvc
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FWSvc not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FWSvc failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FWSvc
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FWSvc not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FWSvc failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FWSvc
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FWSVC not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FWSVC failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FWSVC
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_FWSVC not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_FWSVC failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_FWSVC
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FWSVC not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FWSVC failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FWSVC
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FOPN not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FOPN failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FOPN
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FOPN not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FOPN failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FOPN
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FOPN not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FOPN failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FOPN
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN
Status: 0xc0000034



File C:\Windows\System32\drivers\erssdd.sys not found!
Deletion of file C:\Windows\System32\drivers\erssdd.sys failed!

Could not process line:
C:\Windows\System32\drivers\erssdd.sys
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\vspf5.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\vspf5.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\vspf5.sys
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\vspf_hk5.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\vspf_hk5.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\vspf_hk5.sys
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\fopn.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\fopn.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\fopn.sys
Status: 0xc0000034



File C:\WINDOWS\system32\av.cpl not found!
Deletion of file C:\WINDOWS\system32\av.cpl failed!

Could not process line:
C:\WINDOWS\system32\av.cpl
Status: 0xc0000034

File C:\WINDOWS\Downloaded Program Files\speedtest2.dll deleted successfully.
File C:\WINDOWS\Downloaded Program Files\UERSU_0001_N91M2407NetInstaller.exe deleted successfully.
File C:\WINDOWS\Downloaded Program Files\UWA6PU_0001_N91M2107NetInstaller.exe deleted successfully.
File C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERSU_0001_N91M2407NetInstaller.exe deleted successfully.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6PU_0001_N91M2107NetInstaller.exe deleted successfully.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERSU_0001_N91M2407NetInstaller.exe deleted successfully.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6PU_0001_N91M2107NetInstaller.exe deleted successfully.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UERSU_0001_N91M2407NetInstaller.exe deleted successfully.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6PU_0001_N91M2107NetInstaller.exe deleted successfully.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UERSU_0001_N91M2407NetInstaller.exe deleted successfully.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA6PU_0001_N91M2107NetInstaller.exe deleted successfully.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UERSU_0001_N91M2407NetInstaller.exe deleted successfully.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWA6PU_0001_N91M2107NetInstaller.exe deleted successfully.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWA6PU_0001_N91M2107NetInstaller.exe deleted successfully.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWA6PU_0001_N91M2107NetInstaller.exe deleted successfully.
File C:\WINDOWS\PrintViewUninstall.exe deleted successfully.
File C:\WINDOWS\system32\SpOrder.dll deleted successfully.
File C:\WINDOWS\system32\mlnmp.ini2 deleted successfully.
File C:\WINDOWS\system32\mlnmp.bak2 deleted successfully.
File C:\WINDOWS\system32\pjvijalx.dll deleted successfully.
File C:\WINDOWS\system32\rbhbamdj.dll deleted successfully.
File C:\WINDOWS\system32\stera.job deleted successfully.
File C:\WINDOWS\system32\stera.log deleted successfully.
File C:\WINDOWS\system32\mlnmp.bak1 deleted successfully.
File C:\WINDOWS\system32\slfikiet.dll deleted successfully.
File C:\WINDOWS\system32\url.dat deleted successfully.
File C:\WINDOWS\system32\jgyeminf.exe deleted successfully.
File C:\WINDOWS\system32\mcrh.tmp deleted successfully.
File C:\WINDOWS\system32\skqeemqm.dll deleted successfully.
File C:\WINDOWS\system32\plugin1.dat deleted successfully.
File C:\WINDOWS\system32\uwjtinwk.dll deleted successfully.
File C:\WINDOWS\system32\wtssvsu.exe deleted successfully.
File C:\WINDOWS\system32\mlnmp.ini deleted successfully.
File C:\WINDOWS\system32\mlnmp.tmp deleted successfully.
File C:\WINDOWS\system32\pmnlm.dll deleted successfully.
File C:\WINDOWS\system32\iifgffg.dll deleted successfully.
File C:\WINDOWS\system32\winmfu32.dll deleted successfully.
File C:\WINDOWS\system32\Chip.dll deleted successfully.
File C:\WINDOWS\system32\vssms32.exe deleted successfully.
File C:\WINDOWS\system32\drivers\oreans32.sys deleted successfully.
File C:\WINDOWS\system32\nvnsc32.exe deleted successfully.


File C:\WINDOWS\system32\uwjtinwk.dll not found!
Deletion of file C:\WINDOWS\system32\uwjtinwk.dll failed!

Could not process line:
C:\WINDOWS\system32\uwjtinwk.dll
Status: 0xc0000034

File C:\WINDOWS\viruallty jenna.exe deleted successfully.
File C:\WINDOWS\30002.exe deleted successfully.
File C:\WINDOWS\RunDLL32.exe deleted successfully.
File C:\WINDOWS\plugin1.dat deleted successfully.


File C:\WINDOWS\PrintViewUninstall.exe not found!
Deletion of file C:\WINDOWS\PrintViewUninstall.exe failed!

Could not process line:
C:\WINDOWS\PrintViewUninstall.exe
Status: 0xc0000034



File C:\Dokumente und Einstellungen\Sondermann\Lokale Einstellungen\Temp\ErrorSafeScannerSetup.exe not found!
Deletion of file C:\Dokumente und Einstellungen\Sondermann\Lokale Einstellungen\Temp\ErrorSafeScannerSetup.exe failed!

Could not process line:
C:\Dokumente und Einstellungen\Sondermann\Lokale Einstellungen\Temp\ErrorSafeScannerSetup.exe
Status: 0xc0000034



File C:\Dokumente und Einstellungen\Sondermann\Lokale Einstellungen\Temp\!update.exe not found!
Deletion of file C:\Dokumente und Einstellungen\Sondermann\Lokale Einstellungen\Temp\!update.exe failed!

Could not process line:
C:\Dokumente und Einstellungen\Sondermann\Lokale Einstellungen\Temp\!update.exe
Status: 0xc0000034



File C:\Dokumente und Einstellungen\Sondermann\Lokale Einstellungen\Temp\b124.exe not found!
Deletion of file C:\Dokumente und Einstellungen\Sondermann\Lokale Einstellungen\Temp\b124.exe failed!

Could not process line:
C:\Dokumente und Einstellungen\Sondermann\Lokale Einstellungen\Temp\b124.exe
Status: 0xc0000034



File C:\Dokumente und Einstellungen\Sondermann\Lokale Einstellungen\Temp\~DFD299.tmp not found!
Deletion of file C:\Dokumente und Einstellungen\Sondermann\Lokale Einstellungen\Temp\~DFD299.tmp failed!

Could not process line:
C:\Dokumente und Einstellungen\Sondermann\Lokale Einstellungen\Temp\~DFD299.tmp
Status: 0xc0000034



File C:\Dokumente und Einstellungen\Sondermann\Lokale Einstellungen\Temp\mc-110-12-0000904.exe not found!
Deletion of file C:\Dokumente und Einstellungen\Sondermann\Lokale Einstellungen\Temp\mc-110-12-0000904.exe failed!

Could not process line:
C:\Dokumente und Einstellungen\Sondermann\Lokale Einstellungen\Temp\mc-110-12-0000904.exe
Status: 0xc0000034



File C:\Dokumente und Einstellungen\Sondermann\Lokale Einstellungen\Temp\installer.exe not found!
Deletion of file C:\Dokumente und Einstellungen\Sondermann\Lokale Einstellungen\Temp\installer.exe failed!

Could not process line:
C:\Dokumente und Einstellungen\Sondermann\Lokale Einstellungen\Temp\installer.exe
Status: 0xc0000034



Folder C:\Programme\WinAntiVirus Pro 2006 not found!
Deletion of folder C:\Programme\WinAntiVirus Pro 2006 failed!

Could not process line:
C:\Programme\WinAntiVirus Pro 2006
Status: 0xc0000034



Could not open folder C:\Programme\Common Files\Companion Wizard for deletion
Deletion of folder C:\Programme\Common Files\Companion Wizard failed!

Could not process line:
C:\Programme\Common Files\Companion Wizard
Status: 0xc000003a

Folder C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006 deleted successfully.
Folder C:\Dokumente und Einstellungen\Sondermann\Anwendungsdaten\WinAntiVirus Pro 2006 deleted successfully.
Folder C:\Programme\Error Safe Free deleted successfully.
Folder C:\Programme\XoftSpy deleted successfully.


Folder C:\Programme\PrintView not found!
Deletion of folder C:\Programme\PrintView failed!

Could not process line:
C:\Programme\PrintView
Status: 0xc0000034

Folder C:\Programme\VSToolbar deleted successfully.
Folder C:\Dokumente und Einstellungen\Sondermann\Anwendungsdaten\SearchToolbarCorp deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnlm deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmfu32 deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiVirus Pro 2006 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiVirus Pro 2006 failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1 failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\WinAntiVirus Pro 2006 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\WinAntiVirus Pro 2006 failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SupportUninstall\WinAntiVirus Pro 2006 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\SupportUninstall\WinAntiVirus Pro 2006 failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F} deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B646F5E2-0A48-421d-AC91-F96C92BFC17A} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B646F5E2-0A48-421d-AC91-F96C92BFC17A} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E69F0D6A-1C69-4A04-8709-5EAC2019D9BE} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E69F0D6A-1C69-4A04-8709-5EAC2019D9BE} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5141620-C2B2-4d95-9F0F-134D99C87AB0} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5141620-C2B2-4d95-9F0F-134D99C87AB0} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0903FECD-7F7A-4790-A819-A3CE08416732} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0903FECD-7F7A-4790-A819-A3CE08416732} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85C99188-BEFD-4c61-A54B-5D7CB0204C1E} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85C99188-BEFD-4c61-A54B-5D7CB0204C1E} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B32FE740-8B67-409A-BCA8-3297263C354E} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B32FE740-8B67-409A-BCA8-3297263C354E} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235} deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC0B8EB8-AE24-4FD6-B479-E2B464F32DA6} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC0B8EB8-AE24-4FD6-B479-E2B464F32DA6} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinAntiVirusPro2006 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinAntiVirusPro2006 failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\Software\ErrorSafe not found!
Deletion of registry key HKEY_LOCAL_MACHINE\Software\ErrorSafe failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

#202 **
cleanup anwenden
http://virus-protect.org/cleanup.html

**
Start - Programme - Zubehör - Systemprogramme - Datenträgerbereinigung
- Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k.
- Click:Temporäre Dateien, o.k

**
loesche das backup vom avenger unter c:\Avenger\backup.zip

**
leere den papierkorb

**
scanne, stelle nach dem scan alles auf remove und poste den scanreport
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit

#203 Ich denke es hat sich jetzt wieder alles erledigt !!
Vielen, vielen dank für die gute Hilfe !

#204 Hallo Sabina,

habe leider das selbe Problem wie so viele hier und ich bin am verzweifeln.
Mein Norton spuckt mir ständig neue Warnmeldungen über Dialer.Trojan aus.
Heute hat die Firewall sogar Adware Purityscan gefunden. Ich weiß nicht so genau was ich tun soll.

Habe schon mal den Scan mit hijack this gemacht und auch die liste.bat.

Ich schicke sie einfach mal mit.

logfile-----------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 22:29:23, on 24.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\STRONG~1\StrDisk.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\sokscmpn.exe
C:\Programme\Winamp 5\winampa.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\Programme\Microsoft Office\Office\MSOFFICE.EXE
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\sokscmnt.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe
C:\PROGRAMME\MOZILLA FIREFOX\FIREFOX.EXE
C:\Programme\Spyware Doctor\sdhelp.exe
C:\Programme\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\NORTON~2\navw32.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\Rolf Möller\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.t-online.de/service/redir/tosw6_sc_webtour.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [StrongDisk] C:\PROGRA~1\STRONG~1\StrDisk.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CHIPDRIVEPinManager] C:\WINDOWS\system32\sokscmpn.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp 5\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Microsoft Office Shortcut-Leiste.Lnk = C:\Programme\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O4 - Global Startup: Mountit.lnk = C:\Programme\Roxio\WinOnCD 6 PE\MountIt.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136304321796
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB3E6299-C568-4BF5-989E-EEA6B108C533}: NameServer = 217.237.150.188 217.237.151.161
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjgf32 - C:\WINDOWS\SYSTEM32\winjgf32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: CHIPDRIVE Smartcard Office Kernel (SCM_Smart_Card_Office_Kernel) - SCM Microsystems - C:\WINDOWS\system32\sokscmnt.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe

bat datei--------------------------------

Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: F0A6-A3A7

Verzeichnis von C:\WINDOWS\Downloaded Program Files

28.12.2004 18:22 <DIR> .
28.12.2004 18:22 <DIR> ..
20.01.2000 15:25 1.162 Microsoft XML Parser for Java.osd
14.10.1997 18:52 697 DirectAnimation Java Classes.osd
26.05.2005 04:19 291 wuweb.inf
03.11.2005 20:24 495 LegitCheckControl.inf
22.06.2006 11:41 5.032 swflash.inf
5 Datei(en) 7.677 Bytes
2 Verzeichnis(se), 13.352.992.768 Bytes frei
Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: F0A6-A3A7

Verzeichnis von C:\Dokumente und Einstellungen\Rolf M”ller\Lokale Einstellungen\Temp

28.12.2004 18:26 <DIR> .
28.12.2004 18:26 <DIR> ..
22.10.2006 17:07 3.691 hph2
22.10.2006 21:19 3.691 hph5
21.10.2006 15:05 3.691 hph3
22.10.2006 12:16 3.691 hph4
24.10.2006 21:40 <DIR> WPDNSE
23.10.2006 14:58 3.691 hph6
23.10.2006 20:31 3.691 hph7
23.10.2006 20:40 0 ui852.tmp
24.10.2006 21:49 2.674 jusched.log
22.10.2006 21:52 16.384 ~DFEF9A.tmp
23.10.2006 20:44 1.164 wmplog00.sqm
22.10.2006 21:52 16.384 ~DF106A.tmp
24.10.2006 09:39 3.691 hph8
24.10.2006 13:03 3.691 hph9
24.10.2006 15:37 16.384 ~DF6E7A.tmp
23.10.2006 20:38 832 java_install_reg.log
22.10.2006 21:52 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}1794.html
23.10.2006 16:38 2.048.000 Acr111.tmp
24.10.2006 21:39 3.691 hph10
24.10.2006 21:46 16.384 Perflib_Perfdata_5f4.dat
16.06.2006 19:37 72.884 _iu14D2N.tmp
24.10.2006 21:58 <DIR> is-E6BKB.tmp
20.10.2006 04:44 127 DFC5A2B2.TMP
24.10.2006 22:16 16.384 Perflib_Perfdata_2c0.dat
24.10.2006 22:19 724 scan0.sca
16.02.2005 11:06 218.112 HijackThis.exe
24.10.2006 22:21 16.384 ~DFB316.tmp
25 Datei(en) 2.477.023 Bytes
4 Verzeichnis(se), 13.352.992.768 Bytes frei
Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: F0A6-A3A7

Verzeichnis von C:\WINDOWS\Temp

14.10.2006 18:07 <DIR> .
14.10.2006 18:07 <DIR> ..
24.10.2006 11:05 0 win128.tmp
24.10.2006 10:43 33.280 win113.tmp.exe
24.10.2006 11:07 0 win129.tmp
24.10.2006 11:09 0 win12A.tmp
24.10.2006 11:11 0 win12B.tmp
24.10.2006 13:03 0 win44.tmp
24.10.2006 13:03 0 win45.tmp
24.10.2006 13:03 0 win68.tmp
24.10.2006 13:05 0 win6B.tmp
24.10.2006 13:05 0 win6C.tmp
24.10.2006 13:05 0 win8E.tmp
24.10.2006 13:07 1.220 win9C.tmp
24.10.2006 10:25 0 win94.tmp
24.10.2006 10:25 0 win95.tmp
24.10.2006 10:27 0 win96.tmp
24.10.2006 10:27 0 win97.tmp
24.10.2006 10:27 0 win98.tmp
24.10.2006 10:29 0 win99.tmp
24.10.2006 10:29 0 win9A.tmp
24.10.2006 10:29 0 win9B.tmp
24.10.2006 10:31 1.220 winA2.tmp
24.10.2006 10:31 184.689 winA3.tmp.exe
24.10.2006 10:31 0 winA4.tmp
738 Datei(en) 405.109 Bytes
2 Verzeichnis(se), 13.351.944.192 Bytes frei
Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: F0A6-A3A7

Verzeichnis von C:\

Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: F0A6-A3A7

Verzeichnis von C:\Programme

28.12.2004 18:02 <DIR> .
28.12.2004 18:02 <DIR> ..
28.12.2004 18:02 <DIR> Gemeinsame Dateien
28.12.2004 18:19 <DIR> Windows NT
28.12.2004 18:19 <DIR> MSN
28.12.2004 18:19 <DIR> MSN Gaming Zone
28.12.2004 18:20 <DIR> Windows Media Player
28.12.2004 18:20 <DIR> Online Services
28.12.2004 18:20 <DIR> ComPlus Applications
28.12.2004 18:20 <DIR> Internet Explorer
28.12.2004 18:20 <DIR> Outlook Express
28.12.2004 18:20 <DIR> NetMeeting
28.12.2004 18:20 <DIR> Movie Maker
28.12.2004 18:21 <DIR> Online-Dienste
28.12.2004 18:23 <DIR> microsoft frontpage
28.12.2004 18:23 <DIR> xerox
28.12.2004 18:28 <DIR> Roxio
28.12.2004 18:33 <DIR> Analog Devices
28.12.2004 18:35 <DIR> Intel
28.12.2004 18:38 <DIR> ATI Technologies
28.12.2004 19:07 <DIR> Jasc Software Inc
28.12.2004 19:08 <DIR> Dell Computer
28.12.2004 19:17 <DIR> PowerDVD
28.12.2004 19:19 <DIR> Sonic
28.12.2004 19:19 <DIR> Sonic MyDVD
28.12.2004 19:37 <DIR> Microsoft Office
28.12.2004 19:39 <DIR> Windows Messaging
28.12.2004 20:22 <DIR> StrongDisk
28.12.2004 23:16 <DIR> Microsoft Visual Studio
28.12.2004 23:21 <DIR> Microsoft Works
28.12.2004 23:25 <DIR> Adobe
28.12.2004 23:25 <DIR> AudioCatalyst
28.12.2004 23:29 <DIR> Winamp 5
28.12.2004 23:29 <DIR> WinZip
29.12.2004 00:13 <DIR> hp photosmart
29.12.2004 00:33 <DIR> MovieJack DVD XL
28.12.2005 18:44 <DIR> Elaborate Bytes
28.12.2005 18:50 <DIR> MUSICMATCH
03.01.2006 16:33 <DIR> Symantec
03.01.2006 16:33 <DIR> Norton Personal Firewall
03.01.2006 16:41 <DIR> Norton AntiVirus
03.01.2006 16:48 <DIR> T-Online
03.01.2006 18:47 <DIR> messenger
04.01.2006 01:14 <DIR> ICQLite
06.01.2006 16:53 <DIR> StarMoney 4.0 S-Edition
06.01.2006 16:54 <DIR> MSXML 4.0
06.01.2006 16:56 <DIR> CHIPDRIVE
06.01.2006 16:56 <DIR> SCM Microsystems
16.02.2006 17:31 <DIR> Citrix
09.03.2006 13:00 <DIR> FVL
10.03.2006 09:37 <DIR> StarMoney 5.0 S-Edition
10.03.2006 10:18 <DIR> xp-AntiSpy
13.03.2006 00:50 <DIR> Mozilla Firefox
23.04.2006 17:17 <DIR> Java
09.05.2006 14:17 <DIR> Sony Ericsson K750i
16.06.2006 19:37 <DIR> NetPumper
16.06.2006 19:37 <DIR> Anti-Leech
16.06.2006 21:25 <DIR> WinRAR
17.06.2006 16:27 <DIR> DivX
17.06.2006 17:09 <DIR> K-Lite Codec Pack
06.07.2006 19:22 <DIR> DATA BECKER
05.08.2006 16:55 <DIR> iTunes
05.08.2006 16:55 <DIR> iPod
05.08.2006 16:55 <DIR> QuickTime
01.09.2006 18:13 <DIR> BEWERBUNGS-MASTER
13.10.2006 13:45 <DIR> 1-abc
13.10.2006 14:37 <DIR> SlySoft
22.10.2006 13:21 <DIR> CCleaner
24.10.2006 21:59 <DIR> Spyware Doctor
0 Datei(en) 0 Bytes
69 Verzeichnis(se), 13.352.960.000 Bytes frei
Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: F0A6-A3A7

Verzeichnis von C:\Dokumente und Einstellungen\Rolf M”ller\Anwendungsdaten

28.12.2004 18:26 <DIR> .
28.12.2004 18:26 <DIR> ..
28.12.2004 18:26 <DIR> Identities
28.12.2004 23:15 <DIR> Microsoft Web Folders
28.12.2005 18:12 <DIR> Adobe
28.12.2005 18:40 <DIR> Help
28.12.2005 18:58 <DIR> CyberLink
03.01.2006 16:33 <DIR> Symantec
03.01.2006 16:47 <DIR> Macromedia
03.01.2006 16:49 <DIR> T-Online
04.01.2006 01:14 <DIR> ICQLite
10.01.2006 12:33 <DIR> AdobeUM
09.02.2006 18:20 <DIR> Leadertech
13.03.2006 00:51 <DIR> Mozilla
23.04.2006 17:19 <DIR> Sun
26.04.2006 12:52 <DIR> PC Suite
23.05.2006 14:13 <DIR> Petroglyph
16.06.2006 19:38 <DIR> NetPumper
17.06.2006 17:09 <DIR> Real
17.06.2006 17:10 <DIR> Media Player Classic
15.07.2006 22:07 <DIR> Roxio
05.08.2006 16:56 <DIR> Apple Computer
24.10.2006 21:59 <DIR> PC Tools
0 Datei(en) 0 Bytes
23 Verzeichnis(se), 13.352.960.000 Bytes frei
Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: F0A6-A3A7

Verzeichnis von C:\Programme\Gemeinsame Dateien

28.12.2004 18:02 <DIR> .
28.12.2004 18:02 <DIR> ..
28.12.2004 18:02 <DIR> Microsoft Shared
28.12.2004 18:02 <DIR> SpeechEngines
28.12.2004 18:02 <DIR> ODBC
28.12.2004 18:20 <DIR> System
28.12.2004 18:21 <DIR> MSSoap
28.12.2004 18:21 <DIR> Dienste
28.12.2004 18:28 <DIR> InstallShield
28.12.2004 18:28 <DIR> Adaptec Shared
28.12.2004 23:16 <DIR> Designer
28.12.2004 23:25 <DIR> Xing Shared
29.12.2004 00:32 <DIR> Wise Installation Wizard
28.12.2005 18:08 <DIR> Adobe
02.01.2006 23:21 <DIR> ROXIO
02.01.2006 23:21 <DIR> Roxio Shared
03.01.2006 16:33 <DIR> Symantec Shared
25.01.2006 20:33 <DIR> Bcgsoft
12.02.2006 23:42 <DIR> NSV
21.03.2006 21:20 <DIR> Teleca Shared
23.04.2006 17:15 <DIR> Java
23.08.2006 16:08 <DIR> Marmiko Shared
0 Datei(en) 0 Bytes
22 Verzeichnis(se), 13.352.960.000 Bytes frei


Ich hoffe Ihr konnt mir weiter helfen.

MFG Andy

#205 Andy1984

stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit

#206 Hallo Sabina, vielen Dank für die schnelle Hilfe!

Habe Hier die Dateien


-------------------------1 LOG

Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: F0A6-A3A7

Verzeichnis von C:\WINDOWS\system32

25.10.2006 20:09 22.331 ffastlog.txt
25.10.2006 20:09 2.206 wpa.dbl
25.10.2006 20:03 11.808 ikhcore.log
13.10.2006 13:16 18.432 winjgf32.dll
04.10.2006 22:03 9.639.336 MRT.exe
24.09.2006 21:30 14.848 BASSMOD.dll
15.09.2006 22:04 48.816 S32EVNT1.DLL
13.09.2006 07:02 1.084.416 msxml3.dll
04.09.2006 08:12 1.494.016 shdocvw.dll
28.08.2006 00:55 181.832 FNTCACHE.DAT
25.08.2006 17:46 617.472 comctl32.dll
21.08.2006 14:26 16.896 fltlib.dll
21.08.2006 11:14 23.040 fltmc.exe
16.08.2006 13:58 100.352 6to4svc.dll
07.08.2006 16:02 534.208 SymNeti.dll
07.08.2006 16:02 161.472 SymRedir.dll
03.08.2006 17:34 466.944 capicom.dll
28.07.2006 13:28 3.075.072 mshtml.dll
27.07.2006 15:25 679.424 inetcomm.dll
25.07.2006 22:33 615.936 urlmon.dll
21.07.2006 10:29 72.704 hlink.dll
17.07.2006 16:05 723.744 PerfStringBackup.INI
17.07.2006 16:05 316.594 perfh007.dat
17.07.2006 16:05 311.604 perfh009.dat
17.07.2006 16:05 39.992 perfc009.dat
17.07.2006 16:05 48.156 perfc007.dat
14.07.2006 17:38 332.288 netapi32.dll
14.07.2006 17:25 546.304 hhctrl.ocx
13.07.2006 15:34 8.494.592 shell32.dll
05.07.2006 12:55 1.057.792 kernel32.dll

-------------------------2 LOG

Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: F0A6-A3A7

Verzeichnis von C:\DOKUME~1\ROLFM™~1\LOKALE~1\Temp

25.10.2006 20:09 16.384 Perflib_Perfdata_23c.dat
04.10.2006 09:23 668 datFind.bat
2 Datei(en) 17.052 Bytes
0 Verzeichnis(se), 13.413.777.408 Bytes frei

-------------------------3 LOG

Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: F0A6-A3A7

Verzeichnis von C:\WINDOWS

25.10.2006 20:10 1.949 win.ini
25.10.2006 20:06 1.811.892 WindowsUpdate.log
25.10.2006 20:05 0 0.log
25.10.2006 20:03 2.048 bootstat.dat
25.10.2006 20:02 32.636 SchedLgU.Txt
24.10.2006 11:11 1.767 setupapi.log
15.10.2006 17:24 1.976 cdPlayer.ini
05.10.2006 23:35 54.156 QTFont.qfn
22.09.2006 12:35 1.409 QTFont.for
11.09.2006 00:27 8.496 cddabase.ini
11.09.2006 00:23 99 WINONCD.INI
01.09.2006 18:12 167.936 Setup1.exe
01.09.2006 18:12 74.752 ST6UNST.EXE
31.08.2006 20:57 2.637 WOC_CDDA.ini
27.08.2006 17:27 41.420 _6F19D7E.TTF
08.08.2006 15:49 1.030.804 setupapi.log.0.old
26.07.2006 21:49 8.192 Rolf M”ller.pcb

-------------------------4 LOG

Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: F0A6-A3A7

Verzeichnis von C:\WINDOWS\Temp

25.10.2006 20:15 0 win12.tmp
1 Datei(en) 0 Bytes
0 Verzeichnis(se), 13.413.515.264 Bytes frei

-------------------------5 LOG

Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: F0A6-A3A7

Verzeichnis von C:\WINDOWS\Downloaded Program Files

22.06.2006 11:41 5.032 swflash.inf
03.11.2005 20:24 495 LegitCheckControl.inf
26.05.2005 04:19 291 wuweb.inf
28.12.2004 18:22 65 desktop.ini
20.01.2000 15:25 1.162 Microsoft XML Parser for Java.osd
14.10.1997 18:52 697 DirectAnimation Java Classes.osd
6 Datei(en) 7.742 Bytes
0 Verzeichnis(se), 13.413.482.496 Bytes frei

-------------------------6 LOG

Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: F0A6-A3A7

Verzeichnis von C:\

25.10.2006 20:17 0 sys.txt
25.10.2006 20:16 585 down.txt
25.10.2006 20:16 267 tmp.txt
25.10.2006 20:15 4.662 system.txt
25.10.2006 20:14 350 systemtemp.txt
25.10.2006 20:12 108.464 system32.txt
25.10.2006 20:03 805.306.368 pagefile.sys
24.10.2006 22:33 44.157 files.txt
05.10.2006 19:43 32.148 devicetable.log
09.05.2006 14:27 104.436 USBFLASH.log
09.05.2006 14:27 447 WMCHandler.log
03.01.2006 18:48 211 boot.ini
03.01.2006 18:42 47.564 NTDETECT.COM
03.01.2006 18:42 251.184 ntldr
03.01.2006 16:49 344 TO_InstallLog.txt
28.12.2004 19:40 77.824 ffastun.ffo
28.12.2004 19:40 1.679.360 ffastun0.ffx
28.12.2004 19:40 122.880 ffastun.ffl
28.12.2004 19:40 5.662 ffastun.ffa
28.12.2004 18:22 0 MSDOS.SYS
28.12.2004 18:22 0 IO.SYS
28.12.2004 18:22 0 AUTOEXEC.BAT
28.12.2004 18:22 0 CONFIG.SYS
11.09.2002 17:33 4.952 bootfont.bin
24 Datei(en) 807.791.865 Bytes
0 Verzeichnis(se), 13.413.449.728 Bytes frei

MFG Andy

#207 Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winjgf32

Files to delete:
C:\WINDOWS\system32\winjgf32.dll

Folders to delete:
C:\Programme\NetPumper
C:\Programme\Anti-Leech
C:\Dokumente und Einstellungen\Rolf Möller\Anwendungsdaten\NetPumper

Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

**
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

O20 - Winlogon Notify: winjgf32 - C:\WINDOWS\SYSTEM32\winjgf32.dll

PC neustarten

**
neue Startseite
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein

**
scanne, stelle alles auf "remove" und poste den scanreport
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit

#208 Hi Sabina,

hätte nicht gedacht, dass so viel betroffen ist... Norton hat ja gar nix gefunden.

Vielen, vielen dank erst mal.

Hier noch die Details...

Spyware Scan Details


Start Date: 28.10.2006 16:25:10
End Date: 28.10.2006 18:11:51
Total Time: 1 hrs 46 mins 41 secs

Detected spyware

Trojan.Smitfraud Trojan more information...
Details: Trojan.Smitfraud is a group of programs that are used to download rogue security products and change the user's desktop to display false warnings that the computer is infected with spyware.
Status: Deleted

Infected files detected
c:\windows\system32\ishost.exe
c:\windows\system32\ismini.exe

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run ishost.exe ishost.exe


Packed.Win32.Klone.g Trojan more information...
Status: Deleted

Infected files detected
c:\windows\temp\win13.tmp
c:\windows\temp\wina.tmp
C:\WINDOWS\Temp\win113.tmp.exe


ClickSpring.PuritySCAN Adware (General) more information...
Details: PurityScan is an ad supported program that scans the user's Internet Explorer files, including browser cache, cookies and history for pornographic/adult related words and allows the user to delete them.
Status: Deleted

Infected files detected
C:\Programme\Gemeinsame Dateien\Yazzle1162OinAdmin.exe
C:\System Volume Information\_restore{1B67CA8A-22C4-4EEE-BD06-133CD42664AD}\RP287\A0034547.exe


Yazzle Components Misc (General) more information...
Details: Yazzle Components includes software that is used by multiple applications from Clickspring, LLC, the authors of Yazzle applications such as Yazzle Sudoku, Cowabanga and Snowball Wars.
Status: Deleted

Infected files detected
C:\Programme\Gemeinsame Dateien\Yazzle1162OinUninstaller.exe
C:\System Volume Information\_restore{1B67CA8A-22C4-4EEE-BD06-133CD42664AD}\RP287\A0034548.exe

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1162Oin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1162Oin DisplayName OIN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1162Oin UninstallString "C:\Programme\Gemeinsame Dateien\Yazzle1162OinUninstaller.exe"


NetPumper Adware Bundler more information...
Details: Bundles with a number of adware components.
Status: Deleted

Infected files detected
C:\System Volume Information\_restore{1B67CA8A-22C4-4EEE-BD06-133CD42664AD}\RP287\A0034578.exe
C:\System Volume Information\_restore{1B67CA8A-22C4-4EEE-BD06-133CD42664AD}\RP287\A0034581.dll
C:\System Volume Information\_restore{1B67CA8A-22C4-4EEE-BD06-133CD42664AD}\RP287\A0034582.dll
C:\System Volume Information\_restore{1B67CA8A-22C4-4EEE-BD06-133CD42664AD}\RP287\A0034583.dll
C:\System Volume Information\_restore{1B67CA8A-22C4-4EEE-BD06-133CD42664AD}\RP287\A0034584.exe
C:\System Volume Information\_restore{1B67CA8A-22C4-4EEE-BD06-133CD42664AD}\RP287\A0034585.exe
C:\System Volume Information\_restore{1B67CA8A-22C4-4EEE-BD06-133CD42664AD}\RP287\A0034586.dll

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free\Firstrun state 2
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free state 2
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free pkid Amaretto
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free alid
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free iid {04763CFB-E45F-4976-ADE0-7D2C243C297D}
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper VersionInfo sCEBfTf5tihI0JDOVjR-V2M4b8AchBKRURW+XEF+N+qd6J0ovbwi7oPPzjEBOKKouMFmrQ8Da0ydJrvCCwNeC6+YYhaTm6isUiPOqhD0ASOVUO2cRH2+-dOfnpq+KIIqzJzGPrFZJHxziHaQ3z2rUiae2F4BxyIWV7GqQpuqX+BpSGY2orDSjIgFri6TxI8gUY3lmkFTEpSU
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib {1145A909-A836-44B8-B03A-48D858B0F43E}
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib Version 1.2
HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B} IAddUrl
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib {1145A909-A836-44B8-B03A-48D858B0F43E}
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib Version 1.2
HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000} IAddPackage
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\TypeLib {F7258F6E-9F60-49C0-8C82-F0A0993D68E0}
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA} INetscapeInterface
HKEY_CLASSES_ROOT\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}
HKEY_CLASSES_ROOT\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}\1.0\0\win32 C:\Programme\NetPumper\NetPumperNNProxy.dll
HKEY_CLASSES_ROOT\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}\1.0\HELPDIR C:\Programme\NetPumper\
HKEY_CLASSES_ROOT\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}\1.0 NetPumperNNProxy Library
HKEY_CURRENT_USER\Software\NetPumper
HKEY_CURRENT_USER\Software\NetPumper\Rolf Möller Field1 1251067725
HKEY_CURRENT_USER\Software\NetPumper\Rolf Möller Field2 581478417
HKEY_CURRENT_USER\Software\NetPumper\Rolf Möller Field3 666958336
HKEY_CURRENT_USER\Software\NetPumper\Rolf Möller Field4 134578233


AntiLeech Plugin Adware (General) more information...
Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software.
Status: Deleted

Infected files detected
C:\System Volume Information\_restore{1B67CA8A-22C4-4EEE-BD06-133CD42664AD}\RP289\A0034668.exe

Infected registry entries detected
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin
HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.5.0.4 C:\PROGRAMME\MOZILLA FIREFOX\plugins\
HKEY_CLASSES_ROOT\AntiLeech.ALIE.1
HKEY_CLASSES_ROOT\AntiLeech.ALIE.1\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\AntiLeech.ALIE.1 Anti-Leech Plug-in
HKEY_CLASSES_ROOT\AntiLeech.ALIE
HKEY_CLASSES_ROOT\AntiLeech.ALIE\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\AntiLeech.ALIE\CurVer AntiLeech.ALIE.1
HKEY_CLASSES_ROOT\AntiLeech.ALIE Anti-Leech Plug-in
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\InprocServer32 C:\PROGRA~1\ANTI-L~1\ALIE_1~1.3\alie.dll
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\ProgID AntiLeech.ALIE.1
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\TypeLib {056738E1-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\VersionIndependentProgID AntiLeech.ALIE
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7} Anti-Leech Plug-in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE DisplayName Anti-Leech Plugin for Internet Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE UninstallString C:\Programme\Anti-Leech\ALIE_1.0.2.3\iesetup2.exe uninstall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN DisplayName Anti-Leech Plugin for Mozilla, Opera, Netscape
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN UninstallString C:\Programme\Anti-Leech\ALNN\setup2.exe -u


IST.ISTbar Hijacker more information...
Details: ISTbar is an Internet Explorer Hijacker, which modifies your homepages and searches without a user's consent using an Internet Explorer toolbar.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\software\ist
HKEY_CURRENT_USER\software\ist exe_start 1


IST.XXXToolbar Toolbar more information...
Details: IST.XXXToolbar is an adult adware search toolbar for Internet Explorer. XXXToolbar displays a number of pop-up ads when Internet Explorer is running.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\IST
HKEY_CURRENT_USER\Software\IST exe_start 1


IST.PowerScan Adware (General) more information...
Details: PowerScan is advertised through in ordinary web pop-ups, but recently it started to install with help from the the ISTBar adware.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\software\ist
HKEY_CURRENT_USER\software\ist exe_start 1


Schönes Wochenende


Andy

#209 Andy1984

poste dieses log
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit

#210 Hi Sabina hier nun das neue Log:

Rolf M”ller - 06-10-29 13:32:59,46 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Dokumente und Einstellungen\Rolf M”ller\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components


((((((((((((((((((((((((((((((( Files Created from 2006-09-29 to 2006-10-29 ))))))))))))))))))))))))))))))))))


2006-10-24 21:59 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-10-24 21:59 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-28 16:19 -------- d-------- C:\Programme\Sunbelt Software
2006-10-28 12:08 125 ---hs---- C:\Dokumente und Einstellungen\Rolf M”ller\Anwendungsdaten\.zreglib
2006-10-25 19:58 -------- d-------- C:\Programme\CleanUp!
2006-10-24 21:59 -------- d-------- C:\Programme\Spyware Doctor
2006-10-22 13:21 -------- d-------- C:\Programme\CCleaner
2006-10-15 17:29 28256 --a------ C:\WINDOWS\system32\drivers\MxlW2k.sys
2006-10-13 14:37 -------- d-------- C:\Programme\SlySoft
2006-10-13 13:45 -------- d-------- C:\Programme\1-abc
2006-09-24 21:30 14848 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-09-24 19:15 20096 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2006-09-15 22:04 48816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 22:04 109744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-13 07:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-01 18:13 -------- d-------- C:\Programme\BEWERBUNGS-MASTER
2006-09-01 18:12 74752 --a------ C:\WINDOWS\ST6UNST.EXE
2006-09-01 18:12 167936 --------- C:\WINDOWS\Setup1.exe
2006-08-25 17:46 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 13:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-07 16:02 534208 --a------ C:\WINDOWS\system32\SymNeti.dll
2006-08-07 16:02 161472 --a------ C:\WINDOWS\system32\SymRedir.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AdaptecDirectCD"="\"C:\\Programme\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"StrongDisk"="C:\\PROGRA~1\\STRONG~1\\StrDisk.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"HPHmon03"="C:\\WINDOWS\\System32\\hphmon03.exe"
"ccApp"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\""
"CHIPDRIVEPinManager"="C:\\WINDOWS\\system32\\sokscmpn.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"WinampAgent"="C:\\Programme\\Winamp 5\\winampa.exe"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"ToADiMon.exe"="C:\\Programme\\T-Online\\T-Online_Software_6\\Basis-Software\\Basis1\\ToADiMon.exe -TOnlineAutodialStart"
"SunServer"="C:\\Programme\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"Flag"="„"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,ec,01,00,00,00,00,00,00,f3,01,00,00,e4,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Spyware Doctor"=""

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Spyware Doctor"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{076394AD-7FDD-44EF-A075-32C68DBAB99B}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:b1,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000001
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"