Mein pc dreht durch !!! popups ohne endeThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
18.03.2006, 20:24
Ehrenmitglied
Beiträge: 29434 |
||
|
||
18.03.2006, 22:35
Member
Themenstarter Beiträge: 18 |
#17
Log of AproposFix v1.1
************ Running from directory: C:\Dokumente und Einstellungen\Start\Desktop\aproposfix ************ Registry entries found: ************ No service found! Removing hidden folder: No folder found! Deleting files: Backing up files: Done! Removing registry entries: REGEDIT4 Done! |
|
|
||
18.03.2006, 23:32
Ehrenmitglied
Beiträge: 29434 |
#18
4.
Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. 5. scanne mit ewido--> poste den scanreport http://virus-protect.org/ewido.html 6. Panda (scanne und poste den scanbericht) http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.03.2006, 08:16
Member
Themenstarter Beiträge: 18 |
#19
ewido anti-malware - Scan Report
--------------------------------------------------------- + Erstellt am: 08:11:25, 19.03.2006 + Report-Checksumme: 1CDCCFE3 + Scanergebnis: C:\Dokumente und Einstellungen\Start\Cookies\start@2o7[2].txt -> TrackingCookie.2o7 : Gesäubert mit Backup C:\Dokumente und Einstellungen\Start\Cookies\start@ivwbox[1].txt -> TrackingCookie.Ivwbox : Gesäubert mit Backup C:\Programme\winupdates\a.zip/Setup.exe -> Worm.VB.an : Gesäubert mit Backup ::Report Ende ........................................................................................................ -------------------------------------------------------------------------- ....................................................................................................... Hier der scnreport von Panda : Incident Status Location Potentially unwanted tool:application/winantivirus2006 Not disinfected C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\WinAntiVirus Pro 2006 Adware:adware/cydoor Not disinfected C:\WINDOWS\cache277 Adware:adware/blazefind Not disinfected Windows Registry Spyware:Cookie/Falkag Not disinfected C:\Dokumente und Einstellungen\Start\Cookies\start@as-eu.falkag[1].txt Spyware:Cookie/Atwola Not disinfected C:\Dokumente und Einstellungen\Start\Cookies\start@sel.as-eu.falkag[1].txt Spyware:Cookie/Weborama Not disinfected C:\Dokumente und Einstellungen\Start\Cookies\start@weborama[2].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Dokumente und Einstellungen\Start\Desktop\l2mfix\Process.exe Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\WapCHK.dll Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-4178254473-1185888952-1865586159-1012\Dc11.exe[Process.exe] Potentially unwanted tool:Application/Processor Not disinfected Dieser Beitrag wurde am 19.03.2006 um 09:17 Uhr von Harbs editiert.
|
|
|
||
19.03.2006, 12:15
Ehrenmitglied
Beiträge: 29434 |
#20
avenger:
http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat Files to delete:gruene Ampel klicken + neustarten poste mir unbedingt den scanreport ! loesche: C:\WINDOWS\cache277 C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006 C:\Programme\WinAntiVirus Pro 2006 WinAntiVirus Pro 2006 http://virus-protect.org/artikel/spyware/winantivirus_%20pro_%202006.html ------------------------------------------------------------------------------- RootkitRevealer--> poste den scanreport http://www.sysinternals.com/Utilities/RootkitRevealer.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.03.2006, 12:38
Member
Themenstarter Beiträge: 18 |
#21
Logfile of The Avenger version 1, by Swandog46
Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\dpwvcfnh ******************* Script file located at: \??\C:\WINDOWS\system32\abwmpext.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\fwsvc.sys not found! Deletion of file C:\WINDOWS\system32\fwsvc.sys failed! Could not process line: C:\WINDOWS\system32\fwsvc.sys Status: 0xc0000034 File C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\WapCHK.dll deleted successfully. File C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\wa6p_compwiz.exe not found! Deletion of file C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\wa6p_compwiz.exe failed! Could not process line: C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\wa6p_compwiz.exe Status: 0xc0000034 Could not open file C:\Programme\WinAntiVirus Pro 2006\winpgi.dll for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\winpgi.dll failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\winpgi.dll Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\AsAgents.dll for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\AsAgents.dll failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\AsAgents.dll Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\FWSvc.exe for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\FWSvc.exe failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\FWSvc.exe Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\Support.exe for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\Support.exe failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\Support.exe Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\Updater.exe for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\Updater.exe failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\Updater.exe Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\winav.exe for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\winav.exe failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\winav.exe Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\manual.exe for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\manual.exe failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\manual.exe Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\WAV6COM.dll for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\WAV6COM.dll failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\WAV6COM.dll Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\pv.exe for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\pv.exe failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\pv.exe Status: 0xc000003a Completed script processing. ******************* Finished! Terminate. C:\Programme\WinAntiVirus Pro 2006 <==== Der Ordner existiert nicht RootkitRevealer--> poste den scanreport < ===== Da erhalte ich kein scanreport Dieser Beitrag wurde am 19.03.2006 um 13:04 Uhr von Harbs editiert.
|
|
|
||
19.03.2006, 12:48
Ehrenmitglied
Beiträge: 29434 |
#22
1.
RootkitRevealer--> poste den scanreport http://www.sysinternals.com/Utilities/RootkitRevealer.html 2. HijackThis (StartupListe) erstelle ein Hijackthis log und ein Startuplist log, dazu bitte in die ms tools setion gehen, beide Dinge bei "generate statuplist log" anhaken und die liste erstellen lasse *HijackThis - Config *List also minor sections (full) -- Häkchen setzen *List empty sections (complete) -- Häkchen setzen *HijackThis - Config - MiscTools -- Generate StartupListlog *(es öffnet sich das Notepad [Texteditor], nun das KOMPLETTE Log abkopieren und posten) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.03.2006, 13:15
Member
Themenstarter Beiträge: 18 |
#23
1.
RootkitRevealer--> poste den scanreport http://www.sysinternals.com/Utilities/RootkitRevealer.html irgendwie bekomme ich da kein scanreport ---------------------------------------------------------------------------- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: --------------------------------------------------------------------------- StartupList report, 19.03.2006, 13:13:10 StartupList version: 1.52.2 Started from : C:\Dokumente und Einstellungen\Start\Eigene Dateien\hijackthis\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\cisvc.exe C:\Programme\ewido anti-malware\ewidoctrl.exe C:\Programme\ewido anti-malware\ewidoguard.exe C:\WINDOWS\system32\gearsec.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\Programme\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Java\jre1.5.0_05\bin\jusched.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programme\Logitech\iTouch\iTouch.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\Dit.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\QuickTime\qttask.exe C:\WINDOWS\vsnpstd.exe C:\Programme\DAEMON Tools\daemon.exe C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\TGTSoft\StyleXP\StyleXP.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Anti-Hijacker\AntiHijacker 1.2.EXE C:\WINDOWS\DitExp.exe C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cidaemon.exe C:\Dokumente und Einstellungen\Start\Desktop\RootkitRevealer\RootkitRevealer.exe C:\DOKUME~1\Start\LOKALE~1\Temp\RO.exe C:\Dokumente und Einstellungen\Start\Eigene Dateien\hijackthis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Dokumente und Einstellungen\Start\Startmenü\Programme\Autostart] Anti-Hijacker.lnk = C:\Programme\Anti-Hijacker\AntiHijacker 1.2.EXE Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart] Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = userinit.exe [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run PCMService = C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe ATIPTA = C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe VOBRegCheck = C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg SunJavaUpdateSched = C:\Programme\Java\jre1.5.0_05\bin\jusched.exe zBrowser Launcher = C:\Programme\Logitech\iTouch\iTouch.exe NeroCheck = C:\WINDOWS\system32\NeroCheck.exe SoundMan = SOUNDMAN.EXE Microsoft Works Update Detection = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe Dit = Dit.exe TkBellExe = "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot Advanced Tools Check = C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE Nokia Tray Application = C:\Programme\Gemeinsame Dateien\Nokia\Tools\NclTray.exe QuickTime Task = "C:\Programme\QuickTime\qttask.exe" -atboottime avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe snpstd = C:\WINDOWS\vsnpstd.exe Anti-Blaxx Manager = D:\Antiblaxx an 192.168.0.254\Anti-Blaxx\Anti-Blaxx.exe DAEMON Tools = "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 Adobe Photo Downloader = "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" HTpatch = C:\WINDOWS\htpatch.exe I downloaded pirated Software from P2P and now I post my Hijack log whining = C:\WINDOWS\system32\Fifa Soccer 2006 crack.exe Logitech Hardware Abstraction Layer = KHALMNPR.EXE mmtask = "C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe" ICQ Lite = C:\Programme\ICQLite\ICQLite.exe -minimize Zone Labs Client = C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Steam = ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe STYLEXP = C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce ICQ Lite = C:\Programme\ICQLite\ICQLite.exe -trayboot -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] *No values found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\System32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install [{8b15971b-5355-4c82-8c07-7e181ea07608}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\LavaLamp.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Company name OK: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE' - File description: 'Registrierungs-Editor' Registry check passed -------------------------------------------------- Enumerating Browser Helper Objects: *No BHO's found* -------------------------------------------------- Enumerating Task Scheduler jobs: AE5B97219108085D.job XoftSpy.job -------------------------------------------------- Enumerating Download Program Files: [DirectAnimation Java Classes] CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd [Microsoft XML Parser for Java] CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd [Windows Genuine Advantage Validation Tool] InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204 [Java Plug-in 1.5.0_05] InProcServer32 = C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab [ActiveScan Installer Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab [Java Plug-in 1.5.0_04] InProcServer32 = C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab [Java Plug-in 1.5.0_05] InProcServer32 = C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll NameSpace #4: C:\WINDOWS\system32\wshbth.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll Protocol #16: C:\WINDOWS\system32\mswsock.dll Protocol #17: C:\WINDOWS\system32\mswsock.dll Protocol #18: C:\WINDOWS\system32\mswsock.dll Protocol #19: C:\WINDOWS\system32\mswsock.dll Protocol #20: C:\WINDOWS\system32\mswsock.dll Protocol #21: C:\WINDOWS\system32\mswsock.dll Protocol #22: C:\WINDOWS\system32\mswsock.dll Protocol #23: C:\WINDOWS\system32\mswsock.dll Protocol #24: C:\WINDOWS\system32\mswsock.dll Protocol #25: C:\WINDOWS\system32\mswsock.dll Protocol #26: C:\WINDOWS\system32\mswsock.dll Protocol #27: C:\WINDOWS\system32\mswsock.dll Protocol #28: C:\WINDOWS\system32\mswsock.dll Protocol #29: C:\WINDOWS\system32\mswsock.dll Protocol #30: C:\WINDOWS\system32\mswsock.dll Protocol #31: C:\WINDOWS\system32\mswsock.dll Protocol #32: C:\WINDOWS\system32\mswsock.dll Protocol #33: C:\WINDOWS\system32\mswsock.dll Protocol #34: C:\WINDOWS\system32\mswsock.dll Protocol #35: C:\WINDOWS\system32\mswsock.dll Protocol #36: C:\WINDOWS\system32\mswsock.dll Protocol #37: C:\WINDOWS\system32\mswsock.dll Protocol #38: C:\WINDOWS\system32\mswsock.dll Protocol #39: C:\WINDOWS\system32\mswsock.dll Protocol #40: C:\WINDOWS\system32\mswsock.dll Protocol #41: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services Microsoft ACPI-Treiber: System32\DRIVERS\ACPI.sys (system) Microsoft Kernel-Echounterdrückung: system32\drivers\aec.sys (manual start) Umgebung für die AFD-Netzwerkunterstützung: \SystemRoot\System32\drivers\afd.sys (system) Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start) Warndienst: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) Gatewaydienst auf Anwendungsebene: %SystemRoot%\System32\alg.exe (autostart) Anwendungsverwaltung: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) 1394-ARP-Clientprotokoll: System32\DRIVERS\arp1394.sys (manual start) ASAPIW2K: System32\Drivers\ASAPIW2K.sys (manual start) Aspi32: System32\drivers\aspi32.sys (autostart) ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start) avast! iAVS4 Control Service: "C:\Programme\Alwil Software\Avast4\aswUpdSv.exe" (autostart) Asynchroner RAS -Medientreiber: System32\DRIVERS\asyncmac.sys (manual start) Standard-IDE/ESDI-Festplattencontroller: System32\DRIVERS\atapi.sys (system) Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart) ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start) Protokoll für ATM ARP-Client: System32\DRIVERS\atmarpc.sys (manual start) Allied Telesyn AT-USB100 10/100 USB Ethernet Adapter: System32\DRIVERS\ATUSB100.sys (manual start) ATWPKT: \??\C:\WINDOWS\system32\Drivers\ATWPKT.SYS (manual start) Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Audiostubtreiber: System32\DRIVERS\audstub.sys (manual start) avast! Antivirus: "C:\Programme\Alwil Software\Avast4\ashServ.exe" (autostart) avast! Mail Scanner: "C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (manual start) avast! Web Scanner: "C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (manual start) AVM FRITZ!Box: system32\DRIVERS\avmunet.sys (manual start) NDIS WAN CAPI Treiber: System32\DRIVERS\avmwan.sys (manual start) Intelligenter Hintergrundübertragungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Bluetooth Audio Service: system32\DRIVERS\blueletaudio.sys (manual start) MAC-Brücke: System32\DRIVERS\bridge.sys (manual start) MAC-Brückenminiport: System32\DRIVERS\bridge.sys (manual start) Computerbrowser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Bluetooth PAN Network Adapter: system32\DRIVERS\btnetdrv.sys (manual start) Bluetooth Audio: System32\DRIVERS\btaudio.sys (manual start) Bluetooth Virtual Communications Driver: System32\DRIVERS\btport.sys (manual start) Bluetooth-Anforderungsblocktreiber: system32\DRIVERS\BthEnum.sys (manual start) Bluetooth HID Enumerator: system32\DRIVERS\vbtenum.sys (manual start) Bluetooth HID Manager Service: System32\Drivers\BTHidMgr.sys (system) Serieller Kommunikationstreiber für Bluetooth: system32\DRIVERS\bthmodem.sys (manual start) Bluetooth-Gerät (PAN): system32\DRIVERS\bthpan.sys (manual start) Bluetooth-Porttreiber: System32\Drivers\BTHport.sys (manual start) Bluetooth Support Service: %SystemRoot%\system32\svchost.exe -k bthsvcs (autostart) USB-Treiber für Bluetooth-Funkgerät: System32\Drivers\BTHUSB.sys (manual start) Bluetooth LAN Access Server: System32\DRIVERS\btwdndis.sys (manual start) WIDCOMM USB Bluetooth Driver: System32\Drivers\btwusb.sys (manual start) MEDION (7134) WDM Video Capture: System32\DRIVERS\Cap7134.sys (manual start) Untertiteldecoder: System32\DRIVERS\CCDECODE.sys (manual start) CD-ROM-Laufwerktreiber: System32\DRIVERS\cdrom.sys (system) Indexdienst: %SystemRoot%\system32\cisvc.exe (autostart) Ablagemappe: %SystemRoot%\system32\clipsrv.exe (disabled) COM+-Systemanwendung: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Kryptografiedienste: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) d347bus: system32\DRIVERS\d347bus.sys (system) d347prt: System32\Drivers\d347prt.sys (system) DCOM-Server-Prozessstart: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) AVM FRITZ!web Routing Service: C:\PROGRAMME\FRITZ!\de_serv.exe (disabled) DHCP-Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Laufwerktreiber: System32\DRIVERS\disk.sys (system) Verwaltungsdienst für die Verwaltung logischer Datenträger: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) dmio: System32\drivers\dmio.sys (disabled) dmload: System32\drivers\dmload.sys (disabled) Verwaltung logischer Datenträger: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Microsoft Kernel-DLS-Synthesizer: system32\drivers\DMusic.sys (manual start) DNS-Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart) Microsoft Kernel-DRM-Audioentschlüsselung: system32\drivers\drmkaud.sys (manual start) dtscsi: \SystemRoot\System32\Drivers\dtscsi.sys (manual start) Fehlerberichterstattungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Ereignisprotokoll: %SystemRoot%\system32\services.exe (autostart) COM+-Ereignissystem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start) ewido security suite control: C:\Programme\ewido anti-malware\ewidoctrl.exe (autostart) ewido security suite driver: \??\C:\Programme\ewido anti-malware\guard.sys (system) ewido security suite guard: C:\Programme\ewido anti-malware\ewidoguard.exe (autostart) Kompatibilität für schnelle Benutzerumschaltung: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Fax: %systemroot%\system32\fxssvc.exe (autostart) Diskettencontrollertreiber: System32\DRIVERS\fdc.sys (manual start) Diskettenlaufwerktreiber: System32\DRIVERS\flpydisk.sys (manual start) FltMgr: system32\drivers\fltmgr.sys (system) Treiber für Volume-Manager: System32\DRIVERS\ftdisk.sys (system) 1&1 NetXXL (WinXP/2000): System32\DRIVERS\fxusbase.sys (manual start) Gameport-Enumerator: System32\DRIVERS\gameenum.sys (manual start) GEARAspiWDM: system32\drivers\GEARAspiWDM.sys (manual start) GEARSecurity: system32\gearsec.exe (autostart) Standardpaketklassifizierung: System32\DRIVERS\msgpc.sys (manual start) Hilfe und Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Microsoft HID-zu-Joystickanschlussaktivierung: system32\DRIVERS\hidgame.sys (manual start) HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (autostart) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP-SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) i8042-Tastatur- und PS/2-Mausanschluss-Treiber: System32\DRIVERS\i8042prt.sys (system) Kernel Anti-Spyware Driver: \??\C:\WINDOWS\system32\drivers\ikhlayer.sys (system) Filtertreiber für CD-Brennen: System32\DRIVERS\imapi.sys (system) IMAPI-CD-Brenn-COM-Dienste: C:\WINDOWS\System32\imapi.exe (manual start) Intel-Prozessortreiber: System32\DRIVERS\intelppm.sys (system) Creatix V.9X DSP Data Fax Modem: System32\DRIVERS\ctxs51.sys (manual start) IPv6-Windows-Firewalltreiber: system32\drivers\ip6fw.sys (manual start) Filtertreiber für IP-Verkehr: System32\DRIVERS\ipfltdrv.sys (manual start) IP/IP-Tunneltreiber: System32\DRIVERS\ipinip.sys (manual start) Übersetzer für IP-Netzwerkadressen: System32\DRIVERS\ipnat.sys (manual start) IPSEC-Treiber: System32\DRIVERS\ipsec.sys (system) IRCOMM: system32\drivers\Ircomm.sys (manual start) Virtueller Infrarot-Kommunikationsanschluß: System32\DRIVERS\ircomm2k.sys (manual start) IrDA-Protokoll: System32\DRIVERS\irda.sys (autostart) IR-Enumeratordienst: System32\DRIVERS\irenum.sys (manual start) Infrarotüberwachung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Microsoft serieller Infrarottreiber: System32\DRIVERS\irsir.sys (manual start) PnP-ISA/EISA-Bus-Treiber: System32\DRIVERS\isapnp.sys (system) Tastaturklassentreiber: System32\DRIVERS\kbdclass.sys (system) Tastatur-HID-Treiber: system32\DRIVERS\kbdhid.sys (system) Microsoft Kernel-Waveaudiomixer: system32\drivers\kmixer.sys (manual start) IrBridge Kernel-Level Interface: System32\DRIVERS\krnbridg.sys (manual start) Logitech SetPoint Keyboard Driver: System32\Drivers\L8042Kbd.sys (manual start) Logitech SetPoint PS/2 Mouse Filter Driver: System32\Drivers\L8042mou.sys (manual start) Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Arbeitsstationsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Logitech USB Filter Driver: system32\drivers\lccfltr.sys (manual start) Logitech SetPoint HID Mouse Filter Driver: system32\DRIVERS\LHidKE.Sys (manual start) Logitech USB Receiver device driver: System32\Drivers\LHidUsb.Sys (manual start) Logitech SetPoint USB Receiver device driver: System32\Drivers\LHidUsbK.Sys (manual start) TCP/IP-NetBIOS-Hilfsprogramm: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Logitech SetPoint Mouse Filter Driver: System32\Drivers\LMouKE.sys (manual start) Mobile Action MA-620 USB Infrared Adapter: System32\DRIVERS\MA-620.sys (manual start) Machine Debug Manager: "C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe" (autostart) Nachrichtendienst: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) NetMeeting-Remotedesktop-Freigabe: C:\WINDOWS\System32\mnmsrvc.exe (manual start) Mausklassentreiber: System32\DRIVERS\mouclass.sys (system) Maus-HID-Treiber: System32\DRIVERS\mouhid.sys (manual start) Redirector für WebDav-Client: System32\DRIVERS\mrxdav.sys (manual start) MRXSMB: System32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start) Microsoft IR Communications Driver: System32\DRIVERS\MSIRCOMM.sys (manual start) Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start) Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start) Microsoft Proxy für Streaming Clock: system32\drivers\MSPCLOCK.sys (manual start) Microsoft Proxy für Streaming Quality Manager: system32\drivers\MSPQM.sys (manual start) Microsoft-Systemverwaltungs-BIOS-Treiber: System32\DRIVERS\mssmbios.sys (manual start) Microsoft Streaming Tee/Sink-to-Sink-Konvertierung: system32\drivers\MSTEE.sys (manual start) Microsoft MPU-401 MIDI UART-Treiber: system32\drivers\msmpu401.sys (manual start) NABTS/FEC VBI-Codec: System32\DRIVERS\NABTSFEC.sys (manual start) naecd: \??\C:\DOKUME~1\herbstge\LOKALE~1\Temp\naecd.sys (manual start) Microsoft TV-/Videoverbindung: System32\DRIVERS\NdisIP.sys (manual start) RAS-NDIS-TAPI-Treiber: System32\DRIVERS\ndistapi.sys (manual start) NDIS-Benutzermodus-E/A-Protokoll: System32\DRIVERS\ndisuio.sys (manual start) RAS-NDIS-WAN-Treiber: System32\DRIVERS\ndiswan.sys (manual start) NetBIOS-Schnittstelle: System32\DRIVERS\netbios.sys (system) NetBT: System32\DRIVERS\netbt.sys (system) Netzwerk-DDE-Dienst: %SystemRoot%\system32\netdde.exe (disabled) Netzwerk-DDE-Serverdienst: %SystemRoot%\system32\netdde.exe (disabled) AVM FRITZ!web PPP over ISDN: System32\DRIVERS\NETFRITZ.SYS (manual start) NETGEAR 802.11b MA111 Driver: system32\DRIVERS\MA111nd5.sys (manual start) Anmeldedienst: %SystemRoot%\System32\lsass.exe (manual start) Netzwerkverbindungen: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) 1394-Netzwerktreiber: System32\DRIVERS\nic1394.sys (manual start) NLA (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Norton Unerase Protection Driver: \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS (manual start) Norton Unerase Protection: "C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE" (autostart) NT-LM-Sicherheitsdienst: %SystemRoot%\System32\lsass.exe (manual start) Wechselmedien: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Filtertreiber für IPX-Verkehr: System32\DRIVERS\nwlnkflt.sys (manual start) Treiber für IPX-Verkehrsweiterleitung: System32\DRIVERS\nwlnkfwd.sys (manual start) OHCI-konformer IEEE 1394-Hostcontroller: System32\DRIVERS\ohci1394.sys (system) Treiber für parallelen Anschluss: System32\DRIVERS\parport.sys (manual start) PCANDIS5 Protocol Driver: \??\C:\WINDOWS\system32\PCANDIS5.SYS (manual start) PCI Bus Driver: System32\DRIVERS\pci.sys (system) PCIIde: System32\DRIVERS\pciide.sys (system) Low level access layer for CD devices: System32\Drivers\Pcouffin.sys (manual start) Padus ASPI Shell: system32\drivers\pfc.sys (manual start) MEDION TV-TUNER 7134 MK2/3: System32\DRIVERS\PhTVTune.sys (manual start) Logitech QuickCam Express(PID_0920): System32\DRIVERS\LV532AV.SYS (manual start) Plug & Play: %SystemRoot%\system32\services.exe (autostart) IPSEC-Dienste: %SystemRoot%\System32\lsass.exe (autostart) WAN-Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start) Prozessortreiber: System32\DRIVERS\processr.sys (system) StarForce Protection Environment Driver v6: \SystemRoot\System32\drivers\prodrv06.sys (system) StarForce Protection Helper Driver v2: System32\drivers\prohlp02.sys (system) StarForce Protection Synchronization Driver v1: System32\drivers\prosync1.sys (system) Geschützter Speicher: %SystemRoot%\system32\lsass.exe (autostart) Treiber für direkte Parallelverbindung: System32\DRIVERS\ptilink.sys (manual start) PxHelp20: System32\DRIVERS\PxHelp20.sys (system) Casio-Digitalkamera: System32\DRIVERS\qv2kux.sys (manual start) Treiber für automatische RAS-Verbindung: System32\DRIVERS\rasacd.sys (system) Verwaltung für automatische RAS-Verbindung: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WAN-Miniport (IrDA): System32\DRIVERS\rasirda.sys (manual start) WAN-Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start) RAS-Verbindungsverwaltung: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Remotezugriff-PPPOE-Treiber: System32\DRIVERS\raspppoe.sys (manual start) Parallelanschluss (direkt): System32\DRIVERS\raspti.sys (manual start) Rdbss: System32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Sitzungs-Manager für Remotedesktophilfe: C:\WINDOWS\system32\sessmgr.exe (manual start) Filtertreiber für digitale CD-Audiowiedergabe: System32\DRIVERS\redbook.sys (system) Routing und RAS: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Bluetooth-Gerät (RFCOMM-Protokoll-TDI): system32\DRIVERS\rfcomm.sys (manual start) RO: C:\DOKUME~1\Start\LOKALE~1\Temp\RO.exe (manual start) Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start) RPC-Locator: %SystemRoot%\System32\locator.exe (manual start) Remoteprozeduraufruf (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS-RSVP: %SystemRoot%\System32\rsvp.exe (manual start) Sicherheitskontenverwaltung: %SystemRoot%\system32\lsass.exe (autostart) Smartcard: %SystemRoot%\System32\SCardSvr.exe (manual start) Taskplaner: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) PC Tools Spyware Doctor: C:\Programme\Spyware Doctor\sdhelp.exe (autostart) Secdrv: System32\DRIVERS\secdrv.sys (autostart) Sekundäre Anmeldung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Systemereignisbenachrichtigung: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start) Treiber für seriellen Anschluss: System32\DRIVERS\serial.sys (system) StarForce Protection Helper Driver: System32\drivers\sfhlp01.sys (system) High-Capacity-Diskettenlaufwerk: System32\DRIVERS\sfloppy.sys (manual start) Windows-Firewall/Gemeinsame Nutzung der Internetverbindung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Shellhardwareerkennung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) SiS AGP Filter: System32\DRIVERS\SISAGPX.sys (system) SiS PCI Fast Ethernet Adapter Driver: System32\DRIVERS\sisnic.sys (manual start) BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start) USB PC Camera (SN9C102): system32\DRIVERS\snpstd.sys (manual start) Microsoft Kernel-Audiosplitter: system32\drivers\splitter.sys (manual start) Druckwarteschlange: %SystemRoot%\system32\spoolsv.exe (autostart) sptd: System32\Drivers\sptd.sys (system) Filtertreiber für Systemwiederherstellung: \SystemRoot\System32\DRIVERS\sr.sys (disabled) Systemwiederherstellungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Srv: System32\DRIVERS\srv.sys (manual start) SSDP-Suchdienst: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) SSHDRV61: \??\C:\WINDOWS\System32\drivers\SSHDRV61.sys (system) SSI: system32\Drivers\SSI.SYS (system) Windows-Bilderfassung (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart) BDA-IPSink: System32\DRIVERS\StreamIP.sys (manual start) StyleXPHelper: \??\C:\Programme\TGTSoft\StyleXP\StyleXPHelper.exe (system) StyleXPService: "C:\Programme\TGTSoft\StyleXP\StyleXPService.exe" (autostart) Webroot Spy Sweeper Engine: C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe (autostart) SVKP: \??\C:\WINDOWS\System32\SVKP.sys (autostart) Software-Bus-Treiber: System32\DRIVERS\swenum.sys (manual start) Microsoft Kernel GS Wavetablesynthesizer: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{51ECA7DD-CEA3-4134-AEA7-C540872CEE88} (manual start) SymEvent: \??\C:\Programme\Symantec\SYMEVENT.SYS (manual start) SYMIDSCO: \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\IDS-DI~1\20040813.178\symidsco.sys (manual start) Microsoft Kernel-Systemaudiogerät: system32\drivers\sysaudio.sys (manual start) Leistungsdatenprotokolle und Warnungen: %SystemRoot%\system32\smlogsvc.exe (manual start) Telefonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) TCP/IP-Protokolltreiber: System32\DRIVERS\tcpip.sys (system) Terminal-Gerätetreiber: System32\DRIVERS\termdd.sys (system) Terminaldienste: %SystemRoot%\System32\svchost -k DComLaunch (manual start) Designs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Überwachung verteilter Verknüpfungen (Client): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart) Microcode Updatetreiber: System32\DRIVERS\update.sys (manual start) Universeller Plug & Play-Gerätehost: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) Unterbrechungsfreie Stromversorgung: %SystemRoot%\System32\ups.exe (manual start) Microsoft Standard-USB-Haupttreiber: System32\DRIVERS\usbccgp.sys (manual start) Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller: System32\DRIVERS\usbehci.sys (manual start) Microsoft USB-Standardhubtreiber: System32\DRIVERS\usbhub.sys (manual start) Miniporttreiber für Microsoft USB Open Host-Controller: System32\DRIVERS\usbohci.sys (manual start) USB-Scannertreiber: System32\DRIVERS\usbscan.sys (manual start) USB-Massenspeichertreiber: System32\DRIVERS\USBSTOR.SYS (manual start) IrBridge User-Level Interface: C:\WINDOWS\system32\usrbridg.exe (autostart) Virtual Serial port driver: system32\DRIVERS\VComm.sys (manual start) Bluetooth VComm Manager Service: System32\Drivers\VcommMgr.sys (manual start) VGA-Anzeigecontroller.: \SystemRoot\System32\drivers\vga.sys (system) vsdatant: System32\vsdatant.sys (system) TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart) Volumeschattenkopie: %SystemRoot%\System32\vssvc.exe (manual start) Windows-Zeitgeber: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) RAS-IP-ARP-Treiber: System32\DRIVERS\wanarp.sys (manual start) WAN Miniport (ATW): System32\DRIVERS\wanatw4.sys (manual start) Microsoft WDM Virtual Wave Driver (WDM): system32\drivers\wdmaud.sys (manual start) Webclient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Windows-Verwaltungsinstrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Dienst für Seriennummern der tragbaren Medien: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WMI-Leistungsadapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start) Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled) Sicherheitscenter: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) World Standard Teletext-Codec: System32\DRIVERS\WSTCODEC.SYS (manual start) Automatische Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Konfigurationsfreie drahtlose Verbindung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) X10 Device Network Service: C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (manual start) %DESCRIPTION%: System32\Drivers\x10uif.sys (manual start) Netzwerkversorgungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll UPnPMonitor: C:\WINDOWS\system32\upnpui.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- End of report, 42.724 bytes Report generated in 0,125 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: --------------------------------------------------------------------------- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Logfile of HijackThis v1.99.1 Scan saved at 13:15:03, on 19.03.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\cisvc.exe C:\Programme\ewido anti-malware\ewidoctrl.exe C:\Programme\ewido anti-malware\ewidoguard.exe C:\WINDOWS\system32\gearsec.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\Programme\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Java\jre1.5.0_05\bin\jusched.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programme\Logitech\iTouch\iTouch.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\Dit.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\QuickTime\qttask.exe C:\WINDOWS\vsnpstd.exe C:\Programme\DAEMON Tools\daemon.exe C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\TGTSoft\StyleXP\StyleXP.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Anti-Hijacker\AntiHijacker 1.2.EXE C:\WINDOWS\DitExp.exe C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cidaemon.exe C:\Dokumente und Einstellungen\Start\Desktop\RootkitRevealer\RootkitRevealer.exe C:\DOKUME~1\Start\LOKALE~1\Temp\RO.exe C:\Dokumente und Einstellungen\Start\Eigene Dateien\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = F2 - REG:system.ini: UserInit=userinit.exe O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [PCMService] C:\Programme\Medion Home CinemaXL\PowerCinema\PCMService.exe O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [Anti-Blaxx Manager] D:\Antiblaxx an 192.168.0.254\Anti-Blaxx\Anti-Blaxx.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [mmtask] "C:\Programme\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: Anti-Hijacker.lnk = C:\Programme\Anti-Hijacker\AntiHijacker 1.2.EXE O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing) O9 - Extra button: MedionShop - {01E9CF82-AE9D-42BA-A629-B23D51A4B86B} - http://www.medionshop.de/ (file missing) (HKCU) O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com/ O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido anti-malware\ewidoguard.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: RO - Sysinternals - www.sysinternals.com - C:\DOKUME~1\Start\LOKALE~1\Temp\RO.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: IrBridge User-Level Interface (USRBRIDG) - Extended Systems, Inc. - C:\WINDOWS\system32\usrbridg.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe Dieser Beitrag wurde am 19.03.2006 um 13:20 Uhr von Harbs editiert.
|
|
|
||
19.03.2006, 17:13
Ehrenmitglied
Beiträge: 29434 |
#24
1.
RootkitRevealer--> versuche es noch mal...es gibt immer einen scanreport....... 2. gehe in die Registry Start-->ausfuehren--> regedit loeschen (rechts in der Registry) HKLM\Software\Microsoft\Windows\CurrentVersion\Run I downloaded pirated Software from P2P and now I post my Hijack log whining = C:\WINDOWS\system32\Fifa Soccer 2006 crack.exe PC neustarten ------------------------------------------------------------------------------- 3. ServiceFilter.zip http://virus-protect.org/artikel/tools/ServiceFilter.zip - entzippen - doppelklick auf die datei ServiceFilter.vbs - versions-nummer bestätigen - scannen - öffnen von wordpad oder editor erlauben - POST_THIS.TXT abkopieren Zitat naecd: \??\C:\DOKUME~1\herbstge\LOKALE~1\Temp\naecd.sys __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.03.2006, 18:37
Member
Themenstarter Beiträge: 18 |
#25
SOFTWARE 01.01.1601 01:00 0 bytes Error dumping hive: Das System kann die angegebene Datei nicht finden.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s0 19.01.2006 18:31 4 bytes Hidden from Windows API. HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s1 19.01.2006 18:31 4 bytes Hidden from Windows API. HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\s2 19.01.2006 18:31 4 bytes Hidden from Windows API. HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\g0 19.01.2006 18:31 32 bytes Hidden from Windows API. HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\h0 19.01.2006 18:31 4 bytes Hidden from Windows API. HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 02.12.2005 13:33 0 bytes Hidden from Windows API. ----------------------------------------------------------------------- :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ----------------------------------------------------------------------- HKLM\Software\Microsoft\Windows\CurrentVersion\Run <==== find ich nicht C:\WINDOWS\system32\Fifa Soccer 2006 crack.exe <===== find ich nicht :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: The script did not recognize the services listed below. This does not mean that they are a problem. To copy the entire contents of this document for posting: At the top of this window click "Edit" then "Select All" Next click "Edit" again then "Copy" Now right click in the forum post box then click "Paste" ######################################## ServiceFilter 1.1 by rand1038 Microsoft Windows XP Home Edition Version: 5.1.2600 Service Pack 2 Mrz 19, 2006 18:47:10 ===> Begin Service Listing <=== Unknown Service #1 Service Name: aswUpdSv Display Name: avast! iAVS4 Control Service Start Mode: Auto Start Name: LocalSystem Description: Bietet das automatische Update für avast! ... Service Type: Own Process Path: "c:\programme\alwil software\avast4\aswupdsv.exe" State: Running Process ID: 1628 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service #2 Service Name: avast! Antivirus Display Name: avast! Antivirus Start Mode: Auto Start Name: LocalSystem Description: Verwaltet und implementiert avast! Antivirus Dienste für diesen Computer. Dies beinhaltet den ... Service Type: Own Process Path: "c:\programme\alwil software\avast4\ashserv.exe" State: Stopped Process ID: 0 Started: Falsch Exit Code: 0 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 3 Service Name: avast! Mail Scanner Display Name: avast! Mail Scanner Start Mode: Manual Start Name: LocalSystem Description: Implementiert Mailüberprüfung durch avast! ... Service Type: Own Process Path: "c:\programme\alwil software\avast4\ashmaisv.exe" /service State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 4 Service Name: avast! Web Scanner Display Name: avast! Web Scanner Start Mode: Manual Start Name: LocalSystem Description: Implementiert Internetüberprüfung (HTTP) durch avast! ... Service Type: Own Process Path: "c:\programme\alwil software\avast4\ashwebsv.exe" /service State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 5 Service Name: BthServ Display Name: Bluetooth Support Service Start Mode: Auto Start Name: NT AUTHORITY\LocalService Description: ... Service Type: Share Process Path: c:\windows\system32\svchost.exe -k bthsvcs State: Running Process ID: 1668 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 6 Service Name: de_serv Display Name: AVM FRITZ!web Routing Service Start Mode: Disabled Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\programme\fritz!\de_serv.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 7 Service Name: ewido security suite control Display Name: ewido security suite control Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\programme\ewido anti-malware\ewidoctrl.exe State: Running Process ID: 1712 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 8 Service Name: ewido security suite guard Display Name: ewido security suite guard Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\programme\ewido anti-malware\ewidoguard.exe State: Running Process ID: 1736 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 9 Service Name: kavsvc Display Name: Kaspersky Anti-Virus service Start Mode: Auto Start Name: LocalSystem Description: Gewährleistet die Antivirenfunktionalität des auf Ihrem Computer installierten Personal ... Service Type: Own Process Path: "c:\programme\kaspersky lab\kaspersky anti-virus personal pro\kavsvc.exe" State: Running Process ID: 1788 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Falsch Unknown Service #10 Service Name: MDM Display Name: Machine Debug Manager Start Mode: Auto Start Name: LocalSystem Description: Manages local and remote debugging for Visual Studio ... Service Type: Own Process Path: "c:\programme\gemeinsame dateien\microsoft shared\vs7debug\mdm.exe" State: Running Process ID: 1988 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service #11 Service Name: NProtectService Display Name: Norton Unerase Protection Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: "c:\programme\norton antivirus\advtools\nprotect.exe" State: Running Process ID: 2016 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 12 Service Name: SDhelper Display Name: PC Tools Spyware Doctor Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\programme\spyware doctor\sdhelp.exe State: Running Process ID: 252 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service #13 Service Name: StyleXPService Display Name: StyleXPService Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: "c:\programme\tgtsoft\stylexp\stylexpservice.exe" State: Running Process ID: 1056 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 14 Service Name: svcWRSSSDK Display Name: Webroot Spy Sweeper Engine Start Mode: Auto Start Name: LocalSystem Description: Provides core functionality to Webroot Spy Sweeper. This service must be enabled and started for ... Service Type: Own Process Path: c:\programme\webroot\spy sweeper\wrsssdk.exe State: Running Process ID: 376 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service #15 Service Name: SwPrv Display Name: MS Software Shadow Copy Provider Start Mode: Manual Start Name: LocalSystem Description: Verwaltet Software-basierte Schattenkopien des Volumeschattenkopie-Dienstes. Software-basierte ... Service Type: Own Process Path: c:\windows\system32\dllhost.exe /processid:{51eca7dd-cea3-4134-aea7-c540872cee88} State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 16 Service Name: USRBRIDG Display Name: IrBridge User-Level Interface Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\windows\system32\usrbridg.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 1067 Accept Pause: Falsch Accept Stop: Falsch ---> End Service Listing <--- There are 99 Win32 services on this machine. 16 were unrecognized. Script Execution Time: 1,609375 seconds. Dieser Beitrag wurde am 19.03.2006 um 18:52 Uhr von Harbs editiert.
|
|
|
||
19.03.2006, 20:31
Ehrenmitglied
Beiträge: 29434 |
#26
scanne mit counterspy und kopiere hier den scanreport
http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.03.2006, 20:59
Member
Themenstarter Beiträge: 18 |
#27
is mein pc denn langsam wieder clean ?
|
|
|
||
19.03.2006, 21:00
Ehrenmitglied
Beiträge: 29434 |
#28
ja...aber du musst dann die WindowsUpdates laden, denn wenn du wiederkommst (beim naechsten Problem) ..und ich sehe, dass dein System weiter ungepatcht ist... wirst du bei mir auf taube Ohren stossen...........
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.03.2006, 21:14
Member
Themenstarter Beiträge: 18 |
#29
hmmm...hab ich die nicht ? .... eigentlich müsste ich ziehmlich aktuelle updates haben !?
|
|
|
||
19.03.2006, 21:18
Ehrenmitglied
Beiträge: 29434 |
#30
ja ...sorry...du hast sie
Da hab ich dich verwechselt... nun gut. Da bleibt als Hinweis... surfe mit Bedacht __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
http://swandog46.geekstogo.com/aproposfix.exe
im abgesicherten Modus !!!!!!!!!!!!!!!!
poste dann erst mal diesen Scanreport
__________
MfG Sabina
rund um die PC-Sicherheit