scvhost.exe (win32:ciadoor-21) u.a. Firewall und Registry ohne Funktion |
||
---|---|---|
#0
| ||
10.04.2006, 10:54
Member
Beiträge: 13 |
||
|
||
10.04.2006, 15:18
Ehrenmitglied
Beiträge: 29434 |
#2
frank_stoned
win32:ciadoor http://virus-protect.org/artikel/dienste/wsock32sys.html -------------------------------------------------------------------- 1. öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1PC neustarten 2. gehe in die Registry...du müsstest nun eigentlich wieder in die Registry kommen.... Start->Ausführen --> regedit HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System DisableTaskMgr = "dword:00000001" --> auf 0 (oder den ganzen Schluessel loeschen) DisableRegistryTools = "dword:00000001" --> auf 0 (oder den ganzen Schluessel loeschen) HKEY_CURRENT_USER\Software\Microsoft\Windows\System\DisableCMD (Ohne den Schlüssel Policies) Wenn du jetzt im rechten Fenster einen Wert namens DisableCMD findest, lösche ihn. Spätestens nach einem Neustart sollte die Eingabeaufforderung wieder verfügbar sein ------------------------ 3. Klick Start>> Ausführen>> schreibe Services.msc und Klick OK! "Eigenschaften" >> Click "Stop">> Starttyp "deaktiviert" Windows-Firewall/Gemeinsame Nutzung der Internetverbindung ---------------------- 4. Start --> Ausführen --> reinkopieren (wenn eine Fehlermeldung kommt...ignorieren) --> klicke O.K. sc delete Windows-Firewall/Gemeinsame Nutzung der Internetverbindung --------------------- 5. Start > Ausführen > mmc > Datei > Snapin hinzufügen > Hinzufügen > Gruppenrichtlinien auswählen > hinzufügen > Fertig stellen > schließen > ok >Benutzerkonfiguration > Aministrative Vorlagen > System > Doppleklick auf "Zugriff auf Eingabeaufforderung verhindern" > deaktivieren > OK > alle Fenster schliessen > neu anmelden > an der Kommandozeile -------------------- 6. stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html 7. Kopiere diese 4 Textdateien. Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html ich suche die Viren raus:..dann beginnt die Reinigung http://virus-protect.org/artikel/dienste/wsock32sys.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
10.04.2006, 16:50
Member
Themenstarter Beiträge: 13 |
#3
hi sabina!
vielen dank für deine rasche antwort. habe alle punkte abgearbeitet. bis auf punkt 2: diese von dir angegebenen registry-einträge waren nicht vorhanden. nachdem ich aber punkt 5 erledigt hatte, funktionierte auch die eingabeaufforderung wieder. nun die angaben zu punkt 7: Verzeichnis von C:\WINDOWS\system32 09.04.2006 20:53 310.283 ckl009.dat 09.04.2006 14:15 163.328 lollol.sys 09.04.2006 12:08 3.002 CONFIG.NT 07.04.2006 23:19 142 del32.bat 05.04.2006 00:32 7.006 jupdate-1.5.0_06-b05.log 04.04.2006 12:23 52.764 perfc009.dat 04.04.2006 12:23 380.350 perfh009.dat 04.04.2006 12:23 390.944 perfh007.dat 04.04.2006 12:23 63.534 perfc007.dat 04.04.2006 12:23 897.848 PerfStringBackup.INI 26.03.2006 05:51 664 d3d9caps.dat 17.03.2006 18:43 2.206 wpa.dbl 10.03.2006 02:10 4.799.320 MRT.exe 05.03.2006 13:39 98.304 CmdLineExt.dll 04.03.2006 07:14 134.072 FNTCACHE.DAT 06.02.2006 21:42 86.016 dpl100.dll 06.02.2006 21:42 593.920 dpuGUI11.dll 06.02.2006 21:42 200.704 dtu100.dll 06.02.2006 21:41 339.968 dpus11.dll 06.02.2006 21:41 57.344 dpv11.dll 06.02.2006 21:41 294.912 dpu11.dll 06.02.2006 21:41 294.912 dpu10.dll 06.02.2006 21:41 716.800 divxdec.ax 06.02.2006 21:41 574.976 DivX.dll 06.02.2006 21:41 679.936 divx_xx07.dll 06.02.2006 21:41 679.936 divx_xx0c.dll 06.02.2006 21:41 663.552 divx_xx11.dll 05.02.2006 13:56 37 getfile.dat 27.01.2006 23:38 503.296 aswBoot.exe 27.01.2006 23:30 90.112 AVASTSS.scr 21.01.2006 04:41 12.288 DivXWMPExtType.dll 21.01.2006 00:46 4.276 divxsm.tlb 21.01.2006 00:46 778.240 DivXsm.exe 21.01.2006 00:46 10.716 dsm_ja.qm 21.01.2006 00:46 15.331 dsm_de.qm 21.01.2006 00:46 15.172 dsm_fr.qm 21.01.2006 00:46 1.044.480 libdivx.dll 21.01.2006 00:46 200.704 ssldivx.dll 21.01.2006 00:46 245.408 unicows.dll 21.01.2006 00:46 421.888 pxdrv.dll 21.01.2006 00:46 108.544 pxcpyi64.exe 21.01.2006 00:46 109.568 pxinsi64.exe 21.01.2006 00:46 172.032 pxmas.dll 21.01.2006 00:46 372.736 px.dll 21.01.2006 00:46 56.832 pxcpya64.exe 21.01.2006 00:46 61.440 pxhpinst.exe 21.01.2006 00:46 56.320 pxinsa64.exe 21.01.2006 00:46 339.968 pxwave.dll 21.01.2006 00:46 28.672 vxblock.dll 21.01.2006 00:46 3.596.288 qt-dx331.dll 21.01.2006 00:46 8.523 dpude.qm 21.01.2006 00:46 53.248 dpuGUI10.dll 21.01.2006 00:46 3.136 dtu_de.qm 18.01.2006 12:45 352.256 PDFSpooler.exe 04.01.2006 05:35 68.096 webclnt.dll Verzeichnis von C:\DOKUME~1\STEFAN\LOKALE~1\Temp 10.04.2006 16:27 206 jusched.log 21.04.2005 15:00 78 Desktop.ini 10.04.2006 16:16 60.819 jusched.log 09.04.2006 23:18 5.487 ionCubeInstallerLog_1144617135.txt 09.04.2006 23:04 3.902 ionCubeInstallerLog_1144616194.txt 09.04.2006 11:37 16.384 ~DF9247.tmp 08.04.2006 18:58 16.384 ~DFCBAA.tmp 08.04.2006 18:58 16.384 ~DFCBBA.tmp Verzeichnis von C:\WINDOWS 10.04.2006 16:31 4.540 ModemLog_PCI SoftV92 Data Fax Modem with SmartCP.txt 10.04.2006 16:30 0 0.log 10.04.2006 16:30 1.956.886 WindowsUpdate.log 10.04.2006 16:30 50 wiaservc.log 10.04.2006 16:30 159 wiadebug.log 10.04.2006 16:29 2.048 bootstat.dat 10.04.2006 16:29 32.608 SchedLgU.Txt 10.04.2006 01:41 32.831 DirectX.log 09.04.2006 19:40 116 NeroDigital.ini 09.04.2006 13:19 502 ODBC.INI 08.04.2006 17:14 1.222 EventSystem.log 07.04.2006 16:34 22.587 wmsetup.log 04.04.2006 12:22 2.082 ModemLog_Standardmodem ber Bluetooth-Verbindung.txt 31.03.2006 18:31 816.998 setupapi.log 31.03.2006 14:42 673 cdplayer.ini 07.03.2006 12:57 855 win.ini 25.02.2006 14:15 349.215 setupact.log 20.02.2006 19:15 83 wwp.INI 18.02.2006 11:20 923 spupdsvc.log 18.02.2006 05:08 39.056 MedCtrOC.log 18.02.2006 05:08 19.349 ehOCGen.log 18.02.2006 05:08 109.488 comsetup.log 18.02.2006 05:08 380.043 iis6.log 18.02.2006 05:08 65.730 ntdtcsetup.log 18.02.2006 05:08 15.289 tabletoc.log 18.02.2006 05:08 1.374 imsins.log 18.02.2006 05:08 17.235 ocmsn.log 18.02.2006 05:08 142.451 tsoc.log 18.02.2006 05:08 10.686 KB911927.log 18.02.2006 05:08 66.851 netfxocm.log 18.02.2006 05:08 39.388 plusoc.log 18.02.2006 05:08 15.344 msgsocm.log 18.02.2006 05:08 158.934 ocgen.log 18.02.2006 05:08 294.592 FaxSetup.log 18.02.2006 05:08 100.992 msmqinst.log 18.02.2006 05:08 18.711 updspapi.log 18.02.2006 05:08 1.374 imsins.BAK 18.02.2006 05:08 10.097 KB911565.log 18.02.2006 05:07 6.702 KB913446.log 11.01.2006 15:16 10.173 KB908519.log 06.01.2006 15:39 11.070 KB912919.log Verzeichnis von C:\ 10.04.2006 16:41 0 sys.txt 10.04.2006 16:40 8.341 system.txt 10.04.2006 16:39 343 systemtemp.txt 10.04.2006 16:32 99.609 system32.txt 10.04.2006 16:29 1.610.612.736 pagefile.sys 11.02.2006 15:10 3.185 PDFCreator-Errorlog.txt 01.12.2005 02:01 1.159 _Sid.txt 01.12.2005 01:18 185 ati.log 30.11.2005 23:39 430 TO_InstallLog.txt 30.11.2005 23:24 0 IO.SYS 30.11.2005 23:24 0 MSDOS.SYS 30.11.2005 23:24 0 AUTOEXEC.BAT 30.11.2005 23:24 0 CONFIG.SYS 30.11.2005 23:17 209 boot.ini 31.10.2005 17:56 700.416 StubInstaller.exe 10.08.2004 21:00 4.952 bootfont.bin 10.08.2004 21:00 47.564 NTDETECT.COM 10.08.2004 21:00 251.184 ntldr 06.02.2004 18:17 16.384 hpqimgrc.resources.dll grüße frank_stoned |
|
|
||
11.04.2006, 00:13
Ehrenmitglied
Beiträge: 29434 |
#4
frank_stoned
1. stelle den Cleaner genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html 2. Download Registry Search by Bobbi Flekman http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben) l o l l o l.sys ..schreibe es rein (ohne Leerstellen) Zitat wenn ich es kopiere, erscheint.. .sysin edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. 3. KILLBOX - Pocket KillBox http://virus-protect.org/killbox.html Options: Delete on Reboot --> anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" reinkopieren: ... C:\WINDOWS\system32\l o l o l.sys (wieder ohne leerstellen in die killbox kopieren...oder schreiben...oder manuell loeschen) C:\DOKUME~1\STEFAN\LOKALE~1\Temp\4643733f62ce6b75ce6cc3d0eda06c9f.html C:\DOKUME~1\STEFAN\LOKALE~1\Temp\a6ffb4a932ed05684c7c4eda07ae2cd0.exe C:\WINDOWS\system32\scvhost.exe C:\WINDOWS\system32\ckl009.dat C:\WINDOWS\system32\del32.bat C:\WINDOWS\system32\getfile.dat C:\StubInstaller.exe PC neustarten 4. scanne mit kaspersky und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.04.2006, 06:46
Member
Themenstarter Beiträge: 13 |
#5
guten morgen sabina!
zu 2.: REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.0.1 ; Results at 11.04.2006 00:33:39 for strings: ; 'lollol.sys' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E14DCE67-8FB7-4721-8149-179BAA4D792C}\InprocServer32] @="C:\\WINDOWS\\system32\\lollol.sys" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C9F1C5A0-F3D8-48E2-8B8C-3E86B4CAC7E3}\3.0\0\win32] @="C:\\WINDOWS\\system32\\lollol.sys" ; End Of The Log... zu 3.: habe ich wie beschrieben gemacht. wenn ich mich aber mit meinem benutzerprofil anmelde, erscheint weiterhin vier mal die meldung, dass die datei scvhost.exe nicht gefunden werden kann. sollte das nicht eigentlich weg sein? zu 4.: The scan is complete. No malware has been detected. The sections that have been scanned are CLEAN. Report is empty. Total number of scanned files: 138744 Number of viruses found: 0 Number of infected objects: 0 Number of suspicious objects: 0 Duration of the scan process: 05:26:43 grüße frank_stoned |
|
|
||
11.04.2006, 11:05
Ehrenmitglied
Beiträge: 29434 |
#6
frank_stoned
Gehe in die Registry Start - Ausfuehren - regedit bearbeiten - suchen - l o l l o l.sys loesche: (was ich rot gekennzeichnet habe) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E14DCE67-8FB7-4721-8149-179BAA4D792C}\InprocServer32] @="C:\\WINDOWS\\system32\\.sys" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C9F1C5A0-F3D8-48E2-8B8C-3E86B4CAC7E3}\3.0\0\win32] @="C:\\WINDOWS\\system32\\.sys" PC neustarten dann poste bitte das neue Log vom HijackThis (und berichte auch, wie es um die firewall bestellt ist) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.04.2006, 11:32
Member
Themenstarter Beiträge: 13 |
#7
Logfile of HijackThis v1.99.1
Scan saved at 11:20:34, on 11.04.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\ehome\ehtray.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\system32\PRISMSTA.EXE C:\ATI-CPanel\atiptaxx.exe C:\Programme\HP\HP Software Update\HPWuSchd2.exe C:\Programme\HP\hpcoretech\hpcmpmgr.exe C:\Programme\DAEMON Tools\daemon.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\hijackthis_199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://welcome.icq.com/js/ppfile.html?0 F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START O4 - HKLM\..\Run: [ATIPTA] "C:\ATI-CPanel\atiptaxx.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe" O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Download with Star Downloader - C:\Programme\Star Downloader\sdie.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133388519859 O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe Firewall: der dienst kann nicht gestartet werden. fehler 123: die syntax für den dateinamen, verzeichnisnamen oder die datenträgerbezeichnung sind falsch. |
|
|
||
11.04.2006, 11:58
Ehrenmitglied
Beiträge: 29434 |
#8
1.
fixe mit dem HijackThis: F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe" PC neustarten 2, loesche: C:\Programme\Save 3. berichte, was du findest unter: HKLM\SOFTWARE\Microsoft\Security Center Zitat "AntiVirusDisableNotify"=dword:00000001 oder 0 ????aktiviere Windows XP Firewall: HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile Zitat "EnableFirewall"=dword:00000000 oder 1 ???4. suche auch noch mal alle Eintraege von scvhost.exe und Generic Host Process und Windows-Firewall/Gemeinsame Nutzung der Internetverbindung in der Registry und loesche sie. 5. HKEY_CURRENT_USER\Software\VB and VBA Program Settings\ set\set\set <--loeschen PC neustarten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.04.2006, 12:52
Member
Themenstarter Beiträge: 13 |
#9
zu 2.:
war nicht mehr vorhanden. in der registry ist aber unter hklm\software\whenUsave ein eintrag vorhanden. zu 3.: außer bei "FirstRunDisabled" ist bei jedem eintrag der wert 0 dieser eintrag existiert nicht: HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile |
|
|
||
11.04.2006, 13:02
Ehrenmitglied
Beiträge: 29434 |
#10
zu 2:
wende die REGEDIT4 an http://virus-protect.org/artikel/spyware/save.html zu 3: alles in Ordnung zu:4 poste das Log http://virus-protect.org/registry_stuff.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.04.2006, 13:32
Member
Themenstarter Beiträge: 13 |
#11
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
doesn't exist HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System doesn't exist HKEY_LOCAL_MACHINE\SSYSTEM\CurrentControlSet\Services\windowsnetwork doesn't exist HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa doesn't exist HKEY_CURRENT_USER\Software\Microsoft\OLE doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile ----------------------- ----------------------- REGEDIT4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess] "DependOnGroup"=hex(7):00 "DependOnService"=hex(7):4e,65,74,6d,61,6e,00,57,69,6e,4d,67,6d,74,00,00 "Description"="Bietet allen Computern in Heim- und kleinen Firmennetzwerken Dienste für die Netzwerkadressübersetzung, Adressierung, Namensauflösung und Eindringsschutz." "DisplayName"="Windows-Firewall/Gemeinsame Nutzung der Internetverbindung" "ErrorControl"=dword:00000001 "ImagePath"=hex(2):5c,53,79,73,74,65,6d,52,6f,6f,74,5c,43,3a,5c,57,49,4e,44,4f,\ 57,53,5c,73,79,73,74,65,6d,33,32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,\ 6b,20,6e,65,74,73,76,63,73,00 "ObjectName"="LocalSystem" "Start"=dword:00000002 "Type"=dword:00000020 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch] "Epoch"=dword:0000113b [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters] "ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\ 33,32,5c,69,70,6e,61,74,68,6c,70,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\Trillian\\trillian.exe"="C:\\Programme\\Trillian\\trillian.exe:*:Enabled:Trillian" "C:\\Programme\\ICQLite\\ICQLite.exe"="C:\\Programme\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite" "C:\\Programme\\Xfire\\Xfire.exe"="C:\\Programme\\Xfire\\Xfire.exe:*:Enabled:Xfire" "C:\\Programme\\HLSW\\hlsw.exe"="C:\\Programme\\HLSW\\hlsw.exe:*:Enabled:HLSW" "C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen" "C:\\Programme\\Steam\\SteamApps\\hurricane1990\\counter-strike\\hl.exe"="C:\\Programme\\Steam\\SteamApps\\hurricane1990\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Programme\\Gamers.IRC\\mirc.exe"="C:\\Programme\\Gamers.IRC\\mirc.exe:*:Enabled:mIRC" "C:\\Programme\\Messenger\\msmsgs.exe"="C:\\Programme\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Download\\eMule0.46c\\emule.exe"="C:\\Download\\eMule0.46c\\emule.exe:*:Enabled:eMule" "C:\\Programme\\g3torrent\\g3torrent.exe"="C:\\Programme\\g3torrent\\g3torrent.exe:*:Enabled:g3torrent" "C:\\Programme\\Azureus\\Azureus.exe"="C:\\Programme\\Azureus\\Azureus.exe:*:Enabled:Azureus" "C:\\Programme\\Steam\\SteamApps\\hurricane1990\\condition zero\\hl.exe"="C:\\Programme\\Steam\\SteamApps\\hurricane1990\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Valve\\Condition Zero\\czero.exe"="C:\\Valve\\Condition Zero\\czero.exe:*:Enabled:Condition Zero Launcher" "C:\\Programme\\CS\\hl2.exe"="C:\\Programme\\CS\\hl2.exe:*:Enabled:hl2" "C:\\Programme\\Steam\\SteamApps\\hurricane1990\\dedicated server\\hlds.exe"="C:\\Programme\\Steam\\SteamApps\\hurricane1990\\dedicated server\\hlds.exe:*:Enabled:HLDS Launcher" "C:\\Programme\\Steam\\SteamApps\\hurricane1990\\dedicated server\\hltv.exe"="C:\\Programme\\Steam\\SteamApps\\hurricane1990\\dedicated server\\hltv.exe:*:Enabled:HLTV Launcher" "C:\\Dokumente und Einstellungen\\HURR!CANE\\Desktop\\INpact_CSS_Hud_tweaker_1.18\\INpact_CSS_Hud_tweaker.exe"="C:\\Dokumente und Einstellungen\\HURR!CANE\\Desktop\\INpact_CSS_Hud_tweaker_1.18\\INpact_CSS_Hud_tweaker.exe:*:Enabled:Application MFC Hud" "C:\\Programme\\SmartFTP\\SmartFTP.exe"="C:\\Programme\\SmartFTP\\SmartFTP.exe:*:Enabled:SmartFTP Client" "C:\\Programme\\CS1.6noSteam\\hl.exe"="C:\\Programme\\CS1.6noSteam\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Programme\\CS1.6 pod-Bot\\hl.exe"="C:\\Programme\\CS1.6 pod-Bot\\hl.exe:*:Enabled:Half-Life Launcher" "C:\\Dokumente und Einstellungen\\HURR!CANE\\Desktop\\1044_CounterStrike 2D_cs2d_0031\\cs2d_0031\\CounterStrike2D.exe"="C:\\Dokumente und Einstellungen\\HURR!CANE\\Desktop\\1044_CounterStrike 2D_cs2d_0031\\cs2d_0031\\CounterStrike2D.exe:*:Disabled:CounterStrike2D" "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer" "C:\\Programme\\LimeWire\\LimeWire.exe"="C:\\Programme\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Programme\\Steam\\SteamApps\\hurricane1990\\counter-strike source\\hl2.exe"="C:\\Programme\\Steam\\SteamApps\\hurricane1990\\counter-strike source\\hl2.exe:*:Enabled:hl2" "C:\\Programme\\Steam\\SteamApps\\hurricane1990\\source dedicated server\\srcds.exe"="C:\\Programme\\Steam\\SteamApps\\hurricane1990\\source dedicated server\\srcds.exe:*:Enabled:srcds" "C:\\Programme\\Steam\\SteamApps\\hurricane1990\\half-life 2 deathmatch\\hl2.exe"="C:\\Programme\\Steam\\SteamApps\\hurricane1990\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2" "C:\\Dokumente und Einstellungen\\HURR!CANE\\Lokale Einstellungen\\Temp\\Rar$EX00.235\\cs2d_0031\\CounterStrike2D.exe"="C:\\Dokumente und Einstellungen\\HURR!CANE\\Lokale Einstellungen\\Temp\\Rar$EX00.235\\cs2d_0031\\CounterStrike2D.exe:*:Enabled:CounterStrike2D" "C:\\Programme\\Teamspeak2server\\server_windows.exe"="C:\\Programme\\Teamspeak2server\\server_windows.exe:*:Enabled:Server" "C:\\Dokumente und Einstellungen\\HURR!CANE\\Eigene Dateien\\ICQ Lite\\198163341\\Tobi_233704280\\GBA\\VisualBoyAdvance.exe"="C:\\Dokumente und Einstellungen\\HURR!CANE\\Eigene Dateien\\ICQ Lite\\198163341\\Tobi_233704280\\GBA\\VisualBoyAdvance.exe:*:Disabled:VisualBoyAdvance emulator" "D:\\Michael\\Nützliches\\Emulator\\Konsolen\\SuperN\\zsneswv1.36\\ZSNESW.EXE"="D:\\Michael\\Nützliches\\Emulator\\Konsolen\\SuperN\\zsneswv1.36\\ZSNESW.EXE:*:Enabled:ZSNESW" "C:\\Dokumente und Einstellungen\\HURR!CANE\\Eigene Dateien\\ICQ Lite\\198163341\\Tobi_233704280\\Snes9XW.exe"="C:\\Dokumente und Einstellungen\\HURR!CANE\\Eigene Dateien\\ICQ Lite\\198163341\\Tobi_233704280\\Snes9XW.exe:*:Enabled:Snes9XW" "C:\\Programme\\CS1.6 pod-Bot\\hltv.exe"="C:\\Programme\\CS1.6 pod-Bot\\hltv.exe:*:Enabled:HLTV Launcher" "C:\\Programme\\BearShare\\BearShare.exe"="C:\\Programme\\BearShare\\BearShare.exe:*:Enabled:BearShare" "C:\\Programme\\Java\\j2re1.4.2_05\\bin\\javaw.exe"="C:\\Programme\\Java\\j2re1.4.2_05\\bin\\javaw.exe:*:Enabled:javaw" "C:\\Programme\\Steam\\SteamApps\\hurricane1990\\day of defeat source\\hl2.exe"="C:\\Programme\\Steam\\SteamApps\\hurricane1990\\day of defeat source\\hl2.exe:*:Enabled:hl2" "C:\\Programme\\CSSource\\CS\\hl2.exe"="C:\\Programme\\CSSource\\CS\\hl2.exe:*:Enabled:hl2" "C:\\Programme\\DreamCatcher\\Painkiller\\Bin\\Painkiller.exe"="C:\\Programme\\DreamCatcher\\Painkiller\\Bin\\Painkiller.exe:*:Enabled:Painkiller" "C:\\Dokumente und Einstellungen\\HURR!CANE\\Desktop\\Weisseradler-Script 1.071\\mirc.exe"="C:\\Dokumente und Einstellungen\\HURR!CANE\\Desktop\\Weisseradler-Script 1.071\\mirc.exe:*:Enabled:mIRC" "C:\\Programme\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Programme\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC" "C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup] "ServiceUpgrade"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate] "All"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum] "0"="Root\\LEGACY_SHAREDACCESS\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc] "Type"=dword:00000020 "Start"=dword:00000002 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\ 32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00 "DisplayName"="Sicherheitscenter" "DependOnService"=hex(7):52,70,63,53,73,00,77,69,6e,6d,67,6d,74,00,00 "ObjectName"="LocalSystem" "Description"="Überwacht Systemsicherheitseinstellungen und -konfigurationen." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters] "ServiceDll"=hex(2):25,53,59,53,54,45,4d,52,4f,4f,54,25,5c,73,79,73,74,65,6d,\ 33,32,5c,77,73,63,73,76,63,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\ 00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Enum] "0"="Root\\LEGACY_WSCSVC\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters] "autodisconnect"=dword:0000000f "enableforcedlogoff"=dword:00000001 "enablesecuritysignature"=dword:00000000 "requiresecuritysignature"=dword:00000000 "NullSessionPipes"=hex(7):43,4f,4d,4e,41,50,00,43,4f,4d,4e,4f,44,45,00,53,51,\ 4c,5c,51,55,45,52,59,00,53,50,4f,4f,4c,53,53,00,4c,4c,53,52,50,43,00,62,72,\ 6f,77,73,65,72,00,00 "NullSessionShares"=hex(7):43,4f,4d,43,46,47,00,44,46,53,24,00,00 "ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\ 33,32,5c,73,72,76,73,76,63,2e,64,6c,6c,00 "Lmannounce"=dword:00000000 "Size"=dword:00000001 "Guid"=hex:87,3b,8d,8e,33,56,7c,4f,b3,b8,85,83,b4,1b,a0,13 "AdjustedNullSessionPipes"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters] "enableplaintextpassword"=dword:00000000 "enablesecuritysignature"=dword:00000001 "requiresecuritysignature"=dword:00000000 "ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\ 33,32,5c,77,6b,73,73,76,63,2e,64,6c,6c,00 "OtherDomains"=hex(7):00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger] "Type"=dword:00000020 "Start"=dword:00000004 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\ 32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00 "DisplayName"="Nachrichtendienst" "DependOnService"=hex(7):4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,\ 4e,65,74,42,49,4f,53,00,50,6c,75,67,50,6c,61,79,00,52,70,63,53,53,00,00 "DependOnGroup"=hex(7):00 "ObjectName"="LocalSystem" "Description"="Überträgt NET SEND- und Warndienstnachrichten zwischen Clients und Servern. Dieser Dienst ist nicht mit Windows Messenger verwandt. Der Warndienst überträgt keine Nachrichten, falls dieser Dienst beendet wird. Falls dieser Dienst deaktiviert wird, können die Dienste, die von diesem Dienst ausschließlich abhängig sind, nicht mehr gestartet werden." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Parameters] "ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\ 33,32,5c,6d,73,67,73,76,63,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\ 05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\ 02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry] "Description"="Ermöglicht Remotebenutzern, Registrierungseinstellungen dieses Computers zu verändern. Wenn dieser Dienst beendet wird, kann die Registrierung nur von lokalen Benutzern dieses Computers verändert werden. Wenn dieser Dienst deaktiviert wird, werden alle von diesem Dienst explizit abhängigen Dienste nicht gestartet werden können." "DependOnService"=hex(7):52,50,43,53,53,00,00 "DisplayName"="Remote-Registrierung" "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\ 32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,4c,6f,63,61,6c,53,65,72,\ 76,69,63,65,00 "ObjectName"="NT AUTHORITY\\LocalService" "Group"="" "Start"=dword:00000002 "Type"=dword:00000020 "FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,e0,ad,08,\ 00,01,00,00,00,e8,03,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters] "ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\ 33,32,5c,72,65,67,73,76,63,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\ 05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\ 02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum] "0"="Root\\LEGACY_REMOTEREGISTRY\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr] "Type"=dword:00000010 "Start"=dword:00000004 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,\ 74,6c,6e,74,73,76,72,2e,65,78,65,00 "DisplayName"="Telnet" "DependOnService"=hex(7):52,50,43,53,53,00,54,43,50,49,50,00,4e,54,4c,4d,53,53,\ 50,00,00 "DependOnGroup"=hex(7):00 "ObjectName"="LocalSystem" "Description"=hex(2):45,72,6d,f6,67,6c,69,63,68,74,20,65,69,6e,65,6d,20,52,65,\ 6d,6f,74,65,62,65,6e,75,74,7a,65,72,2c,20,73,69,63,68,20,61,6e,20,64,69,65,\ 73,65,6d,20,43,6f,6d,70,75,74,65,72,20,61,6e,7a,75,6d,65,6c,64,65,6e,20,75,\ 6e,64,20,50,72,6f,67,72,61,6d,6d,65,20,61,75,73,7a,75,66,fc,68,72,65,6e,2e,\ 20,55,6e,74,65,72,73,74,fc,74,7a,74,20,76,65,72,73,63,68,69,65,64,65,6e,65,\ 20,54,43,50,2f,49,50,2d,54,65,6c,6e,65,74,63,6c,69,65,6e,74,73,2c,20,65,69,\ 6e,73,63,68,6c,69,65,df,6c,69,63,68,20,55,4e,49,58,2d,62,61,73,69,65,72,74,\ 65,6e,20,75,6e,64,20,57,69,6e,64,6f,77,73,2d,62,61,73,69,65,72,74,65,6e,20,\ 43,6f,6d,70,75,74,65,72,6e,2e,20,57,65,6e,6e,20,64,69,65,73,65,72,20,44,69,\ 65,6e,73,74,20,61,6e,67,65,68,61,6c,74,65,6e,20,77,69,72,64,2c,20,69,73,74,\ 20,64,65,72,20,52,65,6d,6f,74,65,7a,75,67,72,69,66,66,20,6d,f6,67,6c,69,63,\ 68,65,72,77,65,69,73,65,20,6e,69,63,68,74,20,6d,65,68,72,20,76,65,72,66,fc,\ 67,62,61,72,2e,20,57,65,6e,6e,20,64,69,65,73,65,72,20,44,69,65,6e,73,74,20,\ 64,65,61,6b,74,69,76,69,65,72,74,20,77,69,72,64,2c,20,6b,f6,6e,6e,65,6e,20,\ 61,6c,6c,65,20,44,69,65,6e,73,74,65,2c,20,64,69,65,20,65,78,70,6c,69,7a,69,\ 74,20,76,6f,6e,20,64,69,65,73,65,6d,20,44,69,65,6e,73,74,20,61,62,68,e4,6e,\ 67,65,6e,2c,20,6e,69,63,68,74,20,6d,65,68,72,20,67,65,73,74,61,72,74,65,74,\ 20,77,65,72,64,65,6e,2e,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\ 00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole] "DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\ 14,00,00,00,02,00,48,00,03,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\ 00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\ 00,05,04,00,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\ 00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,\ 20,00,00,00,20,02,00,00 "MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\ 14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\ 00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\ 00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\ 00,00,00,00,05,20,00,00,00,20,02,00,00 "MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\ 14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\ 00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\ 05,20,00,00,00,20,02,00,00 "EnableDCOM"="Y" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList] "{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1" "{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1" "{0040D221-54A1-11D1-9DE0-006097042D69}"="1" "{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST] "System.EnterpriseServices.Thunk.dll"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 "Bounds"=hex:00,30,00,00,00,20,00,00 "Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\ 63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00 "ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001 "LsaPid"=dword:000002c4 "SecureBoot"=dword:00000001 "auditbaseobjects"=dword:00000000 "crashonauditfail"=dword:00000000 "disabledomaincreds"=dword:00000000 "everyoneincludesanonymous"=dword:00000000 "fipsalgorithmpolicy"=dword:00000000 "forceguest"=dword:00000001 "fullprivilegeauditing"=hex:00 "limitblankpassworduse"=dword:00000001 "lmcompatibilitylevel"=dword:00000000 "nodefaultadminowner"=dword:00000001 "nolmhash"=dword:00000000 "restrictanonymous"=dword:00000000 "restrictanonymoussam"=dword:00000001 "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders] "ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\ 50,72,6f,76,69,64,65,72,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider] "ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\ 33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data] "Pattern"=hex:e8,75,6a,47,b0,26,1c,db,a8,ba,a3,7a,bb,63,21,31,39,35,33,64,62,\ 65,39,32,00,fd,07,00,2c,78,00,00,34,fa,07,00,56,82,46,75,20,fa,07,00,40,fd,\ 07,00,4c,fd,07,00,2c,10,e8,85,5f,3c,3d,a6,9c,76,1b,95 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG] "GrafBlumGroup"=hex:24,30,d6,5a,4c,e4,60,4c,7e [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD] "Lookup"=hex:98,7d,01,35,39,c9 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0] "Auth132"="IISSUBA" "ntlmminclientsec"=dword:00000000 "ntlmminserversec"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1] "SkewMatrix"=hex:17,25,4a,94,49,5f,18,c2,18,d5,ae,89,73,4b,32,25 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4] "SSOURL"="http://www.passport.com" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache] "Time"=hex:10,38,fd,16,fa,f5,c5,01 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll] "Name"="Digest" "Comment"="Digest SSPI Authentication Package" "Capabilities"=dword:00004050 "RpcId"=dword:0000ffff "Version"=dword:00000001 "TokenSize"=dword:0000ffff "Time"=hex:00,38,3a,3c,0c,7f,c4,01 "Type"=dword:00000031 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll] "Name"="DPA" "Comment"="DPA Security Package" "Capabilities"=dword:00000037 "RpcId"=dword:00000011 "Version"=dword:00000001 "TokenSize"=dword:00000300 "Time"=hex:00,38,3a,3c,0c,7f,c4,01 "Type"=dword:00000031 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll] "Name"="MSN" "Comment"="MSN Security Package" "Capabilities"=dword:00000037 "RpcId"=dword:00000012 "Version"=dword:00000001 "TokenSize"=dword:00000300 "Time"=hex:00,38,3a,3c,0c,7f,c4,01 "Type"=dword:00000031 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled"=dword:00000001 "AntiVirusDisableNotify"=dword:00000000 "FirewallDisableNotify"=dword:00000000 "UpdatesDisableNotify"=dword:00000000 "AntiVirusOverride"=dword:00000000 "FirewallOverride"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] |
|
|
||
11.04.2006, 15:35
Ehrenmitglied
Beiträge: 29434 |
#12
die Firewall ist sehr wohl aktiv, und erlaubt auch den zahlreichen P2P-Proggies Zugriff auf deinen PC.
Der Trojaner ist geloescht... denke mal drueber nach, wo du dir das eingefangen hast... und berichte __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.04.2006, 17:09
Member
Themenstarter Beiträge: 13 |
#13
vielen dank für deine zeit und deine hilfe.
die windows-firewall ist nicht aktiv. im sicherheitscenter steht INAKTIV. kann das vielleicht daran liegen, dass ich die software avast! als antivirus und firewall habe und beides, windows-firewall und avast!, zusammen nicht funktionieren? ich hab mir den trojaner nicht eingefangen. das war mein brüderchen...und wo, das ist ja klar... |
|
|
||
11.04.2006, 21:24
Ehrenmitglied
Beiträge: 29434 |
#14
diese Eintraege...findest du sie???
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile *EnableFirewall dword:00000000 HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile *EnableFirewall dword:00000000 schluessel auf 1 setzen. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
12.04.2006, 06:01
Member
Themenstarter Beiträge: 13 |
#15
nein, sind nicht vorhanden. unter hklm\software\policies\microsoft ist kein ordner namens windowsfirewall.
nur hier habe ich sowas gefunden: hklm\system\controlset001\services\sharedaccess\parameters\firewallpolicy\... hab grad noch einmal hijackthis durchlaufen lassen. das hier war im log aufgeführt: O23 - Service: Windows-Firewall/Gemeinsame Nutzung der Internetverbindung (SharedAccess) - Unknown owner - C:\WINDOWS\C:\WINDOWS\system32\svchost.exe (file missing) Dieser Beitrag wurde am 12.04.2006 um 06:11 Uhr von frank_stoned editiert.
|
|
|
||
seit ein paar tagen habe ich das problem, dass ich nicht mehr in die registry komme und meine windows xp-firewall deaktiviert ist und sich auch nicht mehr aktivieren lässt. daraufhin habe ich versucht mit AntiVir einen virenscan zu machen, dieser wurde aber bereits nach ein paar sekunden abgebrochen. danach habe ich den antivir deinstalliert und die software avast! installiert. diese hat die dateien GsBEosu457.ini und scvhost.exe (beide win32:ciadoor-21) gefunden und natürlich sofort gelöscht.
nun wäre es natürlich super, wenn mir bitte jemand die weitere vorgehensweise erklären könnte.
mein hijackthis-log:
Logfile of HijackThis v1.99.1
Scan saved at 10:52:36, on 10.04.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\PRISMSTA.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\HP\hpcoretech\hpcmpmgr.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Trillian\trillian.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programme\Microsoft Office\Office10\OUTLOOK.EXE
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
c:\progra~1\gemein~1\instal~1\update~1\isuspm.exe
C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\agent.exe
C:\Programme\Alwil Software\Avast4\ashChest.exe
C:\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI-CPanel\atiptaxx.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Trillian.lnk = C:\Programme\Trillian\trillian.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133388519859
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76483465-4C23-40A9-BF72-994A32A8BA0B}: NameServer = 217.237.151.97 217.237.150.33
O18 - Protocol: bw+0 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {1E5D6C8A-3C2F-49AC-9E3E-068506FEAFF0} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows-Firewall/Gemeinsame Nutzung der Internetverbindung (SharedAccess) - Unknown owner - C:\WINDOWS\C:\WINDOWS\system32\svchost.exe (file missing)
vielen, vielen dank im voraus!
grüße
frank_stoned