about: blank Browser hijacker |
||
---|---|---|
#0
| ||
07.05.2006, 23:16
Ehrenmitglied
Beiträge: 29434 |
||
|
||
08.05.2006, 16:25
Member
Themenstarter Beiträge: 25 |
||
|
||
08.05.2006, 16:43
Ehrenmitglied
Beiträge: 29434 |
#18
ich denke mal , jeder einzelen Eintrag hat die Moeglichkeit zu:
*Ignore *Remove --> Status: Deleted *Quarantaine __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.05.2006, 20:04
Member
Themenstarter Beiträge: 25 |
#19
Hallo Sabina,
Ich habe gerade gesehen das meine Firewall nicht mehr aktiv ist!!! Kann Sie auch nicht aktivieren!! ich habe jetzt noch ein wenig mit Counterspy rumgemacht.... Habe ihn im agbesicherten Modus einmal laufen lassen und habe dann den Bericht bekommen und konnte alles auf --Remove-- setzen. Habe Ihn ein zweites mal im Normalmodus laufen lassen und gerade diesen Bericht erhalten: Spyware Scan Details Start Date: 08.05.2006 19:00:33 End Date: 08.05.2006 19:53:11 Total Time: 52 mins 38 secs Detected spyware No spyware were found during this scan. Ist damit alles ok?? Gruß Marc. Dieser Beitrag wurde am 08.05.2006 um 20:50 Uhr von timerider999 editiert.
|
|
|
||
08.05.2006, 23:58
Ehrenmitglied
Beiträge: 29434 |
#20
poste diese zwei Logs:
1. http://virus-protect.org/registry_stuff.html 2. windpfind http://virus-protect.org/winpfind.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.05.2006, 07:52
Member
Themenstarter Beiträge: 25 |
#21
Guten morgen,
1. Winfind: WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600 Internet Explorer Version: 6.0.2900.2180 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... Checking %System% folder... PEC2 29.08.2002 14:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc PECompact2 06.04.2006 21:48:38 5143456 C:\WINDOWS\SYSTEM32\MRT.exe aspack 06.04.2006 21:48:38 5143456 C:\WINDOWS\SYSTEM32\MRT.exe aspack 04.08.2004 09:57:08 733696 C:\WINDOWS\SYSTEM32\ntdll.dll Umonitor 04.08.2004 09:57:32 686592 C:\WINDOWS\SYSTEM32\rasdlg.dll winsync 29.08.2002 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu Checking %System%\Drivers folder and sub-folders... PTech 04.08.2004 07:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 09.05.2006 07:25:08 S 2048 C:\WINDOWS\bootstat.dat 27.03.2006 15:37:08 HS 8192 C:\WINDOWS\Thumbs.db 23.03.2006 01:17:22 S 14054 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB908531.cat 23.03.2006 08:15:46 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911562.cat 13.03.2006 17:08:34 S 7898 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911565.cat 17.03.2006 11:24:30 S 12455 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911567.cat 30.03.2006 12:03:42 S 22339 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912812.cat 09.05.2006 07:31:08 H 1024 C:\WINDOWS\system32\config\default.LOG 09.05.2006 07:25:48 H 1024 C:\WINDOWS\system32\config\SAM.LOG 09.05.2006 07:26:10 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG 09.05.2006 07:43:26 H 1024 C:\WINDOWS\system32\config\software.LOG 09.05.2006 07:29:52 H 1024 C:\WINDOWS\system32\config\system.LOG 16.04.2006 21:46:18 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG 21.04.2006 15:15:30 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\f36bdea2-adf2-4231-a33f-3de810a30d6c 21.04.2006 15:15:30 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred 09.05.2006 07:25:10 H 6 C:\WINDOWS\Tasks\SA.DAT Checking for CPL files... Microsoft Corporation 04.08.2004 09:58:22 70656 C:\WINDOWS\SYSTEM32\access.cpl Microsoft Corporation 04.08.2004 09:58:22 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl Microsoft Corporation 04.08.2004 09:58:22 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl Logitech Inc. 29.08.2003 15:19:16 151552 C:\WINDOWS\SYSTEM32\CamCpl.cpl Microsoft Corporation 04.08.2004 09:58:22 138240 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 04.08.2004 09:58:22 80384 C:\WINDOWS\SYSTEM32\firewall.cpl Microsoft Corporation 04.08.2004 09:58:22 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Microsoft Corporation 04.08.2004 09:58:22 359424 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 04.08.2004 09:58:22 133120 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 04.08.2004 09:58:22 381440 C:\WINDOWS\SYSTEM32\irprops.cpl Microsoft Corporation 04.08.2004 09:58:22 69632 C:\WINDOWS\SYSTEM32\joy.cpl Sun Microsystems, Inc. 10.11.2005 13:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl Microsoft Corporation 29.08.2002 14:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 04.08.2004 09:58:22 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 29.08.2002 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 04.08.2004 09:58:22 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl Microsoft Corporation 04.08.2004 09:58:22 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl Microsoft Corporation 04.08.2004 09:58:22 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation 04.08.2004 09:58:22 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl Intersil Americas Inc. 04.08.2003 17:51:48 313418 C:\WINDOWS\SYSTEM32\PRISMCFG.cpl SiSoftware 29.01.2005 19:07:40 53248 C:\WINDOWS\SYSTEM32\SanCpl.cpl Microsoft Corporation 04.08.2004 09:58:22 303104 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 29.08.2002 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 04.08.2004 09:58:22 94208 C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation 04.08.2004 09:58:22 148480 C:\WINDOWS\SYSTEM32\wscui.cpl Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 29.08.2002 14:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl Microsoft Corporation 29.08.2002 14:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl Microsoft Corporation 29.08.2002 14:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 18.10.2005 19:21:46 1741 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk 10.02.2006 20:34:30 1741 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk 20.09.2003 16:50:10 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini 20.09.2003 18:01:50 528 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Kontrollfeld für die kabellose Tastatur.lnk 22.09.2005 20:14:18 1502 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk Checking files in %ALLUSERSPROFILE%\Application Data folder... 20.09.2003 17:45:28 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini Checking files in %USERPROFILE%\Startup folder... 20.09.2003 16:50:10 HS 84 C:\Dokumente und Einstellungen\Marc\Startmenü\Programme\Autostart\desktop.ini Checking files in %USERPROFILE%\Application Data folder... 15.04.2005 13:29:04 1210 C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\AdobeDLM.log 20.09.2003 17:45:28 HS 62 C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\desktop.ini 15.04.2005 13:29:02 0 C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\dm.ini 04.03.2006 13:55:30 6896 C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\wklnhst.dat »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] SV1 = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\InoShell {DCED20BE-3645-11D4-BC95-00C04F0E0588} = C:\Programme\CA\eTrust Antivirus\InoShell.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TuneUp Shredder {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\InoShell {DCED20BE-3645-11D4-BC95-00C04F0E0588} = C:\Programme\CA\eTrust Antivirus\InoShell.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TuneUp Shredder {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627} = [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} Real.com = C:\WINDOWS\System32\Shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} MenuText = Sun Java Konsole : C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} ButtonText = Recherchieren : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} ButtonText = Real.com : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} ButtonText = Messenger : C:\Programme\Messenger\msmsgs.exe [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38} Search Band = %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} Favorites Band = %SystemRoot%\System32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} Explorer-Band = %SystemRoot%\System32\shdocvw.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll {EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ATIPTA C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe Cmaudio RunDll32 cmicnfg.cpl,CMICtrlWnd Dit Dit.exe Realtime Monitor C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s CHotkey mHotkey.exe PCMService "C:\Programme\Medion Home Cinema XL II\PowerCinema\PCMService.exe" PRISMSTA.EXE PRISMSTA.EXE START HP Component Manager "C:\Programme\HP\hpcoretech\hpcmpmgr.exe" HPDJ Taskbar Utility C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe InCD C:\Programme\Ahead\InCD\InCD.exe NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe Logitech Utility Logi_MwX.Exe TkBellExe "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot LogitechVideoRepair C:\Programme\Logitech\Video\ISStart.exe LogitechVideoTray C:\Programme\Logitech\Video\LogiTray.exe SunJavaUpdateSched C:\Programme\Java\jre1.5.0_06\bin\jusched.exe PinnacleDriverCheck C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg Microsoft Works Update Detection C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe ALDI_SUED_FotoSuite_Download "C:\Programme\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe" /autorun SunServer C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] CTFMON.EXE C:\WINDOWS\system32\ctfmon.exe msnmsgr "C:\Programme\MSN Messenger\msnmsgr.exe" /background [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun 145 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, Shell = Explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 09.05.2006 07:46:41 2.findStuff: doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile doesn't exist HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System doesn't exist HKEY_LOCAL_MACHINE\SSYSTEM\CurrentControlSet\Services\windowsnetwork doesn't exist HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa doesn't exist HKEY_CURRENT_USER\Software\Microsoft\OLE doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile doesn't exist HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System doesn't exist HKEY_LOCAL_MACHINE\SSYSTEM\CurrentControlSet\Services\windowsnetwork doesn't exist HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa doesn't exist HKEY_CURRENT_USER\Software\Microsoft\OLE doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile ----------------------- ----------------------- REGEDIT4 ----------------------- ----------------------- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess] "Type"=dword:00000020 "Start"=dword:00000002 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\ 32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00 "DisplayName"="Windows-Firewall/Gemeinsame Nutzung der Internetverbindung" "DependOnService"=hex(7):4e,65,74,6d,61,6e,00,57,69,6e,4d,67,6d,74,00,00 "DependOnGroup"=hex(7):00 "ObjectName"="LocalSystem" "Description"="Bietet allen Computern in Privat- und Kleinunternehmensnetzwerken Dienste für die Netzwerkadressübersetzung, Adressierung, Namensauflösung und Eindringsschutz." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch] "Epoch"=dword:000014d0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters] "ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\ 33,32,5c,69,70,6e,61,74,68,6c,70,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\sandra.exe"="C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\sandra.exe:*:Enabled:SiSoftware Sandra Lite" "C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcSandraSrv.exe"="C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite" "C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcDataSrv.exe"="C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite" "C:\\Programme\\onlineTV 2\\onlineTV.exe"="C:\\Programme\\onlineTV 2\\onlineTV.exe:*:Enabled:onlineTV" "C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=dword:00000001 "DoNotAllowExceptions"=dword:00000000 "DisableNotifications"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\Yahoo!\\Messenger\\YPager.exe"="C:\\Programme\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger" "C:\\Programme\\Yahoo!\\Messenger\\YServer.exe"="C:\\Programme\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*isabled:backWeb-8876480" "C:\\Programme\\eMule.de\\emule.exe"="C:\\Programme\\eMule.de\\emule.exe:*:Enabled:eMule" "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen" "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\\Programme\\eDonkey2000\\edonkey2000.exe"="C:\\Programme\\eDonkey2000\\edonkey2000.exe:*:Enabled:edonkey2000" "C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\sandra.exe"="C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\sandra.exe:*:Enabled:SiSoftware Sandra Lite" "C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcSandraSrv.exe"="C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite" "C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcDataSrv.exe"="C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite" "C:\\WINDOWS\\system32\\mshta.exe"="C:\\WINDOWS\\system32\\mshta.exe:*isabled:Microsoft (R) HTML Application host" "C:\\Programme\\onlineTV 2\\onlineTV.exe"="C:\\Programme\\onlineTV 2\\onlineTV.exe:*:Enabled:onlineTV" "C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" "C:\\Programme\\Real\\RealPlayer\\realplay.exe"="C:\\Programme\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealOne Player" "C:\\Programme\\iRaTe2\\irate2.exe"="C:\\Programme\\iRaTe2\\irate2.exe:*:Enabled:iRaTe v2" "C:\\Programme\\Coolspot\\xcMessenger\\xcMessenger.exe"="C:\\Programme\\Coolspot\\xcMessenger\\xcMessenger.exe:*:Enabled:X-Check Messenger" "C:\\Programme\\Internet Explorer\\iexplore.exe"="C:\\Programme\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP"="1900:UDP:LocalSubNetisabled:@xpsp2res.dll,-22007" "2869:TCP"="2869:TCP:LocalSubNetisabled:@xpsp2res.dll,-22008" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\ 00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup] "ServiceUpgrade"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate] "{144A76EC-6DAC-479E-84D3-8017F772DE64}"=dword:00000001 "{E335DD02-5EAD-4B31-8319-CD8936402BBC}"=dword:00000001 "{61DDA531-5177-4294-A090-1C682006E411}"=dword:00000001 "{9EDCB3C2-75F7-4862-BE7D-77BE6C4A7D85}"=dword:00000001 "{92BD157E-6197-409A-A434-6F72E98FA9E4}"=dword:00000001 "{A5BAA657-2741-4220-8908-41687A63BAF9}"=dword:00000001 "{175C1178-1FFE-4D5F-B7DD-6BA0BF6B6269}"=dword:00000001 "{5181B182-0368-4496-AAE0-C90D4B56965F}"=dword:00000001 "{6E69B7B1-220F-4D26-8BD8-624A9E445D7B}"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum] "0"="Root\\LEGACY_SHAREDACCESS\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc] "Type"=dword:00000020 "Start"=dword:00000002 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\ 32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00 "DisplayName"="Sicherheitscenter" "DependOnService"=hex(7):52,70,63,53,73,00,77,69,6e,6d,67,6d,74,00,00 "ObjectName"="LocalSystem" "Description"="Überwacht Systemsicherheitseinstellungen und -konfigurationen." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters] "ServiceDll"=hex(2):25,53,59,53,54,45,4d,52,4f,4f,54,25,5c,73,79,73,74,65,6d,\ 33,32,5c,77,73,63,73,76,63,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\ 00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Enum] "0"="Root\\LEGACY_WSCSVC\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters] "autodisconnect"=dword:0000000f "enableforcedlogoff"=dword:00000001 "enablesecuritysignature"=dword:00000000 "requiresecuritysignature"=dword:00000000 "NullSessionPipes"=hex(7):43,4f,4d,4e,41,50,00,43,4f,4d,4e,4f,44,45,00,53,51,\ 4c,5c,51,55,45,52,59,00,53,50,4f,4f,4c,53,53,00,4c,4c,53,52,50,43,00,62,72,\ 6f,77,73,65,72,00,00 "NullSessionShares"=hex(7):43,4f,4d,43,46,47,00,44,46,53,24,00,00 "ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\ 33,32,5c,73,72,76,73,76,63,2e,64,6c,6c,00 "Lmannounce"=dword:00000000 "Size"=dword:00000001 "Guid"=hex:02,60,e4,ac,51,b0,6d,49,b2,80,b4,9d,68,89,4d,c0 "AdjustedNullSessionPipes"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters] "enableplaintextpassword"=dword:00000000 "enablesecuritysignature"=dword:00000001 "requiresecuritysignature"=dword:00000000 "ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\ 33,32,5c,77,6b,73,73,76,63,2e,64,6c,6c,00 "OtherDomains"=hex(7):00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger] "Type"=dword:00000020 "Start"=dword:00000004 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\ 32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00 "DisplayName"="Nachrichtendienst" "DependOnService"=hex(7):4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,\ 4e,65,74,42,49,4f,53,00,50,6c,75,67,50,6c,61,79,00,52,70,63,53,53,00,00 "DependOnGroup"=hex(7):00 "ObjectName"="LocalSystem" "Description"="Überträgt NET SEND- und Warndienstnachrichten zwischen Clients und Servern. Dieser Dienst ist nicht mit Windows Messenger verwandt. Der Warndienst überträgt keine Nachrichten, falls dieser Dienst beendet wird. Falls dieser Dienst deaktiviert wird, können die Dienste, die von diesem Dienst ausschließlich abhängig sind, nicht mehr gestartet werden." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Parameters] "ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\ 33,32,5c,6d,73,67,73,76,63,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Security] "Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,48,00,03,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\ 05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\ 01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Enum] "0"="Root\\LEGACY_MESSENGER\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole] "DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\ 14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\ 00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\ 00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\ 05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\ 5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\ 5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00 "EnableDCOM"="Y" "MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\ 14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\ 00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\ 00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\ 00,00,00,00,05,20,00,00,00,20,02,00,00 "MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\ 14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\ 00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\ 05,20,00,00,00,20,02,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList] "{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1" "{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1" "{0040D221-54A1-11D1-9DE0-006097042D69}"="1" "{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST] "System.EnterpriseServices.Thunk.dll"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 "Bounds"=hex:00,30,00,00,00,20,00,00 "Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\ 63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00 "LsaPid"=dword:00000290 "SecureBoot"=dword:00000001 "auditbaseobjects"=dword:00000000 "crashonauditfail"=dword:00000000 "disabledomaincreds"=dword:00000000 "everyoneincludesanonymous"=dword:00000000 "fipsalgorithmpolicy"=dword:00000000 "forceguest"=dword:00000001 "fullprivilegeauditing"=hex:00 "limitblankpassworduse"=dword:00000001 "lmcompatibilitylevel"=dword:00000000 "nodefaultadminowner"=dword:00000001 "nolmhash"=dword:00000000 "restrictanonymous"=dword:00000000 "restrictanonymoussam"=dword:00000001 "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00 "ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders] "ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\ 50,72,6f,76,69,64,65,72,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider] "ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\ 33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data] "Pattern"=hex:aa,e1,22,8d,ac,9a,4b,95,1e,59,07,16,e9,7a,3d,4e,38,30,38,33,39,\ 38,34,61,00,00,00,00,01,00,00,00,bc,01,00,00,c0,01,00,00,34,ca,06,00,45,9d,\ b7,71,04,00,00,00,10,00,00,00,00,00,00,00,1c,7a,d7,d6 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG] "GrafBlumGroup"=hex:0e,98,c4,d9,28,a6,a7,ac,31 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD] "Lookup"=hex:86,06,17,3e,39,ab [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0] "ntlmminclientsec"=dword:00000000 "ntlmminserversec"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1] "SkewMatrix"=hex:56,59,38,e5,77,3f,51,03,81,98,29,ec,67,22,63,b8 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4] "SSOURL"="http://www.passport.com" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache] "Time"=hex:76,28,98,42,b7,03,c5,01 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll] "Name"="Digest" "Comment"="Digest SSPI Authentication Package" "Capabilities"=dword:00004050 "RpcId"=dword:0000ffff "Version"=dword:00000001 "TokenSize"=dword:0000ffff "Time"=hex:80,6c,27,a9,f8,79,c4,01 "Type"=dword:00000031 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll] "Name"="DPA" "Comment"="DPA Security Package" "Capabilities"=dword:00000037 "RpcId"=dword:00000011 "Version"=dword:00000001 "TokenSize"=dword:00000300 "Time"=hex:00,8a,53,ad,f8,79,c4,01 "Type"=dword:00000031 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll] "Name"="MSN" "Comment"="MSN Security Package" "Capabilities"=dword:00000037 "RpcId"=dword:00000012 "Version"=dword:00000001 "TokenSize"=dword:00000300 "Time"=hex:80,4d,1d,af,f8,79,c4,01 "Type"=dword:00000031 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify"=dword:00000000 "FirewallDisableNotify"=dword:00000000 "UpdatesDisableNotify"=dword:00000000 "AntiVirusOverride"=dword:00000000 "FirewallOverride"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess] "Type"=dword:00000020 "Start"=dword:00000002 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\ 32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00 "DisplayName"="Windows-Firewall/Gemeinsame Nutzung der Internetverbindung" "DependOnService"=hex(7):4e,65,74,6d,61,6e,00,57,69,6e,4d,67,6d,74,00,00 "DependOnGroup"=hex(7):00 "ObjectName"="LocalSystem" "Description"="Bietet allen Computern in Privat- und Kleinunternehmensnetzwerken Dienste für die Netzwerkadressübersetzung, Adressierung, Namensauflösung und Eindringsschutz." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch] "Epoch"=dword:000014d0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters] "ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\ 33,32,5c,69,70,6e,61,74,68,6c,70,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\sandra.exe"="C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\sandra.exe:*:Enabled:SiSoftware Sandra Lite" "C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcSandraSrv.exe"="C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite" "C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcDataSrv.exe"="C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite" "C:\\Programme\\onlineTV 2\\onlineTV.exe"="C:\\Programme\\onlineTV 2\\onlineTV.exe:*:Enabled:onlineTV" "C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=dword:00000001 "DoNotAllowExceptions"=dword:00000000 "DisableNotifications"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\Yahoo!\\Messenger\\YPager.exe"="C:\\Programme\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger" "C:\\Programme\\Yahoo!\\Messenger\\YServer.exe"="C:\\Programme\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*isabled:backWeb-8876480" "C:\\Programme\\eMule.de\\emule.exe"="C:\\Programme\\eMule.de\\emule.exe:*:Enabled:eMule" "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen" "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\\Programme\\eDonkey2000\\edonkey2000.exe"="C:\\Programme\\eDonkey2000\\edonkey2000.exe:*:Enabled:edonkey2000" "C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\sandra.exe"="C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\sandra.exe:*:Enabled:SiSoftware Sandra Lite" "C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcSandraSrv.exe"="C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite" "C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcDataSrv.exe"="C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite" "C:\\WINDOWS\\system32\\mshta.exe"="C:\\WINDOWS\\system32\\mshta.exe:*isabled:Microsoft (R) HTML Application host" "C:\\Programme\\onlineTV 2\\onlineTV.exe"="C:\\Programme\\onlineTV 2\\onlineTV.exe:*:Enabled:onlineTV" "C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" "C:\\Programme\\Real\\RealPlayer\\realplay.exe"="C:\\Programme\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealOne Player" "C:\\Programme\\iRaTe2\\irate2.exe"="C:\\Programme\\iRaTe2\\irate2.exe:*:Enabled:iRaTe v2" "C:\\Programme\\Coolspot\\xcMessenger\\xcMessenger.exe"="C:\\Programme\\Coolspot\\xcMessenger\\xcMessenger.exe:*:Enabled:X-Check Messenger" "C:\\Programme\\Internet Explorer\\iexplore.exe"="C:\\Programme\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP"="1900:UDP:LocalSubNetisabled:@xpsp2res.dll,-22007" "2869:TCP"="2869:TCP:LocalSubNetisabled:@xpsp2res.dll,-22008" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\ 00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup] "ServiceUpgrade"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate] "{144A76EC-6DAC-479E-84D3-8017F772DE64}"=dword:00000001 "{E335DD02-5EAD-4B31-8319-CD8936402BBC}"=dword:00000001 "{61DDA531-5177-4294-A090-1C682006E411}"=dword:00000001 "{9EDCB3C2-75F7-4862-BE7D-77BE6C4A7D85}"=dword:00000001 "{92BD157E-6197-409A-A434-6F72E98FA9E4}"=dword:00000001 "{A5BAA657-2741-4220-8908-41687A63BAF9}"=dword:00000001 "{175C1178-1FFE-4D5F-B7DD-6BA0BF6B6269}"=dword:00000001 "{5181B182-0368-4496-AAE0-C90D4B56965F}"=dword:00000001 "{6E69B7B1-220F-4D26-8BD8-624A9E445D7B}"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum] "0"="Root\\LEGACY_SHAREDACCESS\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc] "Type"=dword:00000020 "Start"=dword:00000002 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\ 32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00 "DisplayName"="Sicherheitscenter" "DependOnService"=hex(7):52,70,63,53,73,00,77,69,6e,6d,67,6d,74,00,00 "ObjectName"="LocalSystem" "Description"="Überwacht Systemsicherheitseinstellungen und -konfigurationen." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters] "ServiceDll"=hex(2):25,53,59,53,54,45,4d,52,4f,4f,54,25,5c,73,79,73,74,65,6d,\ 33,32,5c,77,73,63,73,76,63,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\ 00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Enum] "0"="Root\\LEGACY_WSCSVC\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters] "autodisconnect"=dword:0000000f "enableforcedlogoff"=dword:00000001 "enablesecuritysignature"=dword:00000000 "requiresecuritysignature"=dword:00000000 "NullSessionPipes"=hex(7):43,4f,4d,4e,41,50,00,43,4f,4d,4e,4f,44,45,00,53,51,\ 4c,5c,51,55,45,52,59,00,53,50,4f,4f,4c,53,53,00,4c,4c,53,52,50,43,00,62,72,\ 6f,77,73,65,72,00,00 "NullSessionShares"=hex(7):43,4f,4d,43,46,47,00,44,46,53,24,00,00 "ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\ 33,32,5c,73,72,76,73,76,63,2e,64,6c,6c,00 "Lmannounce"=dword:00000000 "Size"=dword:00000001 "Guid"=hex:02,60,e4,ac,51,b0,6d,49,b2,80,b4,9d,68,89,4d,c0 "AdjustedNullSessionPipes"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters] "enableplaintextpassword"=dword:00000000 "enablesecuritysignature"=dword:00000001 "requiresecuritysignature"=dword:00000000 "ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\ 33,32,5c,77,6b,73,73,76,63,2e,64,6c,6c,00 "OtherDomains"=hex(7):00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger] "Type"=dword:00000020 "Start"=dword:00000004 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\ 32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00 "DisplayName"="Nachrichtendienst" "DependOnService"=hex(7):4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,\ 4e,65,74,42,49,4f,53,00,50,6c,75,67,50,6c,61,79,00,52,70,63,53,53,00,00 "DependOnGroup"=hex(7):00 "ObjectName"="LocalSystem" "Description"="Überträgt NET SEND- und Warndienstnachrichten zwischen Clients und Servern. Dieser Dienst ist nicht mit Windows Messenger verwandt. Der Warndienst überträgt keine Nachrichten, falls dieser Dienst beendet wird. Falls dieser Dienst deaktiviert wird, können die Dienste, die von diesem Dienst ausschließlich abhängig sind, nicht mehr gestartet werden." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Parameters] "ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\ 33,32,5c,6d,73,67,73,76,63,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Security] "Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,48,00,03,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\ 05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\ 01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Enum] "0"="Root\\LEGACY_MESSENGER\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole] "DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\ 14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\ 00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\ 00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\ 05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\ 5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\ 5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00 "EnableDCOM"="Y" "MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\ 14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\ 00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\ 00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\ 00,00,00,00,05,20,00,00,00,20,02,00,00 "MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\ 14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\ 00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\ 05,20,00,00,00,20,02,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList] "{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1" "{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1" "{0040D221-54A1-11D1-9DE0-006097042D69}"="1" "{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST] "System.EnterpriseServices.Thunk.dll"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 "Bounds"=hex:00,30,00,00,00,20,00,00 "Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\ 63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00 "LsaPid"=dword:00000290 "SecureBoot"=dword:00000001 "auditbaseobjects"=dword:00000000 "crashonauditfail"=dword:00000000 "disabledomaincreds"=dword:00000000 "everyoneincludesanonymous"=dword:00000000 "fipsalgorithmpolicy"=dword:00000000 "forceguest"=dword:00000001 "fullprivilegeauditing"=hex:00 "limitblankpassworduse"=dword:00000001 "lmcompatibilitylevel"=dword:00000000 "nodefaultadminowner"=dword:00000001 "nolmhash"=dword:00000000 "restrictanonymous"=dword:00000000 "restrictanonymoussam"=dword:00000001 "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00 "ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders] "ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\ 50,72,6f,76,69,64,65,72,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider] "ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\ 33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data] "Pattern"=hex:aa,e1,22,8d,ac,9a,4b,95,1e,59,07,16,e9,7a,3d,4e,38,30,38,33,39,\ 38,34,61,00,00,00,00,01,00,00,00,bc,01,00,00,c0,01,00,00,34,ca,06,00,45,9d,\ b7,71,04,00,00,00,10,00,00,00,00,00,00,00,1c,7a,d7,d6 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG] "GrafBlumGroup"=hex:0e,98,c4,d9,28,a6,a7,ac,31 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD] "Lookup"=hex:86,06,17,3e,39,ab [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0] "ntlmminclientsec"=dword:00000000 "ntlmminserversec"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1] "SkewMatrix"=hex:56,59,38,e5,77,3f,51,03,81,98,29,ec,67,22,63,b8 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4] "SSOURL"="http://www.passport.com" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache] "Time"=hex:76,28,98,42,b7,03,c5,01 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll] "Name"="Digest" "Comment"="Digest SSPI Authentication Package" "Capabilities"=dword:00004050 "RpcId"=dword:0000ffff "Version"=dword:00000001 "TokenSize"=dword:0000ffff "Time"=hex:80,6c,27,a9,f8,79,c4,01 "Type"=dword:00000031 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll] "Name"="DPA" "Comment"="DPA Security Package" "Capabilities"=dword:00000037 "RpcId"=dword:00000011 "Version"=dword:00000001 "TokenSize"=dword:00000300 "Time"=hex:00,8a,53,ad,f8,79,c4,01 "Type"=dword:00000031 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll] "Name"="MSN" "Comment"="MSN Security Package" "Capabilities"=dword:00000037 "RpcId"=dword:00000012 "Version"=dword:00000001 "TokenSize"=dword:00000300 "Time"=hex:80,4d,1d,af,f8,79,c4,01 "Type"=dword:00000031 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify"=dword:00000000 "FirewallDisableNotify"=dword:00000000 "UpdatesDisableNotify"=dword:00000000 "AntiVirusOverride"=dword:00000000 "FirewallOverride"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] |
|
|
||
09.05.2006, 10:31
Ehrenmitglied
Beiträge: 29434 |
#22
1.
loesche manuell C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\wklnhst.dat 2. scanne mit Kapersky und kopiere hier den Scanreport http://virus-protect.org/onlinescan.html 3. Hoster.zip http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. 4. poste das Log vom Silentrunner http://virus-protect.org/silentrunner.html ------------- die XP-Firewall ist aktiv.... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=dword:00000001 berichte also, ob du die XP-Firewall meinst oder eine andere Desktop-Firewall __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.05.2006, 11:58
Member
Themenstarter Beiträge: 25 |
#23
Hallo Sabina,
werde die Scans heute nachmittag erledigen! Ich meine die Windows XP Firewall im Windows Sicherheitscenter steht "Firewall nicht aktiv" und in der Taskleiste wird das Symbol mit der Meldung: "Ihr Computer ist eventuell gefähred" nach dem hochfahren angezeigt?! Gehe mit einem Siemes Gigaset SE 515 DSL Router online dieser hat auch eine Firewall werde mal sehen ob sie aktiv ist. Habe diese Meldung aber erst seit gestern nach dem Counterspy Sacn. Viele Grüße Marc. |
|
|
||
09.05.2006, 14:53
Ehrenmitglied
Beiträge: 29434 |
#24
Zitat [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]eigentlich ist alles laut Log in Ordnung..... so richtig kann ich mir die Meldung nicht erklaeren, aber fuehre alles aus, was ich geschrieben hatte...dann sehen wir weiter.... -------------- Taskleiste wird das Symbol mit der Meldung: "Ihr Computer ist eventuell gefähred" ... das muessen wir mal naeher betrachten............ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.05.2006, 16:45
Member
Themenstarter Beiträge: 25 |
#25
Hallo Sabina,
hier der Bericht von Silentrunner: - die wklnhst.dat ist gelöscht -Kasperksy bekomme ich nicht zum laufen!!! ActiveX ist installiert und dann geht es nicht weiter? "Silent Runners.vbs", revision 45, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "msnmsgr" = ""C:\Programme\MSN Messenger\msnmsgr.exe" /background" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "ATIPTA" = "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS] "Dit" = "Dit.exe" [null data] "Realtime Monitor" = "C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s" ["Computer Associates International, Inc."] "CHotkey" = "mHotkey.exe" ["Chicony"] "PCMService" = ""C:\Programme\Medion Home Cinema XL II\PowerCinema\PCMService.exe"" [empty string] "PRISMSTA.EXE" = "PRISMSTA.EXE START" ["Intersil Americas Inc."] "HP Component Manager" = ""C:\Programme\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"] "HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" ["HP"] "InCD" = "C:\Programme\Ahead\InCD\InCD.exe" ["Ahead Software AG"] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."] "TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "LogitechVideoRepair" = "C:\Programme\Logitech\Video\ISStart.exe" ["Logitech Inc."] "LogitechVideoTray" = "C:\Programme\Logitech\Video\LogiTray.exe" ["Logitech Inc."] "SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."] "PinnacleDriverCheck" = "C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg" [empty string] "Microsoft Works Update Detection" = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"] "ALDI_SUED_FotoSuite_Download" = ""C:\Programme\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe" /autorun" ["MAGIX AG"] "SunServer" = "C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe" ["Sunbelt Software"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{DCED20BE-3645-11D4-BC95-00C04F0E0588}" = "InoShell" -> {HKLM...CLSID} = "InoShell" \InProcServer32\(Default) = "C:\Programme\CA\eTrust Antivirus\InoShell.dll" ["Computer Associates International, Inc."] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS] "{F5D92341-0A64-11D0-9956-0000E8096023}" = "CD Copy Shell Extension" -> {HKLM...CLSID} = "CD Copy Shell Extension" \InProcServer32\(Default) = "C:\WINDOWS\System32\Shellext\CDWshext.dll" ["Pinnacle Systems, Inc."] "{F5D92342-0A64-11D0-9956-0000E8096023}" = "CD Wizard Shell Extension" -> {HKLM...CLSID} = "CD Wizard Shell Extension" \InProcServer32\(Default) = "C:\WINDOWS\System32\Shellext\CDWshext.dll" ["Pinnacle Systems, Inc."] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshellext.dll" ["RealNetworks"] "{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW" -> {HKLM...CLSID} = "Shell Extension for CDRW" \InProcServer32\(Default) = "C:\Programme\Ahead\InCD\incdshx.dll" ["Ahead Software AG"] "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures" -> {HKLM...CLSID} = "My Logitech Pictures" \InProcServer32\(Default) = "C:\Programme\Logitech\Video\Namespc2.dll" ["Logitech Inc."] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\OLKFSTUB.DLL" [MS] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail" -> {HKLM...CLSID} = "YMailShellExt Class" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension" -> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension" \InProcServer32\(Default) = ""C:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ InoShell\(Default) = "{DCED20BE-3645-11D4-BC95-00C04F0E0588}" -> {HKLM...CLSID} = "InoShell" \InProcServer32\(Default) = "C:\Programme\CA\eTrust Antivirus\InoShell.dll" ["Computer Associates International, Inc."] TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" -> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension" \InProcServer32\(Default) = ""C:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}" -> {HKLM...CLSID} = "YMailShellExt Class" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ InoShell\(Default) = "{DCED20BE-3645-11D4-BC95-00C04F0E0588}" -> {HKLM...CLSID} = "InoShell" \InProcServer32\(Default) = "C:\Programme\CA\eTrust Antivirus\InoShell.dll" ["Computer Associates International, Inc."] TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" -> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension" \InProcServer32\(Default) = ""C:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp" Startup items in "Marc" & "All Users" startup folders: ------------------------------------------------------ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Adobe Reader Speed Launch" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Kontrollfeld für die kabellose Tastatur" -> shortcut to: "C:\WINDOWS\CNYHKey.exe" ["Chicony"] "WinZip Quick Pick" -> shortcut to: "C:\Programme\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc."] Enabled Scheduled Tasks: ------------------------ "1-Klick-Wartung" -> launches: "C:\Programme\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 27 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided) -> {HKLM...CLSID} = "Real.com" \InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKCU\Software\Microsoft\Internet Explorer\Extensions\ {84FAA847-1400-4400-BC93-D338EF03127B}\ "ButtonText" = "MedionShop" "Exec" = "http://www.medionshop.de/" [file not found] HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Recherchieren" {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\ "ButtonText" = "Real.com" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [Strings]: START_PAGE_URL=http://www.aldi.com Missing lines (compared with English-language version): [Strings]: 1 line HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ HIJACK WARNING! "TuneUp" = "file://C|/Dokumente und Einstellungen/All Users/Anwendungsdaten/TuneUp Software/Common/base.css" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ereignisprotokoll-Überwachung, LogWatch, "C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe" ["Computer Associates"] eTrust Antivirus Job Server, InoTask, ""C:\Programme\CA\eTrust Antivirus\InoTask.exe"" ["Computer Associates International, Inc."] eTrust Antivirus Realtime Server, InoRT, ""C:\Programme\CA\eTrust Antivirus\InoRT.exe"" ["Computer Associates International, Inc."] eTrust Antivirus RPC Server, InoRPC, ""C:\Programme\CA\eTrust Antivirus\InoRpc.exe"" ["Computer Associates International, Inc."] HTTP-SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]} InCD Helper, InCDsrv, "C:\Programme\Ahead\InCD\InCDsrv.exe" ["Ahead Software AG"] Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe"" [MS] MySQL, MySQL, ""C:\Programme\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file="C:\Programme\MySQL\MySQL Server 5.0\my.ini" MySQL" [null data] VMware Authorization Service, VMAuthdService, "C:\Programme\VMware\VMware Workstation\vmware-authd.exe" ["VMware, Inc."] VMware DHCP Service, VMnetDHCP, "C:\WINDOWS\system32\vmnetdhcp.exe" ["VMware, Inc."] VMware NAT Service, VMware NAT Service, "C:\WINDOWS\system32\vmnat.exe" ["VMware, Inc."] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] X10 Device Network Service, x10nets, "C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe" ["X10"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzlnt09\Driver = "hpzlnt09.dll" ["HP"] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 26 seconds, including 9 seconds for message boxes) |
|
|
||
09.05.2006, 18:14
Ehrenmitglied
Beiträge: 29434 |
#26
dr.web
http://virus-protect.org/cureit.html Poste bitte das, was drweb gefunden hat. Dazu unter Start - Ausfuehren %userprofil%\doctorweb\cureit.log eingeben und enter druecken. Den Inhalt der Dinge, die Drweb gefunden hat bitte posten. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.05.2006, 23:16
Member
Themenstarter Beiträge: 25 |
#27
Hallo Sabina,
mit dem Pfad unter start ausführen kann der rechner nichts anfangen! Fehlermeldung: Pfad nicht gefunden. Hier der sacn von dr. Web: Silent Runners.vbs;C:\Dokumente und Einstellungen\Marc\Desktop\exe Dateien;möglicherweise BATCH.Virus;; E8D7A764-AAC6-4A21-BC36-17E30C;C:\Dokumente und Einstellungen\Marc\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software\CounterSpy\Quarantine\B190855A-77EA-4;Adware.NewDotNet;; backup-20060507-133411-982.dll;C:\Dokumente und Einstellungen\Marc\Lokale Einstellungen\Temp\backups;Adware.Websearch;; un.exe;C:\FINDnFIX\Files2;Trojan.StartPage.335;Gelöscht.; emule.exe;C:\Programme\eMule.de;BackDoor.Emule.44;Gelöscht.; Dc155.exe;C:\RECYCLER\S-1-5-21-2157384091-728378468-2993898689-1009;Adware.Comet;; Dc156.exe;C:\RECYCLER\S-1-5-21-2157384091-728378468-2993898689-1009;Adware.Comet;; Dc162.exe;C:\RECYCLER\S-1-5-21-2157384091-728378468-2993898689-1009;Adware.Comet;; A0033887.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP188;Adware.Websearch;; A0033909.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP188;Adware.Websearch;; A0033926.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP189;Adware.Websearch;; A0034007.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP189;BackDoor.Emule.44;Gelöscht.; A0034028.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP189;Adware.Websearch;; A0034040.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP189;Adware.Websearch;; A0034069.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP189;Adware.Websearch;; A0034142.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP190;Adware.Websearch;; A0034174.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP190;Adware.Websearch;; A0034206.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP191;Adware.Websearch;; A0034239.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP191;Adware.Websearch;; A0034258.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP192;Adware.Websearch;; A0034321.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP193;Adware.Websearch;; A0034343.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP193;Adware.Websearch;; A0034362.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP193;Adware.Websearch;; A0034391.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP194;Adware.Websearch;; A0034434.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP194;Adware.Websearch;; A0034481.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP195;Adware.Websearch;; A0034499.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP195;Adware.Websearch;; A0034529.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP196;Adware.Websearch;; A0034563.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP197;Adware.Websearch;; A0034631.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP198;Adware.Websearch;; A0034675.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP199;Adware.Websearch;; A0034709.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP200;Adware.Websearch;; A0034786.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP201;Adware.Websearch;; A0034829.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP201;Adware.Websearch;; A0034871.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP201;Adware.Websearch;; A0034920.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP202;Adware.Websearch;; A0034951.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP203;Adware.Websearch;; A0034960.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP203;Adware.Websearch;; A0035012.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP204;Adware.Websearch;; A0035057.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP204;Adware.Websearch;; A0035114.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP205;Adware.Websearch;; A0035151.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP205;Adware.Websearch;; A0035212.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP206;Adware.Websearch;; A0035258.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP207;Adware.Websearch;; A0035291.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP207;Adware.Websearch;; A0035320.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP208;Adware.Websearch;; A0035355.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP210;Adware.Websearch;; A0035372.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP210;BackDoor.Emule.44;Gelöscht.; A0035439.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP211;Adware.Websearch;; A0035460.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP211;Adware.Websearch;; A0035499.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP212;Adware.Websearch;; A0035536.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP213;Adware.Websearch;; A0035545.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP213;Adware.Websearch;; A0035572.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP213;Adware.Websearch;; A0035612.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP214;Adware.Websearch;; A0035653.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP214;Adware.Websearch;; A0035694.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP214;Adware.Websearch;; A0035715.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP215;Adware.Websearch;; A0035753.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP215;Trojan.PWS.Alanchum;Gelöscht.; A0035770.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP215;Adware.Websearch;; A0035785.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP215;Adware.Websearch;; A0035814.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP216;Adware.Websearch;; A0035843.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP216;Adware.Websearch;; A0035861.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP216;Adware.Websearch;; A0035874.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP216;Adware.Websearch;; A0035913.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP216;Adware.Websearch;; A0035925.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP216;Adware.Websearch;; A0035939.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP216;Adware.Websearch;; A0036095.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP218;Adware.Websearch;; A0036392.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP219;Adware.Websearch;; A0036402.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP219;Adware.Websearch;; A0036597.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP222;BackDoor.Emule.44;Gelöscht.; A0036661.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP222;Adware.Websearch;; A0036764.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP224;Adware.Websearch;; A0036785.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP224;Adware.Websearch;; A0036813.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP224;Adware.Websearch;; A0037817.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP224;Adware.Websearch;; A0037845.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP224;Adware.Websearch;; A0037885.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP224;Adware.Websearch;; A0037912.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP224;Adware.Websearch;; A0037935.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP224;Adware.Websearch;; A0037982.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP225;Adware.Websearch;; A0038083.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP226;Adware.Websearch;; A0038109.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP226;Adware.Websearch;; A0038127.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP226;Adware.Websearch;; A0038160.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP227;Adware.Websearch;; A0038228.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP228;Adware.Websearch;; A0038264.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP228;Adware.Websearch;; A0038290.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP228;Adware.Websearch;; A0038327.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP228;Adware.Websearch;; A0038356.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP228;Adware.Websearch;; A0038377.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP228;Adware.Websearch;; A0038395.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP228;Adware.Websearch;; A0038444.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP229;Adware.Websearch;; A0038473.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP229;Adware.Websearch;; A0038494.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP229;Adware.Websearch;; A0038496.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP229;Trojan.PWS.Alanchum;Gelöscht.; A0038535.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP230;Trojan.Fakealert;Gelöscht.; A0038557.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP230;Adware.Websearch;; A0038573.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP230;Adware.Websearch;; A0038595.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP230;Adware.Websearch;; A0038639.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP231;BackDoor.Emule.44;Gelöscht.; A0038674.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP233;Adware.Websearch;; A0038695.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP233;Trojan.Fakealert;Gelöscht.; A0038730.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP233;Adware.Websearch;; A0038743.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP233;Adware.Websearch;; A0038789.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP234;Adware.Websearch;; A0038806.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP234;Trojan.Fakealert;Gelöscht.; A0039140.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP234;Trojan.Fakealert;Gelöscht.; A0039141.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP234;Trojan.Fakealert;Gelöscht.; A0039142.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP234;Trojan.Fakealert;Gelöscht.; A0039143.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP234;Trojan.DownLoader.9544;Gelöscht.; A0039148.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP234;Adware.Websearch;; A0039156.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP235;Adware.Websearch;; A0039195.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP235;Trojan.Fakealert;Gelöscht.; A0039537.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP235;Adware.Websearch;; A0039589.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP235;Trojan.Fakealert;Gelöscht.; A0039595.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP236;Trojan.Fakealert;Gelöscht.; A0039665.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP236;Trojan.StartPage.335;Gelöscht.; A0039687.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP236;Adware.Websearch;; A0039717.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP236;Adware.Websearch;; A0039725.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP237;Adware.Websearch;; A0039729.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP237;Trojan.Fakealert;Gelöscht.; A0039870.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP237;BackDoor.Emule.44;Gelöscht.; A0039968.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP237;Trojan.Fakealert;Gelöscht.; A0039969.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP237;Trojan.Fakealert;Gelöscht.; A0039970.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP237;Trojan.Fakealert;Gelöscht.; A0039971.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP237;Trojan.DownLoader.9544;Gelöscht.; A0039976.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP237;Adware.Websearch;; A0040060.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP237;Trojan.Fakealert;Gelöscht.; A0040076.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP237;Adware.Websearch;; A0040078.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP237;Trojan.PWS.Alanchum;Gelöscht.; A0040090.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP237;Trojan.StartPage.335;Gelöscht.; A0040159.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP237;Trojan.Fakealert;Gelöscht.; A0040170.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP237;Adware.Websearch;; A0040223.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP238;Adware.Websearch;; A0040232.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP238;Trojan.Fakealert;Gelöscht.; A0040286.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP238;Adware.Websearch;; A0040287.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP239;Adware.Websearch;; A0040323.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP239;Trojan.Fakealert;Gelöscht.; A0040374.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP239;Adware.Websearch;; A0040378.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP239;Trojan.PWS.Alanchum;Gelöscht.; A0040403.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP239;Trojan.Fakealert;Gelöscht.; A0040417.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP239;Adware.Websearch;; A0040435.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP240;Adware.Websearch;; A0040450.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP240;Trojan.Fakealert;Gelöscht.; A0040475.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP240;Adware.Websearch;; A0040479.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.Websearch;; A0040504.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Trojan.Fakealert;Gelöscht.; A0040529.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.Websearch;; A0040557.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Trojan.Fakealert;Gelöscht.; A0040748.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.Websearch;; A0040773.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Trojan.Fakealert;Gelöscht.; A0040785.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.Websearch;; A0040801.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.Websearch;; A0040841.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Trojan.Fakealert;Gelöscht.; A0040862.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.Websearch;; A0040883.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.Websearch;; A0040896.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.NewDotNet;; A0040900.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Trojan.Fakealert;Gelöscht.; A0040903.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Trojan.DownLoader.9544;Gelöscht.; A0040909.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Trojan.Fakealert;Gelöscht.; A0040910.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Trojan.Fakealert;Gelöscht.; A0040911.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Trojan.Fakealert;Gelöscht.; A0040914.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Trojan.PWS.Alanchum;Gelöscht.; A0040932.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.Websearch;Verschoben.; A0040957.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.WebHancer;; A0040958.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.WebHancer;; A0040959.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.WebHancer;; A0040963.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.WebHancer;; A0040964.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.WebHancer;; A0040968.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.WebHancer;; A0040969.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.WebHancer;; A0040978.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.Websearch;; A0040979.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.Websearch;; A0040980.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.Websearch;; A0041114.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP242;Adware.NewDotNet;; A0041115.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP242;Adware.NewDotNet;; A0041116.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP242;Adware.NewDotNet;; A0041117.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP242;Adware.NewDotNet;; A0041118.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP242;Adware.NewDotNet;; A0041125.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP242;Trojan.DownLoader.6811;Gelöscht.; A0041126.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP242;Adware.Websearch;; A0041127.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP242;BackDoor.Blastmed;Gelöscht.; A0041312.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP242;Trojan.StartPage.335;Gelöscht.; A0041313.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP242;BackDoor.Emule.44;Gelöscht.; |
|
|
||
09.05.2006, 23:53
Ehrenmitglied
Beiträge: 29434 |
#28
Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
(dann wieder aktivieren) dann scanne noch mal mit dr.web Frage...wenn der Pfad nicht korrekt war, wie hast du dann das Log von dr.web hier reinbekommen ? __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
10.05.2006, 00:01
Member
Themenstarter Beiträge: 25 |
#29
--der2. Scan von dr. web!!
Silent Runners.vbs;C:\Dokumente und Einstellungen\Marc\Desktop\exe Dateien;möglicherweise BATCH.Virus;; A0040932.exe;C:\Dokumente und Einstellungen\Marc\DoctorWeb\Quarantine;Adware.Websearch;; E8D7A764-AAC6-4A21-BC36-17E30C;C:\Dokumente und Einstellungen\Marc\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software\CounterSpy\Quarantine\B190855A-77EA-4;Adware.NewDotNet;; backup-20060507-133411-982.dll;C:\Dokumente und Einstellungen\Marc\Lokale Einstellungen\Temp\backups;Adware.Websearch;; Dc155.exe;C:\RECYCLER\S-1-5-21-2157384091-728378468-2993898689-1009;Adware.Comet;; Dc156.exe;C:\RECYCLER\S-1-5-21-2157384091-728378468-2993898689-1009;Adware.Comet;; Dc162.exe;C:\RECYCLER\S-1-5-21-2157384091-728378468-2993898689-1009;Adware.Comet;; Dieser Beitrag wurde am 10.05.2006 um 01:24 Uhr von timerider999 editiert.
|
|
|
||
10.05.2006, 00:02
Ehrenmitglied
Beiträge: 29434 |
||
|
||
LSPfix
http://www.spychecker.com/program/lspfix.html
- hake an: "I know what Im doing"--Remove
- und loesche die newdotnet7_22.dll (eventuell musst du die dll von links nach rechts bringen)
**
dann stelle alles im Counterspy auf: "remove und starte den PC neu
(denn wie man sowas zulassen kann: Status: Ignored ...geht ueber mein Begriffsvermoegen.....
**
scanne noch mal und poste den scanreport
**dann poste per Anhang (siehe unten) --> alle Logs von dieser bat-Datei
http://virus-protect.org/completbat.html
__________
MfG Sabina
rund um die PC-Sicherheit