about: blank Browser hijacker

#0
07.05.2006, 23:16
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#16 **
LSPfix
http://www.spychecker.com/program/lspfix.html
- hake an: "I know what Im doing"--Remove
- und loesche die newdotnet7_22.dll (eventuell musst du die dll von links nach rechts bringen)

**
dann stelle alles im Counterspy auf: "remove und starte den PC neu

(denn wie man sowas zulassen kann: Status: Ignored ...geht ueber mein Begriffsvermoegen..... ;)

**
scanne noch mal und poste den scanreport

**dann poste per Anhang (siehe unten) --> alle Logs von dieser bat-Datei
http://virus-protect.org/completbat.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
08.05.2006, 16:25
Member

Themenstarter

Beiträge: 25
#17 Hallo Sabina,

wo genau muss ich im Counterspy auf remove stellen??

Gruß Marc.
Seitenanfang Seitenende
08.05.2006, 16:43
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#18 ich denke mal , jeder einzelen Eintrag hat die Moeglichkeit zu:

*Ignore
*Remove --> Status: Deleted
*Quarantaine
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
08.05.2006, 20:04
Member

Themenstarter

Beiträge: 25
#19 Hallo Sabina,

Ich habe gerade gesehen das meine Firewall nicht mehr aktiv ist!!!
Kann Sie auch nicht aktivieren!!


ich habe jetzt noch ein wenig mit Counterspy rumgemacht....
Habe ihn im agbesicherten Modus einmal laufen lassen und habe dann den Bericht bekommen und konnte alles auf --Remove-- setzen.
Habe Ihn ein zweites mal im Normalmodus laufen lassen und gerade diesen Bericht erhalten:

Spyware Scan Details
Start Date: 08.05.2006 19:00:33
End Date: 08.05.2006 19:53:11
Total Time: 52 mins 38 secs

Detected spyware
No spyware were found during this scan.


Ist damit alles ok??

Gruß Marc.
Dieser Beitrag wurde am 08.05.2006 um 20:50 Uhr von timerider999 editiert.
Seitenanfang Seitenende
08.05.2006, 23:58
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
Seitenanfang Seitenende
09.05.2006, 07:52
Member

Themenstarter

Beiträge: 25
#21 Guten morgen,

1. Winfind:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 29.08.2002 14:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc
PECompact2 06.04.2006 21:48:38 5143456 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 06.04.2006 21:48:38 5143456 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 04.08.2004 09:57:08 733696 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 04.08.2004 09:57:32 686592 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 29.08.2002 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 04.08.2004 07:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
09.05.2006 07:25:08 S 2048 C:\WINDOWS\bootstat.dat
27.03.2006 15:37:08 HS 8192 C:\WINDOWS\Thumbs.db
23.03.2006 01:17:22 S 14054 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB908531.cat
23.03.2006 08:15:46 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911562.cat
13.03.2006 17:08:34 S 7898 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911565.cat
17.03.2006 11:24:30 S 12455 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911567.cat
30.03.2006 12:03:42 S 22339 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912812.cat
09.05.2006 07:31:08 H 1024 C:\WINDOWS\system32\config\default.LOG
09.05.2006 07:25:48 H 1024 C:\WINDOWS\system32\config\SAM.LOG
09.05.2006 07:26:10 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
09.05.2006 07:43:26 H 1024 C:\WINDOWS\system32\config\software.LOG
09.05.2006 07:29:52 H 1024 C:\WINDOWS\system32\config\system.LOG
16.04.2006 21:46:18 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
21.04.2006 15:15:30 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\f36bdea2-adf2-4231-a33f-3de810a30d6c
21.04.2006 15:15:30 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
09.05.2006 07:25:10 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 04.08.2004 09:58:22 70656 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 04.08.2004 09:58:22 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 04.08.2004 09:58:22 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Logitech Inc. 29.08.2003 15:19:16 151552 C:\WINDOWS\SYSTEM32\CamCpl.cpl
Microsoft Corporation 04.08.2004 09:58:22 138240 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 04.08.2004 09:58:22 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 04.08.2004 09:58:22 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 04.08.2004 09:58:22 359424 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 04.08.2004 09:58:22 133120 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 04.08.2004 09:58:22 381440 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 04.08.2004 09:58:22 69632 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 10.11.2005 13:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 29.08.2002 14:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 04.08.2004 09:58:22 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 29.08.2002 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 04.08.2004 09:58:22 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 04.08.2004 09:58:22 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 04.08.2004 09:58:22 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 04.08.2004 09:58:22 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl
Intersil Americas Inc. 04.08.2003 17:51:48 313418 C:\WINDOWS\SYSTEM32\PRISMCFG.cpl
SiSoftware 29.01.2005 19:07:40 53248 C:\WINDOWS\SYSTEM32\SanCpl.cpl
Microsoft Corporation 04.08.2004 09:58:22 303104 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 29.08.2002 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 04.08.2004 09:58:22 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 04.08.2004 09:58:22 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 29.08.2002 14:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 29.08.2002 14:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 29.08.2002 14:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
18.10.2005 19:21:46 1741 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
10.02.2006 20:34:30 1741 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk
20.09.2003 16:50:10 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
20.09.2003 18:01:50 528 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Kontrollfeld für die kabellose Tastatur.lnk
22.09.2005 20:14:18 1502 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinZip Quick Pick.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
20.09.2003 17:45:28 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
20.09.2003 16:50:10 HS 84 C:\Dokumente und Einstellungen\Marc\Startmenü\Programme\Autostart\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
15.04.2005 13:29:04 1210 C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\AdobeDLM.log
20.09.2003 17:45:28 HS 62 C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\desktop.ini
15.04.2005 13:29:02 0 C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\dm.ini
04.03.2006 13:55:30 6896 C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\wklnhst.dat

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\InoShell
{DCED20BE-3645-11D4-BC95-00C04F0E0588} = C:\Programme\CA\eTrust Antivirus\InoShell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TuneUp Shredder
{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\InoShell
{DCED20BE-3645-11D4-BC95-00C04F0E0588} = C:\Programme\CA\eTrust Antivirus\InoShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TuneUp Shredder
{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
=

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Konsole : C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Recherchieren :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Programme\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer-Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ATIPTA C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
Cmaudio RunDll32 cmicnfg.cpl,CMICtrlWnd
Dit Dit.exe
Realtime Monitor C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
CHotkey mHotkey.exe
PCMService "C:\Programme\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
PRISMSTA.EXE PRISMSTA.EXE START
HP Component Manager "C:\Programme\HP\hpcoretech\hpcmpmgr.exe"
HPDJ Taskbar Utility C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
InCD C:\Programme\Ahead\InCD\InCD.exe
NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
Logitech Utility Logi_MwX.Exe
TkBellExe "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
LogitechVideoRepair C:\Programme\Logitech\Video\ISStart.exe
LogitechVideoTray C:\Programme\Logitech\Video\LogiTray.exe
SunJavaUpdateSched C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
PinnacleDriverCheck C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
Microsoft Works Update Detection C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
ALDI_SUED_FotoSuite_Download "C:\Programme\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe" /autorun
SunServer C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE C:\WINDOWS\system32\ctfmon.exe
msnmsgr "C:\Programme\MSN Messenger\msnmsgr.exe" /background

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 09.05.2006 07:46:41


2.findStuff:
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
doesn't exist HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System
doesn't exist HKEY_LOCAL_MACHINE\SSYSTEM\CurrentControlSet\Services\windowsnetwork
doesn't exist HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa
doesn't exist HKEY_CURRENT_USER\Software\Microsoft\OLE
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
doesn't exist HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System
doesn't exist HKEY_LOCAL_MACHINE\SSYSTEM\CurrentControlSet\Services\windowsnetwork
doesn't exist HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa
doesn't exist HKEY_CURRENT_USER\Software\Microsoft\OLE
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
-----------------------
-----------------------
REGEDIT4
-----------------------
-----------------------

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Windows-Firewall/Gemeinsame Nutzung der Internetverbindung"
"DependOnService"=hex(7):4e,65,74,6d,61,6e,00,57,69,6e,4d,67,6d,74,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Bietet allen Computern in Privat- und Kleinunternehmensnetzwerken Dienste für die Netzwerkadressübersetzung, Adressierung, Namensauflösung und Eindringsschutz."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch]
"Epoch"=dword:000014d0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,69,70,6e,61,74,68,6c,70,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\sandra.exe"="C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\sandra.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcSandraSrv.exe"="C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcDataSrv.exe"="C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Programme\\onlineTV 2\\onlineTV.exe"="C:\\Programme\\onlineTV 2\\onlineTV.exe:*:Enabled:onlineTV"
"C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000
"DisableNotifications"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Yahoo!\\Messenger\\YPager.exe"="C:\\Programme\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Programme\\Yahoo!\\Messenger\\YServer.exe"="C:\\Programme\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*;)isabled:backWeb-8876480"
"C:\\Programme\\eMule.de\\emule.exe"="C:\\Programme\\eMule.de\\emule.exe:*:Enabled:eMule"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Programme\\eDonkey2000\\edonkey2000.exe"="C:\\Programme\\eDonkey2000\\edonkey2000.exe:*:Enabled:edonkey2000"
"C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\sandra.exe"="C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\sandra.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcSandraSrv.exe"="C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcDataSrv.exe"="C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\WINDOWS\\system32\\mshta.exe"="C:\\WINDOWS\\system32\\mshta.exe:*;)isabled:Microsoft (R) HTML Application host"
"C:\\Programme\\onlineTV 2\\onlineTV.exe"="C:\\Programme\\onlineTV 2\\onlineTV.exe:*:Enabled:onlineTV"
"C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Programme\\Real\\RealPlayer\\realplay.exe"="C:\\Programme\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealOne Player"
"C:\\Programme\\iRaTe2\\irate2.exe"="C:\\Programme\\iRaTe2\\irate2.exe:*:Enabled:iRaTe v2"
"C:\\Programme\\Coolspot\\xcMessenger\\xcMessenger.exe"="C:\\Programme\\Coolspot\\xcMessenger\\xcMessenger.exe:*:Enabled:X-Check Messenger"
"C:\\Programme\\Internet Explorer\\iexplore.exe"="C:\\Programme\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet;)isabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet;)isabled:@xpsp2res.dll,-22008"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"{144A76EC-6DAC-479E-84D3-8017F772DE64}"=dword:00000001
"{E335DD02-5EAD-4B31-8319-CD8936402BBC}"=dword:00000001
"{61DDA531-5177-4294-A090-1C682006E411}"=dword:00000001
"{9EDCB3C2-75F7-4862-BE7D-77BE6C4A7D85}"=dword:00000001
"{92BD157E-6197-409A-A434-6F72E98FA9E4}"=dword:00000001
"{A5BAA657-2741-4220-8908-41687A63BAF9}"=dword:00000001
"{175C1178-1FFE-4D5F-B7DD-6BA0BF6B6269}"=dword:00000001
"{5181B182-0368-4496-AAE0-C90D4B56965F}"=dword:00000001
"{6E69B7B1-220F-4D26-8BD8-624A9E445D7B}"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum]
"0"="Root\\LEGACY_SHAREDACCESS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Sicherheitscenter"
"DependOnService"=hex(7):52,70,63,53,73,00,77,69,6e,6d,67,6d,74,00,00
"ObjectName"="LocalSystem"
"Description"="Überwacht Systemsicherheitseinstellungen und -konfigurationen."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters]
"ServiceDll"=hex(2):25,53,59,53,54,45,4d,52,4f,4f,54,25,5c,73,79,73,74,65,6d,\
33,32,5c,77,73,63,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Enum]
"0"="Root\\LEGACY_WSCSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
"autodisconnect"=dword:0000000f
"enableforcedlogoff"=dword:00000001
"enablesecuritysignature"=dword:00000000
"requiresecuritysignature"=dword:00000000
"NullSessionPipes"=hex(7):43,4f,4d,4e,41,50,00,43,4f,4d,4e,4f,44,45,00,53,51,\
4c,5c,51,55,45,52,59,00,53,50,4f,4f,4c,53,53,00,4c,4c,53,52,50,43,00,62,72,\
6f,77,73,65,72,00,00
"NullSessionShares"=hex(7):43,4f,4d,43,46,47,00,44,46,53,24,00,00
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,73,72,76,73,76,63,2e,64,6c,6c,00
"Lmannounce"=dword:00000000
"Size"=dword:00000001
"Guid"=hex:02,60,e4,ac,51,b0,6d,49,b2,80,b4,9d,68,89,4d,c0
"AdjustedNullSessionPipes"=dword:00000001


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters]
"enableplaintextpassword"=dword:00000000
"enablesecuritysignature"=dword:00000001
"requiresecuritysignature"=dword:00000000
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,77,6b,73,73,76,63,2e,64,6c,6c,00
"OtherDomains"=hex(7):00


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]
"Type"=dword:00000020
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Nachrichtendienst"
"DependOnService"=hex(7):4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,\
4e,65,74,42,49,4f,53,00,50,6c,75,67,50,6c,61,79,00,52,70,63,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Überträgt NET SEND- und Warndienstnachrichten zwischen Clients und Servern. Dieser Dienst ist nicht mit Windows Messenger verwandt. Der Warndienst überträgt keine Nachrichten, falls dieser Dienst beendet wird. Falls dieser Dienst deaktiviert wird, können die Dienste, die von diesem Dienst ausschließlich abhängig sind, nicht mehr gestartet werden."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,6d,73,67,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,48,00,03,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Enum]
"0"="Root\\LEGACY_MESSENGER\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\
63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00
"LsaPid"=dword:00000290
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
"ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\
50,72,6f,76,69,64,65,72,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
"Pattern"=hex:aa,e1,22,8d,ac,9a,4b,95,1e,59,07,16,e9,7a,3d,4e,38,30,38,33,39,\
38,34,61,00,00,00,00,01,00,00,00,bc,01,00,00,c0,01,00,00,34,ca,06,00,45,9d,\
b7,71,04,00,00,00,10,00,00,00,00,00,00,00,1c,7a,d7,d6

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
"GrafBlumGroup"=hex:0e,98,c4,d9,28,a6,a7,ac,31

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
"Lookup"=hex:86,06,17,3e,39,ab

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0]
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
"SkewMatrix"=hex:56,59,38,e5,77,3f,51,03,81,98,29,ec,67,22,63,b8

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
"Time"=hex:76,28,98,42,b7,03,c5,01

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:80,6c,27,a9,f8,79,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,8a,53,ad,f8,79,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:80,4d,1d,af,f8,79,c4,01
"Type"=dword:00000031


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Windows-Firewall/Gemeinsame Nutzung der Internetverbindung"
"DependOnService"=hex(7):4e,65,74,6d,61,6e,00,57,69,6e,4d,67,6d,74,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Bietet allen Computern in Privat- und Kleinunternehmensnetzwerken Dienste für die Netzwerkadressübersetzung, Adressierung, Namensauflösung und Eindringsschutz."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch]
"Epoch"=dword:000014d0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,69,70,6e,61,74,68,6c,70,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\sandra.exe"="C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\sandra.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcSandraSrv.exe"="C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcDataSrv.exe"="C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Programme\\onlineTV 2\\onlineTV.exe"="C:\\Programme\\onlineTV 2\\onlineTV.exe:*:Enabled:onlineTV"
"C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000
"DisableNotifications"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Yahoo!\\Messenger\\YPager.exe"="C:\\Programme\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Programme\\Yahoo!\\Messenger\\YServer.exe"="C:\\Programme\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*;)isabled:backWeb-8876480"
"C:\\Programme\\eMule.de\\emule.exe"="C:\\Programme\\eMule.de\\emule.exe:*:Enabled:eMule"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Programme\\eDonkey2000\\edonkey2000.exe"="C:\\Programme\\eDonkey2000\\edonkey2000.exe:*:Enabled:edonkey2000"
"C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\sandra.exe"="C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\sandra.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcSandraSrv.exe"="C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcDataSrv.exe"="C:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2005.SR1\\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\WINDOWS\\system32\\mshta.exe"="C:\\WINDOWS\\system32\\mshta.exe:*;)isabled:Microsoft (R) HTML Application host"
"C:\\Programme\\onlineTV 2\\onlineTV.exe"="C:\\Programme\\onlineTV 2\\onlineTV.exe:*:Enabled:onlineTV"
"C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Programme\\Real\\RealPlayer\\realplay.exe"="C:\\Programme\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealOne Player"
"C:\\Programme\\iRaTe2\\irate2.exe"="C:\\Programme\\iRaTe2\\irate2.exe:*:Enabled:iRaTe v2"
"C:\\Programme\\Coolspot\\xcMessenger\\xcMessenger.exe"="C:\\Programme\\Coolspot\\xcMessenger\\xcMessenger.exe:*:Enabled:X-Check Messenger"
"C:\\Programme\\Internet Explorer\\iexplore.exe"="C:\\Programme\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet;)isabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet;)isabled:@xpsp2res.dll,-22008"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"{144A76EC-6DAC-479E-84D3-8017F772DE64}"=dword:00000001
"{E335DD02-5EAD-4B31-8319-CD8936402BBC}"=dword:00000001
"{61DDA531-5177-4294-A090-1C682006E411}"=dword:00000001
"{9EDCB3C2-75F7-4862-BE7D-77BE6C4A7D85}"=dword:00000001
"{92BD157E-6197-409A-A434-6F72E98FA9E4}"=dword:00000001
"{A5BAA657-2741-4220-8908-41687A63BAF9}"=dword:00000001
"{175C1178-1FFE-4D5F-B7DD-6BA0BF6B6269}"=dword:00000001
"{5181B182-0368-4496-AAE0-C90D4B56965F}"=dword:00000001
"{6E69B7B1-220F-4D26-8BD8-624A9E445D7B}"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum]
"0"="Root\\LEGACY_SHAREDACCESS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Sicherheitscenter"
"DependOnService"=hex(7):52,70,63,53,73,00,77,69,6e,6d,67,6d,74,00,00
"ObjectName"="LocalSystem"
"Description"="Überwacht Systemsicherheitseinstellungen und -konfigurationen."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters]
"ServiceDll"=hex(2):25,53,59,53,54,45,4d,52,4f,4f,54,25,5c,73,79,73,74,65,6d,\
33,32,5c,77,73,63,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Enum]
"0"="Root\\LEGACY_WSCSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
"autodisconnect"=dword:0000000f
"enableforcedlogoff"=dword:00000001
"enablesecuritysignature"=dword:00000000
"requiresecuritysignature"=dword:00000000
"NullSessionPipes"=hex(7):43,4f,4d,4e,41,50,00,43,4f,4d,4e,4f,44,45,00,53,51,\
4c,5c,51,55,45,52,59,00,53,50,4f,4f,4c,53,53,00,4c,4c,53,52,50,43,00,62,72,\
6f,77,73,65,72,00,00
"NullSessionShares"=hex(7):43,4f,4d,43,46,47,00,44,46,53,24,00,00
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,73,72,76,73,76,63,2e,64,6c,6c,00
"Lmannounce"=dword:00000000
"Size"=dword:00000001
"Guid"=hex:02,60,e4,ac,51,b0,6d,49,b2,80,b4,9d,68,89,4d,c0
"AdjustedNullSessionPipes"=dword:00000001


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters]
"enableplaintextpassword"=dword:00000000
"enablesecuritysignature"=dword:00000001
"requiresecuritysignature"=dword:00000000
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,77,6b,73,73,76,63,2e,64,6c,6c,00
"OtherDomains"=hex(7):00


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]
"Type"=dword:00000020
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Nachrichtendienst"
"DependOnService"=hex(7):4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,\
4e,65,74,42,49,4f,53,00,50,6c,75,67,50,6c,61,79,00,52,70,63,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Überträgt NET SEND- und Warndienstnachrichten zwischen Clients und Servern. Dieser Dienst ist nicht mit Windows Messenger verwandt. Der Warndienst überträgt keine Nachrichten, falls dieser Dienst beendet wird. Falls dieser Dienst deaktiviert wird, können die Dienste, die von diesem Dienst ausschließlich abhängig sind, nicht mehr gestartet werden."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,6d,73,67,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Security]
"Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,48,00,03,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\
01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Enum]
"0"="Root\\LEGACY_MESSENGER\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\
63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00
"LsaPid"=dword:00000290
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
"ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\
50,72,6f,76,69,64,65,72,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
"Pattern"=hex:aa,e1,22,8d,ac,9a,4b,95,1e,59,07,16,e9,7a,3d,4e,38,30,38,33,39,\
38,34,61,00,00,00,00,01,00,00,00,bc,01,00,00,c0,01,00,00,34,ca,06,00,45,9d,\
b7,71,04,00,00,00,10,00,00,00,00,00,00,00,1c,7a,d7,d6

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
"GrafBlumGroup"=hex:0e,98,c4,d9,28,a6,a7,ac,31

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
"Lookup"=hex:86,06,17,3e,39,ab

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0]
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
"SkewMatrix"=hex:56,59,38,e5,77,3f,51,03,81,98,29,ec,67,22,63,b8

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
"Time"=hex:76,28,98,42,b7,03,c5,01

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:80,6c,27,a9,f8,79,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,8a,53,ad,f8,79,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:80,4d,1d,af,f8,79,c4,01
"Type"=dword:00000031


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]


Seitenanfang Seitenende
09.05.2006, 10:31
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#22 1.
loesche manuell
C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\wklnhst.dat

2.
scanne mit Kapersky und kopiere hier den Scanreport
http://virus-protect.org/onlinescan.html

3.
Hoster.zip
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.

4.
poste das Log vom Silentrunner
http://virus-protect.org/silentrunner.html

-------------

die XP-Firewall ist aktiv....

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001

berichte also, ob du die XP-Firewall meinst oder eine andere Desktop-Firewall
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
09.05.2006, 11:58
Member

Themenstarter

Beiträge: 25
#23 Hallo Sabina,

werde die Scans heute nachmittag erledigen!

Ich meine die Windows XP Firewall im Windows Sicherheitscenter
steht "Firewall nicht aktiv" und in der Taskleiste wird das Symbol mit der Meldung:
"Ihr Computer ist eventuell gefähred"
nach dem hochfahren angezeigt?!

Gehe mit einem Siemes Gigaset SE 515 DSL Router online
dieser hat auch eine Firewall werde mal sehen ob sie aktiv ist.

Habe diese Meldung aber erst seit gestern nach dem Counterspy Sacn.

Viele Grüße Marc.
Seitenanfang Seitenende
09.05.2006, 14:53
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#24

Zitat

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
eigentlich ist alles laut Log in Ordnung.....
so richtig kann ich mir die Meldung nicht erklaeren, aber fuehre alles aus, was ich geschrieben hatte...dann sehen wir weiter....

--------------

Taskleiste wird das Symbol mit der Meldung:
"Ihr Computer ist eventuell gefähred" ...


das muessen wir mal naeher betrachten............
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
09.05.2006, 16:45
Member

Themenstarter

Beiträge: 25
#25 Hallo Sabina,

hier der Bericht von Silentrunner:
- die wklnhst.dat ist gelöscht
-Kasperksy bekomme ich nicht zum laufen!!!
ActiveX ist installiert und dann geht es nicht weiter?

"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"msnmsgr" = ""C:\Programme\MSN Messenger\msnmsgr.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATIPTA" = "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"Dit" = "Dit.exe" [null data]
"Realtime Monitor" = "C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s" ["Computer Associates International, Inc."]
"CHotkey" = "mHotkey.exe" ["Chicony"]
"PCMService" = ""C:\Programme\Medion Home Cinema XL II\PowerCinema\PCMService.exe"" [empty string]
"PRISMSTA.EXE" = "PRISMSTA.EXE START" ["Intersil Americas Inc."]
"HP Component Manager" = ""C:\Programme\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]
"HPDJ Taskbar Utility" = "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" ["HP"]
"InCD" = "C:\Programme\Ahead\InCD\InCD.exe" ["Ahead Software AG"]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]
"TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"LogitechVideoRepair" = "C:\Programme\Logitech\Video\ISStart.exe" ["Logitech Inc."]
"LogitechVideoTray" = "C:\Programme\Logitech\Video\LogiTray.exe" ["Logitech Inc."]
"SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"PinnacleDriverCheck" = "C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg" [empty string]
"Microsoft Works Update Detection" = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe" ["Microsoft® Corporation"]
"ALDI_SUED_FotoSuite_Download" = ""C:\Programme\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe" /autorun" ["MAGIX AG"]
"SunServer" = "C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe" ["Sunbelt Software"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{DCED20BE-3645-11D4-BC95-00C04F0E0588}" = "InoShell"
-> {HKLM...CLSID} = "InoShell"
\InProcServer32\(Default) = "C:\Programme\CA\eTrust Antivirus\InoShell.dll" ["Computer Associates International, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{F5D92341-0A64-11D0-9956-0000E8096023}" = "CD Copy Shell Extension"
-> {HKLM...CLSID} = "CD Copy Shell Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Shellext\CDWshext.dll" ["Pinnacle Systems, Inc."]
"{F5D92342-0A64-11D0-9956-0000E8096023}" = "CD Wizard Shell Extension"
-> {HKLM...CLSID} = "CD Wizard Shell Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Shellext\CDWshext.dll" ["Pinnacle Systems, Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshellext.dll" ["RealNetworks"]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
-> {HKLM...CLSID} = "Shell Extension for CDRW"
\InProcServer32\(Default) = "C:\Programme\Ahead\InCD\incdshx.dll" ["Ahead Software AG"]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
-> {HKLM...CLSID} = "My Logitech Pictures"
\InProcServer32\(Default) = "C:\Programme\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\OLKFSTUB.DLL" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""C:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
InoShell\(Default) = "{DCED20BE-3645-11D4-BC95-00C04F0E0588}"
-> {HKLM...CLSID} = "InoShell"
\InProcServer32\(Default) = "C:\Programme\CA\eTrust Antivirus\InoShell.dll" ["Computer Associates International, Inc."]
TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""C:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
InoShell\(Default) = "{DCED20BE-3645-11D4-BC95-00C04F0E0588}"
-> {HKLM...CLSID} = "InoShell"
\InProcServer32\(Default) = "C:\Programme\CA\eTrust Antivirus\InoShell.dll" ["Computer Associates International, Inc."]
TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""C:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\Marc\Anwendungsdaten\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp"


Startup items in "Marc" & "All Users" startup folders:
------------------------------------------------------

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Adobe Reader Speed Launch" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Kontrollfeld für die kabellose Tastatur" -> shortcut to: "C:\WINDOWS\CNYHKey.exe" ["Chicony"]
"WinZip Quick Pick" -> shortcut to: "C:\Programme\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc."]


Enabled Scheduled Tasks:
------------------------

"1-Klick-Wartung" -> launches: "C:\Programme\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 27
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Real.com"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKCU\Software\Microsoft\Internet Explorer\Extensions\
{84FAA847-1400-4400-BC93-D338EF03127B}\
"ButtonText" = "MedionShop"
"Exec" = "http://www.medionshop.de/" [file not found]

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherchieren"

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.aldi.com

Missing lines (compared with English-language version):
[Strings]: 1 line

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
HIJACK WARNING! "TuneUp" = "file://C|/Dokumente und Einstellungen/All Users/Anwendungsdaten/TuneUp Software/Common/base.css" [file not found]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ereignisprotokoll-Überwachung, LogWatch, "C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe" ["Computer Associates"]
eTrust Antivirus Job Server, InoTask, ""C:\Programme\CA\eTrust Antivirus\InoTask.exe"" ["Computer Associates International, Inc."]
eTrust Antivirus Realtime Server, InoRT, ""C:\Programme\CA\eTrust Antivirus\InoRT.exe"" ["Computer Associates International, Inc."]
eTrust Antivirus RPC Server, InoRPC, ""C:\Programme\CA\eTrust Antivirus\InoRpc.exe"" ["Computer Associates International, Inc."]
HTTP-SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
InCD Helper, InCDsrv, "C:\Programme\Ahead\InCD\InCDsrv.exe" ["Ahead Software AG"]
Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
MySQL, MySQL, ""C:\Programme\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file="C:\Programme\MySQL\MySQL Server 5.0\my.ini" MySQL" [null data]
VMware Authorization Service, VMAuthdService, "C:\Programme\VMware\VMware Workstation\vmware-authd.exe" ["VMware, Inc."]
VMware DHCP Service, VMnetDHCP, "C:\WINDOWS\system32\vmnetdhcp.exe" ["VMware, Inc."]
VMware NAT Service, VMware NAT Service, "C:\WINDOWS\system32\vmnat.exe" ["VMware, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
X10 Device Network Service, x10nets, "C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe" ["X10"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
hpzlnt09\Driver = "hpzlnt09.dll" ["HP"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 26 seconds, including 9 seconds for message boxes)
Seitenanfang Seitenende
09.05.2006, 18:14
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#26 dr.web
http://virus-protect.org/cureit.html

Poste bitte das, was drweb gefunden hat. Dazu unter Start - Ausfuehren

%userprofil%\doctorweb\cureit.log

eingeben und enter druecken. Den Inhalt der Dinge, die Drweb gefunden hat bitte posten.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
09.05.2006, 23:16
Member

Themenstarter

Beiträge: 25
#27 Hallo Sabina,

mit dem Pfad unter start ausführen kann der rechner nichts anfangen!
Fehlermeldung: Pfad nicht gefunden.

Hier der sacn von dr. Web:

Silent Runners.vbs;C:\Dokumente und Einstellungen\Marc\Desktop\exe Dateien;möglicherweise BATCH.Virus;;
E8D7A764-AAC6-4A21-BC36-17E30C;C:\Dokumente und Einstellungen\Marc\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software\CounterSpy\Quarantine\B190855A-77EA-4;Adware.NewDotNet;;
backup-20060507-133411-982.dll;C:\Dokumente und Einstellungen\Marc\Lokale Einstellungen\Temp\backups;Adware.Websearch;;
un.exe;C:\FINDnFIX\Files2;Trojan.StartPage.335;Gelöscht.;
emule.exe;C:\Programme\eMule.de;BackDoor.Emule.44;Gelöscht.;
Dc155.exe;C:\RECYCLER\S-1-5-21-2157384091-728378468-2993898689-1009;Adware.Comet;;
Dc156.exe;C:\RECYCLER\S-1-5-21-2157384091-728378468-2993898689-1009;Adware.Comet;;
Dc162.exe;C:\RECYCLER\S-1-5-21-2157384091-728378468-2993898689-1009;Adware.Comet;;
A0033887.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP188;Adware.Websearch;;
A0033909.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP188;Adware.Websearch;;
A0033926.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP189;Adware.Websearch;;
A0034007.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP189;BackDoor.Emule.44;Gelöscht.;
A0034028.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP189;Adware.Websearch;;
A0034040.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP189;Adware.Websearch;;
A0034069.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP189;Adware.Websearch;;
A0034142.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP190;Adware.Websearch;;
A0034174.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP190;Adware.Websearch;;
A0034206.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP191;Adware.Websearch;;
A0034239.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP191;Adware.Websearch;;
A0034258.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP192;Adware.Websearch;;
A0034321.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP193;Adware.Websearch;;
A0034343.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP193;Adware.Websearch;;
A0034362.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP193;Adware.Websearch;;
A0034391.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP194;Adware.Websearch;;
A0034434.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP194;Adware.Websearch;;
A0034481.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP195;Adware.Websearch;;
A0034499.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP195;Adware.Websearch;;
A0034529.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP196;Adware.Websearch;;
A0034563.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP197;Adware.Websearch;;
A0034631.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP198;Adware.Websearch;;
A0034675.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP199;Adware.Websearch;;
A0034709.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP200;Adware.Websearch;;
A0034786.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP201;Adware.Websearch;;
A0034829.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP201;Adware.Websearch;;
A0034871.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP201;Adware.Websearch;;
A0034920.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP202;Adware.Websearch;;
A0034951.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP203;Adware.Websearch;;
A0034960.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP203;Adware.Websearch;;
A0035012.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP204;Adware.Websearch;;
A0035057.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP204;Adware.Websearch;;
A0035114.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP205;Adware.Websearch;;
A0035151.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP205;Adware.Websearch;;
A0035212.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP206;Adware.Websearch;;
A0035258.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP207;Adware.Websearch;;
A0035291.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP207;Adware.Websearch;;
A0035320.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP208;Adware.Websearch;;
A0035355.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP210;Adware.Websearch;;
A0035372.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP210;BackDoor.Emule.44;Gelöscht.;
A0035439.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP211;Adware.Websearch;;
A0035460.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP211;Adware.Websearch;;
A0035499.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP212;Adware.Websearch;;
A0035536.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP213;Adware.Websearch;;
A0035545.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP213;Adware.Websearch;;
A0035572.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP213;Adware.Websearch;;
A0035612.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP214;Adware.Websearch;;
A0035653.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP214;Adware.Websearch;;
A0035694.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP214;Adware.Websearch;;
A0035715.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP215;Adware.Websearch;;
A0035753.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP215;Trojan.PWS.Alanchum;Gelöscht.;
A0035770.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP215;Adware.Websearch;;
A0035785.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP215;Adware.Websearch;;
A0035814.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP216;Adware.Websearch;;
A0035843.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP216;Adware.Websearch;;
A0035861.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP216;Adware.Websearch;;
A0035874.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP216;Adware.Websearch;;
A0035913.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP216;Adware.Websearch;;
A0035925.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP216;Adware.Websearch;;
A0035939.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP216;Adware.Websearch;;
A0036095.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP218;Adware.Websearch;;
A0036392.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP219;Adware.Websearch;;
A0036402.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP219;Adware.Websearch;;
A0036597.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP222;BackDoor.Emule.44;Gelöscht.;
A0036661.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP222;Adware.Websearch;;
A0036764.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP224;Adware.Websearch;;
A0036785.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP224;Adware.Websearch;;
A0036813.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP224;Adware.Websearch;;
A0037817.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP224;Adware.Websearch;;
A0037845.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP224;Adware.Websearch;;
A0037885.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP224;Adware.Websearch;;
A0037912.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP224;Adware.Websearch;;
A0037935.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP224;Adware.Websearch;;
A0037982.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP225;Adware.Websearch;;
A0038083.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP226;Adware.Websearch;;
A0038109.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP226;Adware.Websearch;;
A0038127.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP226;Adware.Websearch;;
A0038160.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP227;Adware.Websearch;;
A0038228.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP228;Adware.Websearch;;
A0038264.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP228;Adware.Websearch;;
A0038290.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP228;Adware.Websearch;;
A0038327.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP228;Adware.Websearch;;
A0038356.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP228;Adware.Websearch;;
A0038377.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP228;Adware.Websearch;;
A0038395.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP228;Adware.Websearch;;
A0038444.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP229;Adware.Websearch;;
A0038473.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP229;Adware.Websearch;;
A0038494.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP229;Adware.Websearch;;
A0038496.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP229;Trojan.PWS.Alanchum;Gelöscht.;
A0038535.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP230;Trojan.Fakealert;Gelöscht.;
A0038557.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP230;Adware.Websearch;;
A0038573.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP230;Adware.Websearch;;
A0038595.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP230;Adware.Websearch;;
A0038639.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP231;BackDoor.Emule.44;Gelöscht.;
A0038674.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP233;Adware.Websearch;;
A0038695.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP233;Trojan.Fakealert;Gelöscht.;
A0038730.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP233;Adware.Websearch;;
A0038743.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP233;Adware.Websearch;;
A0038789.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP234;Adware.Websearch;;
A0038806.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP234;Trojan.Fakealert;Gelöscht.;
A0039140.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP234;Trojan.Fakealert;Gelöscht.;
A0039141.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP234;Trojan.Fakealert;Gelöscht.;
A0039142.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP234;Trojan.Fakealert;Gelöscht.;
A0039143.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP234;Trojan.DownLoader.9544;Gelöscht.;
A0039148.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP234;Adware.Websearch;;
A0039156.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP235;Adware.Websearch;;
A0039195.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP235;Trojan.Fakealert;Gelöscht.;
A0039537.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP235;Adware.Websearch;;
A0039589.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP235;Trojan.Fakealert;Gelöscht.;
A0039595.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP236;Trojan.Fakealert;Gelöscht.;
A0039665.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP236;Trojan.StartPage.335;Gelöscht.;
A0039687.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP236;Adware.Websearch;;
A0039717.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP236;Adware.Websearch;;
A0039725.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP237;Adware.Websearch;;
A0039729.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP237;Trojan.Fakealert;Gelöscht.;
A0039870.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP237;BackDoor.Emule.44;Gelöscht.;
A0039968.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP237;Trojan.Fakealert;Gelöscht.;
A0039969.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP237;Trojan.Fakealert;Gelöscht.;
A0039970.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP237;Trojan.Fakealert;Gelöscht.;
A0039971.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP237;Trojan.DownLoader.9544;Gelöscht.;
A0039976.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP237;Adware.Websearch;;
A0040060.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP237;Trojan.Fakealert;Gelöscht.;
A0040076.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP237;Adware.Websearch;;
A0040078.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP237;Trojan.PWS.Alanchum;Gelöscht.;
A0040090.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP237;Trojan.StartPage.335;Gelöscht.;
A0040159.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP237;Trojan.Fakealert;Gelöscht.;
A0040170.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP237;Adware.Websearch;;
A0040223.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP238;Adware.Websearch;;
A0040232.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP238;Trojan.Fakealert;Gelöscht.;
A0040286.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP238;Adware.Websearch;;
A0040287.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP239;Adware.Websearch;;
A0040323.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP239;Trojan.Fakealert;Gelöscht.;
A0040374.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP239;Adware.Websearch;;
A0040378.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP239;Trojan.PWS.Alanchum;Gelöscht.;
A0040403.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP239;Trojan.Fakealert;Gelöscht.;
A0040417.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP239;Adware.Websearch;;
A0040435.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP240;Adware.Websearch;;
A0040450.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP240;Trojan.Fakealert;Gelöscht.;
A0040475.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP240;Adware.Websearch;;
A0040479.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.Websearch;;
A0040504.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Trojan.Fakealert;Gelöscht.;
A0040529.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.Websearch;;
A0040557.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Trojan.Fakealert;Gelöscht.;
A0040748.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.Websearch;;
A0040773.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Trojan.Fakealert;Gelöscht.;
A0040785.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.Websearch;;
A0040801.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.Websearch;;
A0040841.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Trojan.Fakealert;Gelöscht.;
A0040862.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.Websearch;;
A0040883.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.Websearch;;
A0040896.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.NewDotNet;;
A0040900.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Trojan.Fakealert;Gelöscht.;
A0040903.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Trojan.DownLoader.9544;Gelöscht.;
A0040909.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Trojan.Fakealert;Gelöscht.;
A0040910.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Trojan.Fakealert;Gelöscht.;
A0040911.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Trojan.Fakealert;Gelöscht.;
A0040914.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Trojan.PWS.Alanchum;Gelöscht.;
A0040932.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.Websearch;Verschoben.;
A0040957.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.WebHancer;;
A0040958.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.WebHancer;;
A0040959.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.WebHancer;;
A0040963.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.WebHancer;;
A0040964.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.WebHancer;;
A0040968.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.WebHancer;;
A0040969.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.WebHancer;;
A0040978.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.Websearch;;
A0040979.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.Websearch;;
A0040980.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP241;Adware.Websearch;;
A0041114.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP242;Adware.NewDotNet;;
A0041115.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP242;Adware.NewDotNet;;
A0041116.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP242;Adware.NewDotNet;;
A0041117.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP242;Adware.NewDotNet;;
A0041118.dll;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP242;Adware.NewDotNet;;
A0041125.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP242;Trojan.DownLoader.6811;Gelöscht.;
A0041126.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP242;Adware.Websearch;;
A0041127.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP242;BackDoor.Blastmed;Gelöscht.;
A0041312.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP242;Trojan.StartPage.335;Gelöscht.;
A0041313.exe;C:\System Volume Information\_restore{C7E87882-F72B-4CC6-B94B-0C5CDA4414CA}\RP242;BackDoor.Emule.44;Gelöscht.;
Seitenanfang Seitenende
09.05.2006, 23:53
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#28 Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
(dann wieder aktivieren)

dann scanne noch mal mit dr.web

Frage...wenn der Pfad nicht korrekt war, wie hast du dann das Log von dr.web hier reinbekommen ?
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
10.05.2006, 00:01
Member

Themenstarter

Beiträge: 25
#29 --der2. Scan von dr. web!!

Silent Runners.vbs;C:\Dokumente und Einstellungen\Marc\Desktop\exe Dateien;möglicherweise BATCH.Virus;;
A0040932.exe;C:\Dokumente und Einstellungen\Marc\DoctorWeb\Quarantine;Adware.Websearch;;
E8D7A764-AAC6-4A21-BC36-17E30C;C:\Dokumente und Einstellungen\Marc\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software\CounterSpy\Quarantine\B190855A-77EA-4;Adware.NewDotNet;;
backup-20060507-133411-982.dll;C:\Dokumente und Einstellungen\Marc\Lokale Einstellungen\Temp\backups;Adware.Websearch;;
Dc155.exe;C:\RECYCLER\S-1-5-21-2157384091-728378468-2993898689-1009;Adware.Comet;;
Dc156.exe;C:\RECYCLER\S-1-5-21-2157384091-728378468-2993898689-1009;Adware.Comet;;
Dc162.exe;C:\RECYCLER\S-1-5-21-2157384091-728378468-2993898689-1009;Adware.Comet;;
Dieser Beitrag wurde am 10.05.2006 um 01:24 Uhr von timerider999 editiert.
Seitenanfang Seitenende
10.05.2006, 00:02
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#30 ja...alles loeschen ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: