Spy Falcon und Spy Sheriff entfernen? |
||
---|---|---|
#0
| ||
18.05.2006, 00:07
...neu hier
Beiträge: 3 |
||
|
||
18.05.2006, 00:20
Ehrenmitglied
Beiträge: 6028 |
||
|
||
18.05.2006, 16:04
...neu hier
Themenstarter Beiträge: 3 |
#3
Logfile of HijackThis v1.99.1
Scan saved at 15:49:30, on 18.05.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Norton Internet Security\ISSVC.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\Java\jre1.5.0_04\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe C:\apps\Powercinema\PCMService.exe C:\apps\ABoard\ABoard.exe C:\Programme\Microsoft IntelliType Pro\type32.exe C:\apps\ABoard\AOSD.exe C:\Programme\Microsoft IntelliPoint\point32.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe C:\WINDOWS\system32\hphmon04.exe C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Programme\QuickTime\qttask.exe C:\APPS\SMP\SmpSys.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\ScannerU\AM32.exe c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe c:\apps\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ntvdm.exe C:\T-ONLINE\BSW4\ToDuCAlC.EXE C:\PROGRA~1\INTERN~1\IEXPLORE.EXE C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\Martin\LOKALE~1\Temp\Rar$EX00.485\HijackThis.exe C:\Programme\Messenger\msmsgs.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ebay.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\ger.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [PCMService] "c:\apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe O4 - HKLM\..\Run: [HPHUPD04] "C:\Programme\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [InstantAccess] C:\Programme\ScannerU\TBRIDGE\BIN\InstantAccess.EXE /h O4 - HKLM\..\Run: [RegisterDropHandler] C:\Programme\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\Programme\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Action Manager 32.lnk = C:\Programme\ScannerU\AM32.exe O8 - Extra context menu item: &Google-Suche - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Ins Deutsche übersetzen - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\ger.htm O17 - HKLM\System\CCS\Services\Tcpip\..\{DB4935FB-1024-4BDC-8460-B9FEEB5ED046}: NameServer = 217.237.151.161 217.237.150.188 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe Datentr„ger in Laufwerk C: ist HDD Volumeseriennummer: 040A-D6C9 Verzeichnis von C:\WINDOWS\system32 18.05.2006 15:57 5.044 stdole3.tlb 18.05.2006 15:56 61.465 nvapps.xml 18.05.2006 15:55 32.269 ld9D0B.tmp 18.05.2006 15:53 6.656 simpole.tlb 18.05.2006 15:53 36.864 hpCC77.tmp 18.05.2006 15:49 36.864 hpFF71.tmp 18.05.2006 15:49 57.856 dcomcfg.exe 18.05.2006 15:49 10.160 atmclk.exe 17.05.2006 21:12 33.792 hpE8BE.tmp 17.05.2006 21:12 176.128 sbnudh.dll 17.05.2006 21:12 4.286 ot.ico 17.05.2006 14:45 41.997 regperf.exe 16.05.2006 13:13 1.158 wpa.dbl 12.05.2006 02:15 2.778 qtplugin.log 10.05.2006 23:09 1.014 $winnt$.inf 03.05.2006 21:26 5.818.784 MRT.exe 03.04.2006 20:26 333 $ncsp$.inf 03.04.2006 12:17 304.416 FNTCACHE.DAT 03.04.2006 12:15 5.956 d3d9caps.dat 03.04.2006 12:07 176.167 rmoc3260.dll 03.04.2006 12:07 5.632 pndx5032.dll 03.04.2006 12:07 6.656 pndx5016.dll 03.04.2006 12:07 278.528 pncrt.dll 03.04.2006 12:00 401.064 perfh009.dat 03.04.2006 12:00 62.344 perfc009.dat 03.04.2006 12:00 415.470 perfh007.dat 03.04.2006 12:00 74.996 perfc007.dat 03.04.2006 12:00 966.250 PerfStringBackup.INI 03.04.2006 11:59 146.650 BuzzingBee.wav 03.04.2006 11:59 940.794 LoopyMusic.wav 03.04.2006 11:58 23.392 nscompat.tlb 03.04.2006 11:58 16.832 amcompat.tlb 03.04.2006 11:57 3.799 jupdate-1.5.0_04-b05.log 30.03.2006 11:26 1.492.480 shdocvw.dll 30.03.2006 03:16 18.944 xpsp3res.dll 23.03.2006 22:34 3.074.560 mshtml.dll 18.03.2006 13:09 615.424 urlmon.dll 17.03.2006 11:11 679.424 inetcomm.dll 17.03.2006 06:03 8.493.056 shell32.dll 17.03.2006 02:38 28.672 verclsid.exe 10.03.2006 06:09 5.533.696 wmp.dll 04.03.2006 05:34 664.064 wininet.dll 04.03.2006 05:34 474.624 shlwapi.dll 04.03.2006 05:34 146.432 msrating.dll 04.03.2006 05:34 532.480 mstime.dll 04.03.2006 05:34 448.512 mshtmled.dll 04.03.2006 05:34 39.424 pngfilt.dll 04.03.2006 05:34 55.808 extmgr.dll 04.03.2006 05:34 205.312 dxtrans.dll 04.03.2006 05:34 1.056.256 danim.dll 04.03.2006 05:34 251.392 iepeers.dll 04.03.2006 05:34 96.768 inseng.dll 04.03.2006 05:34 152.064 cdfview.dll 04.03.2006 05:34 1.022.976 browseui.dll 01.03.2006 21:43 426.496 msdtcprx.dll 01.03.2006 21:43 956.416 msdtctm.dll 01.03.2006 21:43 66.560 mtxclu.dll 01.03.2006 21:43 11.776 xolehlp.dll 01.03.2006 21:43 161.280 msdtcuiu.dll 01.03.2006 21:43 91.136 mtxoci.dll Datentr„ger in Laufwerk C: ist HDD Volumeseriennummer: 040A-D6C9 Verzeichnis von C:\DOKUME~1\Martin\LOKALE~1\Temp 18.05.2006 15:56 4.760 HPH1.tmp 18.05.2006 15:56 412 jusched.log 18.05.2006 15:53 4.760 HPHB.tmp 3 Datei(en) 9.932 Bytes 0 Verzeichnis(se), 238.202.150.912 Bytes frei Datentr„ger in Laufwerk C: ist HDD Volumeseriennummer: 040A-D6C9 Verzeichnis von C:\WINDOWS 18.05.2006 15:57 850 win.ini 18.05.2006 15:57 0 0.log 18.05.2006 15:55 2.048 bootstat.dat 18.05.2006 15:54 32.422 SchedLgU.Txt 18.05.2006 15:54 363.032 WindowsUpdate.log 17.05.2006 22:08 2.209 OEWABLog.txt 17.05.2006 22:08 44.500 wmsetup.log 17.05.2006 14:20 727.047 setuplog.txt 16.05.2006 19:25 379 wmsetup10.log 16.05.2006 13:50 1.409 QTFont.for 16.05.2006 13:50 54.156 QTFont.qfn 15.05.2006 00:49 50 wiaservc.log 15.05.2006 00:49 413 wiadebug.log 13.05.2006 13:52 1.830 spupdsvc.log 13.05.2006 13:49 50.136 iis6.log 13.05.2006 13:49 117.390 comsetup.log 13.05.2006 13:49 17.643 ocmsn.log 13.05.2006 13:49 1.374 imsins.log 13.05.2006 13:49 127.089 tsoc.log 13.05.2006 13:49 69.371 ntdtcsetup.log 13.05.2006 13:49 21.643 KB911562.log 13.05.2006 13:49 157.569 ocgen.log 13.05.2006 13:49 16.012 msgsocm.log 13.05.2006 13:49 314.542 FaxSetup.log 13.05.2006 13:49 381.429 setupapi.log 13.05.2006 13:49 17.428 updspapi.log 13.05.2006 13:49 1.374 imsins.BAK 13.05.2006 13:49 21.964 KB900485.log 13.05.2006 13:49 34.079 KB912812.log 13.05.2006 13:49 16.473 KB908531.log 13.05.2006 13:49 19.583 KB913580.log 13.05.2006 13:49 9.031 KB911565.log 13.05.2006 13:48 17.024 KB911567.log 12.05.2006 00:57 36 pccuo.ini 12.05.2006 00:52 89 Tb98.ini 12.05.2006 00:52 342 SCNDRVU.INI 12.05.2006 00:44 2 msoffice.ini 12.05.2006 00:43 34 hpfsched.ini 11.05.2006 23:24 781 nsw.log 11.05.2006 17:32 2.508 tonlinst.ini 11.05.2006 17:32 95.524 TOSO40.ISU 10.05.2006 23:19 192.474 setupact.log 10.05.2006 23:06 6.929 HDReg.ini 10.05.2006 23:05 3.941 sessmgr.setup.log 10.05.2006 23:05 641 DtcInstall.log 10.05.2006 23:04 7.698 regopt.log 10.05.2006 23:04 231 system.ini 10.05.2006 23:04 8.192 REGLOCS.OLD 03.04.2006 20:26 705.366 SIGVERIF.TXT 03.04.2006 12:29 61 smscfg.ini 03.04.2006 12:22 2.238.940 RESTORE.INS 03.04.2006 12:13 400 ODBC.INI 03.04.2006 12:07 365 xpsp1hfm.log 03.04.2006 12:05 1.452 LUINSTALL.LOG 03.04.2006 12:01 335 nsreg.dat 03.04.2006 11:58 16.669 WINNT32.LOG 03.04.2006 11:58 254 UPGRADE.TXT 03.04.2006 11:58 178 DHCPUPG.LOG 03.04.2006 11:57 316.640 WMSysPr9.prx 03.04.2006 11:57 33.230 KB893803v2.log 03.04.2006 11:56 200 KB825116.log 03.04.2006 11:56 34.080 KB913446.log 03.04.2006 11:56 36.634 KB912945.log 03.04.2006 11:56 31.522 KB912919.log 03.04.2006 11:56 30.965 KB911927.log 03.04.2006 11:56 27.576 KB911564.log 03.04.2006 11:56 29.674 KB910437.log 03.04.2006 11:56 28.925 KB908519.log 03.04.2006 11:56 29.174 KB905749.log 03.04.2006 11:56 27.837 KB905414.log 03.04.2006 11:56 26.775 KB904706.log 03.04.2006 11:55 30.237 KB902400.log 03.04.2006 11:55 19.650 KB901214.log 03.04.2006 11:55 19.647 KB901190.log 03.04.2006 11:55 19.922 KB901017.log 03.04.2006 11:55 21.091 KB900725.log 03.04.2006 11:55 18.594 KB899591.log 03.04.2006 11:55 17.326 KB899589.log 03.04.2006 11:55 17.791 KB899587.log 03.04.2006 11:55 17.350 KB898461.log 03.04.2006 11:55 14.156 KB898458.log 03.04.2006 11:54 15.469 KB896428.log 03.04.2006 11:54 16.483 KB896424.log 03.04.2006 11:54 15.600 KB896423.log 03.04.2006 11:54 14.878 KB896422.log 03.04.2006 11:54 15.045 KB896358.log 03.04.2006 11:54 13.474 KB896256.log 03.04.2006 11:54 14.937 KB894391.log 03.04.2006 11:54 13.019 KB893756.log 03.04.2006 11:54 12.113 KB891781.log 03.04.2006 11:54 14.000 KB890859.log 03.04.2006 11:54 11.506 KB890046.log 03.04.2006 11:53 9.689 KB888302.log 03.04.2006 11:53 9.444 KB888113.log 03.04.2006 11:53 9.417 KB887742.log 03.04.2006 11:53 9.451 KB887472.log 03.04.2006 11:53 9.666 KB886185.log 03.04.2006 11:53 9.432 KB885836.log 03.04.2006 11:53 9.826 KB885835.log 03.04.2006 11:53 9.280 KB885250.log 03.04.2006 11:53 9.064 KB873339.log 03.04.2006 11:52 5.592 KB888111.log 03.04.2006 11:51 1.172.453 setupapi.log.0.old 09.12.2005 16:49 15.691.264 RTHDCPL.exe Datentr„ger in Laufwerk C: ist HDD Volumeseriennummer: 040A-D6C9 Verzeichnis von C:\ 18.05.2006 16:04 0 sys.txt 18.05.2006 16:04 8.145 system.txt 18.05.2006 16:04 376 systemtemp.txt 18.05.2006 16:04 102.330 system32.txt 18.05.2006 15:55 2.145.964.032 hiberfil.sys 18.05.2006 15:55 2.145.890.304 pagefile.sys 16.05.2006 23:02 1.154 hph7150.log 11.05.2006 17:31 161 TO_InstallLog.txt 11.05.2006 17:07 6.826 TDSLCheck.txt 10.05.2006 23:10 293 BOOT.INI 03.04.2006 12:22 166 WINBOM.000 03.04.2006 12:02 816 IPH.PH 03.04.2006 12:00 0 IO.SYS 03.04.2006 12:00 0 MSDOS.SYS 03.04.2006 11:58 210 BOOT.BAK 03.04.2006 09:27 1.155 SAUDIT.TXT 04.08.2004 14:00 262.448 cmldr 04.08.2004 14:00 4.952 bootfont.bin 04.08.2004 14:00 251.184 NTLDR 04.08.2004 14:00 47.564 NTDETECT.COM 20 Datei(en) 4.292.542.116 Bytes 0 Verzeichnis(se), 238.202.204.160 Bytes frei so das hab ich gemacht. Hab auf dem Rechner mehrer Benutzerkonten muss ich da was anders machen? Will den scheiß nur wieder runter.. das nervt Danke schonmal für eure mühe Dieser Beitrag wurde am 18.05.2006 um 16:08 Uhr von Martin Held editiert.
|
|
|
||
18.05.2006, 16:33
Ehrenmitglied
Beiträge: 29434 |
#4
Martin Held
Info Spyfalcon http://virus-protect.org/artikel/spyware/spyfalcon.html --------------------------------------------------------------------------- 1. poste das Log vom Silentrunner (es gibt eine neue dll, und ich muss was nachsehen) http://virus-protect.org/silentrunner.html ------------------------------------------------------------------------- Laden und alles auf dem Desktop entpacken: *) spyfalcon.zip -> http://virus-protect.org/zip/spyfalcon.zip -> entpacken auf dem Desktop -> spyfalcon.reg + doppeltklicken und der registy beifuegen *) SmitRem2.8 --> http://noahdfear.geekstogo.com/click%20counter/click.php?id=1 Doppelklick: smitRem.exe -> Klicke: Start --> klicke: ok ----------------------------------------------------------------------- KILLBOX - Pocket KillBox http://virus-protect.org/killbox.html Options: Delete on Reboot --> anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" reinkopieren: ...... C:\WINDOWS\system32\stdole3.tlb C:\WINDOWS\system32\nvapps.xml C:\WINDOWS\system32\simpole.tlb C:\WINDOWS\system32\dcomcfg.exe C:\WINDOWS\system32\atmclk.exe C:\WINDOWS\system32\sbnudh.dll C:\WINDOWS\system32\ot.ico C:\WINDOWS\system32\regperf.exe ** Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). http://www.bsi.bund.de/av/texte/wiederher.htm ** öffne smitRem --> Doppelklick: RunThis.bat warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal) ** Datenträgerbereinigung: und Löschen der Temporary-Dateien Start - Ausführen - cleanmgr (reinschreiben) Klick: Temporäre Internet Files/Temporäre Internet Dateien -> o.k. Klick: Temporäre Dateien -> o.k boote wieder in den Normalmodus ** deaktiviere die Systemwiederherstellung (XP) (dann aktiviere sie wieder) Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. ** scanne mit superantispyware (free) http://virus-protect.org/artikel/tools/superantispyware.html und berichte __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
18.05.2006, 16:56
...neu hier
Themenstarter Beiträge: 3 |
#5
"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS] "SmpcSys" = "C:\APPS\SMP\SmpSys.exe" ["Packard Bell BV"] "SpybotSD TeaTimer" = "C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} "wininet.dll" = "regperf.exe" [null data] "kernel32.dll" = "C:\WINDOWS\system32\atmclk.exe" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS] "PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS] "High Definition Audio Property Page Shortcut" = "HDAShCut.exe" ["Windows (R) Server 2003 DDK provider"] "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."] "Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."] "SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "Vade Retro Outlook Express" = ""C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"" [empty string] "ccApp" = ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"" ["Symantec Corporation"] "Ulead AutoDetector v2" = "C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe" ["Ulead Systems, Inc."] "PCMService" = ""c:\apps\Powercinema\PCMService.exe"" ["CyberLink Corp."] "IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"" [MS] "ACTIVBOARD" = "c:\apps\ABoard\ABoard.exe" ["NEC Computers International"] "type32" = ""C:\Programme\Microsoft IntelliType Pro\type32.exe"" [MS] "IntelliPoint" = ""C:\Programme\Microsoft IntelliPoint\point32.exe"" [MS] "HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" ["HP"] "HPHmon04" = "C:\WINDOWS\system32\hphmon04.exe" ["Hewlett-Packard"] "HPHUPD04" = ""C:\Programme\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"" ["Hewlett-Packard"] "Share-to-Web Namespace Daemon" = "C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" ["Hewlett-Packard"] "InstantAccess" = "C:\Programme\ScannerU\TBRIDGE\BIN\InstantAccess.EXE /h" [null data] "RegisterDropHandler" = "C:\Programme\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE" [empty string] "Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"] "QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {f79fd28e-36ee-4989-aa61-9dd8e30a82fa}\(Default) = (no title provided) -> {HKLM...CLSID} = "Nothing" \InProcServer32\(Default) = "C:\WINDOWS\system32\hp203.tmp" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References" -> {HKLM...CLSID} = "ShellLink for Application References" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References" -> {HKLM...CLSID} = "Shell Icon Handler for Application References" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt" -> {HKLM...CLSID} = "RecordNow! SendToExt" \InProcServer32\(Default) = "C:\Apps\RecordNow\shlext.dll" [null data] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{97FA8AA2-EE77-4FF2-9449-424D8924EF21}" = "IntelliType Pro Zooming Control Panel Property Page" -> {HKLM...CLSID} = "IntelliType Pro Zooming Property Page" \InProcServer32\(Default) = ""C:\Programme\Microsoft IntelliType Pro\itcplzm.dll"" [MS] "{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}" = "IntelliType Pro Scrolling Control Panel Property Page" -> {HKLM...CLSID} = "IntelliType Pro Scrolling Property Page" \InProcServer32\(Default) = ""C:\Programme\Microsoft IntelliType Pro\itcplwhl.dll"" [MS] "{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}" = "IntelliType Pro Key Settings Control Panel Property Page" -> {HKLM...CLSID} = "IntelliType Pro Key Settings Property Page" \InProcServer32\(Default) = ""C:\Programme\Microsoft IntelliType Pro\itcplkey.dll"" [MS] "{A2569D1F-4E06-43EC-9825-0088B471BE47}" = "IntelliType Pro Wireless Control Panel Property Page" -> {HKLM...CLSID} = "IntelliType Pro Wireless Control Panel Property Page" \InProcServer32\(Default) = ""C:\Programme\Microsoft IntelliType Pro\itcplwir.dll"" [MS] "{20082881-FC36-4E47-9A7A-644C95FF749F}" = "IntelliPoint Wireless Control Panel Property Page" -> {HKLM...CLSID} = "Schnurlose Eigenschaften" \InProcServer32\(Default) = ""C:\Programme\Microsoft IntelliPoint\ipcplwir.dll"" [MS] "{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" = "IntelliPoint Wheel Control Panel Property Page" -> {HKLM...CLSID} = "Scrollrad-Eigenschaftenseite" \InProcServer32\(Default) = ""C:\Programme\Microsoft IntelliPoint\ipcplwhl.dll"" [MS] "{653DCCC2-13DB-45B2-A389-427885776CFE}" = "IntelliPoint Activities Control Panel Property Page" -> {HKLM...CLSID} = "Aktivitäten-Eigenschaftenseite" \InProcServer32\(Default) = ""C:\Programme\Microsoft IntelliPoint\ipcplact.dll"" [MS] "{124597D8-850A-41AE-849C-017A4FA99CA2}" = "IntelliPoint Buttons Control Panel Property Page" -> {HKLM...CLSID} = "Tasten-Eigenschaftenseite" \InProcServer32\(Default) = ""C:\Programme\Microsoft IntelliPoint\ipcplbtn.dll"" [MS] "{A4DF5659-0801-4A60-9607-1C48695EFDA9}" = "Ordner HP Share-to-Web" -> {HKLM...CLSID} = "Ordner HP Share-to-Web" \InProcServer32\(Default) = "C:\Programme\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL" ["Hewlett-Packard"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}" -> {HKLM...CLSID} = "IEContextMenu Class" \InProcServer32\(Default) = "C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS] Startup items in "Martin" & "All Users" startup folders: -------------------------------------------------------- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Action Manager 32" -> shortcut to: "C:\Programme\ScannerU\AM32.exe" [null data] Enabled Scheduled Tasks: ------------------------ "Erweiterte Garantie" -> launches: "C:\APPS\SMP\PBCARNOT.EXE" ["Packard Bell BV"] "HDReg" -> launches: "c:\Apps\HDReg\HDRegRem.exe" [null data] "Meinen PC einrichten" -> launches: "C:\Apps\SMP\PCSETUP.EXE /REM" ["Packard Bell BV"] "PBReg" -> launches: "c:\Apps\HDReg\HDRegDel.exe" [null data] "PBRegbk" -> launches: "c:\Apps\HDReg\HDRegDel.exe" [null data] "Registrierungserinnerung 3" -> launches: "C:\WINDOWS\system32\OOBE\oobebaln.exe /sys /r /n:3" [MS] "Symantec NetDetect" -> launches: "C:\Programme\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" -> {HKLM...CLSID} = "Norton Internet Security" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll" [file not found] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\programme\google\googletoolbar1.dll" ["Google Inc."] "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security" -> {HKLM...CLSID} = "Norton Internet Security" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll" [file not found] "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" -> {HKLM...CLSID} = "Norton AntiVirus" \InProcServer32\(Default) = "C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\programme\google\googletoolbar1.dll" ["Google Inc."] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided) -> {HKLM...CLSID} = "Real.com" \InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS] Dormant Explorer Bars in "View, Explorer Bar" menu HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}" -> {HKLM...CLSID} = "Java Plug-in 1.5.0_04" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Recherchieren" {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\ "ButtonText" = "Real.com" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [Strings]: START_PAGE_URL=file://C:\APPS\IE\offline\ger.htm Missing lines (compared with English-language version): [Strings]: 1 line Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ CyberLink Background Capture Service (CBCS), CLCapSvc, ""c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe"" [empty string] CyberLink Media Library Service, CyberLink Media Library Service, ""c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe"" ["Cyberlink"] CyberLink Task Scheduler (CTS), CLSched, ""c:\apps\Powercinema\Kernel\TV\CLSched.exe"" [empty string] ISSvc, ISSVC, ""C:\Programme\Norton Internet Security\ISSVC.exe"" ["Symantec Corporation"] Norton AntiVirus Auto-Protect-Dienst, navapsvc, ""C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Symantec Event Manager, ccEvtMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"] Symantec Network Drivers Service, SNDSrvc, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"] Symantec Network Proxy, ccProxy, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"] Symantec Settings Manager, ccSetMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"] Symantec SPBBCSvc, SPBBCSvc, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"] Ulead Burning Helper, UleadBurningHelper, "C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 24 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 13 seconds. ---------- (total run time: 64 seconds) |
|
|
||
19.05.2006, 00:37
Ehrenmitglied
Beiträge: 29434 |
#6
danke fuer das Log
arbeite also alles ab , was ich geschrieben hatte...und berichte __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
Wie bekomm ich den Schei... wieder runter?
Norton Antivirus findet es zwar aber macht nix dagegen...