Spy Falcon und Spy Sheriff entfernen?

#0
18.05.2006, 00:07
...neu hier

Beiträge: 3
#1 Hallo!
Wie bekomm ich den Schei... wieder runter?
Norton Antivirus findet es zwar aber macht nix dagegen...
Seitenanfang Seitenende
18.05.2006, 00:20
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#2 Hier faengt es an http://board.protecus.de/t23187.htm
__________
MfG Argus
Seitenanfang Seitenende
18.05.2006, 16:04
...neu hier

Themenstarter

Beiträge: 3
#3 Logfile of HijackThis v1.99.1
Scan saved at 15:49:30, on 18.05.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Norton Internet Security\ISSVC.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
C:\apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\apps\ABoard\AOSD.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programme\QuickTime\qttask.exe
C:\APPS\SMP\SmpSys.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\ScannerU\AM32.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLService.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ntvdm.exe
C:\T-ONLINE\BSW4\ToDuCAlC.EXE
C:\PROGRA~1\INTERN~1\IEXPLORE.EXE
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Martin\LOKALE~1\Temp\Rar$EX00.485\HijackThis.exe
C:\Programme\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ebay.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\ger.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Programme\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [InstantAccess] C:\Programme\ScannerU\TBRIDGE\BIN\InstantAccess.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\Programme\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\Programme\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Action Manager 32.lnk = C:\Programme\ScannerU\AM32.exe
O8 - Extra context menu item: &Google-Suche - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\ger.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB4935FB-1024-4BDC-8460-B9FEEB5ED046}: NameServer = 217.237.151.161 217.237.150.188
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe



Datentr„ger in Laufwerk C: ist HDD
Volumeseriennummer: 040A-D6C9

Verzeichnis von C:\WINDOWS\system32

18.05.2006 15:57 5.044 stdole3.tlb
18.05.2006 15:56 61.465 nvapps.xml
18.05.2006 15:55 32.269 ld9D0B.tmp
18.05.2006 15:53 6.656 simpole.tlb
18.05.2006 15:53 36.864 hpCC77.tmp
18.05.2006 15:49 36.864 hpFF71.tmp
18.05.2006 15:49 57.856 dcomcfg.exe
18.05.2006 15:49 10.160 atmclk.exe
17.05.2006 21:12 33.792 hpE8BE.tmp
17.05.2006 21:12 176.128 sbnudh.dll
17.05.2006 21:12 4.286 ot.ico
17.05.2006 14:45 41.997 regperf.exe

16.05.2006 13:13 1.158 wpa.dbl
12.05.2006 02:15 2.778 qtplugin.log
10.05.2006 23:09 1.014 $winnt$.inf
03.05.2006 21:26 5.818.784 MRT.exe
03.04.2006 20:26 333 $ncsp$.inf
03.04.2006 12:17 304.416 FNTCACHE.DAT
03.04.2006 12:15 5.956 d3d9caps.dat
03.04.2006 12:07 176.167 rmoc3260.dll
03.04.2006 12:07 5.632 pndx5032.dll
03.04.2006 12:07 6.656 pndx5016.dll
03.04.2006 12:07 278.528 pncrt.dll
03.04.2006 12:00 401.064 perfh009.dat
03.04.2006 12:00 62.344 perfc009.dat
03.04.2006 12:00 415.470 perfh007.dat
03.04.2006 12:00 74.996 perfc007.dat
03.04.2006 12:00 966.250 PerfStringBackup.INI
03.04.2006 11:59 146.650 BuzzingBee.wav
03.04.2006 11:59 940.794 LoopyMusic.wav
03.04.2006 11:58 23.392 nscompat.tlb
03.04.2006 11:58 16.832 amcompat.tlb
03.04.2006 11:57 3.799 jupdate-1.5.0_04-b05.log
30.03.2006 11:26 1.492.480 shdocvw.dll
30.03.2006 03:16 18.944 xpsp3res.dll
23.03.2006 22:34 3.074.560 mshtml.dll
18.03.2006 13:09 615.424 urlmon.dll
17.03.2006 11:11 679.424 inetcomm.dll
17.03.2006 06:03 8.493.056 shell32.dll
17.03.2006 02:38 28.672 verclsid.exe
10.03.2006 06:09 5.533.696 wmp.dll
04.03.2006 05:34 664.064 wininet.dll
04.03.2006 05:34 474.624 shlwapi.dll
04.03.2006 05:34 146.432 msrating.dll
04.03.2006 05:34 532.480 mstime.dll
04.03.2006 05:34 448.512 mshtmled.dll
04.03.2006 05:34 39.424 pngfilt.dll
04.03.2006 05:34 55.808 extmgr.dll
04.03.2006 05:34 205.312 dxtrans.dll
04.03.2006 05:34 1.056.256 danim.dll
04.03.2006 05:34 251.392 iepeers.dll
04.03.2006 05:34 96.768 inseng.dll
04.03.2006 05:34 152.064 cdfview.dll
04.03.2006 05:34 1.022.976 browseui.dll
01.03.2006 21:43 426.496 msdtcprx.dll
01.03.2006 21:43 956.416 msdtctm.dll
01.03.2006 21:43 66.560 mtxclu.dll
01.03.2006 21:43 11.776 xolehlp.dll
01.03.2006 21:43 161.280 msdtcuiu.dll
01.03.2006 21:43 91.136 mtxoci.dll


Datentr„ger in Laufwerk C: ist HDD
Volumeseriennummer: 040A-D6C9

Verzeichnis von C:\DOKUME~1\Martin\LOKALE~1\Temp

18.05.2006 15:56 4.760 HPH1.tmp
18.05.2006 15:56 412 jusched.log
18.05.2006 15:53 4.760 HPHB.tmp
3 Datei(en) 9.932 Bytes
0 Verzeichnis(se), 238.202.150.912 Bytes frei



Datentr„ger in Laufwerk C: ist HDD
Volumeseriennummer: 040A-D6C9

Verzeichnis von C:\WINDOWS

18.05.2006 15:57 850 win.ini
18.05.2006 15:57 0 0.log
18.05.2006 15:55 2.048 bootstat.dat
18.05.2006 15:54 32.422 SchedLgU.Txt
18.05.2006 15:54 363.032 WindowsUpdate.log
17.05.2006 22:08 2.209 OEWABLog.txt
17.05.2006 22:08 44.500 wmsetup.log
17.05.2006 14:20 727.047 setuplog.txt
16.05.2006 19:25 379 wmsetup10.log
16.05.2006 13:50 1.409 QTFont.for
16.05.2006 13:50 54.156 QTFont.qfn
15.05.2006 00:49 50 wiaservc.log
15.05.2006 00:49 413 wiadebug.log
13.05.2006 13:52 1.830 spupdsvc.log
13.05.2006 13:49 50.136 iis6.log
13.05.2006 13:49 117.390 comsetup.log
13.05.2006 13:49 17.643 ocmsn.log
13.05.2006 13:49 1.374 imsins.log
13.05.2006 13:49 127.089 tsoc.log
13.05.2006 13:49 69.371 ntdtcsetup.log
13.05.2006 13:49 21.643 KB911562.log
13.05.2006 13:49 157.569 ocgen.log
13.05.2006 13:49 16.012 msgsocm.log
13.05.2006 13:49 314.542 FaxSetup.log
13.05.2006 13:49 381.429 setupapi.log
13.05.2006 13:49 17.428 updspapi.log
13.05.2006 13:49 1.374 imsins.BAK
13.05.2006 13:49 21.964 KB900485.log
13.05.2006 13:49 34.079 KB912812.log
13.05.2006 13:49 16.473 KB908531.log
13.05.2006 13:49 19.583 KB913580.log
13.05.2006 13:49 9.031 KB911565.log
13.05.2006 13:48 17.024 KB911567.log
12.05.2006 00:57 36 pccuo.ini
12.05.2006 00:52 89 Tb98.ini
12.05.2006 00:52 342 SCNDRVU.INI
12.05.2006 00:44 2 msoffice.ini
12.05.2006 00:43 34 hpfsched.ini
11.05.2006 23:24 781 nsw.log
11.05.2006 17:32 2.508 tonlinst.ini
11.05.2006 17:32 95.524 TOSO40.ISU
10.05.2006 23:19 192.474 setupact.log
10.05.2006 23:06 6.929 HDReg.ini
10.05.2006 23:05 3.941 sessmgr.setup.log
10.05.2006 23:05 641 DtcInstall.log
10.05.2006 23:04 7.698 regopt.log
10.05.2006 23:04 231 system.ini
10.05.2006 23:04 8.192 REGLOCS.OLD
03.04.2006 20:26 705.366 SIGVERIF.TXT
03.04.2006 12:29 61 smscfg.ini
03.04.2006 12:22 2.238.940 RESTORE.INS
03.04.2006 12:13 400 ODBC.INI
03.04.2006 12:07 365 xpsp1hfm.log
03.04.2006 12:05 1.452 LUINSTALL.LOG
03.04.2006 12:01 335 nsreg.dat
03.04.2006 11:58 16.669 WINNT32.LOG
03.04.2006 11:58 254 UPGRADE.TXT
03.04.2006 11:58 178 DHCPUPG.LOG
03.04.2006 11:57 316.640 WMSysPr9.prx
03.04.2006 11:57 33.230 KB893803v2.log
03.04.2006 11:56 200 KB825116.log
03.04.2006 11:56 34.080 KB913446.log
03.04.2006 11:56 36.634 KB912945.log
03.04.2006 11:56 31.522 KB912919.log
03.04.2006 11:56 30.965 KB911927.log
03.04.2006 11:56 27.576 KB911564.log
03.04.2006 11:56 29.674 KB910437.log
03.04.2006 11:56 28.925 KB908519.log
03.04.2006 11:56 29.174 KB905749.log
03.04.2006 11:56 27.837 KB905414.log
03.04.2006 11:56 26.775 KB904706.log
03.04.2006 11:55 30.237 KB902400.log
03.04.2006 11:55 19.650 KB901214.log
03.04.2006 11:55 19.647 KB901190.log
03.04.2006 11:55 19.922 KB901017.log
03.04.2006 11:55 21.091 KB900725.log
03.04.2006 11:55 18.594 KB899591.log
03.04.2006 11:55 17.326 KB899589.log
03.04.2006 11:55 17.791 KB899587.log
03.04.2006 11:55 17.350 KB898461.log
03.04.2006 11:55 14.156 KB898458.log
03.04.2006 11:54 15.469 KB896428.log
03.04.2006 11:54 16.483 KB896424.log
03.04.2006 11:54 15.600 KB896423.log
03.04.2006 11:54 14.878 KB896422.log
03.04.2006 11:54 15.045 KB896358.log
03.04.2006 11:54 13.474 KB896256.log
03.04.2006 11:54 14.937 KB894391.log
03.04.2006 11:54 13.019 KB893756.log
03.04.2006 11:54 12.113 KB891781.log
03.04.2006 11:54 14.000 KB890859.log
03.04.2006 11:54 11.506 KB890046.log
03.04.2006 11:53 9.689 KB888302.log
03.04.2006 11:53 9.444 KB888113.log
03.04.2006 11:53 9.417 KB887742.log
03.04.2006 11:53 9.451 KB887472.log
03.04.2006 11:53 9.666 KB886185.log
03.04.2006 11:53 9.432 KB885836.log
03.04.2006 11:53 9.826 KB885835.log
03.04.2006 11:53 9.280 KB885250.log
03.04.2006 11:53 9.064 KB873339.log
03.04.2006 11:52 5.592 KB888111.log
03.04.2006 11:51 1.172.453 setupapi.log.0.old
09.12.2005 16:49 15.691.264 RTHDCPL.exe




Datentr„ger in Laufwerk C: ist HDD
Volumeseriennummer: 040A-D6C9

Verzeichnis von C:\

18.05.2006 16:04 0 sys.txt
18.05.2006 16:04 8.145 system.txt
18.05.2006 16:04 376 systemtemp.txt
18.05.2006 16:04 102.330 system32.txt
18.05.2006 15:55 2.145.964.032 hiberfil.sys
18.05.2006 15:55 2.145.890.304 pagefile.sys
16.05.2006 23:02 1.154 hph7150.log
11.05.2006 17:31 161 TO_InstallLog.txt
11.05.2006 17:07 6.826 TDSLCheck.txt
10.05.2006 23:10 293 BOOT.INI
03.04.2006 12:22 166 WINBOM.000
03.04.2006 12:02 816 IPH.PH
03.04.2006 12:00 0 IO.SYS
03.04.2006 12:00 0 MSDOS.SYS
03.04.2006 11:58 210 BOOT.BAK
03.04.2006 09:27 1.155 SAUDIT.TXT
04.08.2004 14:00 262.448 cmldr
04.08.2004 14:00 4.952 bootfont.bin
04.08.2004 14:00 251.184 NTLDR
04.08.2004 14:00 47.564 NTDETECT.COM
20 Datei(en) 4.292.542.116 Bytes
0 Verzeichnis(se), 238.202.204.160 Bytes frei

so das hab ich gemacht.

Hab auf dem Rechner mehrer Benutzerkonten muss ich da was anders machen?

Will den scheiß nur wieder runter.. das nervt

Danke schonmal für eure mühe
Dieser Beitrag wurde am 18.05.2006 um 16:08 Uhr von Martin Held editiert.
Seitenanfang Seitenende
18.05.2006, 16:33
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 Martin Held

Info Spyfalcon
http://virus-protect.org/artikel/spyware/spyfalcon.html

---------------------------------------------------------------------------
1.
poste das Log vom Silentrunner (es gibt eine neue dll, und ich muss was nachsehen)
http://virus-protect.org/silentrunner.html

-------------------------------------------------------------------------

Laden und alles auf dem Desktop entpacken:

*) spyfalcon.zip -> http://virus-protect.org/zip/spyfalcon.zip -> entpacken auf dem Desktop -> spyfalcon.reg + doppeltklicken und der registy beifuegen

*) SmitRem2.8 --> http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
Doppelklick: smitRem.exe -> Klicke: Start --> klicke: ok

-----------------------------------------------------------------------
KILLBOX - Pocket KillBox
http://virus-protect.org/killbox.html

Options: Delete on Reboot --> anhaken
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"
reinkopieren: ......

C:\WINDOWS\system32\stdole3.tlb
C:\WINDOWS\system32\nvapps.xml
C:\WINDOWS\system32\simpole.tlb
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\sbnudh.dll
C:\WINDOWS\system32\ot.ico
C:\WINDOWS\system32\regperf.exe

**
Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). http://www.bsi.bund.de/av/texte/wiederher.htm

**
öffne smitRem --> Doppelklick: RunThis.bat
warte, bis der Scan beendet ist (der Bildschirm wird blau werden. das ist normal)

**
Datenträgerbereinigung: und Löschen der Temporary-Dateien
Start - Ausführen - cleanmgr (reinschreiben)
Klick: Temporäre Internet Files/Temporäre Internet Dateien -> o.k.
Klick: Temporäre Dateien -> o.k

boote wieder in den Normalmodus


**
deaktiviere die Systemwiederherstellung (XP) (dann aktiviere sie wieder)
Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.

**
scanne mit superantispyware (free)
http://virus-protect.org/artikel/tools/superantispyware.html

und berichte
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
18.05.2006, 16:56
...neu hier

Themenstarter

Beiträge: 3
#5 "Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS]
"SmpcSys" = "C:\APPS\SMP\SmpSys.exe" ["Packard Bell BV"]
"SpybotSD TeaTimer" = "C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
"wininet.dll" = "regperf.exe" [null data]
"kernel32.dll" = "C:\WINDOWS\system32\atmclk.exe" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]
"PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]
"High Definition Audio Property Page Shortcut" = "HDAShCut.exe" ["Windows (R) Server 2003 DDK provider"]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"Vade Retro Outlook Express" = ""C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"" [empty string]
"ccApp" = ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"Ulead AutoDetector v2" = "C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\monitor.exe" ["Ulead Systems, Inc."]
"PCMService" = ""c:\apps\Powercinema\PCMService.exe"" ["CyberLink Corp."]
"IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"" [MS]
"ACTIVBOARD" = "c:\apps\ABoard\ABoard.exe" ["NEC Computers International"]
"type32" = ""C:\Programme\Microsoft IntelliType Pro\type32.exe"" [MS]
"IntelliPoint" = ""C:\Programme\Microsoft IntelliPoint\point32.exe"" [MS]
"HPDJ Taskbar Utility" = "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" ["HP"]
"HPHmon04" = "C:\WINDOWS\system32\hphmon04.exe" ["Hewlett-Packard"]
"HPHUPD04" = ""C:\Programme\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"" ["Hewlett-Packard"]
"Share-to-Web Namespace Daemon" = "C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" ["Hewlett-Packard"]
"InstantAccess" = "C:\Programme\ScannerU\TBRIDGE\BIN\InstantAccess.EXE /h" [null data]
"RegisterDropHandler" = "C:\Programme\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE" [empty string]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{f79fd28e-36ee-4989-aa61-9dd8e30a82fa}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Nothing"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hp203.tmp" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
-> {HKLM...CLSID} = "ShellLink for Application References"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
-> {HKLM...CLSID} = "Shell Icon Handler for Application References"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {HKLM...CLSID} = "RecordNow! SendToExt"
\InProcServer32\(Default) = "C:\Apps\RecordNow\shlext.dll" [null data]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{97FA8AA2-EE77-4FF2-9449-424D8924EF21}" = "IntelliType Pro Zooming Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Zooming Property Page"
\InProcServer32\(Default) = ""C:\Programme\Microsoft IntelliType Pro\itcplzm.dll"" [MS]
"{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}" = "IntelliType Pro Scrolling Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Scrolling Property Page"
\InProcServer32\(Default) = ""C:\Programme\Microsoft IntelliType Pro\itcplwhl.dll"" [MS]
"{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}" = "IntelliType Pro Key Settings Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Key Settings Property Page"
\InProcServer32\(Default) = ""C:\Programme\Microsoft IntelliType Pro\itcplkey.dll"" [MS]
"{A2569D1F-4E06-43EC-9825-0088B471BE47}" = "IntelliType Pro Wireless Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Wireless Control Panel Property Page"
\InProcServer32\(Default) = ""C:\Programme\Microsoft IntelliType Pro\itcplwir.dll"" [MS]
"{20082881-FC36-4E47-9A7A-644C95FF749F}" = "IntelliPoint Wireless Control Panel Property Page"
-> {HKLM...CLSID} = "Schnurlose Eigenschaften"
\InProcServer32\(Default) = ""C:\Programme\Microsoft IntelliPoint\ipcplwir.dll"" [MS]
"{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" = "IntelliPoint Wheel Control Panel Property Page"
-> {HKLM...CLSID} = "Scrollrad-Eigenschaftenseite"
\InProcServer32\(Default) = ""C:\Programme\Microsoft IntelliPoint\ipcplwhl.dll"" [MS]
"{653DCCC2-13DB-45B2-A389-427885776CFE}" = "IntelliPoint Activities Control Panel Property Page"
-> {HKLM...CLSID} = "Aktivitäten-Eigenschaftenseite"
\InProcServer32\(Default) = ""C:\Programme\Microsoft IntelliPoint\ipcplact.dll"" [MS]
"{124597D8-850A-41AE-849C-017A4FA99CA2}" = "IntelliPoint Buttons Control Panel Property Page"
-> {HKLM...CLSID} = "Tasten-Eigenschaftenseite"
\InProcServer32\(Default) = ""C:\Programme\Microsoft IntelliPoint\ipcplbtn.dll"" [MS]
"{A4DF5659-0801-4A60-9607-1C48695EFDA9}" = "Ordner HP Share-to-Web"
-> {HKLM...CLSID} = "Ordner HP Share-to-Web"
\InProcServer32\(Default) = "C:\Programme\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL" ["Hewlett-Packard"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]


Startup items in "Martin" & "All Users" startup folders:
--------------------------------------------------------

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Action Manager 32" -> shortcut to: "C:\Programme\ScannerU\AM32.exe" [null data]


Enabled Scheduled Tasks:
------------------------

"Erweiterte Garantie" -> launches: "C:\APPS\SMP\PBCARNOT.EXE" ["Packard Bell BV"]
"HDReg" -> launches: "c:\Apps\HDReg\HDRegRem.exe" [null data]
"Meinen PC einrichten" -> launches: "C:\Apps\SMP\PCSETUP.EXE /REM" ["Packard Bell BV"]
"PBReg" -> launches: "c:\Apps\HDReg\HDRegDel.exe" [null data]
"PBRegbk" -> launches: "c:\Apps\HDReg\HDRegDel.exe" [null data]
"Registrierungserinnerung 3" -> launches: "C:\WINDOWS\system32\OOBE\oobebaln.exe /sys /r /n:3" [MS]
"Symantec NetDetect" -> launches: "C:\Programme\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"
-> {HKLM...CLSID} = "Norton Internet Security"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll" [file not found]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\programme\google\googletoolbar1.dll" ["Google Inc."]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security"
-> {HKLM...CLSID} = "Norton Internet Security"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll" [file not found]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\programme\google\googletoolbar1.dll" ["Google Inc."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Real.com"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_04"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherchieren"

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=file://C:\APPS\IE\offline\ger.htm

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

CyberLink Background Capture Service (CBCS), CLCapSvc, ""c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe"" [empty string]
CyberLink Media Library Service, CyberLink Media Library Service, ""c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe"" ["Cyberlink"]
CyberLink Task Scheduler (CTS), CLSched, ""c:\apps\Powercinema\Kernel\TV\CLSched.exe"" [empty string]
ISSvc, ISSVC, ""C:\Programme\Norton Internet Security\ISSVC.exe"" ["Symantec Corporation"]
Norton AntiVirus Auto-Protect-Dienst, navapsvc, ""C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Network Proxy, ccProxy, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, ""C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]
Ulead Burning Helper, UleadBurningHelper, "C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 24 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 13 seconds.
---------- (total run time: 64 seconds)
Seitenanfang Seitenende
19.05.2006, 00:37
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 danke fuer das Log ;)
arbeite also alles ab , was ich geschrieben hatte...und berichte
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: