Virus alert in der Taskleiste

#16 alles, was du bisher gepostet hast, wird wieder erscheinen..poste nur diesen teil:

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\WINDOWS\system32\components" >>files.txt
dir "C:\Programme\whInstall" >>files.txt
dir "C:\Programme\ZipCodec" >>files.txt
notepad files.txt

---------
ist fuer mich:

C:\SahAgent.log
C:\sys.txt
C:\WINDOWS\Downloaded Program Files\SAHAgent_.exe
C:\WINDOWS\Downloaded Program Files\SahHtml_.exe
C:\WINDOWS\Downloaded Program Files\SAHUninstall_.exe
C:\WINDOWS\Downloaded Program Files\sporder.dll
C:\WINDOWS\Downloaded Program Files\sporder_.dll

27.08.2005 14:30 5.065 swflash.inf
02.06.2005 11:59 488 tsbti.inf
02.06.2005 11:43 1.427.456 tsbticor.ocx
02.06.2005 11:46 409.600 tsbtigui.dll
02.06.2005 11:46 180.224 tsbtitls.dll
23.06.2004 12:59 180.224 WMDownload.dll
21.06.2004 11:48 656 WMDownload.inf
29.05.2002 22:12 53.248 xmlparse_.dll
29.05.2002 22:13 81.920 xmltok_.dll

C:\WINDOWS\Temp

19.07.2006 14:46 <DIR> .
19.07.2006 14:46 <DIR> ..
13.07.2006 21:16 124 0CF6E057.TMP
10.02.2005 11:54 2.760 IDSinst.LOG
19.07.2006 14:46 40.960 rtdrvmon.exe


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
__________
MfG Sabina

rund um die PC-Sicherheit

#17 Verzeichnis von C:\WINDOWS\system32

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 8CB3-FACF

Verzeichnis von C:\Programme\whInstall

03.08.2004 07:00 <DIR> .
03.08.2004 07:00 <DIR> ..
22.05.2003 14:01 7.572 license.txt
05.03.2002 11:00 1.533 readme.txt
2 Datei(en) 9.105 Bytes
2 Verzeichnis(se), 4.320.858.112 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 8CB3-FACF

Verzeichnis von C:\Programme\ZipCodec

16.07.2006 16:44 <DIR> .
16.07.2006 16:44 <DIR> ..
16.07.2006 16:44 27.452 uninst.exe
1 Datei(en) 27.452 Bytes
2 Verzeichnis(se), 4.320.858.112 Bytes frei

#18 1.
spyfalcon.zip -> http://virus-protect.org/zip/spyfalcon.zip -> entpacken auf dem Desktop -> spyfalcon.reg ->doppeltklicken und der Registry mit "ja/yes" beifügen

2.
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:

Zitat

Files to delete:

C:\Programme\whInstall\license.txt
C:\Programme\whInstall\readme.txt
C:\Programme\ZipCodec\uninst.exe
C:\SahAgent.log
C:\sys.txt
C:\WINDOWS\Downloaded Program Files\SAHAgent_.exe
C:\WINDOWS\Downloaded Program Files\SahHtml_.exe
C:\WINDOWS\Downloaded Program Files\SAHUninstall_.exe

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

3.
scanne mit Counterspy , stelle nach dem scan alles auf "remove" und poste den report
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit

#19 Spyware Scan Details
Start Date: 19.07.2006 16:16:06
End Date: 19.07.2006 16:38:09
Total Time: 22 mins 3 secs

Detected spyware

EUniverse Updater Hijacker more information...
Details: EUniverse is an adware program that runs at startup, generates popup ads, and performs a number of spyware related functions such as transmitting personal information and hijacking Internet Explorer.
Status: Deleted

Infected files detected
c:\programme\common files\updater\data1.dat
c:\programme\common files\updater\data2.dat


KeenValue PerfectNav Hijacker more information...
Details: The PerfectNav Internet Explorer spyware software is designed to redirect your URL typing errors to PerfectNav's web page.
Status: Deleted

Infected files detected
c:\programme\incredifind\bho\date.txt


webHancer Adware (General) more information...
Details: webHancer is an adware application started at Windows startup that monitors web sites being viewed and sends performance data on them back to webHancer's servers. This occurs unknown to the user.
Status: Deleted


IncrediFind Adware (General) more information...
Details: IncrediFind is an Internet Explorer browser helper object that changes your Internet Explorer error page to sirsearch.com and displays popup advertising.
Status: Deleted

Infected files detected
c:\programme\incredifind\bho\date.txt
c:\windows\system32\drivers\etc\hosts.bho


Zlob.Media-Codec Trojan Downloader more information...
Status: Deleted


Claria.GAIN.CommonElements Adware (General) more information...
Details: Claria's GAIN network consists of several applications inlcuding Gator eWallet, GotSmiley, ScreenSeenes, WebSecureAlert, DashBar, Weatherscope, Date Manager and Precision Time.
Status: Deleted

Infected files detected
c:\windows\gatorhdplugin.log


KaZaA P2P Program more information...
Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Infected files detected
c:\dokumente und einstellungen\thomas\desktop\my shared folder.lnk

Infected registry entries detected
HKEY_CURRENT_USER\Software\Kazaa
HKEY_CURRENT_USER\Software\Kazaa\Advanced MaxSearchResult 200
HKEY_CURRENT_USER\Software\Kazaa\Advanced SuperNode 1
HKEY_CURRENT_USER\Software\Kazaa\Advanced ScanFolder 0
HKEY_CURRENT_USER\Software\Kazaa\InstantMessaging IgnoreAll 0
HKEY_CURRENT_USER\Software\Kazaa\InstantMessaging IgnoredUsers
HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\ColumnOrder All 0,1,2,3,4,5,6,7,
HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\ColumnSortStates1 All 0
HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\ColumnSortStates2 All 0
HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\ColumnWidths All 153,57,98,70,75,70,75,245,
HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\CombinedSortedColumns All -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-
HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\EverythingWidth 0 151
HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\EverythingWidth 1 72
HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\EverythingWidth 2 108
HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\EverythingWidth 3 80
HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\EverythingWidth 4 82
HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\EverythingWidth 5 60
HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\EverythingWidth 6 64
HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\EverythingWidth 7 60
HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\EverythingWidth 8 76
HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\EverythingWidth 9 180
HKEY_CURRENT_USER\Software\Kazaa\Kazaa Lite\Settings WindowPos 0,3,-1,-1,-1,-1,-4,-4,1028,742
HKEY_CURRENT_USER\Software\Kazaa\LocalContent DisableSharing 0
HKEY_CURRENT_USER\Software\Kazaa\LocalContent DownloadDir D:\My Shared Folder
HKEY_CURRENT_USER\Software\Kazaa\ResultsFilter adult_filter_level 0
HKEY_CURRENT_USER\Software\Kazaa\ResultsFilter virus_filter 0
HKEY_CURRENT_USER\Software\Kazaa\ResultsFilter firewall_filter 1
HKEY_CURRENT_USER\Software\Kazaa\ResultsFilter bogus_filter 1
HKEY_CURRENT_USER\Software\Kazaa\ResultsFilter custom_filter_phrases .scr, .vbs, .jpg.exe, .jpg.vbs, .avi.exe, .avi.vbs, .mp3.exe, .mp3.vbs, -fulldownloader, 3-fulldwnloader, -full-downloader, -games-fulldownloader, divx-fulldownloader, 3-full-dwnloader-
HKEY_CURRENT_USER\Software\Kazaa\Search 0 `nÿcšñ
HKEY_CURRENT_USER\Software\Kazaa\Search 1 kk»xƒ´k
HKEY_CURRENT_USER\Software\Kazaa\Settings HideBonzi 1
HKEY_CURRENT_USER\Software\Kazaa\Settings Date 02-15-2003
HKEY_CURRENT_USER\Software\Kazaa\Settings UseCount 0
HKEY_CURRENT_USER\Software\Kazaa\Settings HelpDir D:\Kazaa Lite\Help
HKEY_CURRENT_USER\Software\Kazaa\Skins SkinsDir D:\Kazaa Lite\Skins
HKEY_CURRENT_USER\Software\Kazaa\SOCKS Enabled 0
HKEY_CURRENT_USER\Software\Kazaa\Transfer ConcurrentDownloads 7
HKEY_CURRENT_USER\Software\Kazaa\Transfer ConcurrentUploads 3
HKEY_CURRENT_USER\Software\Kazaa\Transfer UploadBandwidth 0
HKEY_CURRENT_USER\Software\Kazaa\Transfer NoUploadLimitWhenIdle 0
HKEY_CURRENT_USER\Software\Kazaa\Transfer DlDir0 D:\My Shared Folder
HKEY_CURRENT_USER\Software\Kazaa\Transfer CacheHost 0
HKEY_CURRENT_USER\Software\Kazaa\Transfer CachePort 0
HKEY_CURRENT_USER\Software\Kazaa\Transfer CacheDiscoveryTime 1153244635
HKEY_CURRENT_USER\Software\Kazaa\UserDetails UserName www.k-lite.tk_improved_Kazaa
HKEY_CURRENT_USER\Software\Kazaa\UserDetails Password bb315ca3d221
HKEY_CURRENT_USER\Software\Kazaa\UserDetails PasswordLength 6
HKEY_CURRENT_USER\Software\Kazaa\UserDetails Email user@kazaa.kazaa
HKEY_CURRENT_USER\Software\Kazaa\UserDetails Newsletter 0
HKEY_CURRENT_USER\Software\Kazaa\UserDetails UserDetailsSent 1
HKEY_CURRENT_USER\Software\Kazaa\UserDetails UserDetail 1
HKEY_CURRENT_USER\Software\Kazaa\UserDetails AutoConnected 0
HKEY_CURRENT_USER\Software\Kazaa\UserDetails CountryCode DE
HKEY_CURRENT_USER\Software\Kazaa LimitBitrate 0
HKEY_CURRENT_USER\Software\Kazaa LastSearchHash


DesktopScam Trojan Downloader more information...
Details: DesktopScam is a trojan that is downloaded with rogue security applicatons in order to frighten the affected user into purchasing the rogue program.
Status: Deleted

Infected files detected
c:\dokumente und einstellungen\all users\startmenü\security troubleshooting.url
c:\dokumente und einstellungen\all users\startmenü\online security guide.url

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{f7d40011-29bb-43eb-9c97-875ce89e9e36}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{f7d40011-29bb-43eb-9c97-875ce89e9e36}


Zango.Toolbar Toolbar more information...
Details: Zango.Toolbar is an adware application that installs a browser helper object, (BHO), in the form of a toolbar.
Status: Deleted

Infected files detected
C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll


GmbH Porn Dialer more information...
Details: GmbH is a dialer that dials high-cost international phone calls using a modem.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\downloaded program files\ieloader.dll


WindUpdates.MediaGateway Adware (General) more information...
Details: WindUpdates.MediaGateway is an adware application that displays advertising on the desktop, usually pop-ups.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\MediaGatewayX.Installer
HKEY_CLASSES_ROOT\MediaGatewayX.Installer\CLSID {8FCDF9D9-A28B-480f-8C3D-581F119A8AB8}
HKEY_CLASSES_ROOT\MediaGatewayX.Installer\CurVer MediaGatewayX.Installer.1
HKEY_CLASSES_ROOT\MediaGatewayX.Installer MediaGatewayX
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll 1
HKEY_CLASSES_ROOT\Interface\{DD469A88-316C-441D-B712-783D9B9A6707}
HKEY_CLASSES_ROOT\Interface\{DD469A88-316C-441D-B712-783D9B9A6707}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{DD469A88-316C-441D-B712-783D9B9A6707}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{DD469A88-316C-441D-B712-783D9B9A6707}\TypeLib {981BDA1D-C8AD-46FF-BE2C-FDDD859AC6F5}
HKEY_CLASSES_ROOT\Interface\{DD469A88-316C-441D-B712-783D9B9A6707}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{DD469A88-316C-441D-B712-783D9B9A6707} IInstallerCaller
HKEY_CLASSES_ROOT\MediaGatewayX.Installer.1
HKEY_CLASSES_ROOT\MediaGatewayX.Installer.1\CLSID {8FCDF9D9-A28B-480f-8C3D-581F119A8AB8}
HKEY_CLASSES_ROOT\MediaGatewayX.Installer.1 MediaGatewayX


180solutions.SearchAssistant Adware (General) more information...
Details: 180search Assistant is an adware application that monitors users' search queries and web surfing in order to display targeted advertising.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\AppID\{D28CD14C-50BE-4CFA-951E-B37F25DA3472}
HKEY_CLASSES_ROOT\AppID\{D28CD14C-50BE-4CFA-951E-B37F25DA3472} ActiveX
HKEY_CLASSES_ROOT\AppID\ActiveX.DLL
HKEY_CLASSES_ROOT\AppID\ActiveX.DLL AppID {D28CD14C-50BE-4CFA-951E-B37F25DA3472}


ad.yieldmanager Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\thomas\cookies\thomas@ad.yieldmanager[2].txt


PriceBandit Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\thomas\cookies\thomas@apmebf[2].txt


ATDMT.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\thomas\cookies\thomas@atdmt[1].txt


ABetterInternet.Aurora Cookie Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\thomas\cookies\thomas@a[1].txt


Claria.DashBar Cookie Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\thomas\cookies\thomas@belnk[1].txt


Bizrate Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\thomas\cookies\thomas@bizrate[2].txt


BS.Serving-Sys Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\thomas\cookies\thomas@bs.serving-sys[1].txt
c:\dokumente und einstellungen\thomas\cookies\thomas@serving-sys[2].txt


Com.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\thomas\cookies\thomas@com[2].txt


DealTime Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\thomas\cookies\thomas@dealtime[1].txt


DoubleClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\thomas\cookies\thomas@doubleclick[1].txt


as-us.falkag Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\thomas\cookies\thomas@falkag[2].txt


GeoCities Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\thomas\cookies\thomas@geocities[1].txt


Hotbar Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\thomas\cookies\thomas@hotbar[1].txt


IndexTools.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\thomas\cookies\thomas@indextools[1].txt


Desktop Spy Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\thomas\cookies\thomas@list[1].txt


Mediaplex.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\thomas\cookies\thomas@mediaplex[2].txt


Overture.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\thomas\cookies\thomas@overture[1].txt


WindowsMedia Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\thomas\cookies\thomas@windowsmedia[2].txt


Radar Spy 1.0 Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\thomas\cookies\thomas@yourmedia[1].txt

#20 virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten
http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\Temp\rtdrvmon.exe

poste den bericht

+
das neue Log vom HijackThis

Tipp:
(c:\programme\incredifind - desinstalliere- enthaelt Spyware)

lade ein anderes mailproggie:
http://virus-protect.org/mailprogs.html
__________
MfG Sabina

rund um die PC-Sicherheit

#21 Antivirus Version Update Result
AntiVir 6.35.0.21 07.19.2006 no virus found
Authentium 4.93.8 07.18.2006 no virus found
Avast 4.7.844.0 07.19.2006 no virus found
AVG 386 07.18.2006 no virus found
BitDefender 7.2 07.19.2006 no virus found
CAT-QuickHeal 8.00 07.19.2006 no virus found
ClamAV devel-20060426 07.19.2006 no virus found
DrWeb 4.33 07.19.2006 no virus found
eTrust-InoculateIT 23.72.72 07.19.2006 no virus found
eTrust-Vet 12.6.2301 07.19.2006 no virus found
Ewido 4.0 07.19.2006 no virus found
Fortinet 2.77.0.0 07.19.2006 no virus found
F-Prot 3.16f 07.18.2006 no virus found
F-Prot4 4.2.1.29 07.18.2006 no virus found
Ikarus 0.2.65.0 07.19.2006 no virus found
Kaspersky 4.0.2.24 07.19.2006 no virus found
McAfee 4809 07.18.2006 no virus found
Microsoft 1.1508 07.18.2006 no virus found
NOD32v2 1.1668 07.19.2006 no virus found
Norman 5.90.23 07.19.2006 no virus found
Panda 9.0.0.4 07.19.2006 no virus found
Sophos 4.07.0 07.19.2006 no virus found
Symantec 8.0 07.19.2006 no virus found
TheHacker 5.9.8.177 07.18.2006 no virus found
UNA 1.83 07.19.2006 no virus found
VBA32 3.11.0 07.19.2006 no virus found
VirusBuster 4.3.7:9 07.19.2006 no virus found


Aditional Information
File size: 40960 bytes
MD5: 945d09c0925f771f907dee3d0452ecf4
SHA1: ff415844573771abfe90ee7b5639ac033b319df3

hijack

Logfile of HijackThis v1.99.1
Scan saved at 17:16:39, on 19.07.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Media Manager\airsvcu.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\Mixer.exe
D:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Lexmark X1100 Series\lxbkbmon.exe
D:\Programme\QuickTime\qttask.exe
C:\Programme\SPAMfighter\SFAgent.exe
D:\Programme\AutoSizer\AutoSizer.exe
C:\Programme\TELEBAU\Telnet @dsl ADSL USB MODEM\dslmon.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\iPod\bin\iPodService.exe
D:\Programme\Sunbelt Software\CounterSpy\Consumer\Thread.exe
D:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
D:\Programme\Sunbelt Software\CounterSpy\Consumer\SunServer.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Programme\Microsoft Office\Office\1031\wfxmsrvr.exe
C:\PROGRA~1\MICROS~2\Office\1031\OLFMOD32.EXE
C:\Dokumente und Einstellungen\Thomas\Eigene Dateien\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tiscali
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programme\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [SunServer] D:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [AutoSizer] "D:\Programme\AutoSizer\AutoSizer.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\RunOnce: [CounterSpyCleaner] D:\Programme\Sunbelt Software\CounterSpy\Consumer\sunASCleaner.exe
O4 - Startup: BLUEVEX - Die Sportbörse Deutschland.url
O4 - Startup: Financial spread betting - Finspreads.url
O4 - Startup: FTOR - Finance-Community.url
O4 - Startup: Introducing Media Manager.lnk = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Media Manager\SPLASHA.EXE
O4 - Startup: Midasplayer.url
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.de
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://www.midasplayer.com/midasa.cab
O16 - DPF: {1203D659-09CD-404D-ABCC-60D7B77146AA} (APCToolbar Class TI) - http://www.tradesignal.com/wpa/tsb/2.7.0.38/components/tsbt-2-7-0-38.cab
O16 - DPF: {3FE0A418-A61F-401B-8C4F-DEAA62C7CEEC} (Chartist25 Control) - http://www.technical-investor.de/wpa/tsb/2.6.2.0/components/tsbt-2-6-2-0.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/043038d5fd5fadacea17/netzip/RdxIE601_de.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/de/win/QuickTimeInstaller.exe
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://www.arcor.de/vod/dmd/WMDownload.cab
O16 - DPF: {C14C9409-1E1B-4F00-94AD-70F055AA71B2} (TradeSignal express) - http://www.tradesignal.com/wpa/tsb/2.7.0.42/components/tsbt-2-7-0-42.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://royaljoker.microgaming.com/deutsch/FlashAX.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp09.photoprintit.de/microsite/defaults/activex/ImageUploader3.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#22 poste diese log (als Anhang) siehe unten

http://virus-protect.org/registry_stuff.html
__________
MfG Sabina

rund um die PC-Sicherheit

#23 Wenn ich das Prog. öffne läuft zwar kurz das Dos aber es macht sich danach kein Log auf!?

#24 neben der find_Stuff.bat wird ein Ordner "Files" erstellt, dort muesste die look1.txt sein
__________
MfG Sabina

rund um die PC-Sicherheit

#25 Das ist jetzt aber ein bisschen viel.

doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
doesn't exist HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System
doesn't exist HKEY_LOCAL_MACHINE\SSYSTEM\CurrentControlSet\Services\windowsnetwork
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
doesn't exist HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa
doesn't exist HKEY_CURRENT_USER\Software\Microsoft\OLE
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
doesn't exist HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System
doesn't exist HKEY_LOCAL_MACHINE\SSYSTEM\CurrentControlSet\Services\windowsnetwork
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
doesn't exist HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa
doesn't exist HKEY_CURRENT_USER\Software\Microsoft\OLE
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
doesn't exist HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System
doesn't exist HKEY_LOCAL_MACHINE\SSYSTEM\CurrentControlSet\Services\windowsnetwork
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
doesn't exist HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa
doesn't exist HKEY_CURRENT_USER\Software\Microsoft\OLE
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
doesn't exist HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System
doesn't exist HKEY_LOCAL_MACHINE\SSYSTEM\CurrentControlSet\Services\windowsnetwork
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
doesn't exist HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa
doesn't exist HKEY_CURRENT_USER\Software\Microsoft\OLE
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
doesn't exist HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System
doesn't exist HKEY_LOCAL_MACHINE\SSYSTEM\CurrentControlSet\Services\windowsnetwork
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
doesn't exist HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa
doesn't exist HKEY_CURRENT_USER\Software\Microsoft\OLE
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
-----------------------
-

edit /Sabina

#26 Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.
Die Datei "fixme.reg" auf dem Desktop doppelklicken

Zitat

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

**
dann poste noch mal das log von winpfind
__________
MfG Sabina

rund um die PC-Sicherheit

#27 ARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
SAHAgent 19.07.2006 15:50:54 12746 C:\files.txt

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 06.01.2006 12:27:32 48128 C:\WINDOWS\AKDeInstall.exe

Checking %System% folder...
PEC2 18.08.2001 14:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc
Umonitor 29.08.2002 12:43:28 660480 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 27.04.2006 17:49:30 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe
UPX! 09.01.2006 10:36:04 42496 C:\WINDOWS\SYSTEM32\swreg.exe
UPX! 09.01.2006 10:36:06 40960 C:\WINDOWS\SYSTEM32\swsc.exe
winsync 18.08.2001 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
19.07.2006 16:07:24 S 2048 C:\WINDOWS\bootstat.dat
16.07.2006 16:34:38 H 54156 C:\WINDOWS\QTFont.qfn
19.07.2006 19:22:14 H 1024 C:\WINDOWS\system32\config\default.LOG
19.07.2006 20:05:30 H 1024 C:\WINDOWS\system32\config\SAM.LOG
19.07.2006 16:17:36 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
19.07.2006 20:10:34 H 1024 C:\WINDOWS\system32\config\software.LOG
19.07.2006 19:22:38 H 1024 C:\WINDOWS\system32\config\system.LOG
12.06.2006 07:22:08 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\c7f477ae-1bd0-4cb4-9990-add36065116a
12.06.2006 07:22:08 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
19.07.2006 20:10:14 H 0 C:\WINDOWS\system32\spool\drivers\cmsstorage.lst
19.07.2006 16:07:26 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 18.08.2001 14:00:00 68096 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 29.08.2002 12:43:42 583680 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 29.08.2002 12:43:42 132096 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 18.08.2001 14:00:00 152064 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 29.08.2002 12:43:42 293376 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 29.08.2002 12:43:42 125440 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 29.08.2002 12:43:42 66560 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 03.06.2005 03:52:54 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 18.08.2001 14:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 18.08.2001 14:00:00 566272 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 18.08.2001 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 18.08.2001 14:00:00 259072 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 15.11.2002 09:09:30 R 192512 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 18.08.2001 14:00:00 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 18.08.2001 14:00:00 111616 C:\WINDOWS\SYSTEM32\powercfg.cpl
SiSoftware 09.03.2003 21:44:46 53248 C:\WINDOWS\SYSTEM32\SanCpl.cpl
Microsoft Corporation 29.08.2002 12:43:42 272896 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 18.08.2001 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 18.08.2001 14:00:00 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 15.07.1997 78848 C:\WINDOWS\SYSTEM32\TWCPLU.CPL
Microsoft Corporation 18.08.2001 14:00:00 68096 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 18.08.2001 14:00:00 152064 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 29.08.2002 04:41:00 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 18.08.2001 14:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 18.08.2001 14:00:00 566272 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 18.08.2001 14:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 18.08.2001 14:00:00 259072 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 18.08.2001 14:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 18.08.2001 14:00:00 111616 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 18.08.2001 14:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 18.08.2001 14:00:00 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
21.02.2006 10:07:06 1737 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
16.04.2003 18:41:38 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
04.03.2004 19:36:32 697 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DSLMON.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
15.02.2006 08:14:34 305 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
16.04.2003 19:31:44 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini
02.09.2005 20:36:46 1759 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
20.06.2004 19:56:22 194 C:\Dokumente und Einstellungen\Thomas\Startmenü\Programme\Autostart\BLUEVEX - Die Sportbörse Deutschland.url
16.04.2003 18:41:38 HS 84 C:\Dokumente und Einstellungen\Thomas\Startmenü\Programme\Autostart\desktop.ini
07.02.2006 10:26:30 152 C:\Dokumente und Einstellungen\Thomas\Startmenü\Programme\Autostart\Financial spread betting - Finspreads.url
15.08.2004 21:44:14 156 C:\Dokumente und Einstellungen\Thomas\Startmenü\Programme\Autostart\FTOR - Finance-Community.url
12.06.2003 18:06:52 912 C:\Dokumente und Einstellungen\Thomas\Startmenü\Programme\Autostart\Introducing Media Manager.lnk
17.05.2005 18:06:16 130 C:\Dokumente und Einstellungen\Thomas\Startmenü\Programme\Autostart\Midasplayer.url

Checking files in %USERPROFILE%\Application Data folder...
19.12.2005 12:48:54 875 C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\AdobeDLM.log
16.04.2003 19:31:44 HS 62 C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\desktop.ini
19.12.2005 12:48:54 0 C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\dm.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Shell Extension for Malware scanning
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programme\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\FolderToAssetStorage
{09f28970-580f-11cf-a095-00aa00a71191} = C:\WINDOWS\System32\shstgeu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Shell Extension for Malware scanning
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programme\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Programme\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\programme\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\programme\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Konsole : C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer-Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\programme\google\googletoolbar2.dll
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\programme\google\googletoolbar2.dll
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = :
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz nwiz.exe /install
Cmaudio RunDll32 cmicnfg.cpl,CMICtrlWnd
KernelFaultCheck %systemroot%\system32\dumprep 0 -k
TkBellExe "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
Lexmark X1100 Series "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe"
SunJavaUpdateSched C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
avgnt "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
C-Media Mixer Mixer.exe /startup
iTunesHelper "D:\Programme\iTunes\iTunesHelper.exe"
QuickTime Task "D:\Programme\QuickTime\qttask.exe" -atboottime
SPAMfighter Agent "C:\Programme\SPAMfighter\SFAgent.exe" update delay 60
SunServer D:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AutoSizer "D:\Programme\AutoSizer\AutoSizer.exe"
updateMgr "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
CounterSpyCleaner D:\Programme\Sunbelt Software\CounterSpy\Consumer\sunASCleaner.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^CAPIControl.lnk
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\CAPIControl.lnk
backup C:\WINDOWS\pss\CAPIControl.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Telekom\EUMEX5~1\Capictrl.exe
item CAPIControl
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\CAPIControl.lnk
backup C:\WINDOWS\pss\CAPIControl.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Telekom\EUMEX5~1\Capictrl.exe
item CAPIControl

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~2\Office\OSA9.EXE -b -l
item Microsoft Office
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~2\Office\OSA9.EXE -b -l
item Microsoft Office

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^ScanPanel.lnk
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ScanPanel.lnk
backup C:\WINDOWS\pss\ScanPanel.lnkCommon Startup
location Common Startup
command C:\SCANPA~1\ScnPanel.exe
item ScanPanel
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ScanPanel.lnk
backup C:\WINDOWS\pss\ScanPanel.lnkCommon Startup
location Common Startup
command C:\SCANPA~1\ScnPanel.exe
item ScanPanel

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Symantec Fax Starter Edition-Anschluss.lnk
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Symantec Fax Starter Edition-Anschluss.lnk
backup C:\WINDOWS\pss\Symantec Fax Starter Edition-Anschluss.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~2\Office\1031\OLFSNT40.EXE
item Symantec Fax Starter Edition-Anschluss
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Symantec Fax Starter Edition-Anschluss.lnk
backup C:\WINDOWS\pss\Symantec Fax Starter Edition-Anschluss.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~2\Office\1031\OLFSNT40.EXE
item Symantec Fax Starter Edition-Anschluss

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^Thomas^Startmenü^Programme^Autostart^Finspreads.url
path C:\Dokumente und Einstellungen\Thomas\Startmenü\Programme\Autostart\Finspreads.url
backup C:\WINDOWS\pss\Finspreads.urlStartup
location Startup
command C:\Dokumente und Einstellungen\Thomas\Startmenü\Programme\Autostart\Finspreads.url
item Finspreads
path C:\Dokumente und Einstellungen\Thomas\Startmenü\Programme\Autostart\Finspreads.url
backup C:\WINDOWS\pss\Finspreads.urlStartup
location Startup
command C:\Dokumente und Einstellungen\Thomas\Startmenü\Programme\Autostart\Finspreads.url
item Finspreads

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^Thomas^Startmenü^Programme^Autostart^stocknet.url
path C:\Dokumente und Einstellungen\Thomas\Startmenü\Programme\Autostart\stocknet.url
backup C:\WINDOWS\pss\stocknet.urlStartup
location Startup
command C:\Dokumente und Einstellungen\Thomas\Startmenü\Programme\Autostart\stocknet.url
item stocknet
path C:\Dokumente und Einstellungen\Thomas\Startmenü\Programme\Autostart\stocknet.url
backup C:\WINDOWS\pss\stocknet.urlStartup
location Startup
command C:\Dokumente und Einstellungen\Thomas\Startmenü\Programme\Autostart\stocknet.url
item stocknet

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 19.07.2006 20:13:42

#28 loesche: C:\files.txt
und mache die Windowsupdates, denn sonst wirst du hier Stammgast.
__________
MfG Sabina

rund um die PC-Sicherheit

#29 Hallo Sabina,

vielen Dank für deine Unterstützung. Hab jetzt auch alle Updates gemacht. Mal schauen wie lange mir nichts mehr passiert.

MfG
Thomas

#30 Hallo

Brauche auch dringend eure Unterstützung
Habe ebenfalls das problem mit dem Virus Alert! .
Weiss nicht mehr weiter ....

Logfile of HijackThis v1.99.1
Scan saved at 15:33:34, on 20.07.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Media-Codec\pmsngr.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Programme\McAfee.com\VSO\mcvsshld.exe
C:\Programme\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\programme\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Media-Codec\isamonitor.exe
C:\Programme\Media-Codec\isamini.exe
C:\Programme\Media-Codec\pmmon.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\daniel\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.internetcologne.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.internetcologne.de
O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - C:\Programme\Media-Codec\isaddon.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Programme\RXToolBar\sfcont.dll (file missing)
O2 - BHO: UpdateCache Class - {6E28339B-7A2A-47B6-AEB2-46BA53782378} - C:\WINDOWS\system32\dllcache\explorer.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Protection Bar - {d1ac752e-883f-4ed8-8828-b618c3a72152} - C:\Programme\Media-Codec\iesplugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Programme\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Programme\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [MSN8m Startup] msn8m.exe
O4 - HKLM\..\RunServices: [Windows_Protect] winsystem.exe
O4 - HKLM\..\RunServices: [VIEW POINT DRIVERS] phqghum.exe
O4 - HKLM\..\RunServices: [VIEW POINT DRIVERS FOR WIN32] phqghu.exe
O4 - HKLM\..\RunServices: [WEB DRIVERS FOR WIN32] phqgh.exe
O4 - HKLM\..\RunServices: [LOCAL INTERNET WEB DRIVERS FOR WIN32] phqghume.exe
O4 - HKLM\..\RunServices: [VID INTERNET WEB DRIVERS FOR WIN32] phqghu.exe
O8 - Extra context menu item: &Search - http://kp.bar.need2find.com/KP/menusearch.html?p=KP
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120298028623
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Programme\RXToolBar\sfcont.dll
O21 - SSODL: coursings - {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - C:\WINDOWS\system32\yephk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programme\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

Hier die Logs:

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9032-818D

Verzeichnis von C:\WINDOWS\system32

20.07.2006 04:34 2.206 wpa.dbl
20.07.2006 03:54 687.592 atmtd.dll._
13.07.2006 16:24 3.198 qtplugin.log
12.07.2006 18:23 142.832 FNTCACHE.DAT
12.06.2006 21:22 10.863 dsm_ja.qm
12.06.2006 21:22 15.507 dsm_de.qm
12.06.2006 21:22 15.299 dsm_fr.qm
10.06.2006 10:32 81.920 alg(2).dll
30.04.2006 15:45 36.864 frapsvid.dll
19.04.2006 02:04 8.523 dpude.qm
19.04.2006 02:04 3.136 dtu_de.qm
30.03.2006 17:39 6.948 jupdate-1.5.0_06-b05.log
27.03.2006 07:58 380.350 perfh009.dat
27.03.2006 07:58 52.764 perfc009.dat
27.03.2006 07:58 391.000 perfh007.dat
27.03.2006 07:58 63.580 perfc007.dat
27.03.2006 07:58 897.954 PerfStringBackup.INI

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9032-818D

Verzeichnis von C:\DOKUME~1\daniel\LOKALE~1\Temp


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9032-818D

Verzeichnis von C:\WINDOWS

20.07.2006 15:58 0 0.log
20.07.2006 15:58 159 wiadebug.log
20.07.2006 15:57 50 wiaservc.log
20.07.2006 15:57 2.048 bootstat.dat
20.07.2006 15:56 1.698.230 WindowsUpdate.log
20.07.2006 15:56 32.572 SchedLgU.Txt
20.07.2006 15:19 599 win.ini
20.07.2006 15:19 227 system.ini
20.07.2006 04:36 389.328 setupapi.log
20.07.2006 03:54 0 keyboard1.dat
20.07.2006 03:54 52 bpvebb.dat
20.07.2006 03:54 2 tempf.txt
17.07.2006 23:22 1.409 QTFont.for
17.07.2006 23:22 54.156 QTFont.qfn
13.07.2006 23:10 11.480 wmsetup.log
30.06.2006 06:01 8.981 WGA.log
29.06.2006 01:43 0 nsreg.dat
29.06.2006 01:42 2.266 mozver.dat
10.06.2006 10:31 43 drsmartload2.dat
10.06.2006 10:30 0 newname.dat
10.06.2006 10:30 40 teller2.chk
23.04.2006 20:22 3.748 netcfg.log
07.04.2006 19:12 26 NeoSetup.INI
12.03.2006 10:38 101 CMMIXER.INI

-----

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9032-818D

Verzeichnis von C:\

20.07.2006 16:04 0 sys.txt
20.07.2006 16:02 9.861 system.txt
20.07.2006 16:02 134 systemtemp.txt
20.07.2006 16:00 100.085 system32.txt
20.07.2006 15:57 1.207.959.552 pagefile.sys
20.07.2006 15:19 211 boot.ini

--------------------------------

Das wäre erstmal alles von meiner Seite aus. Habe alle wie nach Plan von http://board.protecus.de/t23187.htm abgearbeitet !

Bin für jede Hilfe dankbar !!!
bis dann

sepro