Home » Spyware & Browser Hijacker Support Forum » Trotz HijackThis noch PopUps? » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2

Antworten

Trotz HijackThis noch PopUps?

03.08.2006, 09:55

Renji

Member

Beiträge: 17

#1 http://de.winantivirus.com/download/2006/index.php?aid=opmyg_de_de_ed2&lid=os&p=20&ax=1
http://amaena.com/securityworm5/index23.php?aid=omyg&lid=os&j=0
und ad.finalsolutions/ad.yieldmanager Seiten...
Diese Seiten öffnen sich immer wieder einfach so, ich hab HijachThis drüber laufen
lassen und nach der Automatischen Logfileauswertung nichts gefunden

Logfile of HijackThis v1.99.1
Scan saved at 13:28:49, on 03.08.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Programme\Ahead\InCD\InCDsrv.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Programme\ewido anti-spyware 4.0\guard.exe
C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
E:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
E:\Programme\VNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Programme\Java\jre1.5.0_07\bin\jusched.exe
E:\Programme\DAEMON Tools\daemon.exe
C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
E:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Programme\ewido anti-spyware 4.0\ewido.exe
F:\Programme\Hamachi\hamachi.exe
E:\Programme\Xfire\Xfire.exe
C:\WINDOWS\system32\rundll32.exe
E:\Programme\VideoLAN\VLC\vlc.exe
E:\Programme\FireFox 1.07\Neuer Ordner\firefox.exe
C:\DOKUME~1\georg\LOKALE~1\Temp\Rar$EX00.203\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O1 - Hosts: 129.100.0.10 win2k-srv
O1 - Hosts: 129.100.0.4 Felix
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [ICQ Lite] "E:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [!ewido] "C:\Programme\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] E:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Xfire.lnk = E:\Programme\Xfire\Xfire.exe
O4 - Global Startup: hamachi.lnk = F:\Programme\Hamachi\hamachi.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125841519721
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = WUHAN.fa-wang.de
O17 - HKLM\Software\..\Telephony: DomainName = WUHAN.fa-wang.de
O17 - HKLM\System\CCS\Services\Tcpip\..\{32A4231B-CAD1-4C2B-ACE2-C5ED05FEC8AA}: NameServer = 217.237.150.33,217.237.151.66
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = WUHAN.fa-wang.de
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = WUHAN.fa-wang.de
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = WUHAN.fa-wang.de
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\o8660ijse8o60.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programme\ewido anti-spyware 4.0\guard.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Programme\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: GhostStartService - Symantec Corporation - C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - E:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - E:\Programme\VNC\WinVNC.exe" -service (file missing)

\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
E:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
E:\Programme\VNC\WinVNC.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Programme\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\System32\taskmgr.exe
E:\Programme\DAEMON Tools\daemon.exe
C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
E:\Programme\ICQLite\ICQLite.exe
C:\Programme\outlook\outlook.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\wbem\unsecapp.exe
F:\Programme\Hamachi\hamachi.exe
E:\Programme\Xfire\Xfire.exe
E:\Programme\FireFox 1.07\Neuer Ordner\firefox.exe
C:\WINDOWS\System32\msiexec.exe
C:\DOKUME~1\georg\LOKALE~1\Temp\Rar$EX00.093\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O1 - Hosts: 129.100.0.10 win2k-srv
O1 - Hosts: 129.100.0.4 Felix
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [ICQ Lite] "E:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [outlook] C:\Programme\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] E:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Xfire.lnk = E:\Programme\Xfire\Xfire.exe
O4 - Global Startup: hamachi.lnk = F:\Programme\Hamachi\hamachi.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125841519721
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = WUHAN.fa-wang.de
O17 - HKLM\Software\..\Telephony: DomainName = WUHAN.fa-wang.de
O17 - HKLM\System\CCS\Services\Tcpip\..\{32A4231B-CAD1-4C2B-ACE2-C5ED05FEC8AA}: NameServer = 217.237.150.33,217.237.151.66
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = WUHAN.fa-wang.de
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = WUHAN.fa-wang.de
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = WUHAN.fa-wang.de
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: Shell - C:\WINDOWS\system32\o6pq0g75e6.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Programme\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: GhostStartService - Symantec Corporation - C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - E:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - E:\Programme\VNC\WinVNC.exe" -service (file missing)

Desweiteren kann ich jetzt manche Prozesse nicht mehr schließen mit Procexp oder dem TaskManager
Was tun?

Dieser Beitrag wurde am 03.08.2006 um 13:36 Uhr von Renji editiert.

03.08.2006, 15:41

Sabina

Ehrenmitglied

Beiträge: 29434

#2 1.
Look2Me-Destroyer V1.0.5 - abarbeiten - poste den report
http://virus-protect.org/l2mfix.html

2.
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:

Zitat

registry keys to delete:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinAntiVirusPro2006
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\WapCHK.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\WinAV.exe\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\WinAV.exe
HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiVirus Pro 2006
HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\WinAntiVirus Pro 2006
HKEY_LOCAL_MACHINE\SOFTWARE\SupportUninstall\WinAntiVirus Pro 2006
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B646F5E2-0A48-421d-AC91-F96C92BFC17A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E69F0D6A-1C69-4A04-8709-5EAC2019D9BE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5141620-C2B2-4d95-9F0F-134D99C87AB0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0903FECD-7F7A-4790-A819-A3CE08416732}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85C99188-BEFD-4c61-A54B-5D7CB0204C1E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B32FE740-8B67-409A-BCA8-3297263C354E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC0B8EB8-AE24-4FD6-B479-E2B464F32DA6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FWSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FWSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FWSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FWSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_FWSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FWSVC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FOPN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FOPN
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FOPN
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN
HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006
HKEY_CLASSES_ROOT\WAP6.PCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\WAVAutoPlay

Files to delete:

C:\WINDOWS\system32\stera.exe
C:\Programme\WinAntiVirus Pro 2006\winpgi.dll
C:\Programme\WinAntiVirus Pro 2006\Updater.exe
C:\Programme\WinAntiVirus Pro 2006\winav.exe
C:\Programme\WinAntiVirus Pro 2006\WAV6COM.dll d
C:\Programme\WinAntiVirus Pro 2006\pv.exe
C:\Programme\WinAntiVirus Pro 2006\Activate.exe
C:\Programme\WinAntiVirus Pro 2006\asmngr.dll
C:\Programme\WinAntiVirus Pro 2006\avkernel.dll
C:\Programme\WinAntiVirus Pro 2006\BkSites.dat
C:\Programme\WinAntiVirus Pro 2006\bnlink.dat
C:\Programme\WinAntiVirus Pro 2006\bpupdater.dat
C:\Programme\WinAntiVirus Pro 2006\CompWiz.exe
C:\Programme\WinAntiVirus Pro 2006\fat.exe
C:\Programme\WinAntiVirus Pro 2006\fopn.exe
C:\Programme\WinAntiVirus Pro 2006\fopn.sys
C:\Programme\WinAntiVirus Pro 2006\fopnl.dll
C:\Programme\WinAntiVirus Pro 2006\history.db
C:\Programme\WinAntiVirus Pro 2006\IEFWBHO.dll
C:\Programme\WinAntiVirus Pro 2006\install.exe
C:\Programme\WinAntiVirus Pro 2006\InstHelp.exe
C:\Programme\WinAntiVirus Pro 2006\lapv.dat
C:\Programme\WinAntiVirus Pro 2006\License.rtf
C:\Programme\WinAntiVirus Pro 2006\online.url
C:\Programme\WinAntiVirus Pro 2006\PGupdater.dat
C:\Programme\WinAntiVirus Pro 2006\phigh.bin
C:\Programme\WinAntiVirus Pro 2006\pmedium.bin
C:\Programme\WinAntiVirus Pro 2006\prc.dat
C:\Programme\WinAntiVirus Pro 2006\prerules.xml
C:\Programme\WinAntiVirus Pro 2006\ps.dat
C:\Programme\WinAntiVirus Pro 2006\pv.dat
C:\Programme\WinAntiVirus Pro 2006\rpt.dll
C:\Programme\WinAntiVirus Pro 2006\RulSrv.dll
C:\Programme\WinAntiVirus Pro 2006\settings.bin
C:\Programme\WinAntiVirus Pro 2006\sqlite3.dll
C:\Programme\WinAntiVirus Pro 2006\sr.log
C:\Programme\WinAntiVirus Pro 2006\st.dat
C:\Programme\WinAntiVirus Pro 2006\support.url
C:\Programme\WinAntiVirus Pro 2006\unins000.dat
C:\Programme\WinAntiVirus Pro 2006\unins000.exe
C:\Programme\WinAntiVirus Pro 2006\uninstall.ico
C:\Programme\WinAntiVirus Pro 2006\UninstallPage.html
C:\Programme\WinAntiVirus Pro 2006\up.dat
C:\Programme\WinAntiVirus Pro 2006\updater.dat
C:\Programme\WinAntiVirus Pro 2006\VAExt.exe
C:\Programme\WinAntiVirus Pro 2006\vbpv.dat
C:\Programme\WinAntiVirus Pro 2006\WAupdater.dat
C:\Programme\WinAntiVirus Pro 2006\worldmap.swf
C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\WapCHK.dll

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

3,
loesche:

C:\Programme\WinAntiVirus Pro 2006
C:\Programme\Common Files\Companion Wizard
C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006
C:\Dokumente und Einstellungen\georg\Anwendungsdaten\WinAntiVirus Pro 2006
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinAntiVirus Pro 2006

4.
bfu abarbeiten - poste den report
http://virus-protect.org/artikel/bfu/alcanshorty.html

5.
Hoster.zip
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.

6.
stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

7.
Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html

8.
poste dieses log
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit

03.08.2006, 17:28

Renji

Member

Themenstarter

Beiträge: 17

#3 1. Der Log ist leider nicht mehr da ^^# ich hab den paar mal schon unten eingefügt, nur bevor ich Combofix gestartet habe habe ich ihn schon im Papierkorb gehabt, Combofix hat den PC neugebootet und schnell den Papierkorb geleert ^^# aber es stand da alles succesful.

2.BFU:
BFU v1.00.9
Windows XP SP1 (WinNT 5.01.2600 SP1)
Script started at 17:19:57, on 03.08.2006

Option Unload Explorer: Yes
Failed: DllUnregister C:\WINDOWS\DH.dll|1 (file not found)
Failed: ServiceStop Network Monitor (service not found)
Failed: ServiceStop cmdService (service not found)
Failed: ServiceDisable Network Monitor (service not found)
Failed: ServiceDisable cmdService (service not found)
Failed: ServiceDelete Network Monitor (service not found)
Failed: ServiceDelete cmdService (service not found)
Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations|LowRiskFileTypes (key not found)
Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU1 (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU2 (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|services32 (key not found)
Option pause between commands: 300 ms
Option pause between commands: 50 ms
Failed: FolderDelete C:\Programme\MsConfigs (folder not found)
Failed: FolderDelete C:\Programme\winupdates (folder not found)
Failed: FolderDelete C:\Programme\winupdate (folder not found)
Failed: FolderDelete C:\Programme\winsupdater (folder not found)
Failed: FolderDelete C:\Programme\MsUpdate (folder not found)
Failed: FolderDelete C:\Programme\MsMovies (folder not found)
Failed: FolderDelete C:\Programme\wmplayer (folder not found)
Failed: FolderDelete C:\Programme\outlook (folder not found)
Failed: FileDelete C:\Programme\Common Files\Windows\mc-*-*.exe (operation failed)
Failed: FileDelete C:\Programme\Common Files\Download\mc-*-*.exe (operation failed)
Failed: FileDelete C:\DOKUME~1\georg\LOKALE~1\Temp\~DF21B0.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\georg\LOKALE~1\Temp\~DF2276.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\georg\LOKALE~1\Temp\~DF395C.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\georg\LOKALE~1\Temp\~DF624E.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\georg\LOKALE~1\Temp\~DF625A.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\georg\LOKALE~1\Temp\~DF6268.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\georg\LOKALE~1\Temp\~DF6274.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\georg\LOKALE~1\Temp\~DF6282.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\georg\LOKALE~1\Temp\~DF628E.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\georg\LOKALE~1\Temp\~DF629C.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\georg\LOKALE~1\Temp\~DF62A8.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\georg\LOKALE~1\Temp\~DFCD1B.tmp (operation failed)
Failed: FolderDelete C:\Dokumente und Einstellungen\georg\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GPMVG16V (operation failed)
Failed: FolderDelete C:\Programme\Maxifiles (folder not found)
Failed: FolderDelete C:\Programme\DNS (folder not found)
Failed: FolderDelete C:\Programme\EQAdvice (folder not found)
Failed: FolderDelete C:\Programme\FCAdvice (folder not found)
Failed: FolderDelete C:\Programme\Common Files\FreeProd1 (folder not found)
Failed: FolderDelete C:\Programme\Common Files\FreeProd2 (folder not found)
Failed: FolderDelete C:\Programme\Common Files\InetGet (folder not found)
Failed: FolderDelete C:\Programme\Common Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Programme\Common Files\svchostsys (folder not found)
Failed: FolderDelete C:\Programme\Common Files\simtest (folder not found)
Failed: FolderDelete C:\Programme\Common Files\misc001 (folder not found)
Failed: FolderDelete C:\Programme\InetGet2 (folder not found)
Failed: FolderDelete C:\Programme\Common Files\VCClient (folder not found)
Failed: FolderDelete C:\Programme\Network Monitor (folder not found)
Failed: FolderDelete C:\WINDOWS\inet20001 (folder not found)
Failed: FolderDelete C:\Programme\Update06 (folder not found)
Failed: FolderDelete C:\Programme\Update03 (folder not found)
Failed: FolderDelete C:\Programme\Update04 (folder not found)
Failed: FolderDelete C:\Programme\Update08 (folder not found)
Failed: FolderDelete C:\Programme\W-Update (folder not found)
Failed: FolderDelete C:\Programme\Yazzle Sudoku (folder not found)
Failed: FolderDelete C:\Programme\Cas (folder not found)
Failed: FolderDelete C:\Programme\CasStub (folder not found)
Failed: FolderDelete C:\Programme\Cas2Stub (folder not found)
Failed: FolderDelete C:\Programme\ipwins (folder not found)
Failed: FolderDelete C:\temp (folder not found)
Failed: FolderDelete C:\WINDOWS\mdrive (folder not found)
Failed: FolderDelete C:\Programme\PECarlin (folder not found)
Failed: FolderDelete C:\Programme\AXVenore (folder not found)
Failed: FolderDelete C:\Programme\SDVita (folder not found)
Failed: FolderDelete C:\Programme\EQBranch (folder not found)
Failed: FolderDelete C:\Programme\EQArticle (folder not found)
Failed: FolderCreate C:\bintheredunthat (folder already exists)
Failed: FileMove C:\WINDOWS\win*-*.exe|C:\bintheredunthat (source file not found)
Script completed.

3. system32:
03.08.2006 17:01 49.819 nvapps.xml
03.08.2006 16:36 236.057 n8l8li3u18.dll
03.08.2006 10:46 1.167 zvp80d3f.sys
03.08.2006 08:50 61.952 zvp80d3f.dll
02.08.2006 00:58 62.464 bszip.dll
29.07.2006 18:18 98.304 CmdLineExt.dll
26.07.2006 10:26 2.206 wpa.dbl
21.07.2006 18:55 127.578 tsuninst.exe
16.07.2006 00:37 52.764 perfc009.dat
16.07.2006 00:37 380.350 perfh009.dat
16.07.2006 00:37 391.000 perfh007.dat
16.07.2006 00:37 63.580 perfc007.dat
16.07.2006 00:37 897.954 PerfStringBackup.INI
15.07.2006 18:34 1.324 d3d9caps.dat
06.07.2006 18:21 6.757.792 MRT.exe
02.07.2006 14:15 32.008 mlfcache.dat
26.06.2006 22:58 6.903 jupdate-1.5.0_07-b03.log
26.06.2006 22:54 151.584 FNTCACHE.DAT
07.06.2006 12:26 43.520 CmdLineExt03.dll
04.06.2006 12:47 21.840 SIntfNT.dll
04.06.2006 12:47 12.067 SIntf16.dll
04.06.2006 12:47 17.212 SIntf32.dll
29.05.2006 18:58 100 bitmedia.log
22.05.2006 22:02 2 stera.log
22.05.2006 22:00 1.715 ikhcore.log
22.05.2006 21:11 16.384 host.dat
18.05.2006 19:49 1 SI.bin
03.05.2006 02:56 127.078 javaws.exe
03.05.2006 02:56 49.265 jpicpl32.cpl
03.05.2006 01:19 53.346 javaw.exe
03.05.2006 01:19 49.248 java.exe

temp:
03.08.2006 17:02 16.384 ~DFB888.tmp
03.08.2006 17:02 512 ~DF5EBE.tmp
03.08.2006 17:02 16.384 ~DF5DD2.tmp

windows:
03.08.2006 17:02 600 setupapi.log
03.08.2006 16:48 2.048 bootstat.dat
03.08.2006 16:47 32.640 SchedLgU.Txt
03.08.2006 11:55 54.156 QTFont.qfn
02.08.2006 00:58 2.359.350 Firefox Wallpaper.bmp
31.07.2006 12:44 49 NeroDigital.ini
30.07.2006 19:52 1.125 winamp.ini
27.07.2006 18:27 1.409 QTFont.for
27.07.2006 15:25 169 RtlRack.ini
07.07.2006 17:20 1.214 win.ini
25.06.2006 00:46 70.146 War3Unin.dat
02.06.2006 15:33 65 gvcasinos.ini
29.05.2006 21:14 1.594 awshkwv.ini

c:
03.08.2006 17:08 0 sys.txt
03.08.2006 17:08 6.057 windows.txt
03.08.2006 17:08 6.057 system.txt
03.08.2006 17:08 381 temp.txt
03.08.2006 17:08 381 systemtemp.txt
03.08.2006 17:08 118.831 system32.txt
03.08.2006 16:48 43.908 avenger.txt
03.08.2006 16:48 1.610.612.736 pagefile.sys
03.08.2006 12:13 135.955 filelist.txt
03.08.2006 09:25 188 files.txt

4. combofix:
Start Time= 03.08.2006 17:11:34,84
Running from: C:\Dokumente und Einstellungen\georg\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

REGISTRY ENTRIES REMOVED:

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

FILES REMOVED:

C:\WINDOWS\SYSTEM32\n8l8li3u18.dll

Granting sedebugprivilege to Administratoren ... successful

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\NetMon

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-08-03 17:02:18 ( .D... ) "C:\Dokumente und Einstellungen\georg\Anwendungsdaten\Hamachi"
2006-08-03 15:13:24 ( .D... ) "C:\Programme\CCleaner"
2006-08-03 14:24:40 ( .D... ) "C:\Programme\Spybot - Search & Destroy"
2006-08-03 11:54:52 ( .D... ) "C:\Programme\ewido anti-spyware 4.0"
2006-08-03 11:39:18 ( .D... ) "C:\Programme\Gemeinsame Dateien\Wise Installation Wizard"
2006-08-03 10:46:50 1167 ( A.... ) "C:\WINDOWS\system32\zvp80d3f.sys"
2006-08-03 10:46:50 1167 ( A.... ) "C:\WINDOWS\system32\zvp80d3f.sys"
2006-08-03 09:48:26 ( .D... ) "C:\Programme\Sygate"
2006-08-03 09:22:44 ( .D... ) "C:\Programme\CleanUp!"
2006-08-03 08:50:22 61952 ( A.... ) "C:\WINDOWS\system32\zvp80d3f.dll"
2006-07-30 19:17:04 ( .D... ) "C:\Dokumente und Einstellungen\georg\Anwendungsdaten\Google"
2006-07-30 19:16:38 ( .D... ) "C:\Programme\Google"
2006-07-29 18:18:34 98304 ( A.... ) "C:\WINDOWS\system32\CmdLineExt.dll"
2006-07-21 18:55:38 127578 ( A.... ) "C:\WINDOWS\system32\tsuninst.exe"
2006-06-26 22:57:40 ( .D... ) "C:\Programme\Java"
2006-06-26 22:57:38 ( .D... ) "C:\Programme\Gemeinsame Dateien\Java"
2006-06-07 12:26:02 43520 ( A.... ) "C:\WINDOWS\system32\CmdLineExt03.dll"
2006-06-04 12:47:06 21840 ( A.... ) "C:\WINDOWS\system32\SIntfNT.dll"
2006-06-04 12:47:06 17212 ( A.... ) "C:\WINDOWS\system32\SIntf32.dll"
2006-06-04 12:47:06 12067 ( A.... ) "C:\WINDOWS\system32\SIntf16.dll"
2006-05-03 02:56:58 127078 ( A.... ) "C:\WINDOWS\system32\javaws.exe"
2006-05-03 01:19:40 53346 ( A.... ) "C:\WINDOWS\system32\javaw.exe"
2006-05-03 01:19:30 49248 ( A.... ) "C:\WINDOWS\system32\java.exe"

(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))

2006-08-03 09:48 83.096 C:\WINDOWS\system32\SSSensor.dll
2006-08-03 08:50 61.952 C:\WINDOWS\system32\zvp80d3f.dll
2006-08-03 08:50 1.167 C:\WINDOWS\system32\zvp80d3f.sys
2006-08-02 00:59 127.578 C:\WINDOWS\system32\tsuninst.exe
2006-07-10 14:29 40.960 C:\WINDOWS\system32\psfind.dll
2006-06-26 22:58 53.346 C:\WINDOWS\system32\javaw.exe
2006-06-26 22:58 49.248 C:\WINDOWS\system32\java.exe
2006-06-26 22:58 127.078 C:\WINDOWS\system32\javaws.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"NVRaidService"="C:\\WINDOWS\\System32\\nvraidservice.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"DAEMON Tools"="\"E:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"
"NVMixerTray"="\"C:\\Programme\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"ICQ Lite"="\"E:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"!ewido"="\"C:\\Programme\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Steam"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="E:\\Programme\\ICQLite\\ICQLite.exe -trayboot"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\B1DFF2AD90E06899.job

Completion time: 03.08.2006 17:13:13,95
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

03.08.2006, 22:07

Sabina

Ehrenmitglied

Beiträge: 29434

#4 Avenger

Zitat

Files to delete:
C:\WINDOWS\System32\n8l8li3u18.dll
C:\WINDOWS\System32\zvp80d3f.sys
C:\WINDOWS\System32\zvp80d3f.dll
C:\WINDOWS\System32\bszip.dll
C:\WINDOWS\System32\tsuninst.exe
C:\WINDOWS\System32\stera.log
C:\WINDOWS\System32\ikhcore.log
C:\WINDOWS\System32\host.dat

scanne mit panda und poste den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

04.08.2006, 15:13

Renji

Member

Themenstarter

Beiträge: 17

#5 Siehe Anhang
bla bla blub, nicht genug zeichen
Danke @sabina nochmal

Anhang: Activescan.txt

04.08.2006, 15:26

Sabina

Ehrenmitglied

Beiträge: 29434

#6 Renji

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\Programme\Network Monitor" >>files.txt
dir "C:\WINDOWS\Temp" >>files.txt
dir "C:\Temp" >>files.txt
dir "C:\Programme" >>files.txt
dir "C:\Programme\WinAntiVirus Pro 2006" >>files.txt
dir "C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006" >>files.txt
dir "C:\Windows\tasks" >>files.txt
dir "C:\WINDOWS\Downloaded Program Files" >>files.txt
dir "C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Site Aim Thunk Meta" >>files.txt
dir "C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\georg\Anwendungsdaten\htmdash" >>files.txt
dir "C:\Dokumente und Einstellungen\georg\Anwendungsdaten" >>files.txt
dir "C:\WINDOWS\R2VvcmcgV2FuZw" >>files.txt
dir "E:\Programme\NetPumper" >>files.txt
dir "E:\Programme" >>files.txt
notepad files.txt

__________
MfG Sabina

rund um die PC-Sicherheit

04.08.2006, 21:46

Renji

Member

Themenstarter

Beiträge: 17

#7 Datentr„ger in Laufwerk C: ist Boot
Volumeseriennummer: 68A3-395C
Datentr„ger in Laufwerk C: ist Boot
Volumeseriennummer: 68A3-395C

Verzeichnis von C:\WINDOWS\R2VvcmcgV2FuZw

Datentr„ger in Laufwerk C: ist Boot
Volumeseriennummer: 68A3-395C

Verzeichnis von C:\Programme

Datentr„ger in Laufwerk C: ist Boot
Volumeseriennummer: 68A3-395C

Verzeichnis von C:\WINDOWS\Temp

03.08.2006 20:55 <DIR> .
03.08.2006 20:55 <DIR> ..
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 4.611.981.312 Bytes frei
Datentr„ger in Laufwerk C: ist Boot
Volumeseriennummer: 68A3-395C

Verzeichnis von C:\

Datentr„ger in Laufwerk C: ist Boot
Volumeseriennummer: 68A3-395C

Verzeichnis von C:\Programme

03.08.2006 16:54 <DIR> .
03.08.2006 16:54 <DIR> ..
16.07.2005 00:12 <DIR> ATI Technologies
16.07.2005 00:28 <DIR> AvRack
03.08.2006 15:13 <DIR> CCleaner
03.08.2006 11:39 <DIR> CleanUp!
03.08.2006 16:52 <DIR> Common Files
16.07.2005 00:04 <DIR> ComPlus Applications
24.10.2005 19:02 <DIR> CyberLink
16.10.2005 00:58 <DIR> directx
30.03.2006 15:25 <DIR> eDonkey2000
04.08.2006 14:26 <DIR> ewido anti-spyware 4.0
03.08.2006 14:53 <DIR> Gemeinsame Dateien
04.08.2006 15:58 <DIR> GlobeDigital
30.07.2006 19:16 <DIR> Google
26.05.2006 17:46 <DIR> htmdash
11.10.2005 20:27 <DIR> ICQLite
04.08.2006 14:26 <DIR> ICQToolbar
04.08.2006 14:27 <DIR> Internet Explorer
26.06.2006 22:58 <DIR> Java
23.10.2005 22:06 <DIR> KNC ONE
04.08.2006 13:54 <DIR> Messenger
16.07.2005 00:07 <DIR> microsoft frontpage
17.07.2005 12:35 <DIR> Microsoft Visual Studio
16.07.2005 00:25 <DIR> Movie Maker
16.07.2005 00:04 <DIR> MSN
16.07.2005 00:04 <DIR> MSN Gaming Zone
28.01.2006 15:41 <DIR> MSN Messenger
16.07.2005 00:25 <DIR> NetMeeting
01.01.2005 00:44 <DIR> NVIDIA Corporation
27.11.2005 13:38 <DIR> Oberon Media
16.07.2005 00:04 <DIR> Online Services
16.07.2005 00:05 <DIR> Online-Dienste
04.08.2006 13:54 <DIR> Outlook Express
17.07.2005 13:05 <DIR> Philips
17.07.2005 11:50 <DIR> Pinnacle
01.03.2006 07:07 <DIR> QuickTime
16.07.2005 00:28 <DIR> Realtek Sound Manager
03.08.2006 14:32 <DIR> Spybot - Search & Destroy
03.08.2006 09:48 <DIR> Sygate
04.09.2005 17:07 <DIR> Symantec
04.09.2005 16:56 <DIR> Symantec_Client_Security
10.02.2006 00:18 <DIR> vso
04.09.2005 16:41 <DIR> Windows Installer Clean Up
28.04.2006 12:47 <DIR> Windows Media Player
16.07.2005 00:04 <DIR> Windows NT
01.08.2006 17:16 <DIR> WinPcap
04.08.2006 14:27 <DIR> WinRAR
16.07.2005 00:07 <DIR> xerox
0 Datei(en) 0 Bytes
49 Verzeichnis(se), 4.611.977.216 Bytes frei
Datentr„ger in Laufwerk C: ist Boot
Volumeseriennummer: 68A3-395C

Verzeichnis von C:\Programme

Datentr„ger in Laufwerk C: ist Boot
Volumeseriennummer: 68A3-395C

Verzeichnis von C:\Programme\Gemeinsame Dateien

Datentr„ger in Laufwerk C: ist Boot
Volumeseriennummer: 68A3-395C

Verzeichnis von C:\Windows\tasks

03.08.2006 16:39 396 At1.job
1 Datei(en) 396 Bytes
0 Verzeichnis(se), 4.611.977.216 Bytes frei
Datentr„ger in Laufwerk C: ist Boot
Volumeseriennummer: 68A3-395C

Verzeichnis von C:\WINDOWS\Downloaded Program Files

11.04.2006 17:10 135.168 asinst.dll
03.04.2006 11:00 537 asinst.inf
07.02.2006 17:30 576 kavwebscan.inf
19.12.2003 16:43 241 popcaploader.inf
27.08.2005 14:30 5.065 swflash.inf
26.05.2005 04:19 291 wuweb.inf
6 Datei(en) 141.878 Bytes
0 Verzeichnis(se), 4.611.973.120 Bytes frei
Datentr„ger in Laufwerk C: ist Boot
Volumeseriennummer: 68A3-395C

Verzeichnis von C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Site Aim Thunk Meta

26.05.2006 17:47 <DIR> .
26.05.2006 17:47 <DIR> ..
21.05.2006 20:46 368.582 GRIMONLINE.exe
26.05.2006 17:47 368.582 Ping inter.exe
2 Datei(en) 737.164 Bytes
2 Verzeichnis(se), 4.611.973.120 Bytes frei
Datentr„ger in Laufwerk C: ist Boot
Volumeseriennummer: 68A3-395C

Verzeichnis von C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten

16.03.2006 20:42 <DIR> Apple Computer
28.04.2005 16:33 <DIR> nView_Profiles
23.07.2006 20:23 3.311 QTSBandwidthCache
26.05.2006 17:47 <DIR> Site Aim Thunk Meta
02.08.2006 03:28 <DIR> Skype
03.08.2006 15:02 <DIR> Spybot - Search & Destroy
04.09.2005 17:07 <DIR> Symantec
20.03.2006 20:01 <DIR> Trymedia
1 Datei(en) 3.311 Bytes
7 Verzeichnis(se), 4.611.973.120 Bytes frei
Datentr„ger in Laufwerk C: ist Boot
Volumeseriennummer: 68A3-395C

Verzeichnis von C:\Dokumente und Einstellungen\georg\Anwendungsdaten\htmdash

26.05.2006 17:47 <DIR> .
26.05.2006 17:47 <DIR> ..
26.05.2006 17:47 10.498 balm thunk cake.exe
26.05.2006 17:47 368.582 mnwmdmbe.exe
26.05.2006 17:46 201.314 Sectplatform.exe
21.05.2006 20:46 368.582 yzdiksbv.exe
4 Datei(en) 948.976 Bytes
2 Verzeichnis(se), 4.611.973.120 Bytes frei
Datentr„ger in Laufwerk C: ist Boot
Volumeseriennummer: 68A3-395C

Verzeichnis von C:\Dokumente und Einstellungen\georg\Anwendungsdaten

30.10.2005 13:19 <DIR> Adobe
19.07.2006 13:32 <DIR> Ahead
10.10.2005 18:11 <DIR> Apple Computer
04.07.2006 23:55 <DIR> Azureus
13.02.2006 18:52 <DIR> ContentLauncher
27.07.2006 17:09 <DIR> dvdcss
17.01.2006 22:08 <DIR> EarMaster
09.03.2006 15:54 <DIR> Ethereal
29.03.2006 06:19 37.480 GDIPFONTCACHEV1.DAT
30.07.2006 19:17 <DIR> Google
04.08.2006 13:36 <DIR> Hamachi
20.09.2005 20:31 <DIR> Help
26.05.2006 17:47 <DIR> htmdash
04.09.2005 17:59 <DIR> ICQ
04.09.2005 17:59 <DIR> ICQLite
17.07.2005 12:49 <DIR> Identities
26.05.2006 17:49 <DIR> IDOL BOOK PROGRAM
11.01.2006 04:03 <DIR> InstallShield Installation Information
30.10.2005 13:19 <DIR> InterTrust
22.05.2006 21:34 <DIR> Lavasoft
13.02.2006 18:52 <DIR> Macromedia
19.10.2005 12:06 <DIR> Meine Die Schlacht um Mittelerde-Dateien
08.04.2006 17:42 <DIR> Meine Die Schlacht um MittelerdeT II-Dateien
17.07.2005 12:50 <DIR> Mozilla
21.05.2006 21:11 <DIR> NetPumper
16.01.2006 22:01 <DIR> Pegasys Inc
11.12.2005 00:46 <DIR> Real
11.10.2005 20:29 <DIR> Skype
10.10.2005 14:02 <DIR> Sun
04.09.2005 17:07 <DIR> Symantec
23.09.2005 20:03 <DIR> Talkback
19.07.2006 09:58 <DIR> teamspeak2
22.10.2005 17:04 <DIR> vlc
04.08.2006 08:02 <DIR> Vso
10.03.2006 21:44 <DIR> VSO_HWE
03.03.2006 15:07 <DIR> Xfire
1 Datei(en) 37.480 Bytes
35 Verzeichnis(se), 4.611.973.120 Bytes frei
Datentr„ger in Laufwerk C: ist Boot
Volumeseriennummer: 68A3-395C

Verzeichnis von C:\WINDOWS\R2VvcmcgV2FuZw

Datentr„ger in Laufwerk E: ist Programme
Volumeseriennummer: CA60-5B67

Verzeichnis von E:\Programme\NetPumper

26.05.2006 17:48 <DIR> .
26.05.2006 17:48 <DIR> ..
26.05.2006 17:46 <DIR> ZM
0 Datei(en) 0 Bytes
3 Verzeichnis(se), 3.130.122.240 Bytes frei
Datentr„ger in Laufwerk E: ist Programme
Volumeseriennummer: CA60-5B67

Verzeichnis von E:\Programme

01.08.2006 17:16 <DIR> .
01.08.2006 17:16 <DIR> ..
04.09.2005 17:21 <DIR> Ahead
04.11.2005 19:41 <DIR> Alcohol 120%
18.02.2006 16:30 <DIR> Alcohol Soft
26.05.2006 17:46 <DIR> Anti-Leech
30.10.2005 13:19 <DIR> Arcobat
12.11.2004 12:48 172.032 autoruns.exe
31.07.2006 22:19 <DIR> AV Vcs 4.0 DIAMOND
02.04.2006 00:50 <DIR> Azureus
05.09.2005 16:30 <DIR> BearShare
14.01.2006 21:04 <DIR> BitComet
04.11.2005 20:21 <DIR> CloneCD
17.11.2005 19:50 <DIR> Daemon
04.08.2006 14:33 <DIR> DAEMON Tools
21.07.2006 04:43 <DIR> EA SPORTS
18.02.2006 13:53 <DIR> Easy Video Joiner
13.02.2006 18:48 <DIR> ecdl
08.12.2005 12:40 <DIR> EVEREST Corporate Edition
05.11.2005 13:48 <DIR> EVEREST Home Edition
04.10.2005 16:02 <DIR> FireFox
09.10.2005 12:48 <DIR> FireFox 1.07
28.02.2006 17:06 <DIR> Fusion Media Player
01.05.2006 11:48 <DIR> GlobeDigital
30.10.2005 11:43 <DIR> HDD Health
10.11.2004 19:07 900.568 HDD Health.exe
16.11.2005 20:06 <DIR> Iconoid
04.08.2006 14:34 <DIR> ICQLite
24.10.2005 19:05 <DIR> KNC
22.05.2006 21:34 <DIR> Lavasoft
17.01.2006 17:13 <DIR> music
28.01.2006 00:48 <DIR> Musik
26.05.2006 17:48 <DIR> NetPumper
25.03.2006 08:30 <DIR> NJStar Communicator
20.10.2005 10:43 <DIR> Office
01.06.2006 21:42 <DIR> Pcsx2
27.10.2005 16:47 <DIR> Pentrix
03.12.2004 16:01 561.207 procexp.exe
05.07.2006 13:54 <DIR> QuickPar
29.07.2006 17:47 <DIR> ratDVD
11.12.2005 00:44 <DIR> Real
08.06.2006 16:30 <DIR> SFT Loader
04.09.2005 17:11 <DIR> Skype
22.05.2006 21:56 <DIR> Super Video Joiner
23.04.2006 20:51 <DIR> Teamspeak2_RC2
03.12.2005 23:10 <DIR> totalcmd
04.08.2006 17:44 <DIR> UseNeXT
16.07.2006 12:41 <DIR> VideoLAN
04.08.2006 14:35 <DIR> VNC
10.02.2006 00:18 <DIR> vso
01.08.2006 19:46 <DIR> WC3Banlist
22.10.2005 22:23 <DIR> Winamp
07.09.2005 16:26 <DIR> WinRAR
04.08.2006 14:35 <DIR> WinZip
3 Datei(en) 1.633.807 Bytes
51 Verzeichnis(se), 3.130.122.240 Bytes frei

04.08.2006, 23:11

Sabina

Ehrenmitglied

Beiträge: 29434

#8 Renji

0.
Versteckte- und Systemdateien sichtbar machen
http://virus-protect.org/invisible.html

1.
Avenger
kopiere rein:

Zitat

registry keys to delete:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\{645FF040-5081-101B-9F08-00AA002F954E}
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\{6BF52A52-394A-11D3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Network Monitor
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDSERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService

Files to delete:

C:\Windows\tasks\At1.job
C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Site Aim Thunk Meta\GRIMONLINE.exe
C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Site Aim Thunk Meta\Ping inter.exe
C:\Dokumente und Einstellungen\georg\Anwendungsdaten\htmdash\balm thunk cake.exe
C:\Dokumente und Einstellungen\georg\Anwendungsdaten\htmdash\mnwmdmbe.exe
C:\Dokumente und Einstellungen\georg\Anwendungsdaten\htmdash\Sectplatform.exe
C:\Dokumente und Einstellungen\georg\Anwendungsdaten\htmdash\yzdiksbv.exe

loesche manuell im abgesicherten Modus:

C:\Dokumente und Einstellungen\georg\Anwendungsdaten\NetPumper
C:\Dokumente und Einstellungen\georg\Anwendungsdaten\htmdash
C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Site Aim Thunk Meta

desinstrallieren:

E:\Programme\NetPumper
C:\Programme\htmdash

**
boote wieder in den Normalmodus

**
Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren
(dann wieder aktivieren)

**
Counterspy
scanne, stelle dann alles auf "remove" und poste den report
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit

12.08.2006, 02:28

Renji

Member

Themenstarter

Beiträge: 17

#9 Ähm bei Counterspy gibts irgendwie kein Report, aber Popus sind keine mehr gekommen allerdings hab ich jetzt ein anderes Problem. Ab und zu wird mein Hintergrundbild einfach ganz blau. Wenn ich es wieder änder geht es nach einigen Minuten wieder blau...woran liegts?

12.08.2006, 13:06

Sabina

Ehrenmitglied

Beiträge: 29434

#10 poste diese logs
http://virus-protect.org/winpfind.html
http://virus-protect.org/silentrunner.html
__________
MfG Sabina

rund um die PC-Sicherheit

12.08.2006, 16:24

Renji

Member

Themenstarter

Beiträge: 17

#11 SILENT RUNNERS
"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Steam" = (empty string)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NVRaidService" = "C:\WINDOWS\System32\nvraidservice.exe" ["NVIDIA Corporation"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"vptray" = "C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" ["Symantec Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"DAEMON Tools" = ""E:\Programme\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]
"NVMixerTray" = ""C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"" ["NVIDIA Corporation"]
"ICQ Lite" = ""E:\Programme\ICQLite\ICQLite.exe" -minimize" ["ICQ Ltd."]
"SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_07\bin\jusched.exe" ["Sun Microsystems, Inc."]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
\StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Programme\Messenger\msgsc.dll",ShowIconsUser" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "F:\Programme\Microsoft Office\Office10\msohev.dll" [MS]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "E:\PROGRA~1\ALCOHO~2\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "E:\Programme\Real\rpshell.dll" ["RealNetworks, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "E:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
-> {HKLM...CLSID} = "ShellLink for Application References"
\InProcServer32\(Default) = "C:\WINDOWS\System32\dfshim.dll" [MS]
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
-> {HKLM...CLSID} = "Shell Icon Handler for Application References"
\InProcServer32\(Default) = "C:\WINDOWS\System32\dfshim.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Programme\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! NavLogon\DLLName = "C:\WINDOWS\System32\NavLogon.dll" [null data]
INFECTION WARNING! wzcnotif\DLLName = "wzcdlg.dll" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
EastTecFileShredder\(Default) = "{09FAB52A-B435-11D6-A324-0050BFE9FD8F}"
-> {HKLM...CLSID} = "East-Tec File Shredder Context Menu Shell Extension"
\InProcServer32\(Default) = "E:\PROGRA~1\EAST-T~1\etfscm.dll" ["EAST Technologies"]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Programme\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "E:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
-> {HKLM...CLSID} = "VpshellEx Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "E:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Programme\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "E:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "E:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
-> {HKLM...CLSID} = "VpshellEx Class"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "E:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\Firefox Wallpaper.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]

Startup items in "georg" & "All Users" startup folders:
-------------------------------------------------------

C:\Dokumente und Einstellungen\georg\Startmenü\Programme\Autostart
"Xfire" -> shortcut to: "E:\Programme\Xfire\Xfire.exe" ["Xfire Inc."]

C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart
"hamachi" -> shortcut to: "F:\Programme\Hamachi\hamachi.exe" ["Applied Networking"]

Enabled Scheduled Tasks:
------------------------

"B1DFF2AD90E06899" -> launches: "c:\dokume~1\georg\anwend~1\htmdash\balm thunk cake.exe" [file not found]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "C:\WINDOWS\System32\wspwsp.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\System32\wspwsp.dll [MS], 01 - 02
%SystemRoot%\system32\mswsock.dll [MS], 03 - 06, 09 - 20
%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{855F3B16-6D32-4FE6-8A56-BBB695989046}" = (no title provided)
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."]

Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

Missing lines (compared with English-language version):
"{855F3B16-6D32-4fe6-8A56-BBB695989046}" = (no title provided)
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

DefWatch, DefWatch, "C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe" ["Symantec Corporation"]
ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Programme\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
GhostStartService, GhostStartService, "C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe" ["Symantec Corporation"]
InCD Helper, InCDsrv, "E:\Programme\Ahead\InCD\InCDsrv.exe" ["Ahead Software AG"]
Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
StarWind iSCSI Service, StarWindService, "E:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]
Symantec AntiVirus Client, Norton AntiVirus Server, "C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe" ["Symantec Corporation"]
VNC Server, winvnc, ""E:\Programme\VNC\WinVNC.exe" -service" ["UltraVNC"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]

Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
ssgb7 Langmon\Driver = "SSGB7MON.DLL" ["Samsung Electronics."]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 275 seconds, including 7 seconds for message boxes)

WINPFIND
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
aspack 18.03.2005 17:19:58 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
aspack 26.05.2005 16:34:52 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll
aspack 22.07.2005 20:59:04 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll
aspack 05.12.2005 18:09:18 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll
aspack 03.02.2006 08:43:16 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll
aspack 31.03.2006 12:40:58 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll
PEC2 23.08.2001 14:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc
aspack 06.07.2006 18:21:48 6757792 C:\WINDOWS\SYSTEM32\MRT.exe
Umonitor 29.08.2002 03:43:28 660480 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 23.08.2001 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
UPX! 03.08.2006 08:50:22 61952 C:\WINDOWS\SYSTEM32\zvp80d3f.dll

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
12.08.2006 15:58:24 S 2048 C:\WINDOWS\bootstat.dat
10.08.2006 17:42:46 H 54156 C:\WINDOWS\QTFont.qfn
05.07.2006 13:56:20 RHS 227 C:\WINDOWS\assembly\Desktop.ini
11.08.2006 01:36:04 RH 0 C:\WINDOWS\assembly\PublisherPolicy.tme
11.08.2006 01:36:04 RH 0 C:\WINDOWS\assembly\pubpol1.dat
11.08.2006 10:19:24 RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1b.dat
11.08.2006 10:19:26 RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1c.dat
19.07.2006 02:34:02 H 10820 C:\WINDOWS\Help\windows.GID
11.08.2006 01:04:30 H 0 C:\WINDOWS\LastGood\INF\d3dx9_30_x86.inf
11.08.2006 01:04:30 H 0 C:\WINDOWS\LastGood\INF\d3dx9_30_x86.PNF
21.07.2006 04:42:12 H 0 C:\WINDOWS\LastGood\INF\oem29.inf
21.07.2006 04:42:12 H 0 C:\WINDOWS\LastGood\INF\oem29.PNF
02.07.2006 14:15:18 H 32008 C:\WINDOWS\system32\mlfcache.dat
12.08.2006 15:58:52 H 1024 C:\WINDOWS\system32\config\DEFAULT.LOG
12.08.2006 15:58:24 H 8192 C:\WINDOWS\system32\config\SAM.LOG
12.08.2006 15:58:54 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
12.08.2006 16:09:52 H 1024 C:\WINDOWS\system32\config\SOFTWARE.LOG
12.08.2006 16:10:08 H 1024 C:\WINDOWS\system32\config\SYSTEM.LOG
03.08.2006 12:48:48 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
30.07.2006 11:00:04 H 264 C:\WINDOWS\Tasks\B1DFF2AD90E06899.job
12.08.2006 15:58:26 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 18.08.2001 14:00:00 68096 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 17.11.2004 10:08:06 16162816 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 29.08.2002 03:43:42 583680 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 29.08.2002 03:43:42 132096 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 23.08.2001 14:00:00 152064 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 29.08.2002 03:43:42 293376 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 29.08.2002 03:43:42 125440 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 18.08.2001 05:55:10 48640 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 29.08.2002 04:41:00 208896 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 03.05.2006 02:56:54 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 23.08.2001 14:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 23.08.2001 14:00:00 566272 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 23.08.2001 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 23.08.2001 14:00:00 259072 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
09.03.2006 16:29:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 23.08.2001 14:00:00 38400 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 23.08.2001 14:00:00 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
20.03.2006 21:43:16 372736 C:\WINDOWS\SYSTEM32\PhysX.cpl
Microsoft Corporation 23.08.2001 14:00:00 111616 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 29.08.2002 03:43:42 272896 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 23.08.2001 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 23.08.2001 14:00:00 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 20.04.1998 19:36:42 131072 C:\WINDOWS\SYSTEM32\WSPCPL32.CPL
Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 18.08.2001 14:00:00 68096 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 23.08.2001 14:00:00 152064 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 29.08.2002 04:41:00 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 23.08.2001 14:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 23.08.2001 14:00:00 566272 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 23.08.2001 14:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 23.08.2001 14:00:00 259072 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 23.08.2001 14:00:00 38400 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 23.08.2001 14:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 23.08.2001 14:00:00 111616 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 23.08.2001 14:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 23.08.2001 14:00:00 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
16.07.2005 00:06:48 HS 84 C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\desktop.ini
02.01.2005 18:18:20 524 C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\hamachi.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
16.07.2005 01:00:00 HS 62 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\desktop.ini
23.07.2006 20:23:30 3311 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
16.07.2005 00:06:48 HS 84 C:\Dokumente und Einstellungen\georg\Startmenü\Programme\Autostart\desktop.ini
03.03.2006 15:05:34 545 C:\Dokumente und Einstellungen\georg\Startmenü\Programme\Autostart\Xfire.lnk

Checking files in %USERPROFILE%\Application Data folder...
16.07.2005 01:00:00 HS 62 C:\Dokumente und Einstellungen\georg\Anwendungsdaten\desktop.ini
29.03.2006 06:19:08 37480 C:\Dokumente und Einstellungen\georg\Anwendungsdaten\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\EastTecFileShredder
{09FAB52A-B435-11D6-A324-0050BFE9FD8F} = E:\PROGRA~1\EAST-T~1\etfscm.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programme\ewido anti-spyware 4.0\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} = E:\Programme\ICQLite\ICQLiteShell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Programme\Gemeinsame Dateien\Symantec Shared\SSC\vpshell2.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ShellExtension
{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = E:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Programme\Gemeinsame Dateien\Symantec Shared\SSC\vpshell2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = E:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programme\ewido anti-spyware 4.0\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} = E:\Programme\ICQLite\ICQLiteShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ShellExtension
{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = E:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} = ICQ Toolbar : C:\Programme\ICQToolbar\toolbaru.dll
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer-Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{855F3B16-6D32-4FE6-8A56-BBB695989046} = ICQ Toolbar : C:\Programme\ICQToolbar\toolbaru.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SoundMan SOUNDMAN.EXE
NVRaidService C:\WINDOWS\System32\nvraidservice.exe
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
vptray C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
NvMediaCenter RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
DAEMON Tools "E:\Programme\DAEMON Tools\daemon.exe" -lang 1033
NVMixerTray "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
ICQ Lite "E:\Programme\ICQLite\ICQLite.exe" -minimize
SunJavaUpdateSched C:\Programme\Java\jre1.5.0_07\bin\jusched.exe
QuickTime Task "C:\Programme\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Steam

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableRegistryTools 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon
= C:\WINDOWS\System32\NavLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif
= wzcdlg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 12.08.2006 16:14:17

12.08.2006, 16:52

Sabina

Ehrenmitglied

Beiträge: 29434

#12 Renji

1.
ueberpruefe mit Jotti diese dll. poste das ergebnis

C:\WINDOWS\SYSTEM32\zvp80d3f.dll

-------------------------------------------------------------------

2.
Start -- alle Programme -- Zubehör -- Editor und kopiere folgenden Text rein:

Zitat

%systemdrive%
cd C:\WINDOWS\Tasks
attrib -r -s -h B1DFF2AD90E06899.job
del B1DFF2AD90E06899.job

- Speichern als: remjob.bat
- abspeichern unter : Dateityp: alle Dateien
- speichere auf dem Desktop
- Locate remjob.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich kurz ist normal

--------------------------------------------------------------------
3.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.
Die Datei "fixme.reg" auf dem Desktop doppelklicken

Zitat

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

PC neustarten
__________
MfG Sabina

rund um die PC-Sicherheit

13.08.2006, 10:48

Renji

Member

Themenstarter

Beiträge: 17

#13 Last file scanned at least one scanner reported something about: Bladeinstall.exe, detected by:

Scanner Malware name
AntiVir X
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
Dr.Web X
F-Prot Antivirus X
Fortinet X
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
UNA TrojanDownloader.Win32.Agent
VirusBuster X
VBA32 X

You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.

13.08.2006, 13:10

Sabina

Ehrenmitglied

Beiträge: 29434

#14 Renji

1.
Pocket KillBox
http://virus-protect.org/killbox.html

Options: "Delete on Reboot" und "Single File"--> anhaken
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf auf "yes"
reinkopieren: .......

C:\WINDOWS\SYSTEM32\zvp80d3f.dll

pc neustarten

2.
Hoster.zip
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.

3.
poste noch mal das Log von Winpfind
__________
MfG Sabina

rund um die PC-Sicherheit

13.08.2006, 23:04

Renji

Member

Themenstarter

Beiträge: 17

#15 WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
aspack 18.03.2005 17:19:58 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
aspack 26.05.2005 16:34:52 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll
aspack 22.07.2005 20:59:04 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll
aspack 05.12.2005 18:09:18 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll
aspack 03.02.2006 08:43:16 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll
aspack 31.03.2006 12:40:58 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll
PEC2 23.08.2001 14:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc
aspack 06.07.2006 18:21:48 6757792 C:\WINDOWS\SYSTEM32\MRT.exe
Umonitor 29.08.2002 03:43:28 660480 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 23.08.2001 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
13.08.2006 22:50:18 S 2048 C:\WINDOWS\bootstat.dat
13.08.2006 10:58:44 H 54156 C:\WINDOWS\QTFont.qfn
05.07.2006 13:56:20 RHS 227 C:\WINDOWS\assembly\Desktop.ini
11.08.2006 01:36:04 RH 0 C:\WINDOWS\assembly\PublisherPolicy.tme
11.08.2006 01:36:04 RH 0 C:\WINDOWS\assembly\pubpol1.dat
11.08.2006 10:19:24 RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1b.dat
11.08.2006 10:19:26 RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1c.dat
19.07.2006 02:34:02 H 10820 C:\WINDOWS\Help\windows.GID
11.08.2006 01:04:30 H 0 C:\WINDOWS\LastGood\INF\d3dx9_30_x86.inf
11.08.2006 01:04:30 H 0 C:\WINDOWS\LastGood\INF\d3dx9_30_x86.PNF
21.07.2006 04:42:12 H 0 C:\WINDOWS\LastGood\INF\oem29.inf
21.07.2006 04:42:12 H 0 C:\WINDOWS\LastGood\INF\oem29.PNF
02.07.2006 14:15:18 H 32008 C:\WINDOWS\system32\mlfcache.dat
13.08.2006 22:50:54 H 1024 C:\WINDOWS\system32\config\DEFAULT.LOG
13.08.2006 22:50:18 H 8192 C:\WINDOWS\system32\config\SAM.LOG
13.08.2006 23:00:24 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
13.08.2006 23:02:06 H 1024 C:\WINDOWS\system32\config\SOFTWARE.LOG
13.08.2006 23:02:06 H 1024 C:\WINDOWS\system32\config\SYSTEM.LOG
03.08.2006 12:48:48 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
13.08.2006 22:50:18 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 18.08.2001 14:00:00 68096 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 17.11.2004 10:08:06 16162816 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 29.08.2002 03:43:42 583680 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 29.08.2002 03:43:42 132096 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 23.08.2001 14:00:00 152064 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 29.08.2002 03:43:42 293376 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 29.08.2002 03:43:42 125440 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 18.08.2001 05:55:10 48640 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 29.08.2002 04:41:00 208896 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 03.05.2006 02:56:54 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 23.08.2001 14:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 23.08.2001 14:00:00 566272 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 23.08.2001 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 23.08.2001 14:00:00 259072 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
09.03.2006 16:29:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 23.08.2001 14:00:00 38400 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 23.08.2001 14:00:00 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
20.03.2006 21:43:16 372736 C:\WINDOWS\SYSTEM32\PhysX.cpl
Microsoft Corporation 23.08.2001 14:00:00 111616 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 29.08.2002 03:43:42 272896 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 23.08.2001 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 23.08.2001 14:00:00 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 20.04.1998 19:36:42 131072 C:\WINDOWS\SYSTEM32\WSPCPL32.CPL
Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 18.08.2001 14:00:00 68096 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 23.08.2001 14:00:00 152064 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 29.08.2002 04:41:00 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 23.08.2001 14:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 23.08.2001 14:00:00 566272 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 23.08.2001 14:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 23.08.2001 14:00:00 259072 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 23.08.2001 14:00:00 38400 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 23.08.2001 14:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 23.08.2001 14:00:00 111616 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 23.08.2001 14:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 23.08.2001 14:00:00 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
16.07.2005 00:06:48 HS 84 C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\desktop.ini
13.08.2006 22:50:48 524 C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\hamachi.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
16.07.2005 01:00:00 HS 62 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\desktop.ini
23.07.2006 20:23:30 3311 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
16.07.2005 00:06:48 HS 84 C:\Dokumente und Einstellungen\georg\Startmenü\Programme\Autostart\desktop.ini
03.03.2006 15:05:34 545 C:\Dokumente und Einstellungen\georg\Startmenü\Programme\Autostart\Xfire.lnk

Checking files in %USERPROFILE%\Application Data folder...
16.07.2005 01:00:00 HS 62 C:\Dokumente und Einstellungen\georg\Anwendungsdaten\desktop.ini
29.03.2006 06:19:08 37480 C:\Dokumente und Einstellungen\georg\Anwendungsdaten\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\EastTecFileShredder
{09FAB52A-B435-11D6-A324-0050BFE9FD8F} = E:\PROGRA~1\EAST-T~1\etfscm.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programme\ewido anti-spyware 4.0\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} = E:\Programme\ICQLite\ICQLiteShell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Programme\Gemeinsame Dateien\Symantec Shared\SSC\vpshell2.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ShellExtension
{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = E:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Programme\Gemeinsame Dateien\Symantec Shared\SSC\vpshell2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = E:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programme\ewido anti-spyware 4.0\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} = E:\Programme\ICQLite\ICQLiteShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ShellExtension
{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = E:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} = ICQ Toolbar : C:\Programme\ICQToolbar\toolbaru.dll
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer-Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{855F3B16-6D32-4FE6-8A56-BBB695989046} = ICQ Toolbar : C:\Programme\ICQToolbar\toolbaru.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SoundMan SOUNDMAN.EXE
NVRaidService C:\WINDOWS\System32\nvraidservice.exe
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
vptray C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
NvMediaCenter RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
DAEMON Tools "E:\Programme\DAEMON Tools\daemon.exe" -lang 1033
NVMixerTray "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
ICQ Lite "E:\Programme\ICQLite\ICQLite.exe" -minimize
SunJavaUpdateSched C:\Programme\Java\jre1.5.0_07\bin\jusched.exe
QuickTime Task "C:\Programme\QuickTime\qttask.exe" -atboottime
SunServer E:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Steam

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon
= C:\WINDOWS\System32\NavLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif
= wzcdlg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 13.08.2006 23:02:30

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2