Trotz HijackThis noch PopUps? |
||
---|---|---|
#0
| ||
03.08.2006, 09:55
Member
Beiträge: 17 |
||
|
||
03.08.2006, 15:41
Ehrenmitglied
Beiträge: 29434 |
#2
1.
Look2Me-Destroyer V1.0.5 - abarbeiten - poste den report http://virus-protect.org/l2mfix.html 2. Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten 3, loesche: C:\Programme\WinAntiVirus Pro 2006 C:\Programme\Common Files\Companion Wizard C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006 C:\Dokumente und Einstellungen\georg\Anwendungsdaten\WinAntiVirus Pro 2006 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinAntiVirus Pro 2006 4. bfu abarbeiten - poste den report http://virus-protect.org/artikel/bfu/alcanshorty.html 5. Hoster.zip http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. 6. stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html 7. Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html 8. poste dieses log http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
03.08.2006, 17:28
Member
Themenstarter Beiträge: 17 |
#3
1. Der Log ist leider nicht mehr da ^^# ich hab den paar mal schon unten eingefügt, nur bevor ich Combofix gestartet habe habe ich ihn schon im Papierkorb gehabt, Combofix hat den PC neugebootet und schnell den Papierkorb geleert ^^# aber es stand da alles succesful.
2.BFU: BFU v1.00.9 Windows XP SP1 (WinNT 5.01.2600 SP1) Script started at 17:19:57, on 03.08.2006 Option Unload Explorer: Yes Failed: DllUnregister C:\WINDOWS\DH.dll|1 (file not found) Failed: ServiceStop Network Monitor (service not found) Failed: ServiceStop cmdService (service not found) Failed: ServiceDisable Network Monitor (service not found) Failed: ServiceDisable cmdService (service not found) Failed: ServiceDelete Network Monitor (service not found) Failed: ServiceDelete cmdService (service not found) Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found) Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations|LowRiskFileTypes (key not found) Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found) Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU1 (key not found) Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU2 (key not found) Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|services32 (key not found) Option pause between commands: 300 ms Option pause between commands: 50 ms Failed: FolderDelete C:\Programme\MsConfigs (folder not found) Failed: FolderDelete C:\Programme\winupdates (folder not found) Failed: FolderDelete C:\Programme\winupdate (folder not found) Failed: FolderDelete C:\Programme\winsupdater (folder not found) Failed: FolderDelete C:\Programme\MsUpdate (folder not found) Failed: FolderDelete C:\Programme\MsMovies (folder not found) Failed: FolderDelete C:\Programme\wmplayer (folder not found) Failed: FolderDelete C:\Programme\outlook (folder not found) Failed: FileDelete C:\Programme\Common Files\Windows\mc-*-*.exe (operation failed) Failed: FileDelete C:\Programme\Common Files\Download\mc-*-*.exe (operation failed) Failed: FileDelete C:\DOKUME~1\georg\LOKALE~1\Temp\~DF21B0.tmp (operation failed) Failed: FileDelete C:\DOKUME~1\georg\LOKALE~1\Temp\~DF2276.tmp (operation failed) Failed: FileDelete C:\DOKUME~1\georg\LOKALE~1\Temp\~DF395C.tmp (operation failed) Failed: FileDelete C:\DOKUME~1\georg\LOKALE~1\Temp\~DF624E.tmp (operation failed) Failed: FileDelete C:\DOKUME~1\georg\LOKALE~1\Temp\~DF625A.tmp (operation failed) Failed: FileDelete C:\DOKUME~1\georg\LOKALE~1\Temp\~DF6268.tmp (operation failed) Failed: FileDelete C:\DOKUME~1\georg\LOKALE~1\Temp\~DF6274.tmp (operation failed) Failed: FileDelete C:\DOKUME~1\georg\LOKALE~1\Temp\~DF6282.tmp (operation failed) Failed: FileDelete C:\DOKUME~1\georg\LOKALE~1\Temp\~DF628E.tmp (operation failed) Failed: FileDelete C:\DOKUME~1\georg\LOKALE~1\Temp\~DF629C.tmp (operation failed) Failed: FileDelete C:\DOKUME~1\georg\LOKALE~1\Temp\~DF62A8.tmp (operation failed) Failed: FileDelete C:\DOKUME~1\georg\LOKALE~1\Temp\~DFCD1B.tmp (operation failed) Failed: FolderDelete C:\Dokumente und Einstellungen\georg\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GPMVG16V (operation failed) Failed: FolderDelete C:\Programme\Maxifiles (folder not found) Failed: FolderDelete C:\Programme\DNS (folder not found) Failed: FolderDelete C:\Programme\EQAdvice (folder not found) Failed: FolderDelete C:\Programme\FCAdvice (folder not found) Failed: FolderDelete C:\Programme\Common Files\FreeProd1 (folder not found) Failed: FolderDelete C:\Programme\Common Files\FreeProd2 (folder not found) Failed: FolderDelete C:\Programme\Common Files\InetGet (folder not found) Failed: FolderDelete C:\Programme\Common Files\InetGet2 (folder not found) Failed: FolderDelete C:\Programme\Common Files\svchostsys (folder not found) Failed: FolderDelete C:\Programme\Common Files\simtest (folder not found) Failed: FolderDelete C:\Programme\Common Files\misc001 (folder not found) Failed: FolderDelete C:\Programme\InetGet2 (folder not found) Failed: FolderDelete C:\Programme\Common Files\VCClient (folder not found) Failed: FolderDelete C:\Programme\Network Monitor (folder not found) Failed: FolderDelete C:\WINDOWS\inet20001 (folder not found) Failed: FolderDelete C:\Programme\Update06 (folder not found) Failed: FolderDelete C:\Programme\Update03 (folder not found) Failed: FolderDelete C:\Programme\Update04 (folder not found) Failed: FolderDelete C:\Programme\Update08 (folder not found) Failed: FolderDelete C:\Programme\W-Update (folder not found) Failed: FolderDelete C:\Programme\Yazzle Sudoku (folder not found) Failed: FolderDelete C:\Programme\Cas (folder not found) Failed: FolderDelete C:\Programme\CasStub (folder not found) Failed: FolderDelete C:\Programme\Cas2Stub (folder not found) Failed: FolderDelete C:\Programme\ipwins (folder not found) Failed: FolderDelete C:\temp (folder not found) Failed: FolderDelete C:\WINDOWS\mdrive (folder not found) Failed: FolderDelete C:\Programme\PECarlin (folder not found) Failed: FolderDelete C:\Programme\AXVenore (folder not found) Failed: FolderDelete C:\Programme\SDVita (folder not found) Failed: FolderDelete C:\Programme\EQBranch (folder not found) Failed: FolderDelete C:\Programme\EQArticle (folder not found) Failed: FolderCreate C:\bintheredunthat (folder already exists) Failed: FileMove C:\WINDOWS\win*-*.exe|C:\bintheredunthat (source file not found) Script completed. 3. system32: 03.08.2006 17:01 49.819 nvapps.xml 03.08.2006 16:36 236.057 n8l8li3u18.dll 03.08.2006 10:46 1.167 zvp80d3f.sys 03.08.2006 08:50 61.952 zvp80d3f.dll 02.08.2006 00:58 62.464 bszip.dll 29.07.2006 18:18 98.304 CmdLineExt.dll 26.07.2006 10:26 2.206 wpa.dbl 21.07.2006 18:55 127.578 tsuninst.exe 16.07.2006 00:37 52.764 perfc009.dat 16.07.2006 00:37 380.350 perfh009.dat 16.07.2006 00:37 391.000 perfh007.dat 16.07.2006 00:37 63.580 perfc007.dat 16.07.2006 00:37 897.954 PerfStringBackup.INI 15.07.2006 18:34 1.324 d3d9caps.dat 06.07.2006 18:21 6.757.792 MRT.exe 02.07.2006 14:15 32.008 mlfcache.dat 26.06.2006 22:58 6.903 jupdate-1.5.0_07-b03.log 26.06.2006 22:54 151.584 FNTCACHE.DAT 07.06.2006 12:26 43.520 CmdLineExt03.dll 04.06.2006 12:47 21.840 SIntfNT.dll 04.06.2006 12:47 12.067 SIntf16.dll 04.06.2006 12:47 17.212 SIntf32.dll 29.05.2006 18:58 100 bitmedia.log 22.05.2006 22:02 2 stera.log 22.05.2006 22:00 1.715 ikhcore.log 22.05.2006 21:11 16.384 host.dat 18.05.2006 19:49 1 SI.bin 03.05.2006 02:56 127.078 javaws.exe 03.05.2006 02:56 49.265 jpicpl32.cpl 03.05.2006 01:19 53.346 javaw.exe 03.05.2006 01:19 49.248 java.exe temp: 03.08.2006 17:02 16.384 ~DFB888.tmp 03.08.2006 17:02 512 ~DF5EBE.tmp 03.08.2006 17:02 16.384 ~DF5DD2.tmp windows: 03.08.2006 17:02 600 setupapi.log 03.08.2006 16:48 2.048 bootstat.dat 03.08.2006 16:47 32.640 SchedLgU.Txt 03.08.2006 11:55 54.156 QTFont.qfn 02.08.2006 00:58 2.359.350 Firefox Wallpaper.bmp 31.07.2006 12:44 49 NeroDigital.ini 30.07.2006 19:52 1.125 winamp.ini 27.07.2006 18:27 1.409 QTFont.for 27.07.2006 15:25 169 RtlRack.ini 07.07.2006 17:20 1.214 win.ini 25.06.2006 00:46 70.146 War3Unin.dat 02.06.2006 15:33 65 gvcasinos.ini 29.05.2006 21:14 1.594 awshkwv.ini c: 03.08.2006 17:08 0 sys.txt 03.08.2006 17:08 6.057 windows.txt 03.08.2006 17:08 6.057 system.txt 03.08.2006 17:08 381 temp.txt 03.08.2006 17:08 381 systemtemp.txt 03.08.2006 17:08 118.831 system32.txt 03.08.2006 16:48 43.908 avenger.txt 03.08.2006 16:48 1.610.612.736 pagefile.sys 03.08.2006 12:13 135.955 filelist.txt 03.08.2006 09:25 188 files.txt 4. combofix: Start Time= 03.08.2006 17:11:34,84 Running from: C:\Dokumente und Einstellungen\georg\Desktop ((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log )))))))))))))))))))))))))))))))))))))))))))))))))) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * REGISTRY ENTRIES REMOVED: * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * FILES REMOVED: C:\WINDOWS\SYSTEM32\n8l8li3u18.dll Granting sedebugprivilege to Administratoren ... successful (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\NetMon (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-08-03 17:02:18 ( .D... ) "C:\Dokumente und Einstellungen\georg\Anwendungsdaten\Hamachi" 2006-08-03 15:13:24 ( .D... ) "C:\Programme\CCleaner" 2006-08-03 14:24:40 ( .D... ) "C:\Programme\Spybot - Search & Destroy" 2006-08-03 11:54:52 ( .D... ) "C:\Programme\ewido anti-spyware 4.0" 2006-08-03 11:39:18 ( .D... ) "C:\Programme\Gemeinsame Dateien\Wise Installation Wizard" 2006-08-03 10:46:50 1167 ( A.... ) "C:\WINDOWS\system32\zvp80d3f.sys" 2006-08-03 10:46:50 1167 ( A.... ) "C:\WINDOWS\system32\zvp80d3f.sys" 2006-08-03 09:48:26 ( .D... ) "C:\Programme\Sygate" 2006-08-03 09:22:44 ( .D... ) "C:\Programme\CleanUp!" 2006-08-03 08:50:22 61952 ( A.... ) "C:\WINDOWS\system32\zvp80d3f.dll" 2006-07-30 19:17:04 ( .D... ) "C:\Dokumente und Einstellungen\georg\Anwendungsdaten\Google" 2006-07-30 19:16:38 ( .D... ) "C:\Programme\Google" 2006-07-29 18:18:34 98304 ( A.... ) "C:\WINDOWS\system32\CmdLineExt.dll" 2006-07-21 18:55:38 127578 ( A.... ) "C:\WINDOWS\system32\tsuninst.exe" 2006-06-26 22:57:40 ( .D... ) "C:\Programme\Java" 2006-06-26 22:57:38 ( .D... ) "C:\Programme\Gemeinsame Dateien\Java" 2006-06-07 12:26:02 43520 ( A.... ) "C:\WINDOWS\system32\CmdLineExt03.dll" 2006-06-04 12:47:06 21840 ( A.... ) "C:\WINDOWS\system32\SIntfNT.dll" 2006-06-04 12:47:06 17212 ( A.... ) "C:\WINDOWS\system32\SIntf32.dll" 2006-06-04 12:47:06 12067 ( A.... ) "C:\WINDOWS\system32\SIntf16.dll" 2006-05-03 02:56:58 127078 ( A.... ) "C:\WINDOWS\system32\javaws.exe" 2006-05-03 01:19:40 53346 ( A.... ) "C:\WINDOWS\system32\javaw.exe" 2006-05-03 01:19:30 49248 ( A.... ) "C:\WINDOWS\system32\java.exe" (((((((((((((((((((((((((((((((((((((( Files Created - Last 30days ))))))))))))))))))))))))))))))))))))))))))) 2006-08-03 09:48 83.096 C:\WINDOWS\system32\SSSensor.dll 2006-08-03 08:50 61.952 C:\WINDOWS\system32\zvp80d3f.dll 2006-08-03 08:50 1.167 C:\WINDOWS\system32\zvp80d3f.sys 2006-08-02 00:59 127.578 C:\WINDOWS\system32\tsuninst.exe 2006-07-10 14:29 40.960 C:\WINDOWS\system32\psfind.dll 2006-06-26 22:58 53.346 C:\WINDOWS\system32\javaw.exe 2006-06-26 22:58 49.248 C:\WINDOWS\system32\java.exe 2006-06-26 22:58 127.078 C:\WINDOWS\system32\javaws.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SoundMan"="SOUNDMAN.EXE" "NVRaidService"="C:\\WINDOWS\\System32\\nvraidservice.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit" "SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_07\\bin\\jusched.exe" "DAEMON Tools"="\"E:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033" "NVMixerTray"="\"C:\\Programme\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\"" "ICQ Lite"="\"E:\\Programme\\ICQLite\\ICQLite.exe\" -minimize" "SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui" "!ewido"="\"C:\\Programme\\ewido anti-spyware 4.0\\ewido.exe\" /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Steam"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex] "flags"=dword:00000008 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "ICQ Lite"="E:\\Programme\\ICQLite\\ICQLite.exe -trayboot" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0" HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\At1.job C:\WINDOWS\tasks\B1DFF2AD90E06899.job Completion time: 03.08.2006 17:13:13,95 ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt |
|
|
||
03.08.2006, 22:07
Ehrenmitglied
Beiträge: 29434 |
#4
Avenger
Zitat Files to delete:scanne mit panda und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
04.08.2006, 15:13
Member
Themenstarter Beiträge: 17 |
||
|
||
04.08.2006, 15:26
Ehrenmitglied
Beiträge: 29434 |
#6
Renji
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint Zitat cd\ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
04.08.2006, 21:46
Member
Themenstarter Beiträge: 17 |
#7
Datentr„ger in Laufwerk C: ist Boot
Volumeseriennummer: 68A3-395C Datentr„ger in Laufwerk C: ist Boot Volumeseriennummer: 68A3-395C Verzeichnis von C:\WINDOWS\R2VvcmcgV2FuZw Datentr„ger in Laufwerk C: ist Boot Volumeseriennummer: 68A3-395C Verzeichnis von C:\Programme Datentr„ger in Laufwerk C: ist Boot Volumeseriennummer: 68A3-395C Verzeichnis von C:\WINDOWS\Temp 03.08.2006 20:55 <DIR> . 03.08.2006 20:55 <DIR> .. 0 Datei(en) 0 Bytes 2 Verzeichnis(se), 4.611.981.312 Bytes frei Datentr„ger in Laufwerk C: ist Boot Volumeseriennummer: 68A3-395C Verzeichnis von C:\ Datentr„ger in Laufwerk C: ist Boot Volumeseriennummer: 68A3-395C Verzeichnis von C:\Programme 03.08.2006 16:54 <DIR> . 03.08.2006 16:54 <DIR> .. 16.07.2005 00:12 <DIR> ATI Technologies 16.07.2005 00:28 <DIR> AvRack 03.08.2006 15:13 <DIR> CCleaner 03.08.2006 11:39 <DIR> CleanUp! 03.08.2006 16:52 <DIR> Common Files 16.07.2005 00:04 <DIR> ComPlus Applications 24.10.2005 19:02 <DIR> CyberLink 16.10.2005 00:58 <DIR> directx 30.03.2006 15:25 <DIR> eDonkey2000 04.08.2006 14:26 <DIR> ewido anti-spyware 4.0 03.08.2006 14:53 <DIR> Gemeinsame Dateien 04.08.2006 15:58 <DIR> GlobeDigital 30.07.2006 19:16 <DIR> Google 26.05.2006 17:46 <DIR> htmdash 11.10.2005 20:27 <DIR> ICQLite 04.08.2006 14:26 <DIR> ICQToolbar 04.08.2006 14:27 <DIR> Internet Explorer 26.06.2006 22:58 <DIR> Java 23.10.2005 22:06 <DIR> KNC ONE 04.08.2006 13:54 <DIR> Messenger 16.07.2005 00:07 <DIR> microsoft frontpage 17.07.2005 12:35 <DIR> Microsoft Visual Studio 16.07.2005 00:25 <DIR> Movie Maker 16.07.2005 00:04 <DIR> MSN 16.07.2005 00:04 <DIR> MSN Gaming Zone 28.01.2006 15:41 <DIR> MSN Messenger 16.07.2005 00:25 <DIR> NetMeeting 01.01.2005 00:44 <DIR> NVIDIA Corporation 27.11.2005 13:38 <DIR> Oberon Media 16.07.2005 00:04 <DIR> Online Services 16.07.2005 00:05 <DIR> Online-Dienste 04.08.2006 13:54 <DIR> Outlook Express 17.07.2005 13:05 <DIR> Philips 17.07.2005 11:50 <DIR> Pinnacle 01.03.2006 07:07 <DIR> QuickTime 16.07.2005 00:28 <DIR> Realtek Sound Manager 03.08.2006 14:32 <DIR> Spybot - Search & Destroy 03.08.2006 09:48 <DIR> Sygate 04.09.2005 17:07 <DIR> Symantec 04.09.2005 16:56 <DIR> Symantec_Client_Security 10.02.2006 00:18 <DIR> vso 04.09.2005 16:41 <DIR> Windows Installer Clean Up 28.04.2006 12:47 <DIR> Windows Media Player 16.07.2005 00:04 <DIR> Windows NT 01.08.2006 17:16 <DIR> WinPcap 04.08.2006 14:27 <DIR> WinRAR 16.07.2005 00:07 <DIR> xerox 0 Datei(en) 0 Bytes 49 Verzeichnis(se), 4.611.977.216 Bytes frei Datentr„ger in Laufwerk C: ist Boot Volumeseriennummer: 68A3-395C Verzeichnis von C:\Programme Datentr„ger in Laufwerk C: ist Boot Volumeseriennummer: 68A3-395C Verzeichnis von C:\Programme\Gemeinsame Dateien Datentr„ger in Laufwerk C: ist Boot Volumeseriennummer: 68A3-395C Verzeichnis von C:\Windows\tasks 03.08.2006 16:39 396 At1.job 1 Datei(en) 396 Bytes 0 Verzeichnis(se), 4.611.977.216 Bytes frei Datentr„ger in Laufwerk C: ist Boot Volumeseriennummer: 68A3-395C Verzeichnis von C:\WINDOWS\Downloaded Program Files 11.04.2006 17:10 135.168 asinst.dll 03.04.2006 11:00 537 asinst.inf 07.02.2006 17:30 576 kavwebscan.inf 19.12.2003 16:43 241 popcaploader.inf 27.08.2005 14:30 5.065 swflash.inf 26.05.2005 04:19 291 wuweb.inf 6 Datei(en) 141.878 Bytes 0 Verzeichnis(se), 4.611.973.120 Bytes frei Datentr„ger in Laufwerk C: ist Boot Volumeseriennummer: 68A3-395C Verzeichnis von C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Site Aim Thunk Meta 26.05.2006 17:47 <DIR> . 26.05.2006 17:47 <DIR> .. 21.05.2006 20:46 368.582 GRIMONLINE.exe 26.05.2006 17:47 368.582 Ping inter.exe 2 Datei(en) 737.164 Bytes 2 Verzeichnis(se), 4.611.973.120 Bytes frei Datentr„ger in Laufwerk C: ist Boot Volumeseriennummer: 68A3-395C Verzeichnis von C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten 16.03.2006 20:42 <DIR> Apple Computer 28.04.2005 16:33 <DIR> nView_Profiles 23.07.2006 20:23 3.311 QTSBandwidthCache 26.05.2006 17:47 <DIR> Site Aim Thunk Meta 02.08.2006 03:28 <DIR> Skype 03.08.2006 15:02 <DIR> Spybot - Search & Destroy 04.09.2005 17:07 <DIR> Symantec 20.03.2006 20:01 <DIR> Trymedia 1 Datei(en) 3.311 Bytes 7 Verzeichnis(se), 4.611.973.120 Bytes frei Datentr„ger in Laufwerk C: ist Boot Volumeseriennummer: 68A3-395C Verzeichnis von C:\Dokumente und Einstellungen\georg\Anwendungsdaten\htmdash 26.05.2006 17:47 <DIR> . 26.05.2006 17:47 <DIR> .. 26.05.2006 17:47 10.498 balm thunk cake.exe 26.05.2006 17:47 368.582 mnwmdmbe.exe 26.05.2006 17:46 201.314 Sectplatform.exe 21.05.2006 20:46 368.582 yzdiksbv.exe 4 Datei(en) 948.976 Bytes 2 Verzeichnis(se), 4.611.973.120 Bytes frei Datentr„ger in Laufwerk C: ist Boot Volumeseriennummer: 68A3-395C Verzeichnis von C:\Dokumente und Einstellungen\georg\Anwendungsdaten 30.10.2005 13:19 <DIR> Adobe 19.07.2006 13:32 <DIR> Ahead 10.10.2005 18:11 <DIR> Apple Computer 04.07.2006 23:55 <DIR> Azureus 13.02.2006 18:52 <DIR> ContentLauncher 27.07.2006 17:09 <DIR> dvdcss 17.01.2006 22:08 <DIR> EarMaster 09.03.2006 15:54 <DIR> Ethereal 29.03.2006 06:19 37.480 GDIPFONTCACHEV1.DAT 30.07.2006 19:17 <DIR> Google 04.08.2006 13:36 <DIR> Hamachi 20.09.2005 20:31 <DIR> Help 26.05.2006 17:47 <DIR> htmdash 04.09.2005 17:59 <DIR> ICQ 04.09.2005 17:59 <DIR> ICQLite 17.07.2005 12:49 <DIR> Identities 26.05.2006 17:49 <DIR> IDOL BOOK PROGRAM 11.01.2006 04:03 <DIR> InstallShield Installation Information 30.10.2005 13:19 <DIR> InterTrust 22.05.2006 21:34 <DIR> Lavasoft 13.02.2006 18:52 <DIR> Macromedia 19.10.2005 12:06 <DIR> Meine Die Schlacht um Mittelerde-Dateien 08.04.2006 17:42 <DIR> Meine Die Schlacht um MittelerdeT II-Dateien 17.07.2005 12:50 <DIR> Mozilla 21.05.2006 21:11 <DIR> NetPumper 16.01.2006 22:01 <DIR> Pegasys Inc 11.12.2005 00:46 <DIR> Real 11.10.2005 20:29 <DIR> Skype 10.10.2005 14:02 <DIR> Sun 04.09.2005 17:07 <DIR> Symantec 23.09.2005 20:03 <DIR> Talkback 19.07.2006 09:58 <DIR> teamspeak2 22.10.2005 17:04 <DIR> vlc 04.08.2006 08:02 <DIR> Vso 10.03.2006 21:44 <DIR> VSO_HWE 03.03.2006 15:07 <DIR> Xfire 1 Datei(en) 37.480 Bytes 35 Verzeichnis(se), 4.611.973.120 Bytes frei Datentr„ger in Laufwerk C: ist Boot Volumeseriennummer: 68A3-395C Verzeichnis von C:\WINDOWS\R2VvcmcgV2FuZw Datentr„ger in Laufwerk E: ist Programme Volumeseriennummer: CA60-5B67 Verzeichnis von E:\Programme\NetPumper 26.05.2006 17:48 <DIR> . 26.05.2006 17:48 <DIR> .. 26.05.2006 17:46 <DIR> ZM 0 Datei(en) 0 Bytes 3 Verzeichnis(se), 3.130.122.240 Bytes frei Datentr„ger in Laufwerk E: ist Programme Volumeseriennummer: CA60-5B67 Verzeichnis von E:\Programme 01.08.2006 17:16 <DIR> . 01.08.2006 17:16 <DIR> .. 04.09.2005 17:21 <DIR> Ahead 04.11.2005 19:41 <DIR> Alcohol 120% 18.02.2006 16:30 <DIR> Alcohol Soft 26.05.2006 17:46 <DIR> Anti-Leech 30.10.2005 13:19 <DIR> Arcobat 12.11.2004 12:48 172.032 autoruns.exe 31.07.2006 22:19 <DIR> AV Vcs 4.0 DIAMOND 02.04.2006 00:50 <DIR> Azureus 05.09.2005 16:30 <DIR> BearShare 14.01.2006 21:04 <DIR> BitComet 04.11.2005 20:21 <DIR> CloneCD 17.11.2005 19:50 <DIR> Daemon 04.08.2006 14:33 <DIR> DAEMON Tools 21.07.2006 04:43 <DIR> EA SPORTS 18.02.2006 13:53 <DIR> Easy Video Joiner 13.02.2006 18:48 <DIR> ecdl 08.12.2005 12:40 <DIR> EVEREST Corporate Edition 05.11.2005 13:48 <DIR> EVEREST Home Edition 04.10.2005 16:02 <DIR> FireFox 09.10.2005 12:48 <DIR> FireFox 1.07 28.02.2006 17:06 <DIR> Fusion Media Player 01.05.2006 11:48 <DIR> GlobeDigital 30.10.2005 11:43 <DIR> HDD Health 10.11.2004 19:07 900.568 HDD Health.exe 16.11.2005 20:06 <DIR> Iconoid 04.08.2006 14:34 <DIR> ICQLite 24.10.2005 19:05 <DIR> KNC 22.05.2006 21:34 <DIR> Lavasoft 17.01.2006 17:13 <DIR> music 28.01.2006 00:48 <DIR> Musik 26.05.2006 17:48 <DIR> NetPumper 25.03.2006 08:30 <DIR> NJStar Communicator 20.10.2005 10:43 <DIR> Office 01.06.2006 21:42 <DIR> Pcsx2 27.10.2005 16:47 <DIR> Pentrix 03.12.2004 16:01 561.207 procexp.exe 05.07.2006 13:54 <DIR> QuickPar 29.07.2006 17:47 <DIR> ratDVD 11.12.2005 00:44 <DIR> Real 08.06.2006 16:30 <DIR> SFT Loader 04.09.2005 17:11 <DIR> Skype 22.05.2006 21:56 <DIR> Super Video Joiner 23.04.2006 20:51 <DIR> Teamspeak2_RC2 03.12.2005 23:10 <DIR> totalcmd 04.08.2006 17:44 <DIR> UseNeXT 16.07.2006 12:41 <DIR> VideoLAN 04.08.2006 14:35 <DIR> VNC 10.02.2006 00:18 <DIR> vso 01.08.2006 19:46 <DIR> WC3Banlist 22.10.2005 22:23 <DIR> Winamp 07.09.2005 16:26 <DIR> WinRAR 04.08.2006 14:35 <DIR> WinZip 3 Datei(en) 1.633.807 Bytes 51 Verzeichnis(se), 3.130.122.240 Bytes frei |
|
|
||
04.08.2006, 23:11
Ehrenmitglied
Beiträge: 29434 |
#8
Renji
0. Versteckte- und Systemdateien sichtbar machen http://virus-protect.org/invisible.html 1. Avenger kopiere rein: Zitat registry keys to delete:loesche manuell im abgesicherten Modus: C:\Dokumente und Einstellungen\georg\Anwendungsdaten\NetPumper C:\Dokumente und Einstellungen\georg\Anwendungsdaten\htmdash C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Site Aim Thunk Meta desinstrallieren: E:\Programme\NetPumper C:\Programme\htmdash ** boote wieder in den Normalmodus ** Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren (dann wieder aktivieren) ** Counterspy scanne, stelle dann alles auf "remove" und poste den report http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
12.08.2006, 02:28
Member
Themenstarter Beiträge: 17 |
#9
Ähm bei Counterspy gibts irgendwie kein Report, aber Popus sind keine mehr gekommen allerdings hab ich jetzt ein anderes Problem. Ab und zu wird mein Hintergrundbild einfach ganz blau. Wenn ich es wieder änder geht es nach einigen Minuten wieder blau...woran liegts?
|
|
|
||
12.08.2006, 13:06
Ehrenmitglied
Beiträge: 29434 |
#10
poste diese logs
http://virus-protect.org/winpfind.html http://virus-protect.org/silentrunner.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
12.08.2006, 16:24
Member
Themenstarter Beiträge: 17 |
#11
SILENT RUNNERS
"Silent Runners.vbs", revision 46, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Steam" = (empty string) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "NVRaidService" = "C:\WINDOWS\System32\nvraidservice.exe" ["NVIDIA Corporation"] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS] "vptray" = "C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" ["Symantec Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS] "DAEMON Tools" = ""E:\Programme\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."] "NVMixerTray" = ""C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"" ["NVIDIA Corporation"] "ICQ Lite" = ""E:\Programme\ICQLite\ICQLite.exe" -minimize" ["ICQ Ltd."] "SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_07\bin\jusched.exe" ["Sun Microsystems, Inc."] "QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] HKLM\Software\Microsoft\Active Setup\Installed Components\ {306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided) \StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Programme\Messenger\msgsc.dll",ShowIconsUser" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "F:\Programme\Microsoft Office\Office10\msohev.dll" [MS] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "E:\PROGRA~1\ALCOHO~2\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "E:\Programme\Real\rpshell.dll" ["RealNetworks, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "E:\Programme\ICQLite\ICQLiteShell.dll" [empty string] "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References" -> {HKLM...CLSID} = "ShellLink for Application References" \InProcServer32\(Default) = "C:\WINDOWS\System32\dfshim.dll" [MS] "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References" -> {HKLM...CLSID} = "Shell Icon Handler for Application References" \InProcServer32\(Default) = "C:\WINDOWS\System32\dfshim.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Programme\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] INFECTION WARNING! NavLogon\DLLName = "C:\WINDOWS\System32\NavLogon.dll" [null data] INFECTION WARNING! wzcnotif\DLLName = "wzcdlg.dll" [MS] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ EastTecFileShredder\(Default) = "{09FAB52A-B435-11D6-A324-0050BFE9FD8F}" -> {HKLM...CLSID} = "East-Tec File Shredder Context Menu Shell Extension" \InProcServer32\(Default) = "E:\PROGRA~1\EAST-T~1\etfscm.dll" ["EAST Technologies"] ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Programme\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."] ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "E:\Programme\ICQLite\ICQLiteShell.dll" [empty string] LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}" -> {HKLM...CLSID} = "VpshellEx Class" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "E:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Programme\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."] ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "E:\Programme\ICQLite\ICQLiteShell.dll" [empty string] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "E:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}" -> {HKLM...CLSID} = "VpshellEx Class" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "E:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\WINDOWS\Firefox Wallpaper.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS] Startup items in "georg" & "All Users" startup folders: ------------------------------------------------------- C:\Dokumente und Einstellungen\georg\Startmenü\Programme\Autostart "Xfire" -> shortcut to: "E:\Programme\Xfire\Xfire.exe" ["Xfire Inc."] C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart "hamachi" -> shortcut to: "F:\Programme\Hamachi\hamachi.exe" ["Applied Networking"] Enabled Scheduled Tasks: ------------------------ "B1DFF2AD90E06899" -> launches: "c:\dokume~1\georg\anwend~1\htmdash\balm thunk cake.exe" [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "C:\WINDOWS\System32\wspwsp.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\System32\wspwsp.dll [MS], 01 - 02 %SystemRoot%\system32\mswsock.dll [MS], 03 - 06, 09 - 20 %SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{855F3B16-6D32-4FE6-8A56-BBB695989046}" -> {HKLM...CLSID} = "ICQ Toolbar" \InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{855F3B16-6D32-4FE6-8A56-BBB695989046}" = (no title provided) -> {HKLM...CLSID} = "ICQ Toolbar" \InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ Missing lines (compared with English-language version): "{855F3B16-6D32-4fe6-8A56-BBB695989046}" = (no title provided) -> {HKLM...CLSID} = "ICQ Toolbar" \InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ DefWatch, DefWatch, "C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe" ["Symantec Corporation"] ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Programme\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."] GhostStartService, GhostStartService, "C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe" ["Symantec Corporation"] InCD Helper, InCDsrv, "E:\Programme\Ahead\InCD\InCDsrv.exe" ["Ahead Software AG"] Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe"" [MS] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"] StarWind iSCSI Service, StarWindService, "E:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"] Symantec AntiVirus Client, Norton AntiVirus Server, "C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe" ["Symantec Corporation"] VNC Server, winvnc, ""E:\Programme\VNC\WinVNC.exe" -service" ["UltraVNC"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ ssgb7 Langmon\Driver = "SSGB7MON.DLL" ["Samsung Electronics."] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 275 seconds, including 7 seconds for message boxes) WINPFIND WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600 Internet Explorer Version: 6.0.2800.1106 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... Checking %System% folder... aspack 18.03.2005 17:19:58 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll aspack 26.05.2005 16:34:52 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll aspack 22.07.2005 20:59:04 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll aspack 05.12.2005 18:09:18 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll aspack 03.02.2006 08:43:16 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll aspack 31.03.2006 12:40:58 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll PEC2 23.08.2001 14:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc aspack 06.07.2006 18:21:48 6757792 C:\WINDOWS\SYSTEM32\MRT.exe Umonitor 29.08.2002 03:43:28 660480 C:\WINDOWS\SYSTEM32\rasdlg.dll winsync 23.08.2001 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu UPX! 03.08.2006 08:50:22 61952 C:\WINDOWS\SYSTEM32\zvp80d3f.dll Checking %System%\Drivers folder and sub-folders... Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 12.08.2006 15:58:24 S 2048 C:\WINDOWS\bootstat.dat 10.08.2006 17:42:46 H 54156 C:\WINDOWS\QTFont.qfn 05.07.2006 13:56:20 RHS 227 C:\WINDOWS\assembly\Desktop.ini 11.08.2006 01:36:04 RH 0 C:\WINDOWS\assembly\PublisherPolicy.tme 11.08.2006 01:36:04 RH 0 C:\WINDOWS\assembly\pubpol1.dat 11.08.2006 10:19:24 RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1b.dat 11.08.2006 10:19:26 RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1c.dat 19.07.2006 02:34:02 H 10820 C:\WINDOWS\Help\windows.GID 11.08.2006 01:04:30 H 0 C:\WINDOWS\LastGood\INF\d3dx9_30_x86.inf 11.08.2006 01:04:30 H 0 C:\WINDOWS\LastGood\INF\d3dx9_30_x86.PNF 21.07.2006 04:42:12 H 0 C:\WINDOWS\LastGood\INF\oem29.inf 21.07.2006 04:42:12 H 0 C:\WINDOWS\LastGood\INF\oem29.PNF 02.07.2006 14:15:18 H 32008 C:\WINDOWS\system32\mlfcache.dat 12.08.2006 15:58:52 H 1024 C:\WINDOWS\system32\config\DEFAULT.LOG 12.08.2006 15:58:24 H 8192 C:\WINDOWS\system32\config\SAM.LOG 12.08.2006 15:58:54 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG 12.08.2006 16:09:52 H 1024 C:\WINDOWS\system32\config\SOFTWARE.LOG 12.08.2006 16:10:08 H 1024 C:\WINDOWS\system32\config\SYSTEM.LOG 03.08.2006 12:48:48 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 30.07.2006 11:00:04 H 264 C:\WINDOWS\Tasks\B1DFF2AD90E06899.job 12.08.2006 15:58:26 H 6 C:\WINDOWS\Tasks\SA.DAT Checking for CPL files... Microsoft Corporation 18.08.2001 14:00:00 68096 C:\WINDOWS\SYSTEM32\access.cpl Realtek Semiconductor Corp. 17.11.2004 10:08:06 16162816 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL Microsoft Corporation 29.08.2002 03:43:42 583680 C:\WINDOWS\SYSTEM32\appwiz.cpl Microsoft Corporation 29.08.2002 03:43:42 132096 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 23.08.2001 14:00:00 152064 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Microsoft Corporation 29.08.2002 03:43:42 293376 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 29.08.2002 03:43:42 125440 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 18.08.2001 05:55:10 48640 C:\WINDOWS\SYSTEM32\irprops.cpl Microsoft Corporation 29.08.2002 04:41:00 208896 C:\WINDOWS\SYSTEM32\joy.cpl Sun Microsystems, Inc. 03.05.2006 02:56:54 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl Microsoft Corporation 23.08.2001 14:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 23.08.2001 14:00:00 566272 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 23.08.2001 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 23.08.2001 14:00:00 259072 C:\WINDOWS\SYSTEM32\nusrmgr.cpl 09.03.2006 16:29:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl Microsoft Corporation 23.08.2001 14:00:00 38400 C:\WINDOWS\SYSTEM32\nwc.cpl Microsoft Corporation 23.08.2001 14:00:00 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl 20.03.2006 21:43:16 372736 C:\WINDOWS\SYSTEM32\PhysX.cpl Microsoft Corporation 23.08.2001 14:00:00 111616 C:\WINDOWS\SYSTEM32\powercfg.cpl Microsoft Corporation 29.08.2002 03:43:42 272896 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 23.08.2001 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 23.08.2001 14:00:00 90112 C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation 20.04.1998 19:36:42 131072 C:\WINDOWS\SYSTEM32\WSPCPL32.CPL Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 18.08.2001 14:00:00 68096 C:\WINDOWS\SYSTEM32\dllcache\access.cpl Microsoft Corporation 23.08.2001 14:00:00 152064 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl Microsoft Corporation 29.08.2002 04:41:00 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl Microsoft Corporation 23.08.2001 14:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl Microsoft Corporation 23.08.2001 14:00:00 566272 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl Microsoft Corporation 23.08.2001 14:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl Microsoft Corporation 23.08.2001 14:00:00 259072 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl Microsoft Corporation 23.08.2001 14:00:00 38400 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl Microsoft Corporation 23.08.2001 14:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl Microsoft Corporation 23.08.2001 14:00:00 111616 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl Microsoft Corporation 23.08.2001 14:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl Microsoft Corporation 23.08.2001 14:00:00 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 16.07.2005 00:06:48 HS 84 C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\desktop.ini 02.01.2005 18:18:20 524 C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\hamachi.lnk Checking files in %ALLUSERSPROFILE%\Application Data folder... 16.07.2005 01:00:00 HS 62 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\desktop.ini 23.07.2006 20:23:30 3311 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\QTSBandwidthCache Checking files in %USERPROFILE%\Startup folder... 16.07.2005 00:06:48 HS 84 C:\Dokumente und Einstellungen\georg\Startmenü\Programme\Autostart\desktop.ini 03.03.2006 15:05:34 545 C:\Dokumente und Einstellungen\georg\Startmenü\Programme\Autostart\Xfire.lnk Checking files in %USERPROFILE%\Application Data folder... 16.07.2005 01:00:00 HS 62 C:\Dokumente und Einstellungen\georg\Anwendungsdaten\desktop.ini 29.03.2006 06:19:08 37480 C:\Dokumente und Einstellungen\georg\Anwendungsdaten\GDIPFONTCACHEV1.DAT »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\EastTecFileShredder {09FAB52A-B435-11D6-A324-0050BFE9FD8F} = E:\PROGRA~1\EAST-T~1\etfscm.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programme\ewido anti-spyware 4.0\context.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ICQLiteMenu {73B24247-042E-4EF5-ADC2-42F62E6FD654} = E:\Programme\ICQLite\ICQLiteShell.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu {BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Programme\Gemeinsame Dateien\Symantec Shared\SSC\vpshell2.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ShellExtension {1AC5C88A-DEA7-462b-A232-04AF5CA42E7E} = HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = E:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu {BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Programme\Gemeinsame Dateien\Symantec Shared\SSC\vpshell2.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = E:\PROGRA~1\WINZIP\WZSHLSTB.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programme\ewido anti-spyware 4.0\context.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu {73B24247-042E-4EF5-ADC2-42F62E6FD654} = E:\Programme\ICQLite\ICQLiteShell.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ShellExtension {1AC5C88A-DEA7-462b-A232-04AF5CA42E7E} = HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = E:\PROGRA~1\WINZIP\WZSHLSTB.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {855F3B16-6D32-4fe6-8A56-BBB695989046} = ICQ Toolbar : C:\Programme\ICQToolbar\toolbaru.dll {8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} Media Band = %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} Explorer-Band = %SystemRoot%\System32\shdocvw.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll {855F3B16-6D32-4FE6-8A56-BBB695989046} = ICQ Toolbar : C:\Programme\ICQToolbar\toolbaru.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] SoundMan SOUNDMAN.EXE NVRaidService C:\WINDOWS\System32\nvraidservice.exe NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup vptray C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe NvMediaCenter RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit DAEMON Tools "E:\Programme\DAEMON Tools\daemon.exe" -lang 1033 NVMixerTray "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe" ICQ Lite "E:\Programme\ICQLite\ICQLite.exe" -minimize SunJavaUpdateSched C:\Programme\Java\jre1.5.0_07\bin\jusched.exe QuickTime Task "C:\Programme\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] Steam [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun 145 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System DisableRegistryTools 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, Shell = Explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent = Ati2evxx.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon = C:\WINDOWS\System32\NavLogon.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif = wzcdlg.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 12.08.2006 16:14:17 |
|
|
||
12.08.2006, 16:52
Ehrenmitglied
Beiträge: 29434 |
#12
Renji
1. ueberpruefe mit Jotti diese dll. poste das ergebnis C:\WINDOWS\SYSTEM32\zvp80d3f.dll ------------------------------------------------------------------- 2. Start -- alle Programme -- Zubehör -- Editor und kopiere folgenden Text rein: Zitat %systemdrive%- Speichern als: remjob.bat - abspeichern unter : Dateityp: alle Dateien - speichere auf dem Desktop - Locate remjob.bat-- doppelklick auf die bat-Datei , der Editor öffnet sich kurz ist normal -------------------------------------------------------------------- 3. Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Die Datei "fixme.reg" auf dem Desktop doppelklicken Zitat REGEDIT4PC neustarten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
13.08.2006, 10:48
Member
Themenstarter Beiträge: 17 |
#13
Last file scanned at least one scanner reported something about: Bladeinstall.exe, detected by:
Scanner Malware name AntiVir X ArcaVir X Avast X AVG Antivirus X BitDefender X ClamAV X Dr.Web X F-Prot Antivirus X Fortinet X Kaspersky Anti-Virus X NOD32 X Norman Virus Control X UNA TrojanDownloader.Win32.Agent VirusBuster X VBA32 X You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives We are not affiliated with any third parties that conduct tests using this service. |
|
|
||
13.08.2006, 13:10
Ehrenmitglied
Beiträge: 29434 |
#14
Renji
1. Pocket KillBox http://virus-protect.org/killbox.html Options: "Delete on Reboot" und "Single File"--> anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf auf "yes" reinkopieren: ....... C:\WINDOWS\SYSTEM32\zvp80d3f.dll pc neustarten 2. Hoster.zip http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. 3. poste noch mal das Log von Winpfind __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
13.08.2006, 23:04
Member
Themenstarter Beiträge: 17 |
#15
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600 Internet Explorer Version: 6.0.2800.1106 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... Checking %System% folder... aspack 18.03.2005 17:19:58 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll aspack 26.05.2005 16:34:52 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll aspack 22.07.2005 20:59:04 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll aspack 05.12.2005 18:09:18 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll aspack 03.02.2006 08:43:16 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll aspack 31.03.2006 12:40:58 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll PEC2 23.08.2001 14:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc aspack 06.07.2006 18:21:48 6757792 C:\WINDOWS\SYSTEM32\MRT.exe Umonitor 29.08.2002 03:43:28 660480 C:\WINDOWS\SYSTEM32\rasdlg.dll winsync 23.08.2001 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu Checking %System%\Drivers folder and sub-folders... Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 13.08.2006 22:50:18 S 2048 C:\WINDOWS\bootstat.dat 13.08.2006 10:58:44 H 54156 C:\WINDOWS\QTFont.qfn 05.07.2006 13:56:20 RHS 227 C:\WINDOWS\assembly\Desktop.ini 11.08.2006 01:36:04 RH 0 C:\WINDOWS\assembly\PublisherPolicy.tme 11.08.2006 01:36:04 RH 0 C:\WINDOWS\assembly\pubpol1.dat 11.08.2006 10:19:24 RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1b.dat 11.08.2006 10:19:26 RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1c.dat 19.07.2006 02:34:02 H 10820 C:\WINDOWS\Help\windows.GID 11.08.2006 01:04:30 H 0 C:\WINDOWS\LastGood\INF\d3dx9_30_x86.inf 11.08.2006 01:04:30 H 0 C:\WINDOWS\LastGood\INF\d3dx9_30_x86.PNF 21.07.2006 04:42:12 H 0 C:\WINDOWS\LastGood\INF\oem29.inf 21.07.2006 04:42:12 H 0 C:\WINDOWS\LastGood\INF\oem29.PNF 02.07.2006 14:15:18 H 32008 C:\WINDOWS\system32\mlfcache.dat 13.08.2006 22:50:54 H 1024 C:\WINDOWS\system32\config\DEFAULT.LOG 13.08.2006 22:50:18 H 8192 C:\WINDOWS\system32\config\SAM.LOG 13.08.2006 23:00:24 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG 13.08.2006 23:02:06 H 1024 C:\WINDOWS\system32\config\SOFTWARE.LOG 13.08.2006 23:02:06 H 1024 C:\WINDOWS\system32\config\SYSTEM.LOG 03.08.2006 12:48:48 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 13.08.2006 22:50:18 H 6 C:\WINDOWS\Tasks\SA.DAT Checking for CPL files... Microsoft Corporation 18.08.2001 14:00:00 68096 C:\WINDOWS\SYSTEM32\access.cpl Realtek Semiconductor Corp. 17.11.2004 10:08:06 16162816 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL Microsoft Corporation 29.08.2002 03:43:42 583680 C:\WINDOWS\SYSTEM32\appwiz.cpl Microsoft Corporation 29.08.2002 03:43:42 132096 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 23.08.2001 14:00:00 152064 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Microsoft Corporation 29.08.2002 03:43:42 293376 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 29.08.2002 03:43:42 125440 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 18.08.2001 05:55:10 48640 C:\WINDOWS\SYSTEM32\irprops.cpl Microsoft Corporation 29.08.2002 04:41:00 208896 C:\WINDOWS\SYSTEM32\joy.cpl Sun Microsystems, Inc. 03.05.2006 02:56:54 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl Microsoft Corporation 23.08.2001 14:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 23.08.2001 14:00:00 566272 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 23.08.2001 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 23.08.2001 14:00:00 259072 C:\WINDOWS\SYSTEM32\nusrmgr.cpl 09.03.2006 16:29:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl Microsoft Corporation 23.08.2001 14:00:00 38400 C:\WINDOWS\SYSTEM32\nwc.cpl Microsoft Corporation 23.08.2001 14:00:00 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl 20.03.2006 21:43:16 372736 C:\WINDOWS\SYSTEM32\PhysX.cpl Microsoft Corporation 23.08.2001 14:00:00 111616 C:\WINDOWS\SYSTEM32\powercfg.cpl Microsoft Corporation 29.08.2002 03:43:42 272896 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 23.08.2001 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 23.08.2001 14:00:00 90112 C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation 20.04.1998 19:36:42 131072 C:\WINDOWS\SYSTEM32\WSPCPL32.CPL Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 18.08.2001 14:00:00 68096 C:\WINDOWS\SYSTEM32\dllcache\access.cpl Microsoft Corporation 23.08.2001 14:00:00 152064 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl Microsoft Corporation 29.08.2002 04:41:00 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl Microsoft Corporation 23.08.2001 14:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl Microsoft Corporation 23.08.2001 14:00:00 566272 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl Microsoft Corporation 23.08.2001 14:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl Microsoft Corporation 23.08.2001 14:00:00 259072 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl Microsoft Corporation 23.08.2001 14:00:00 38400 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl Microsoft Corporation 23.08.2001 14:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl Microsoft Corporation 23.08.2001 14:00:00 111616 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl Microsoft Corporation 23.08.2001 14:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl Microsoft Corporation 23.08.2001 14:00:00 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 16.07.2005 00:06:48 HS 84 C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\desktop.ini 13.08.2006 22:50:48 524 C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\hamachi.lnk Checking files in %ALLUSERSPROFILE%\Application Data folder... 16.07.2005 01:00:00 HS 62 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\desktop.ini 23.07.2006 20:23:30 3311 C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\QTSBandwidthCache Checking files in %USERPROFILE%\Startup folder... 16.07.2005 00:06:48 HS 84 C:\Dokumente und Einstellungen\georg\Startmenü\Programme\Autostart\desktop.ini 03.03.2006 15:05:34 545 C:\Dokumente und Einstellungen\georg\Startmenü\Programme\Autostart\Xfire.lnk Checking files in %USERPROFILE%\Application Data folder... 16.07.2005 01:00:00 HS 62 C:\Dokumente und Einstellungen\georg\Anwendungsdaten\desktop.ini 29.03.2006 06:19:08 37480 C:\Dokumente und Einstellungen\georg\Anwendungsdaten\GDIPFONTCACHEV1.DAT »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] SV1 = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\EastTecFileShredder {09FAB52A-B435-11D6-A324-0050BFE9FD8F} = E:\PROGRA~1\EAST-T~1\etfscm.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programme\ewido anti-spyware 4.0\context.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ICQLiteMenu {73B24247-042E-4EF5-ADC2-42F62E6FD654} = E:\Programme\ICQLite\ICQLiteShell.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu {BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Programme\Gemeinsame Dateien\Symantec Shared\SSC\vpshell2.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ShellExtension {1AC5C88A-DEA7-462b-A232-04AF5CA42E7E} = HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = E:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu {BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Programme\Gemeinsame Dateien\Symantec Shared\SSC\vpshell2.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = E:\PROGRA~1\WINZIP\WZSHLSTB.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programme\ewido anti-spyware 4.0\context.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu {73B24247-042E-4EF5-ADC2-42F62E6FD654} = E:\Programme\ICQLite\ICQLiteShell.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ShellExtension {1AC5C88A-DEA7-462b-A232-04AF5CA42E7E} = HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = E:\PROGRA~1\WINZIP\WZSHLSTB.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {855F3B16-6D32-4fe6-8A56-BBB695989046} = ICQ Toolbar : C:\Programme\ICQToolbar\toolbaru.dll {8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} Media Band = %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} Explorer-Band = %SystemRoot%\System32\shdocvw.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll {855F3B16-6D32-4FE6-8A56-BBB695989046} = ICQ Toolbar : C:\Programme\ICQToolbar\toolbaru.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] SoundMan SOUNDMAN.EXE NVRaidService C:\WINDOWS\System32\nvraidservice.exe NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup vptray C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe NvMediaCenter RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit DAEMON Tools "E:\Programme\DAEMON Tools\daemon.exe" -lang 1033 NVMixerTray "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe" ICQ Lite "E:\Programme\ICQLite\ICQLite.exe" -minimize SunJavaUpdateSched C:\Programme\Java\jre1.5.0_07\bin\jusched.exe QuickTime Task "C:\Programme\QuickTime\qttask.exe" -atboottime SunServer E:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] Steam [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun 145 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, Shell = Explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent = Ati2evxx.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon = C:\WINDOWS\System32\NavLogon.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif = wzcdlg.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 13.08.2006 23:02:30 |
|
|
||
http://amaena.com/securityworm5/index23.php?aid=omyg&lid=os&j=0
und ad.finalsolutions/ad.yieldmanager Seiten...
Diese Seiten öffnen sich immer wieder einfach so, ich hab HijachThis drüber laufen
lassen und nach der Automatischen Logfileauswertung nichts gefunden
Logfile of HijackThis v1.99.1
Scan saved at 13:28:49, on 03.08.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\Programme\Ahead\InCD\InCDsrv.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Programme\ewido anti-spyware 4.0\guard.exe
C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
E:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
E:\Programme\VNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Programme\Java\jre1.5.0_07\bin\jusched.exe
E:\Programme\DAEMON Tools\daemon.exe
C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
E:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Programme\ewido anti-spyware 4.0\ewido.exe
F:\Programme\Hamachi\hamachi.exe
E:\Programme\Xfire\Xfire.exe
C:\WINDOWS\system32\rundll32.exe
E:\Programme\VideoLAN\VLC\vlc.exe
E:\Programme\FireFox 1.07\Neuer Ordner\firefox.exe
C:\DOKUME~1\georg\LOKALE~1\Temp\Rar$EX00.203\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O1 - Hosts: 129.100.0.10 win2k-srv
O1 - Hosts: 129.100.0.4 Felix
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [ICQ Lite] "E:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [!ewido] "C:\Programme\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] E:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Xfire.lnk = E:\Programme\Xfire\Xfire.exe
O4 - Global Startup: hamachi.lnk = F:\Programme\Hamachi\hamachi.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125841519721
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = WUHAN.fa-wang.de
O17 - HKLM\Software\..\Telephony: DomainName = WUHAN.fa-wang.de
O17 - HKLM\System\CCS\Services\Tcpip\..\{32A4231B-CAD1-4C2B-ACE2-C5ED05FEC8AA}: NameServer = 217.237.150.33,217.237.151.66
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = WUHAN.fa-wang.de
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = WUHAN.fa-wang.de
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = WUHAN.fa-wang.de
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\o8660ijse8o60.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programme\ewido anti-spyware 4.0\guard.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Programme\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: GhostStartService - Symantec Corporation - C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - E:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - E:\Programme\VNC\WinVNC.exe" -service (file missing)
\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
E:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
E:\Programme\VNC\WinVNC.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Programme\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\System32\taskmgr.exe
E:\Programme\DAEMON Tools\daemon.exe
C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
E:\Programme\ICQLite\ICQLite.exe
C:\Programme\outlook\outlook.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\wbem\unsecapp.exe
F:\Programme\Hamachi\hamachi.exe
E:\Programme\Xfire\Xfire.exe
E:\Programme\FireFox 1.07\Neuer Ordner\firefox.exe
C:\WINDOWS\System32\msiexec.exe
C:\DOKUME~1\georg\LOKALE~1\Temp\Rar$EX00.093\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O1 - Hosts: 129.100.0.10 win2k-srv
O1 - Hosts: 129.100.0.4 Felix
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [ICQ Lite] "E:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [outlook] C:\Programme\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] E:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Xfire.lnk = E:\Programme\Xfire\Xfire.exe
O4 - Global Startup: hamachi.lnk = F:\Programme\Hamachi\hamachi.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125841519721
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = WUHAN.fa-wang.de
O17 - HKLM\Software\..\Telephony: DomainName = WUHAN.fa-wang.de
O17 - HKLM\System\CCS\Services\Tcpip\..\{32A4231B-CAD1-4C2B-ACE2-C5ED05FEC8AA}: NameServer = 217.237.150.33,217.237.151.66
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = WUHAN.fa-wang.de
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = WUHAN.fa-wang.de
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = WUHAN.fa-wang.de
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: Shell - C:\WINDOWS\system32\o6pq0g75e6.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Programme\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: GhostStartService - Symantec Corporation - C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - E:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - E:\Programme\VNC\WinVNC.exe" -service (file missing)
Desweiteren kann ich jetzt manche Prozesse nicht mehr schließen mit Procexp oder dem TaskManager
Was tun?