Home » Spyware & Browser Hijacker Support Forum » Browser lahmt... » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1

Antworten

Browser lahmt...

11.08.2006, 14:02

saphrus

...neu hier

Beiträge: 5

#1 Hallöchen allerseits. Vor kurzem wolle ich mir ein progrämmchen runterladen und es direkt nach dem download ausführen....aber nichts passierte, außer dass kurz danach mein antivir 2 Viren meldete TR/spy.pid.2 und TR/spy.(vergessen)
Die beiden guten stücke kamen trotz löschen immer wieder bis ich per hijackthis einiges rausgeschmissen hatte.
jetzt kommen keine meldungen mehr, aber nachdem ich ca eine minute zum internet verbunden bin wird mein browser extremst langsam.....HILFE!!

Ich packe einfach mal meine aktuelle hijackthis ausgabe rein und hoffe, dass ihr was wisst...

Logfile of HijackThis v1.99.1
Scan saved at 14:01:42, on 11.08.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Programme\Java\jre1.5.0_06\bin\jusched.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Programme\MSI\Live Update 3\LMonitor.exe
D:\Programme\DAEMON Tools\daemon.exe
D:\Programme\Logitech\MouseWare\system\em_exec.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Programme\Logitech\iTouch\iTouch.exe
D:\WINDOWS\system32\svchost.exe
D:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programme\AntiVir PersonalEdition Classic\sched.exe
D:\Programme\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\ATKKBService.exe
D:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
D:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\oodag.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Programme\Miranda IM\miranda32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Programme\Mozilla Firefox\firefox.exe
D:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
D:\Dokumente und Einstellungen\David\Eigene Dateien\HijackThis.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVMixerTray] "D:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LiveMonitor] D:\Programme\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [.nvsvc] D:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [zBrowser Launcher] D:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [avgnt] "D:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAA971CC-274C-4A17-AFC8-66E3796A824C}: NameServer = 217.237.150.188 217.237.151.161
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - D:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - D:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

11.08.2006, 14:36

Sabina

Ehrenmitglied

Beiträge: 29434

#2 1.
poste dieses log
http://virus-protect.org/artikel/tools/combofix.html

2.
stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

3.
Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit

11.08.2006, 14:56

saphrus

...neu hier

Themenstarter

Beiträge: 5

#3 Start Time= 11.08.2006 14:50:57,31
Running from: D:\Dokumente und Einstellungen\David\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-08-11 14:12:30 ( .D... ) "D:\Programme\Gemeinsame Dateien\Application"
2006-08-11 14:11:56 ( .D... ) "D:\Programme\SPYWAREfighter"
2006-08-10 19:22:56 ( .D... ) "D:\Programme\AntiVir PersonalEdition Classic"
2006-08-10 18:08:50 43520 ( A.... ) "D:\WINDOWS\system32\CmdLineExt03.dll"
2006-08-10 13:22:04 52858 ( A.... ) "D:\WINDOWS\system32\interceptor.sys"
2006-08-10 13:22:04 52858 ( A.... ) "D:\WINDOWS\system32\interceptor.sys"
2006-08-10 13:21:58 45056 ( A.... ) "D:\WINDOWS\system32\WNASPI32.DLL"
2006-08-09 22:50:54 139264 ( A.... ) "D:\WINDOWS\War3Unin.exe"
2006-08-09 21:56:58 ( .D... ) "D:\Programme\Realtek Sound Manager"
2006-08-09 21:56:56 ( .D... ) "D:\Programme\AvRack"
2006-08-09 21:56:44 ( .D... ) "D:\Programme\Realtek AC97"
2006-08-09 21:05:34 ( .D... ) "D:\Dokumente und Einstellungen\David\Anwendungsdaten\Lavasoft"
2006-08-09 21:05:28 ( .D... ) "D:\Programme\Lavasoft"
2006-08-09 18:24:18 49152 ( A.... ) "D:\WINDOWS\system32\nvsvcd.exe"
2006-08-08 18:35:46 21840 ( A.... ) "D:\WINDOWS\system32\SIntfNT.dll"
2006-08-08 18:35:46 17212 ( A.... ) "D:\WINDOWS\system32\SIntf32.dll"
2006-08-08 18:35:46 12067 ( A.... ) "D:\WINDOWS\system32\SIntf16.dll"
2006-08-08 18:32:48 94208 ( A.... ) "D:\WINDOWS\DIIUnin.exe"
2006-08-01 06:41:34 221184 ( A.... ) "D:\WINDOWS\system32\wrap_oal.dll"
2006-08-01 06:41:34 81920 ( A.... ) "D:\WINDOWS\system32\OpenAL32.dll"
2006-07-19 23:18:42 ( .D... ) "D:\Dokumente und Einstellungen\David\Anwendungsdaten\.BitTornado"
2006-07-19 23:18:32 ( .D... ) "D:\Programme\BitTornado"
2006-07-18 20:49:38 ( .D... ) "D:\Programme\MSN Messenger"
2006-07-14 17:38:52 332288 ( A.... ) "D:\WINDOWS\system32\netapi32.dll"
2006-07-13 15:34:28 8494592 ( A.... ) "D:\WINDOWS\system32\shell32.dll"
2006-07-12 14:23:30 ( .D... ) "D:\Programme\ICQLite"
2006-07-12 14:23:30 ( .D... ) "D:\Dokumente und Einstellungen\David\Anwendungsdaten\ICQLite"
2006-07-11 21:51:18 ( .D... ) "D:\Dokumente und Einstellungen\David\Anwendungsdaten\Apple Computer"
2006-07-11 21:50:42 ( .D... ) "D:\Programme\QuickTime"
2006-07-02 12:40:16 ( .DS.. ) "D:\Programme\Xfire"
2006-07-02 12:40:16 ( .D... ) "D:\Dokumente und Einstellungen\David\Anwendungsdaten\Xfire"
2006-06-23 20:25:16 ( .D... ) "D:\Programme\ScannerU"
2006-06-19 16:20:42 702768 ( ..... ) "D:\WINDOWS\system32\WgaLogon.dll"
2006-06-16 14:34:44 48936 ( A.... ) "D:\WINDOWS\system32\sirenacm.dll"
2006-06-02 11:04:44 57384 ( A.... ) "D:\WINDOWS\system32\avsda.dll"
2006-06-01 19:09:24 208896 ( A.... ) "D:\WINDOWS\system32\nvusmb.exe"
2006-06-01 19:09:24 208896 ( A.... ) "D:\WINDOWS\system32\nvunrm.exe"
2006-06-01 19:09:24 208896 ( A.... ) "D:\WINDOWS\system32\NVUNINST.EXE"
2006-06-01 19:09:24 208896 ( A.... ) "D:\WINDOWS\system32\nvumctl.exe"
2006-06-01 19:09:24 208896 ( A.... ) "D:\WINDOWS\system32\nvuide.exe"
2006-06-01 19:09:24 208896 ( A.... ) "D:\WINDOWS\system32\nvugart.exe"
2006-06-01 17:22:00 5246976 ( A.... ) "D:\WINDOWS\system32\nvdispsr.dll"
2006-06-01 17:22:00 2977792 ( A.... ) "D:\WINDOWS\system32\nvvitvsr.dll"
2006-06-01 17:22:00 2916352 ( A.... ) "D:\WINDOWS\system32\nvgamesr.dll"
2006-06-01 17:22:00 2859008 ( A.... ) "D:\WINDOWS\system32\nvmoblsr.dll"
2006-06-01 17:22:00 1740800 ( A.... ) "D:\WINDOWS\system32\nvwssr.dll"
2006-06-01 17:22:00 1257472 ( A.... ) "D:\WINDOWS\system32\nvwss.dll"
2006-06-01 17:22:00 462848 ( A.... ) "D:\WINDOWS\system32\nvmccssr.dll"
2006-06-01 17:22:00 208896 ( A.... ) "D:\WINDOWS\system32\nvudisp.exe"
2006-05-19 15:09:50 148480 ( A.... ) "D:\WINDOWS\system32\dnsapi.dll"
2006-05-19 15:09:50 112128 ( A.... ) "D:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 15:09:50 95744 ( A.... ) "D:\WINDOWS\system32\iphlpapi.dll"
2006-05-18 13:14:24 18359 ( A.... ) "D:\WINDOWS\system32\Ntaccess.sys"
2006-04-21 07:16:12 54312 ( A.... ) "D:\Programme\tor-bundle-uninstall.exe"
2006-02-11 02:41:04 26657 ( A.... ) "D:\Programme\BUNDLE_LICENSE"

(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))

2006-08-10 19:22 57.384 D:\WINDOWS\system32\avsda.dll
2006-08-10 16:25 46.592 D:\WINDOWS\system32\asfrench.dll
2006-08-10 16:25 46.080 D:\WINDOWS\system32\asrussian.dll
2006-08-10 16:25 46.080 D:\WINDOWS\system32\asgerman.dll
2006-08-10 16:25 46.080 D:\WINDOWS\system32\aseng.dll
2006-08-10 16:25 45.568 D:\WINDOWS\system32\askorean.dll
2006-08-10 16:25 45.568 D:\WINDOWS\system32\asjapan.dll
2006-08-10 16:25 45.568 D:\WINDOWS\system32\ASCHT.dll
2006-08-10 16:25 45.568 D:\WINDOWS\system32\aschs.dll
2006-08-10 16:25 37.888 D:\WINDOWS\system32\ATKOGL32.dll
2006-08-10 16:25 250.368 D:\WINDOWS\system32\ATKDISP.dll
2006-08-10 16:25 241.664 D:\WINDOWS\ATKKBService.exe
2006-08-10 16:25 2.032.640 D:\WINDOWS\system32\ATKOSDX32.dll
2006-08-10 16:25 10.496 D:\WINDOWS\system32\ATKOSDMini.DLL
2006-08-10 16:25 1.667.072 D:\WINDOWS\system32\ATKDispCPL.dll
2006-08-10 13:22 52.858 D:\WINDOWS\system32\interceptor.sys
2006-08-10 13:21 45.056 D:\WINDOWS\system32\WNASPI32.DLL
2006-08-09 22:39 139.264 D:\WINDOWS\War3Unin.exe
2006-08-09 21:57 40.960 D:\WINDOWS\system32\ChCfg.exe
2006-08-09 21:56 577.536 D:\WINDOWS\soundman.exe
2006-08-09 21:56 315.392 D:\WINDOWS\alcupd.exe
2006-08-09 21:56 217.088 D:\WINDOWS\Alcrmv.exe
2006-08-09 21:56 135.168 D:\WINDOWS\system32\RtlCPAPI.dll
2006-08-09 21:56 10.527.232 D:\WINDOWS\system32\RTLCPL.exe
2006-08-09 21:52 208.896 D:\WINDOWS\system32\nvudisp.exe
2006-08-09 21:47 208.896 D:\WINDOWS\system32\nvuide.exe
2006-08-09 21:46 208.896 D:\WINDOWS\system32\nvusmb.exe
2006-08-09 21:46 208.896 D:\WINDOWS\system32\nvunrm.exe
2006-08-09 21:46 208.896 D:\WINDOWS\system32\NVUNINST.EXE
2006-08-09 21:46 208.896 D:\WINDOWS\system32\nvumctl.exe
2006-08-09 21:46 208.896 D:\WINDOWS\system32\nvugart.exe
2006-08-09 18:24 49.152 D:\WINDOWS\system32\nvsvcd.exe
2006-08-08 18:39 43.520 D:\WINDOWS\system32\CmdLineExt03.dll
2006-08-08 18:32 94.208 D:\WINDOWS\DIIUnin.exe
2006-08-08 18:27 21.840 D:\WINDOWS\system32\SIntfNT.dll
2006-08-08 18:27 17.212 D:\WINDOWS\system32\SIntf32.dll
2006-08-08 18:27 12.067 D:\WINDOWS\system32\SIntf16.dll
2006-08-01 06:41 81.920 D:\WINDOWS\system32\OpenAL32.dll
2006-08-01 06:41 221.184 D:\WINDOWS\system32\wrap_oal.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="D:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"SoundMan"="SOUNDMAN.EXE"
"NVMixerTray"="\"D:\\Programme\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"Logitech Utility"="Logi_MwX.Exe"
"LiveMonitor"="D:\\Programme\\MSI\\Live Update 3\\LMonitor.exe"
"DAEMON Tools"="\"D:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"
".nvsvc"="D:\\WINDOWS\\system\\smss.exe /w"
"NvCplDaemon"="RUNDLL32.EXE D:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE D:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"zBrowser Launcher"="D:\\Programme\\Logitech\\iTouch\\iTouch.exe"
"avgnt"="\"D:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"spywarefighterguard"="D:\\Programme\\SPYWAREfighter\\spfprc.exe"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,de,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="\"D:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"ICQ Lite"="\"D:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"iTunesHelper"="\"D:\\Programme\\iTunes\\iTunesHelper.exe\""
"LiveMonitor"="D:\\Programme\\MSI\\Live Update 3\\LMonitor.exe"
"TkBellExe"="\"D:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"WinampAgent"="D:\\Programme\\Winamp\\winampa.exe"

Contents of the 'Scheduled Tasks' folder
D:\WINDOWS\tasks\1-Click Maintenance.job

Completion time: 11.08.2006 14:51:13,48
ComboFix ver 06.07.15/30 - This logfile is located at D:\ComboFix.txt

11.08.2006 13:42 43.573 nvapps.xml
11.08.2006 13:42 56.454 OODBS.lor
10.08.2006 18:08 43.520 CmdLineExt03.dll
10.08.2006 13:22 52.858 interceptor.sys
10.08.2006 13:21 45.056 WNASPI32.DLL
10.08.2006 12:43 2.262 wpa.dbl
09.08.2006 21:53 403.968 perfh009.dat
09.08.2006 21:53 418.970 perfh007.dat
09.08.2006 21:53 63.188 perfc009.dat
09.08.2006 21:53 76.014 perfc007.dat
09.08.2006 21:53 974.848 PerfStringBackup.INI
09.08.2006 18:24 49.152 nvsvcd.exe
08.08.2006 18:35 21.840 SIntfNT.dll
08.08.2006 18:35 12.067 SIntf16.dll
08.08.2006 18:35 17.212 SIntf32.dll
03.08.2006 03:22 8.255.912 MRT.exe
01.08.2006 06:41 221.184 wrap_oal.dll
01.08.2006 06:41 81.920 OpenAL32.dll
14.07.2006 17:38 332.288 netapi32.dll
13.07.2006 15:34 8.494.592 shell32.dll
19.06.2006 16:20 702.768 WgaLogon.dll
19.06.2006 16:19 571.184 LegitCheckControl.dll
19.06.2006 16:19 304.944 WgaTray.exe
16.06.2006 14:34 48.936 sirenacm.dll
02.06.2006 11:04 57.384 avsda.dll
01.06.2006 20:47 163.840 jgdw400.dll
01.06.2006 20:47 27.648 jgpl400.dll
01.06.2006 19:09 208.896 nvunrm.exe
01.06.2006 19:09 208.896 nvusmb.exe
01.06.2006 19:09 208.896 nvuide.exe
01.06.2006 19:09 208.896 nvugart.exe
01.06.2006 19:09 208.896 nvumctl.exe
01.06.2006 19:09 208.896 NVUNINST.EXE
01.06.2006 17:22 462.848 nvmccssr.dll
01.06.2006 17:22 2.859.008 nvmoblsr.dll
01.06.2006 17:22 2.977.792 nvvitvsr.dll
01.06.2006 17:22 1.257.472 nvwss.dll
01.06.2006 17:22 1.740.800 nvwssr.dll
01.06.2006 17:22 5.246.976 nvdispsr.dll
01.06.2006 17:22 208.896 nvudisp.exe

hi nochmal

also ich hab das gefühl, dass es jetzt wieder klappt....Ich hab einfach mal alle einträge im windows/system/ ordner gelöscht, die am 08.08.06 (der tag an dem dieses besagte heruntergeladene programm ausgeführt wurde) eingetragen wurden....vor allem diese *.dat dateien kamen mir seltsam vor. und jetzt muss ich sagen scheint das ganze behoben zu sein...meine internetverbindung bleibt ruhig solange ich nichts mache und wenn ich was mache läufts schnell wie immer....
naja sollte es noch weitere hinweise oder sachen geben de ich tun sollte sagt bescheid

Dieser Beitrag wurde am 11.08.2006 um 15:29 Uhr von saphrus editiert.

11.08.2006, 15:50

Sabina

Ehrenmitglied

Beiträge: 29434

#4 wir werden das hier abarbeiten:
http://virus-protect.org/artikel/dienste/nvsvcd.html

poste also bitte von datfindbat die 4 logs, also die fehlenden drei noch.
-----

+ dieses log posten
http://virus-protect.org/registry_stuff.html
(per Anhang - siehe unten)
__________
MfG Sabina

rund um die PC-Sicherheit

11.08.2006, 17:02

saphrus

...neu hier

Themenstarter

Beiträge: 5

#5 Ah sorry...ganz übersehen

Volume in Laufwerk D: hat keine Bezeichnung.
Volumeseriennummer: 6826-BE05

Verzeichnis von D:\WINDOWS\system32

11.08.2006 15:12 43.573 nvapps.xml
11.08.2006 15:12 57.036 OODBS.lor
10.08.2006 18:08 43.520 CmdLineExt03.dll
10.08.2006 13:22 52.858 interceptor.sys
10.08.2006 12:43 2.262 wpa.dbl
09.08.2006 21:53 974.848 PerfStringBackup.INI
08.08.2006 18:35 21.840 SIntfNT.dll
08.08.2006 18:35 12.067 SIntf16.dll
08.08.2006 18:35 17.212 SIntf32.dll
03.08.2006 03:22 8.255.912 MRT.exe
01.08.2006 06:41 221.184 wrap_oal.dll
01.08.2006 06:41 81.920 OpenAL32.dll
27.07.2006 15:25 679.424 inetcomm.dll
21.07.2006 10:29 72.704 hlink.dll
14.07.2006 17:38 332.288 netapi32.dll
14.07.2006 17:25 546.304 hhctrl.ocx
13.07.2006 15:34 8.494.592 shell32.dll
05.07.2006 12:55 1.057.792 kernel32.dll
26.06.2006 19:40 8.192 rasadhlp.dll
26.06.2006 19:40 148.480 dnsapi.dll
19.06.2006 16:20 702.768 WgaLogon.dll
19.06.2006 16:19 571.184 LegitCheckControl.dll
19.06.2006 16:19 304.944 WgaTray.exe
16.06.2006 14:34 48.936 sirenacm.dll
02.06.2006 11:04 57.384 avsda.dll
01.06.2006 20:47 27.648 jgpl400.dll
01.06.2006 20:47 163.840 jgdw400.dll
01.06.2006 19:09 208.896 nvumctl.exe
01.06.2006 19:09 208.896 NVUNINST.EXE
01.06.2006 19:09 208.896 nvunrm.exe
01.06.2006 19:09 208.896 nvusmb.exe
01.06.2006 19:09 208.896 nvugart.exe
01.06.2006 19:09 208.896 nvuide.exe
01.06.2006 17:22 208.896 nvudisp.exe
01.06.2006 17:22 1.740.800 nvwssr.dll
01.06.2006 17:22 5.246.976 nvdispsr.dll
01.06.2006 17:22 1.257.472 nvwss.dll
01.06.2006 17:22 462.848 nvmccssr.dll
01.06.2006 17:22 2.977.792 nvvitvsr.dll
01.06.2006 17:22 2.916.352 nvgamesr.dll
01.06.2006 17:22 2.859.008 nvmoblsr.dll

Volume in Laufwerk D: hat keine Bezeichnung.
Volumeseriennummer: 6826-BE05

Verzeichnis von D:\DOKUME~1\David\LOKALE~1\Temp

11.08.2006 15:31 0 is9.tmp
11.08.2006 15:22 203 jusched.log
2 Datei(en) 203 Bytes
0 Verzeichnis(se), 12.743.299.072 Bytes frei

11.08.2006 15:20 1.260.361 WindowsUpdate.log
11.08.2006 15:13 0 0.log
11.08.2006 15:13 159 wiadebug.log
11.08.2006 15:13 50 wiaservc.log
11.08.2006 15:12 2.048 bootstat.dat
11.08.2006 15:11 32.556 SchedLgU.Txt
11.08.2006 15:09 166.358 comsetup.log
11.08.2006 15:09 757.364 iis6.log
11.08.2006 15:09 21.634 ocmsn.log
11.08.2006 15:09 1.374 imsins.log
11.08.2006 15:09 12.382 KB920214.log
11.08.2006 15:09 100.239 ntdtcsetup.log
11.08.2006 15:09 33.504 tabletoc.log
11.08.2006 15:09 303.439 tsoc.log
11.08.2006 15:09 29.488 medctroc.Log
11.08.2006 15:09 114.334 netfxocm.log
11.08.2006 15:09 330.781 ocgen.log
11.08.2006 15:09 32.768 msgsocm.log
11.08.2006 15:09 647.040 FaxSetup.log
11.08.2006 15:09 208.386 msmqinst.log
11.08.2006 15:09 1.374 imsins.BAK
11.08.2006 15:09 12.887 KB922616.log
11.08.2006 15:09 45.159 updspapi.log
11.08.2006 15:09 11.956 KB920670.log
11.08.2006 15:09 12.017 KB917422.log
11.08.2006 15:09 15.199 KB920683.log
11.08.2006 14:51 184.328 setupact.log
11.08.2006 00:56 12.023 KB921398.log
10.08.2006 19:23 5.717 KB918899.log
10.08.2006 19:18 216.624 setupapi.log
09.08.2006 23:47 236.676 ntbtlog.txt
09.08.2006 23:31 56.930 wmsetup.log
09.08.2006 23:05 54.104 War3Unin.dat
09.08.2006 22:52 583 win.ini
09.08.2006 22:52 227 system.ini
09.08.2006 22:50 2.829 War3Unin.pif
09.08.2006 22:50 139.264 War3Unin.exe
09.08.2006 21:56 122 APSetup.log
09.08.2006 20:55 11.821 KB921883.log
08.08.2006 18:39 22.785 DIIUnin.dat
08.08.2006 18:32 2.829 DIIUnin.pif
08.08.2006 18:32 94.208 DIIUnin.exe
03.08.2006 22:05 1.068.601 setupapi.log.0.old
27.07.2006 04:41 169 RtlRack.ini
26.07.2006 23:38 6.104 ModemLog_Bluetooth DUN Modem.txt
26.07.2006 23:38 6.098 ModemLog_Bluetooth Fax Modem.txt
11.07.2006 21:50 505 GEARInstall.log
11.07.2006 21:38 13.272 KB917159.log
11.07.2006 21:37 13.839 KB914388.log
11.07.2006 21:37 11.883 KB916595.log
06.07.2006 10:07 9.421 WgaNotify.log
23.06.2006 20:25 265 SCNDRVU.INI
16.06.2006 18:59 32.576 spupdsvc.log
16.06.2006 00:12 12.189 KB917734.log
16.06.2006 00:11 14.146 KB918439.log
16.06.2006 00:11 14.331 KB917344.log
16.06.2006 00:11 14.137 KB917953.log
16.06.2006 00:11 14.453 KB911280.log
16.06.2006 00:11 17.961 KB916281.log
16.06.2006 00:11 11.699 KB914389.log
05.06.2006 17:36 2.162 ie7beta2_main.log
02.06.2006 22:47 15.344 WGA.log

Volume in Laufwerk D: hat keine Bezeichnung.
Volumeseriennummer: 6826-BE05

Verzeichnis von D:\

11.08.2006 17:01 0 sys.txt
11.08.2006 17:01 10.361 system.txt
11.08.2006 17:00 337 systemtemp.txt
11.08.2006 17:00 101.298 system32.txt
11.08.2006 15:12 1.610.612.736 pagefile.sys
11.08.2006 14:51 11.700 ComboFix.txt
24.07.2006 08:17 244 sqmnoopt00.sqm
24.07.2006 08:17 268 sqmdata00.sqm
01.11.2005 20:50 167.936 UOPatch.exe
02.07.2005 16:54 3.638 App.ico
16.01.2005 23:21 122.880 ICSharpCode.SharpZipLib.DLL
09.05.2004 22:27 6.144 SNSConversion.DLL
09.05.2004 22:08 5.632 SimpleNetworkSystems.Time.DLL
13 Datei(en) 1.611.043.174 Bytes
0 Verzeichnis(se), 12.743.270.400 Bytes frei

11.08.2006, 21:13

Sabina

Ehrenmitglied

Beiträge: 29434

#6 + dieses log posten
http://virus-protect.org/registry_stuff.html
__________
MfG Sabina

rund um die PC-Sicherheit

11.08.2006, 21:47

saphrus

...neu hier

Themenstarter

Beiträge: 5

#7 doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
doesn't exist HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System
doesn't exist HKEY_LOCAL_MACHINE\SSYSTEM\CurrentControlSet\Services\windowsnetwork
doesn't exist HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa
doesn't exist HKEY_CURRENT_USER\Software\Microsoft\OLE
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
-----------------------
-----------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Windows-Firewall/Gemeinsame Nutzung der Internetverbindung"
"DependOnService"=hex(7):4e,65,74,6d,61,6e,00,57,69,6e,4d,67,6d,74,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Bietet allen Computern in Privat- und Kleinunternehmensnetzwerken Dienste für die Netzwerkadressübersetzung, Adressierung, Namensauflösung und Eindringsschutz."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch]
"Epoch"=dword:00016353

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,69,70,6e,61,74,68,6c,70,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Programme\\MSN Messenger\\msnmsgr.exe"="D:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"D:\\Programme\\MSN Messenger\\msncall.exe"="D:\\Programme\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000
"DisableNotifications"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Programme\\Miranda IM\\miranda32.exe"="D:\\Programme\\Miranda IM\\miranda32.exe:*:Enabled:Miranda IM"
"E:\\Steam\\SteamApps\\saphrus@unitedfreakforce.de\\half-life\\hl.exe"="E:\\Steam\\SteamApps\\saphrus@unitedfreakforce.de\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"
"D:\\Programme\\utorrent\\utorrent.exe"="D:\\Programme\\utorrent\\utorrent.exe:*:Enabled:µTorrent"
"D:\\Programme\\InterVideo\\DVD7\\WinDVD.exe"="D:\\Programme\\InterVideo\\DVD7\\WinDVD.exe:*

isabled:WinDVD"
"E:\\World of Warcraft\\WoW.enGB\\WoW-1.9.4.5086-to-1.10.0.5195-enGB-downloader.exe"="E:\\World of Warcraft\\WoW.enGB\\WoW-1.9.4.5086-to-1.10.0.5195-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="D:\\Programme\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:Bluetooth Application"
"E:\\Ultima Online 3D\\No_Crypt_Client_3d.exe"="E:\\Ultima Online 3D\\No_Crypt_Client_3d.exe:*:Enabled:uotdd"
"D:\\mIRC\\mirc.exe"="D:\\mIRC\\mirc.exe:*:Enabled:mIRC"
"D:\\Dokumente und Einstellungen\\David\\Desktop\\WEB-WOWEx-E3-downloader.exe"="D:\\Dokumente und Einstellungen\\David\\Desktop\\WEB-WOWEx-E3-downloader.exe:*:Enabled:Blizzard Downloader"
"E:\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-deDE-downloader.exe"="E:\\World of Warcraft\\WoW-1.9.4.5086-to-1.10.0.5195-deDE-downloader.exe:*:Enabled:Blizzard Downloader"
"E:\\World of Warcraft\\WoW.enGB\\BackgroundDownloader.exe"="E:\\World of Warcraft\\WoW.enGB\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"D:\\Dokumente und Einstellungen\\David\\Desktop\\DarkmooneFaire_German-downloader.exe"="D:\\Dokumente und Einstellungen\\David\\Desktop\\DarkmooneFaire_German-downloader.exe:*:Enabled:Blizzard Downloader"
"H:\\eMule\\emule.exe"="H:\\eMule\\emule.exe:*:Enabled:eMule"
"F:\\eMule\\emule.exe"="F:\\eMule\\emule.exe:*:Enabled:eMule"
"Z:\\eMule\\emule.exe"="Z:\\eMule\\emule.exe:*:Enabled:eMule"
"E:\\World of Warcraft\\WoW.enGB\\WoW-1.10.2.5302-to-1.11.0.5428-enGB-downloader.exe"="E:\\World of Warcraft\\WoW.enGB\\WoW-1.10.2.5302-to-1.11.0.5428-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"E:\\Steam\\SteamApps\\saphrus@unitedfreakforce.de\\team fortress classic\\hl.exe"="E:\\Steam\\SteamApps\\saphrus@unitedfreakforce.de\\team fortress classic\\hl.exe:*:Enabled:Half-Life Launcher"
"D:\\Programme\\Xfire\\Xfire.exe"="D:\\Programme\\Xfire\\Xfire.exe:*:Enabled:Xfire"
"E:\\World of Warcraft\\WoW.enGB\\WoW-1.11.1.5462-to-1.11.2.5464-enGB-downloader.exe"="E:\\World of Warcraft\\WoW.enGB\\WoW-1.11.1.5462-to-1.11.2.5464-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\\Programme\\ICQLite\\ICQLite.exe"="D:\\Programme\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"D:\\Programme\\MSN Messenger\\msnmsgr.exe"="D:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"D:\\Programme\\MSN Messenger\\msncall.exe"="D:\\Programme\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"D:\\Programme\\Skype\\Phone\\Skype.exe"="D:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"D:\\WINDOWS\\system32\\svchost.exe"="D:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
"D:\\Programme\\BitTornado\\btdownloadgui.exe"="D:\\Programme\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum]
"0"="Root\\LEGACY_SHAREDACCESS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Sicherheitscenter"
"DependOnService"=hex(7):52,70,63,53,73,00,77,69,6e,6d,67,6d,74,00,00
"ObjectName"="LocalSystem"
"Description"="Überwacht Systemsicherheitseinstellungen und -konfigurationen."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters]
"ServiceDll"=hex(2):25,53,59,53,54,45,4d,52,4f,4f,54,25,5c,73,79,73,74,65,6d,\
33,32,5c,77,73,63,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Enum]
"0"="Root\\LEGACY_WSCSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
"autodisconnect"=dword:0000000f
"enableforcedlogoff"=dword:00000001
"enablesecuritysignature"=dword:00000000
"requiresecuritysignature"=dword:00000000
"NullSessionPipes"=hex(7):43,4f,4d,4e,41,50,00,43,4f,4d,4e,4f,44,45,00,53,51,\
4c,5c,51,55,45,52,59,00,53,50,4f,4f,4c,53,53,00,4c,4c,53,52,50,43,00,62,72,\
6f,77,73,65,72,00,00
"NullSessionShares"=hex(7):43,4f,4d,43,46,47,00,44,46,53,24,00,00
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,73,72,76,73,76,63,2e,64,6c,6c,00
"Lmannounce"=dword:00000000
"Size"=dword:00000001
"Guid"=hex:ed,e6,9d,79,73,7b,f0,43,af,67,82,15,04,4c,a8,e6
"AdjustedNullSessionPipes"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters]
"enableplaintextpassword"=dword:00000000
"enablesecuritysignature"=dword:00000001
"requiresecuritysignature"=dword:00000000
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,77,6b,73,73,76,63,2e,64,6c,6c,00
"OtherDomains"=hex(7):00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]
"Type"=dword:00000020
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Nachrichtendienst"
"DependOnService"=hex(7):4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,\
4e,65,74,42,49,4f,53,00,50,6c,75,67,50,6c,61,79,00,52,70,63,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Überträgt NET SEND- und Warndienstnachrichten zwischen Clients und Servern. Dieser Dienst ist nicht mit Windows Messenger verwandt. Der Warndienst überträgt keine Nachrichten, falls dieser Dienst beendet wird. Falls dieser Dienst deaktiviert wird, können die Dienste, die von diesem Dienst ausschließlich abhängig sind, nicht mehr gestartet werden."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,6d,73,67,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Enum]
"0"="Root\\LEGACY_MESSENGER\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
"Description"="Ermöglicht Remotebenutzern, Registrierungseinstellungen dieses Computers zu verändern. Wenn dieser Dienst beendet wird, kann die Registrierung nur von lokalen Benutzern dieses Computers verändert werden. Wenn dieser Dienst deaktiviert wird, werden alle von diesem Dienst explizit abhängigen Dienste nicht gestartet werden können."
"DependOnService"=hex(7):52,50,43,53,53,00,00
"DisplayName"="Remote-Registrierung"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,4c,6f,63,61,6c,53,65,72,\
76,69,63,65,00
"ObjectName"="NT AUTHORITY\\LocalService"
"Group"=""
"Start"=dword:00000002
"Type"=dword:00000020
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,e0,ad,08,\
00,01,00,00,00,e8,03,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,72,65,67,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum]
"0"="Root\\LEGACY_REMOTEREGISTRY\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]
"Type"=dword:00000010
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):44,3a,5c,57,49,4e,44,4f,57,53,5c,53,79,73,74,65,6d,33,32,5c,\
74,6c,6e,74,73,76,72,2e,65,78,65,00
"DisplayName"="Telnet"
"DependOnService"=hex(7):52,50,43,53,53,00,54,43,50,49,50,00,4e,54,4c,4d,53,53,\
50,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"=hex(2):45,72,6d,f6,67,6c,69,63,68,74,20,65,69,6e,65,6d,20,52,65,\
6d,6f,74,65,62,65,6e,75,74,7a,65,72,2c,20,73,69,63,68,20,61,6e,20,64,69,65,\
73,65,6d,20,43,6f,6d,70,75,74,65,72,20,61,6e,7a,75,6d,65,6c,64,65,6e,20,75,\
6e,64,20,50,72,6f,67,72,61,6d,6d,65,20,61,75,73,7a,75,66,fc,68,72,65,6e,2e,\
20,55,6e,74,65,72,73,74,fc,74,7a,74,20,76,65,72,73,63,68,69,65,64,65,6e,65,\
20,54,43,50,2f,49,50,2d,54,65,6c,6e,65,74,63,6c,69,65,6e,74,73,2c,20,65,69,\
6e,73,63,68,6c,69,65,df,6c,69,63,68,20,55,4e,49,58,2d,62,61,73,69,65,72,74,\
65,6e,20,75,6e,64,20,57,69,6e,64,6f,77,73,2d,62,61,73,69,65,72,74,65,6e,20,\
43,6f,6d,70,75,74,65,72,6e,2e,20,57,65,6e,6e,20,64,69,65,73,65,72,20,44,69,\
65,6e,73,74,20,61,6e,67,65,68,61,6c,74,65,6e,20,77,69,72,64,2c,20,69,73,74,\
20,64,65,72,20,52,65,6d,6f,74,65,7a,75,67,72,69,66,66,20,6d,f6,67,6c,69,63,\
68,65,72,77,65,69,73,65,20,6e,69,63,68,74,20,6d,65,68,72,20,76,65,72,66,fc,\
67,62,61,72,2e,20,57,65,6e,6e,20,64,69,65,73,65,72,20,44,69,65,6e,73,74,20,\
64,65,61,6b,74,69,76,69,65,72,74,20,77,69,72,64,2c,20,6b,f6,6e,6e,65,6e,20,\
61,6c,6c,65,20,44,69,65,6e,73,74,65,2c,20,64,69,65,20,65,78,70,6c,69,7a,69,\
74,20,76,6f,6e,20,64,69,65,73,65,6d,20,44,69,65,6e,73,74,20,61,62,68,e4,6e,\
67,65,6e,2c,20,6e,69,63,68,74,20,6d,65,68,72,20,67,65,73,74,61,72,74,65,74,\
20,77,65,72,64,65,6e,2e,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\
14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\
00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\
5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\
5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00
"EnableDCOM"="Y"
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\
63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00
"LsaPid"=dword:0000031c
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000001
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
"ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\
50,72,6f,76,69,64,65,72,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
"Pattern"=hex:03,9c,5d,98,5b,4a,40,60,18,49,a6,41,f5,ea,3c,35,63,66,66,62,64,\
62,35,36,00,68,07,00,01,00,00,00,d8,00,00,00,dc,00,00,00,48,fa,06,00,d6,48,\
52,74,04,00,00,00,a0,fd,06,00,b8,fd,06,00,d1,db,eb,b1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
"GrafBlumGroup"=hex:48,b0,81,86,4e,df,32,fe,a5

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
"Lookup"=hex:6e,53,f6,9a,a1,9f

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
"SkewMatrix"=hex:cf,e4,ae,c7,4b,7b,4e,a6,42,7d,b8,e3,7c,dc,87,65

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
"Time"=hex:16,13,e2,13,d5,4d,c6,01

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:80,6c,27,a9,f8,79,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,8a,53,ad,f8,79,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:80,4d,1d,af,f8,79,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

11.08.2006, 22:56

Sabina

Ehrenmitglied

Beiträge: 29434

#8 Avenger
http://virus-protect.org/artikel/tools/avenger.html

kopiere rein:

Zitat

registry keys to delete:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS_LOG\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Log
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_LOG\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows Log
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINDOWS_LOG\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Windows Log
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_LOG\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Log

Files to delete:

D:\WINDOWS\system32\nvsvcd.exe
D:\WINDOWS\system\smss.exe

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

**
poste das log vom avenger, was nach neustart erscheint

**
öffne das HijackThis -- Button "scan" -- vor Eintrag Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O4 - HKLM\..\Run: [.nvsvc] D:\WINDOWS\system\smss.exe /w

Pc neustarten
__________
MfG Sabina

rund um die PC-Sicherheit

12.08.2006, 01:03

saphrus

...neu hier

Themenstarter

Beiträge: 5

#9 Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\varqmlgb

*******************

Script file located at: \??\D:\rmigigup.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at D:\Avenger

*******************

Beginning to process script file:

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS_LOG\0000 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Log deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_LOG\0000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_LOG\0000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_LOG\0000
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows Log not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows Log failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows Log
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINDOWS_LOG\0000 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Windows Log deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_LOG\0000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_LOG\0000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_LOG\0000
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Log not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Log failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Log
Status: 0xc0000034

File D:\WINDOWS\system32\nvsvcd.exe not found!
Deletion of file D:\WINDOWS\system32\nvsvcd.exe failed!

Could not process line:
D:\WINDOWS\system32\nvsvcd.exe
Status: 0xc0000034

File D:\WINDOWS\system\smss.exe not found!
Deletion of file D:\WINDOWS\system\smss.exe failed!

Could not process line:
D:\WINDOWS\system\smss.exe
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

12.08.2006, 14:03

Sabina

Ehrenmitglied

Beiträge: 29434

#10 scanne ONline mit kaspersky und poste den report
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1