Brauche Tipps wegen Malware!Sachen schon reinkopiert(WinPFind) |
||
---|---|---|
#0
| ||
21.08.2006, 20:43
...neu hier
Beiträge: 3 |
||
|
||
22.08.2006, 12:01
Ehrenmitglied
Beiträge: 29434 |
#2
maxi.jost
0. poste dieses log http://virus-protect.org/artikel/tools/combofix.html 1. stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html 2. Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html 3. Hijackthis http://computercops.biz/zx/Merijn/hijackthis.zip http://virus-protect.org/hjtkurz.html Lade/entpacke HijackThis in einem Ordner --> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
22.08.2006, 13:06
...neu hier
Themenstarter Beiträge: 3 |
#3
Familie Jost - 06-08-22 12:59:32,90
ComboFix 06.08.18 - Running from: C:\Programme\Mozilla Firefox (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\ishost.exe C:\WINDOWS\system32\ismon.exe C:\WINDOWS\system32\isnotify.exe C:\WINDOWS\system32\issearch.exe C:\WINDOWS\system32\ixt0.dll C:\Programme\ToolBar888 C:\WINDOWS\system32\components C:\WINDOWS\system32\ishost.exe C:\WINDOWS\system32\ismon.exe C:\WINDOWS\system32\isnotify.exe C:\WINDOWS\system32\issearch.exe C:\WINDOWS\system32\ixt0.dll C:\Programme\Gemeinsame Dateien\{320D180E-0710-1031-0830-050407280031} ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\QooBox\Purity\WINDOWS\system32\RACLE~1 C:\QooBox\Purity\WINDOWS\system32\YMBOLS~1 C:\QooBox\Purity\Dokumente und Einstellungen\Familie Jost\Eigene Dateien\SKS~1 ((((((((((((((((((((((((((((((( Files Created from 2006-07-22 to 2006-08-22 )))))))))))))))))))))))))))))))))) 2006-08-21 20:00 621,366 C:\WINDOWS\system32\xbeeg.bak1 2006-08-21 20:00 573,492 C:\WINDOWS\system32\geebx.dll 2006-08-21 20:00 13,844 C:\WINDOWS\system32\bgaravlv.exe 2006-08-21 16:29 40,973 C:\WINDOWS\system32\pmnkkkj.dll 2006-08-20 13:44 53,248 C:\WINDOWS\system32\process.exe 2006-08-20 13:44 126,976 C:\WINDOWS\system32\zip.exe 2006-08-20 11:20 8,752 C:\WINDOWS\system32\isnotify.exe 2006-08-20 11:20 33,280 C:\WINDOWS\system32\issearch.exe 2006-08-20 11:20 21,504 C:\WINDOWS\system32\ixt0.dll 2006-08-20 11:20 2 C:\WINDOWS\system32\wnsapisv.exe 2006-08-20 11:18 5,120 C:\WINDOWS\system32\ismon.exe 2006-08-20 11:18 34,832 C:\WINDOWS\system32\ishost.exe 2006-08-20 11:18 18,944 C:\WINDOWS\system32\winzdn32.dll 2006-08-20 11:18 13,312 C:\WINDOWS\system32\f1c56988.exe 2006-08-15 15:55 31,232 C:\WINDOWS\system32\i2errDeu.dll 2006-08-15 15:54 974,848 C:\WINDOWS\system32\mfc70.dll 2006-08-15 15:54 16,896 C:\WINDOWS\system32\avmprmon.dll 2006-08-09 14:12 55,808 C:\WINDOWS\system32\avmadd32.dll 2006-08-09 14:12 33,792 C:\WINDOWS\system32\avmcowlan.dll 2006-07-29 19:32 48,936 C:\WINDOWS\system32\sirenacm.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-08-22 12:44 5120 --a------ C:\WINDOWS\system32\ismon.exe 2006-08-22 12:44 21504 --a------ C:\WINDOWS\system32\ixt0.dll 2006-08-21 20:00 621366 ---hs---- C:\WINDOWS\system32\xbeeg.bak1 2006-08-21 20:00 573492 ---hs---- C:\WINDOWS\system32\geebx.dll 2006-08-21 20:00 13844 --a------ C:\WINDOWS\system32\bgaravlv.exe 2006-08-21 16:41 -------- d-------- C:\Programme\Cowabanga 2006-08-21 16:35 2 --a------ C:\WINDOWS\system32\wnsapisv.exe 2006-08-21 16:29 40973 --------- C:\WINDOWS\system32\pmnkkkj.dll 2006-08-21 16:29 34832 --a------ C:\WINDOWS\system32\ishost.exe 2006-08-21 15:03 33280 --a------ C:\WINDOWS\system32\issearch.exe 2006-08-20 11:20 8752 --a------ C:\WINDOWS\system32\isnotify.exe 2006-08-20 11:20 -------- d-------- C:\Programme\Safety Bar 2006-08-20 11:18 18944 --a------ C:\WINDOWS\system32\winzdn32.dll 2006-08-20 11:18 13312 --a------ C:\WINDOWS\system32\f1c56988.exe 2006-08-19 14:12 1288 --a------ C:\Dokumente und Einstellungen\Familie Jost\Anwendungsdaten\wklnhst.dat 2006-08-16 22:05 -------- d-------- C:\Programme\Lavasoft 2006-08-16 21:44 -------- d-------- C:\Programme\Mozilla Firefox 2006-08-15 21:08 -------- d-------- C:\Programme\MSN Messenger 2006-08-15 15:54 -------- d-------- C:\Programme\FRITZ!DSL 2006-08-15 15:54 -------- d-------- C:\Programme\FRITZ!Box 2006-08-13 12:02 -------- d-------- C:\Programme\AceBIT 2006-08-09 14:12 -------- d-------- C:\Programme\avmwlanstick 2006-08-08 21:01 -------- d-------- C:\Programme\Gemeinsame Dateien\SSCE 2006-08-08 21:01 -------- d-------- C:\Programme\Cornelsen 2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll 2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll 2006-07-01 12:55 -------- d-------- C:\Programme\Learn2.com 2006-05-28 12:14 5992960 --a------ C:\Programme\icq5_1_german_setup2405.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" "SoundMan"="SOUNDMAN.EXE" "ntiMUI"="c:\\Programme\\NewTech Infosystems\\NTI CD & DVD-Maker 7\\ntiMUI.exe" "RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe" "ccApp"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\"" "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC" "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC" "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName" "eRecoveryService"="C:\\Programme\\Acer\\eRecovery\\Monitor.exe" "SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe" "AspireService"="C:\\Programme\\Acer\\Acer eMode Management\\AspireService.exe" "MediaSync"="C:\\Programme\\Acer\\Acer eConsole\\MediaSync.exe" "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb08.exe" "Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay" "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 "AVMWlanClient"="C:\\Programme\\avmwlanstick\\FRITZWLANMini.exe" "f1c56988.exe"="C:\\WINDOWS\\system32\\f1c56988.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "f1c56988.exe"="C:\\Dokumente und Einstellungen\\Familie Jost\\Lokale Einstellungen\\Anwendungsdaten\\f1c56988.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] "rasdge"="C:\\WINDOWS\\system32\\rasdge.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="http://foto.knuddels.de/fotogalerie/knuddels.de/foto/64/hangnail_p.jpg" "SubscribedURL"="http://foto.knuddels.de/fotogalerie/knuddels.de/foto/64/hangnail_p.jpg" "FriendlyName"="" "Flags"=dword:00000001 "Position"=hex:2c,00,00,00,8d,02,00,00,1a,01,00,00,18,01,00,00,d2,00,00,00,e8,\ 03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:01,00,00,00 "OriginalStateInfo"=hex:18,00,00,00,12,03,00,00,19,01,00,00,18,01,00,00,d2,00,\ 00,00,01,00,00,40 "RestoredStateInfo"=hex:14,6d,11,0e,41,c0,ac,74,88,66,d8,03,68,de,11,0e,20,6d,\ 11,0e,79,05,00,00 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{5A3E97DD-2A08-48BC-8F43-C0DEABC90266}"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Speed Launch.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader Speed Launch.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AOL 9.0 Tray-Symbol.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\AOL 9.0 Tray-Symbol.lnk" "backup"="C:\\WINDOWS\\pss\\AOL 9.0 Tray-Symbol.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\AOL9~1.0\\aoltray.exe -check" "item"="AOL 9.0 Tray-Symbol" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\Anti-Blaxx Manager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Anti-Blaxx" "hkey"="HKLM" "command"="C:\\Programme\\Anti-Blaxx\\Anti-Blaxx.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\AOLDialer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AOLDial" "hkey"="HKLM" "command"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\DAEMON Tools-1033] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="daemon" "hkey"="HKLM" "command"="\"C:\\Programme\\D-Tools\\daemon.exe\" -lang 1033" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\DeviceDiscovery] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="hpotdd01" "hkey"="HKLM" "command"="C:\\Programme\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\HP Software Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPWuSchd" "hkey"="HKLM" "command"="C:\\Programme\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\ICQ Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ICQLite" "hkey"="HKLM" "command"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\MsnMsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Programme\\MSN Messenger\\msnmsgr.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\RealTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RealPlay" "hkey"="HKLM" "command"="C:\\Programme\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\WinampAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="winampa" "hkey"="HKLM" "command"="C:\\Programme\\Winamp\\winampa.exe" "inimapping"="0" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geebx HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzdn32 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Symantec NetDetect.job C:\WINDOWS\tasks\Norton AntiVirus - Meinen Computer prfen - Familie Jost.job Completion time: 22.08.2006 13:02:15.81 ComboFix.txt |
|
|
||
22.08.2006, 21:56
Ehrenmitglied
Beiträge: 29434 |
#4
maxi.jost
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint Zitat cd\Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html 3. Hijackthis http://computercops.biz/zx/Merijn/hijackthis.zip http://virus-protect.org/hjtkurz.html Lade/entpacke HijackThis in einem Ordner --> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" __________ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.08.2006, 20:16
...neu hier
Themenstarter Beiträge: 3 |
#5
Datentr„ger in Laufwerk C: ist MAXI
Volumeseriennummer: 320D-180E Verzeichnis von C:\WINDOWS\system32 30.08.2006 20:15 788.720 xbeeg.ini2 30.08.2006 19:28 787.785 xbeeg.bak2 30.08.2006 19:27 0 eRLog.ini 30.08.2006 19:26 19.456 ixt0.dll 30.08.2006 19:26 5.120 ismon.exe 30.08.2006 19:26 1.158 wpa.dbl 30.08.2006 17:31 30.720 issearch.exe 30.08.2006 17:31 8.712 isnotify.exe 30.08.2006 17:29 36.368 ishost.exe 30.08.2006 13:26 679.500 xbeeg.tmp 29.08.2006 21:40 679.500 xbeeg.ini 21.08.2006 20:00 13.844 bgaravlv.exe 21.08.2006 20:00 621.366 xbeeg.bak1 21.08.2006 20:00 573.492 geebx.dll 21.08.2006 16:35 2 wnsapisv.exe 21.08.2006 16:29 40.973 pmnkkkj.dll 20.08.2006 11:20 4.286 ot.ico 20.08.2006 11:20 4.286 ts.ico 20.08.2006 11:18 13.312 f1c56988.exe 20.08.2006 11:18 18.944 winzdn32.dll 17.08.2006 14:09 23.392 nscompat.tlb 17.08.2006 14:09 16.832 amcompat.tlb 10.08.2006 13:16 64.452 perfc007.dat 10.08.2006 13:16 392.512 perfh007.dat 10.08.2006 13:16 53.436 perfc009.dat 10.08.2006 13:16 902.476 PerfStringBackup.INI 10.08.2006 13:16 381.692 perfh009.dat 09.08.2006 21:03 8.325.544 MRT.exe 09.08.2006 12:51 211.288 FNTCACHE.DAT 29.07.2006 19:32 48.936 sirenacm.dll 28.07.2006 13:28 3.075.072 mshtml.dll 27.07.2006 15:25 679.424 inetcomm.dll 25.07.2006 22:33 615.936 urlmon.dll 21.07.2006 10:29 72.704 hlink.dll 14.07.2006 17:38 332.288 netapi32.dll 14.07.2006 17:25 546.304 hhctrl.ocx 13.07.2006 15:34 8.494.592 shell32.dll 05.07.2006 12:55 1.057.792 kernel32.dll 26.06.2006 19:40 8.192 rasadhlp.dll 26.06.2006 19:40 148.480 dnsapi.dll 23.06.2006 13:10 146.432 msrating.dll 23.06.2006 13:10 474.624 shlwapi.dll 23.06.2006 13:10 532.480 mstime.dll 23.06.2006 13:10 1.494.016 shdocvw.dll 23.06.2006 13:10 448.512 mshtmled.dll 23.06.2006 13:10 39.424 pngfilt.dll 23.06.2006 13:10 664.576 wininet.dll 23.06.2006 13:10 1.056.256 danim.dll 23.06.2006 13:10 357.888 dxtmsft.dll 23.06.2006 13:10 1.022.976 browseui.dll 23.06.2006 13:10 251.392 iepeers.dll 23.06.2006 13:10 96.768 inseng.dll 23.06.2006 13:10 55.808 extmgr.dll 23.06.2006 13:10 16.384 jsproxy.dll 23.06.2006 13:10 152.064 cdfview.dll 23.06.2006 13:10 205.312 dxtrans.dll 23.06.2006 10:53 27.136 xpsp3res.dll |
|
|
||
30.08.2006, 23:23
Ehrenmitglied
Beiträge: 29434 |
#6
maxi.jost
vundofix abarbeiten http://virus-protect.org/artikel/tools/vundofixx.html smitfraudfix abarbeiten http://virus-protect.org/artikel/tools/smitfrautfix.html loeschen, was ich oben rot gekennzeichnet habe, es sind aber noch mehr viren drauf..... sehr duerftig... datfindbat enthaelt 4 logs und die anderen logs ... keine Spur zu sehen so kann ich nicht arbeiten.........wenn ich die logs nicht alle bekomme, musst du dich nach einem anderen Helfer umsehen. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
PEC2 28.03.2006 19:45:42 6119363 C:\Programme\FIFA06_PATCH1_en.exe
Checking %WinDir% folder...
UPX! 21.08.2006 16:30:54 39424 C:\WINDOWS\YAXUninst.exe
UPX! 22.08.2004 17:04:56 69120 C:\WINDOWS\daemon.dll
Checking %System% folder...
PEC2 04.08.2004 05:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc
aspack 26.05.2005 15:34:52 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll
winsync 04.08.2004 05:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
aspack 04.08.2004 05:00:00 733696 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 04.08.2004 05:00:00 686592 C:\WINDOWS\SYSTEM32\rasdlg.dll
PEC2 20.08.2006 11:18:46 18944 C:\WINDOWS\SYSTEM32\winzdn32.dll
PECompact2 20.08.2006 11:18:46 18944 C:\WINDOWS\SYSTEM32\winzdn32.dll
PTech 19.06.2006 16:19:42 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PTech 19.06.2006 16:19:26 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe
UPX! 20.08.2006 11:18:54 13312 C:\WINDOWS\SYSTEM32\f1c56988.exe
UPX! 21.08.2006 16:30:52 155136 C:\WINDOWS\SYSTEM32\oins.exe
PECompact2 09.08.2006 21:03:04 8325544 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 09.08.2006 21:03:04 8325544 C:\WINDOWS\SYSTEM32\MRT.exe
Checking %System%\Drivers folder and sub-folders...
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
21.08.2006 19:54:10 S 2048 C:\WINDOWS\bootstat.dat
21.08.2006 16:17:48 H 54156 C:\WINDOWS\QTFont.qfn
21.08.2006 20:00:22 HS 573492 C:\WINDOWS\system32\geebx.dll
21.08.2006 20:00:30 HS 621366 C:\WINDOWS\system32\xbeeg.bak1
21.08.2006 20:27:14 HS 622340 C:\WINDOWS\system32\xbeeg.ini
21.08.2006 20:00:24 H 1024 C:\WINDOWS\system32\config\system.LOG
21.08.2006 20:27:20 H 1024 C:\WINDOWS\system32\config\software.LOG
21.08.2006 20:07:16 H 1024 C:\WINDOWS\system32\config\default.LOG
21.08.2006 19:54:20 H 1024 C:\WINDOWS\system32\config\SAM.LOG
21.08.2006 19:55:20 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
16.08.2006 15:56:52 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
15.08.2006 21:08:52 S 136 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5
15.08.2006 21:08:52 S 126 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8
15.08.2006 21:08:52 S 98 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165
15.08.2006 21:08:52 S 574 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5
15.08.2006 21:08:52 S 341 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8
15.08.2006 21:08:52 S 413 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165
17.08.2006 14:08:08 H 0 C:\WINDOWS\system32\drivers\umdf\MsftWdf_user_01_00_00.Wdf
14.07.2006 18:12:34 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB921883.cat
05.07.2006 16:03:52 S 7645 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem14.CAT
26.06.2006 21:46:42 S 11929 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920683.cat
05.07.2006 14:21:30 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917422.cat
21.07.2006 11:02:46 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920670.cat
28.07.2006 14:15:50 S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918899.cat
13.07.2006 16:24:10 S 13050 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB921398.cat
14.07.2006 17:52:58 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922616.cat
27.07.2006 16:00:50 S 10337 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920214.cat
08.07.2006 12:51:00 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\256c792f-dfd9-4865-b28d-41da85bc98fb
08.07.2006 12:51:00 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
30.07.2006 19:22:52 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
30.07.2006 19:22:52 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\f6272c2d-48aa-4f42-ab36-d733ebf0460e
21.08.2006 16:29:48 HS 43 C:\WINDOWS\Temp\removalfile.bat
21.08.2006 19:54:14 H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 04.08.2004 05:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 04.08.2004 05:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 04.08.2004 05:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 04.08.2004 05:00:00 138240 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 04.08.2004 05:00:00 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 04.08.2004 05:00:00 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 04.08.2004 05:00:00 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 04.08.2004 05:00:00 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 04.08.2004 05:00:00 359424 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 04.08.2004 05:00:00 133120 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 04.08.2004 05:00:00 381440 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 04.08.2004 05:00:00 69632 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 04.08.2004 05:00:00 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 04.08.2004 05:00:00 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 04.08.2004 05:00:00 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 04.08.2004 05:00:00 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 04.08.2004 05:00:00 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 04.08.2004 05:00:00 303104 C:\WINDOWS\SYSTEM32\sysdm.cpl
RealNetworks, Inc. 03.01.2006 18:35:54 25088 C:\WINDOWS\SYSTEM32\prefscpl.cpl
Microsoft Corporation 04.08.2004 05:00:00 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 04.08.2004 05:00:00 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 04.08.2004 05:00:00 70656 C:\WINDOWS\SYSTEM32\access.cpl
Apple Computer, Inc. 20.01.2004 15:10:52 324608 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Realtek Semiconductor Corp. 08.06.2005 08:31:34 18726912 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Sun Microsystems, Inc. 10.11.2005 13:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 04.08.2004 05:00:00 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 04.08.2004 05:00:00 70656 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 04.08.2004 05:00:00 555008 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 04.08.2004 06:00:00 138240 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 04.08.2004 05:00:00 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 04.08.2004 06:00:00 133120 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 04.08.2004 05:00:00 359424 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 04.08.2004 05:00:00 69632 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 04.08.2004 05:00:00 157184 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 04.08.2004 05:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 04.08.2004 06:00:00 625152 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 04.08.2004 05:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 04.08.2004 05:00:00 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 04.08.2004 05:00:00 260096 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 04.08.2004 05:00:00 117248 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 04.08.2004 05:00:00 159744 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 04.08.2004 05:00:00 303104 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 04.08.2004 05:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 04.08.2004 05:00:00 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 04.08.2004 05:00:00 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
22.10.2005 07:25:46 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
Checking files in %ALLUSERSPROFILE%\Application Data folder...
22.10.2005 07:19:18 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini
Checking files in %USERPROFILE%\Startup folder...
22.10.2005 07:25:46 HS 84 C:\Dokumente und Einstellungen\Familie Jost\Startmenü\Programme\Autostart\desktop.ini
Checking files in %USERPROFILE%\Application Data folder...
22.10.2005 07:19:18 HS 62 C:\Dokumente und Einstellungen\Familie Jost\Anwendungsdaten\desktop.ini
11.01.2006 17:30:28 235 C:\Dokumente und Einstellungen\Familie Jost\Anwendungsdaten\devices.xml
11.01.2006 17:30:28 12 C:\Dokumente und Einstellungen\Familie Jost\Anwendungsdaten\settings.xml
19.08.2006 14:12:38 1288 C:\Dokumente und Einstellungen\Familie Jost\Anwendungsdaten\wklnhst.dat
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programme\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programme\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= c:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
=
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}
RXResultTracker Class = C:\PROGRA~1\RXTOOL~1\sfcont.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{873eb32d-ae1a-4183-89bd-45a77f761be4}
= C:\WINDOWS\system32\ixt0.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}
Windows Live Sign-in Helper = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A49AAEF9-C579-4FEC-94A2-021A25A7DD23}
= C:\WINDOWS\system32\pmkjj.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Programme\Norton AntiVirus\NavShExt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}
ToolBar888 = C:\Programme\ToolBar888\MyToolBar.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DAD0D231-050A-4035-9524-24B1EF16122A}
= C:\WINDOWS\system32\geebx.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0A2EA26-25B3-2036-C4FC-02222AF97994}
= C:\WINDOWS\system32\wmrqt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tipps und Tricks = %SystemRoot%\system32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\system32\Shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Programme\Norton AntiVirus\NavShExt.dll
{855F3B16-6D32-4fe6-8A56-BBB695989046} = ICQ Toolbar : C:\Programme\ICQToolbar\toolbaru.dll
{CBCC61FA-0221-4ccc-B409-CEE865CACA3A} = ToolBar888 : C:\Programme\ToolBar888\MyToolBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Konsole : C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}
ButtonText = ICQ Lite : C:\Programme\ICQLite\ICQLite.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Programme\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\system32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Programme\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{855F3B16-6D32-4FE6-8A56-BBB695989046} = ICQ Toolbar : C:\Programme\ICQToolbar\toolbaru.dll
{CBCC61FA-0221-4CCC-B409-CEE865CACA3A} = ToolBar888 : C:\Programme\ToolBar888\MyToolBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
LaunchApp Alaunch
SoundMan SOUNDMAN.EXE
ntiMUI c:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
RemoteControl C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
ccApp "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
IMJPMIG8.1 "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSPY2002 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
eRecoveryService C:\Programme\Acer\eRecovery\Monitor.exe
SunJavaUpdateSched C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
AspireService C:\Programme\Acer\Acer eMode Management\AspireService.exe
MediaSync C:\Programme\Acer\Acer eConsole\MediaSync.exe
HPDJ Taskbar Utility C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
QuickTime Task "C:\Programme\QuickTime\qttask.exe" -atboottime
ATICCC "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
KernelFaultCheck %systemroot%\system32\dumprep 0 -k
AVMWlanClient C:\Programme\avmwlanstick\FRITZWLANMini.exe
f1c56988.exe C:\WINDOWS\system32\f1c56988.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE C:\WINDOWS\system32\ctfmon.exe
f1c56988.exe C:\Dokumente und Einstellungen\Familie Jost\Lokale Einstellungen\Anwendungsdaten\f1c56988.exe
Shea "C:\WINDOWS\system32\YMBOLS~1\winlogon.exe" -vt yax
Czfveec C:\WINDOWS\system32\?racle\w?auboot.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
ICQ Lite C:\Programme\ICQLite\ICQLite.exe -trayboot
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Speed Launch.lnk
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AOL 9.0 Tray-Symbol.lnk
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AOL 9.0 Tray-Symbol.lnk
backup C:\WINDOWS\pss\AOL 9.0 Tray-Symbol.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\AOL9~1.0\aoltray.exe -check
item AOL 9.0 Tray-Symbol
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AOL 9.0 Tray-Symbol.lnk
backup C:\WINDOWS\pss\AOL 9.0 Tray-Symbol.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\AOL9~1.0\aoltray.exe -check
item AOL 9.0 Tray-Symbol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Anti-Blaxx Manager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Anti-Blaxx
hkey HKLM
command C:\Programme\Anti-Blaxx\Anti-Blaxx.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Anti-Blaxx
hkey HKLM
command C:\Programme\Anti-Blaxx\Anti-Blaxx.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOLDialer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AOLDial
hkey HKLM
command C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AOLDial
hkey HKLM
command C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools-1033
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item daemon
hkey HKLM
command "C:\Programme\D-Tools\daemon.exe" -lang 1033
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item daemon
hkey HKLM
command "C:\Programme\D-Tools\daemon.exe" -lang 1033
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DeviceDiscovery
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpotdd01
hkey HKLM
command C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpotdd01
hkey HKLM
command C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item HPWuSchd
hkey HKLM
command C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item HPWuSchd
hkey HKLM
command C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ICQ Lite
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ICQLite
hkey HKLM
command "C:\Programme\ICQLite\ICQLite.exe" -minimize
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ICQLite
hkey HKLM
command "C:\Programme\ICQLite\ICQLite.exe" -minimize
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Programme\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Programme\Messenger\msmsgs.exe" /background
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MsnMsgr
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msnmsgr
hkey HKCU
command "C:\Programme\MSN Messenger\msnmsgr.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msnmsgr
hkey HKCU
command "C:\Programme\MSN Messenger\msnmsgr.exe" /background
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RealTray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RealPlay
hkey HKLM
command C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RealPlay
hkey HKLM
command C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinampAgent
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winampa
hkey HKLM
command C:\Programme\Winamp\winampa.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winampa
hkey HKLM
command C:\Programme\Winamp\winampa.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run
ishost.exe ishost.exe
issearch.exe issearch.exe
kernel32.dll C:\WINDOWS\system32\isnotify.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
rasdge C:\WINDOWS\system32\rasdge.exe
{320D180E-0710-1031-0830-050407280031} "C:\Programme\Gemeinsame Dateien\{320D180E-0710-1031-0830-050407280031}\Update.exe" mc-110-12-0000272
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll
WPDShServiceObj {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\geebx
= C:\WINDOWS\system32\geebx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzdn32
= winzdn32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 21.08.2006 20:27:40
Grüße, Maxi