Taskmanager ist wegThema ist geschlossen! |
||
|---|---|---|
Thema ist geschlossen! |
||
| #0
| ||
|
26.08.2006, 12:25
Member
Beiträge: 22 |
||
 
|
|
|
|
26.08.2006, 12:50
Ehrenmitglied
 Beiträge: 29434 |
#2
poste bitte dieses log
http://virus-protect.org/silentrunner.html + dieses Log http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
26.08.2006, 15:08
Member
Themenstarter Beiträge: 22 |
#3
Hallo Sabina,
hier die logs: "Silent Runners.vbs", revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "H/PC Connection Agent" = ""C:\Programme\Microsoft ActiveSync\wcescomm.exe"" [MS] "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "pdfSaver3" = ""C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"" ["Tracker Software Products Ltd."] "Steam" = (empty string) HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++} "ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS] "MSPY2002" = "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC" [null data] "PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS] "PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS] "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."] "Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."] "MedionVFD" = ""C:\Programme\Medion Info Display\MdionLCM.exe"" ["Dritek System Inc."] "CHotkey" = "mHotkey.exe" [empty string] "ledpointer" = "CNYHKey.exe" ["Chicony"] "CmUCRRun" = "C:\WINDOWS\system32\CmUCReye.exe" [empty string] "avgnt" = ""C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"] "pdfSaver3" = (empty string) "MMReminderService" = "C:\Programme\Mindjet\MindManager 6\MMReminderService.exe" ["Mindjet"] "Zone Labs Client" = ""C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"] "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS] "NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Inc."] {AC41D38F-B56D-40AD-94E0-B493D130C959}\(Default) = (no title provided) -> {HKLM...CLSID} = "CmjBrowserHelperObject Object" \InProcServer32\(Default) = "C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll" ["Mindjet"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{30D02401-6A81-11d0-8274-00C04FD5AE38}" = "IE Search Band" -> {HKLM...CLSID} = "IE Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}" = "Shell DocObject Viewer" -> {HKLM...CLSID} = "Shell DocObject Viewer" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{FBF23B40-E3F0-101B-8488-00AA003E56F8}" = "InternetShortcut" -> {HKLM...CLSID} = "Internet Shortcut" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}" = "Microsoft Url History Service" -> {HKLM...CLSID} = "Microsoft Url History Service" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{FF393560-C2A7-11CF-BFF4-444553540000}" = "History" -> {HKLM...CLSID} = "History" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}" = "Temporary Internet Files" -> {HKLM...CLSID} = "Temporary Internet Files" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}" = "Temporary Internet Files" -> {HKLM...CLSID} = "Temporary Internet Files" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" = "Microsoft Url Search Hook" -> {HKLM...CLSID} = "Microsoft Url Search Hook" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}" = "The Internet" -> {HKLM...CLSID} = "The Internet" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{871C5380-42A0-1069-A2EA-08002B30309D}" = "Internet Name Space" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] "{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6 Context Menu Shell Extension" -> {HKLM...CLSID} = "WinAceContext Menu Extension" \InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"] "{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6 DragDrop Shell Extension" -> {HKLM...CLSID} = "WinAceDrag-Drop Extension" \InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"] "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6 Context Menu Shell Extension" -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension" \InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"] "{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.6 Property Sheet Shell Extension" -> {HKLM...CLSID} = "WinAceProperty Sheet Extension" \InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung" \InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"] "{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device" -> {HKLM...CLSID} = "Mobiles Gerät" \InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\Wcesview.dll" [MS] "{A155339D-CCCD-4714-85EB-3754B804C9DF}" = "a-squared Free Context Menu Shell Extension" -> {HKLM...CLSID} = "a-squared Free Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"] "{07C45BB1-4A8C-4642-A1F5-237E7215FF66}" = "IE Microsoft BrowserBand" -> {HKLM...CLSID} = "IE Microsoft BrowserBand" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{1C1EDB47-CE22-4bbb-B608-77B48F83C823}" = "IE Fade Task" -> {HKLM...CLSID} = "IE Fade Task" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{205D7A97-F16D-4691-86EF-F3075DCCA57D}" = "IE Menu Desk Bar" -> {HKLM...CLSID} = "IE Menu Desk Bar" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE AutoComplete" -> {HKLM...CLSID} = "IE AutoComplete" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{43886CD5-6529-41c4-A707-7B3C92C05E68}" = "IE Navigation Bar" -> {HKLM...CLSID} = "IE Navigation Bar" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{44C76ECD-F7FA-411c-9929-1B77BA77F524}" = "IE Menu Site" -> {HKLM...CLSID} = "IE Menu Site" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{4B78D326-D922-44f9-AF2A-07805C2A3560}" = "IE Menu Band" -> {HKLM...CLSID} = "IE Menu Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{6038EF75-ABFC-4e59-AB6F-12D397F6568D}" = "IE Microsoft History AutoComplete List" -> {HKLM...CLSID} = "IE Microsoft History AutoComplete List" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}" = "IE Tracking Shell Menu" -> {HKLM...CLSID} = "IE Tracking Shell Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{6CF48EF8-44CD-45d2-8832-A16EA016311B}" = "IE IShellFolderBand" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{73CFD649-CD48-4fd8-A272-2070EA56526B}" = "IE BandProxy" -> {HKLM...CLSID} = "IE BandProxy" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}" = "IE MRU AutoComplete List" -> {HKLM...CLSID} = "IE MRU AutoComplete List" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}" = "IE Microsoft Shell Folder AutoComplete List" -> {HKLM...CLSID} = "IE Microsoft Shell Folder AutoComplete List" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{B31C5FAE-961F-415b-BAF0-E697A5178B94}" = "IE Microsoft Multiple AutoComplete List Container" -> {HKLM...CLSID} = "IE Microsoft Multiple AutoComplete List Container" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}" = "Microsoft Browser Architecture" -> {HKLM...CLSID} = "Microsoft Browser Architecture" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}" = "IE Shell Rebar BandSite" -> {HKLM...CLSID} = "IE Shell Rebar BandSite" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{E6EE9AAC-F76B-4947-8260-A9F136138E11}" = "IE Shell Band Site Menu" -> {HKLM...CLSID} = "IE Shell Band Site Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{F0353E1D-FEEC-474e-A984-1E5C6865E380}" = "IE Global Folder Settings" -> {HKLM...CLSID} = "IE Global Folder Settings" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{F2CF5485-4E02-4f68-819C-B92DE9277049}" = "&Links" -> {HKLM...CLSID} = "&Links" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}" = "IE Registry Tree Options Utility" -> {HKLM...CLSID} = "IE Registry Tree Options Utility" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}" = "IE User Assist" -> {HKLM...CLSID} = "IE User Assist" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}" = "IE Custom MRU AutoCompleted List" -> {HKLM...CLSID} = "IE Custom MRU AutoCompleted List" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ INFECTION WARNING! "{553858A7-4922-4e7e-B1C1-97140C1C16EF}" = "IE Component Categories cache daemon" -> {HKLM...CLSID} = "IE Component Categories cache daemon" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension" \InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension" \InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ a2FreeContMenu\(Default) = "{A155339D-CCCD-4714-85EB-3754B804C9DF}" -> {HKLM...CLSID} = "a-squared Free Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL" ["Emsi Software GmbH"] Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] Group Policies [Description]: ----------------------------- HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore\ HIJACK WARNING! "DisableConfig"=dword:00000001 [disables options on Control Panel|System|System Restore (tab)] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Dokumente und Einstellungen\Daniel Home\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Enabled Scheduled Tasks: ------------------------ "FRU Task #Hewlett-Packard#hp psc 1200 series#1136623341" -> launches: "C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp psc 1200 series#1136623341"" [empty string] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 20 - 21 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Inc."] "{855F3B16-6D32-4FE6-8A56-BBB695989046}" -> {HKLM...CLSID} = "ICQ Toolbar" \InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."] "{F2CF5485-4E02-4F68-819C-B92DE9277049}" -> {HKLM...CLSID} = "&Links" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\programme\google\googletoolbar2.dll" ["Google Inc."] "{855F3B16-6D32-4FE6-8A56-BBB695989046}" = (no title provided) -> {HKLM...CLSID} = "ICQ Toolbar" \InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."] Extensions (Tools menu items, main toolbar menu buttons) HKCU\Software\Microsoft\Internet Explorer\Extensions\ {A461BF3E-96B0-488F-9ACA-202335DDCC4B}\ "ButtonText" = "MedionShop" "Exec" = "http://www.medionshop.de/" [file not found] HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}" -> {HKLM...CLSID} = "Java Plug-in 1.5.0_04" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."] {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\ "ButtonText" = "Create Mobile Favorite" "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS] {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\ "MenuText" = "Mobilen Favoriten erstellen..." "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS] {531B9DC0-D8EE-4C76-A6EE-6C1E50569655}\ "ButtonText" = "Send to Mindjet MindManager" "CLSIDExtension" = "{AC41D38F-B56D-40AD-94E0-B493D130C959}" -> {HKLM...CLSID} = "CmjBrowserHelperObject Object" \InProcServer32\(Default) = "C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll" ["Mindjet"] {B205A35E-1FC4-4CE3-818B-899DBBB3388C}\ {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [Strings]: START_PAGE_URL=http://www.aldi.com [Strings]: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" Missing lines (compared with English-language version): [Strings]: 2 lines HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ "{855F3B16-6D32-4fe6-8A56-BBB695989046}" = (no title provided) -> {HKLM...CLSID} = "ICQ Toolbar" \InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."] HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ HIJACK WARNING! "NavigationFailure" = "res://ieframe.dll/navcancl.htm" [MS] HIJACK WARNING! "DesktopItemNavigationFailure" = "res://ieframe.dll/navcancl.htm" [MS] HIJACK WARNING! "NavigationCanceled" = "res://ieframe.dll/navcancl.htm" [MS] HIJACK WARNING! "OfflineInformation" = "res://ieframe.dll/offcancl.htm" [MS] HIJACK WARNING! "PostNotCached" = "res://ieframe.dll/repost.htm" [MS] HIJACK WARNING! "NoAdd-ons" = "res://ieframe.dll/noaddon.htm" [MS] HIJACK WARNING! "NoAdd-onsInfo" = "res://ieframe.dll/noaddoninfo.htm" [MS] HIJACK WARNING! "SecurityRisk" = "res://ieframe.dll/securityatrisk.htm" [MS] HIJACK WARNING! "Tabs" = "res://ieframe.dll/tabswelcome.htm" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir PersonalEdition Classic Service, AntiVirService, "C:\Programme\AntiVir PersonalEdition Classic\avguard.exe" ["AVIRA GmbH"] AntiVir Scheduler, AntiVirScheduler, "C:\Programme\AntiVir PersonalEdition Classic\sched.exe" ["Avira GmbH"] CyberLink Background Capture Service (CBCS), CLCapSvc, ""C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe"" [empty string] CyberLink Media Library Service, CyberLink Media Library Service, ""C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe"" ["Cyberlink"] Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Programme\CyberLink\Shared Files\RichVideo.exe"" [empty string] CyberLink Task Scheduler (CTS), CLSched, ""C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe"" [empty string] LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"] Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe"" [MS] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] StarWind iSCSI Service, StarWindService, "C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"] UStorage Server Service, UStorage Server Service, "C:\WINDOWS\system32\UStorSrv.exe /Service" ["OTi"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt07\Driver = "hpzsnt07.dll" ["HP"] Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS] PDF-XChange\Driver = "pxc25pm.dll" ["Tracker Software"] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 37 seconds, including 7 seconds for message boxes) ....und das zweite: Daniel Home - 06-08-26 15:05:02,40 ComboFix 06.08.26BT - Running from: C:\Programme\Mozilla Firefox ((((((((((((((((((((((((((((((( Files Created from 2006-07-26 to 2006-08-26 )))))))))))))))))))))))))))))))))) 2006-08-07 19:20 73,728 --a------ C:\WINDOWS\ALCFDRTM.EXE 2006-08-07 19:06 737,280 --a------ C:\WINDOWS\iun6002.exe 2006-08-06 19:27 117,760 --------- C:\WINDOWS\system32\xmllite.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-08-26 15:04 -------- d-------- C:\Programme\Mozilla Firefox 2006-08-26 14:59 -------- d-------- C:\Programme\Mozilla Thunderbird 2006-08-26 12:18 -------- d-------- C:\Programme\a-squared Free 2006-08-25 14:03 -------- d-------- C:\Programme\StarMoney 5.0 S-Edition 2006-08-24 19:45 5850 --a------ C:\Dokumente und Einstellungen\Daniel Home\Anwendungsdaten\wklnhst.dat 2006-08-13 17:48 -------- d---s---- C:\Dokumente und Einstellungen\Daniel Home\Anwendungsdaten\Microsoft 2006-08-13 17:48 -------- d-------- C:\Programme\Valve 2006-08-07 19:06 -------- d-------- C:\Programme\FireTune 2006-08-06 19:29 -------- d--h----- C:\Programme\Uninstall Information 2006-08-06 19:29 -------- d-------- C:\Programme\Internet Explorer 2006-08-06 18:42 -------- d-------- C:\Programme\ICQToolbar 2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-21 18:14 -------- d-------- C:\Programme\DVD Profiler 2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll 2006-07-17 20:05 -------- d-------- C:\Programme\Microsoft ActiveSync 2006-07-14 18:33 -------- d-------- C:\Dokumente und Einstellungen\Daniel Home\Anwendungsdaten\LimeWire 2006-07-13 20:54 91688 --a------ C:\Dokumente und Einstellungen\Daniel Home\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2006-07-12 21:17 -------- d-------- C:\Programme\ICQLite 2006-07-09 13:42 42920 --a------ C:\WINDOWS\system32\vsutil_loc0407.dll 2006-06-29 12:51 125 ---hs---- C:\Dokumente und Einstellungen\Daniel Home\Anwendungsdaten\.zreglib 2006-06-29 12:45 -------- d-------- C:\Programme\Tracker Software 2006-06-29 12:45 -------- d-------- C:\Programme\Mindjet 2006-06-29 09:10 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2006-06-28 11:58 -------- d-------- C:\Dokumente und Einstellungen\Daniel Home\Anwendungsdaten\CyberLink 2006-06-28 11:57 -------- d-------- C:\Programme\D-Tools 2006-06-28 11:56 -------- d-------- C:\Programme\CyberLink 2006-06-28 11:53 -------- d--h----- C:\Programme\InstallShield Installation Information 2006-06-23 09:28 5512704 --------- C:\WINDOWS\system32\ieframe.dll 2006-06-23 09:28 47616 --------- C:\WINDOWS\system32\msfeedsbs.dll 2006-06-23 09:28 454144 --------- C:\WINDOWS\system32\msfeeds.dll 2006-06-23 09:28 413696 --a------ C:\WINDOWS\system32\vbscript.dll 2006-06-23 09:28 223744 --a------ C:\WINDOWS\system32\webcheck.dll 2006-06-23 09:28 179200 --------- C:\WINDOWS\system32\ieui.dll 2006-06-23 09:28 155648 --a------ C:\WINDOWS\system32\msls31.dll 2006-06-23 05:41 172544 --------- C:\WINDOWS\system32\WinFXDocObj.exe 2006-06-23 05:40 78848 --a------ C:\WINDOWS\system32\ieencode.dll 2006-06-23 05:40 40960 --a------ C:\WINDOWS\system32\url.dll 2006-06-23 05:39 99328 --a------ C:\WINDOWS\system32\occache.dll 2006-06-23 05:39 39424 --a------ C:\WINDOWS\system32\licmgr10.dll 2006-06-23 05:37 14336 --a------ C:\WINDOWS\system32\corpol.dll 2006-06-23 05:34 81920 --a------ C:\WINDOWS\system32\admparse.dll 2006-06-23 05:34 50688 --a------ C:\WINDOWS\system32\ie4uinit.exe 2006-06-23 05:34 372736 --a------ C:\WINDOWS\system32\iedkcs32.dll 2006-06-23 05:34 228864 --a------ C:\WINDOWS\system32\ieaksie.dll 2006-06-23 05:34 167936 --a------ C:\WINDOWS\system32\ieakeng.dll 2006-06-23 05:33 54272 --a------ C:\WINDOWS\system32\iesetup.dll 2006-06-23 05:33 41984 --a------ C:\WINDOWS\system32\iernonce.dll 2006-06-23 05:33 121856 --a------ C:\WINDOWS\system32\advpack.dll 2006-06-23 05:30 11776 --------- C:\WINDOWS\system32\msfeedssync.exe 2006-06-23 05:29 55296 --------- C:\WINDOWS\system32\icardie.dll 2006-06-23 05:29 35328 --a------ C:\WINDOWS\system32\imgutil.dll 2006-06-23 05:27 251392 --------- C:\WINDOWS\system32\iertutil.dll 2006-06-23 05:26 45568 --a------ C:\WINDOWS\system32\mshta.exe 2006-06-23 04:46 377856 --------- C:\WINDOWS\system32\ieapfltr.dll 2006-06-23 04:45 48640 --a------ C:\WINDOWS\system32\mshtmler.dll 2006-06-23 04:41 172032 --a------ C:\WINDOWS\system32\ieakui.dll 2006-06-19 15:18 23552 --------- C:\WINDOWS\system32\idndl.dll 2006-06-19 15:18 20480 --------- C:\WINDOWS\system32\normaliz.dll 2006-06-10 18:16 57384 --a------ C:\WINDOWS\system32\avsda.dll 2006-06-01 19:09 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2006-06-01 19:09 208896 --a------ C:\WINDOWS\system32\nvudisp.exe 2006-06-01 17:22 888832 --a------ C:\WINDOWS\system32\nvmobls.dll 2006-06-01 17:22 86016 --a------ C:\WINDOWS\system32\nvmctray.dll 2006-06-01 17:22 81920 --a------ C:\WINDOWS\system32\nvwddi.dll 2006-06-01 17:22 794624 --a------ C:\WINDOWS\system32\nvcplui.exe 2006-06-01 17:22 7618560 --a------ C:\WINDOWS\system32\nvcpl.dll 2006-06-01 17:22 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll 2006-06-01 17:22 5652480 --a------ C:\WINDOWS\system32\nvdisps.dll 2006-06-01 17:22 5632000 --a------ C:\WINDOWS\system32\nvoglnt.dll 2006-06-01 17:22 5246976 --a------ C:\WINDOWS\system32\nvdispsr.dll 2006-06-01 17:22 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2006-06-01 17:22 462848 --a------ C:\WINDOWS\system32\nvmccssr.dll 2006-06-01 17:22 4529408 --a------ C:\WINDOWS\system32\nv4_disp.dll 2006-06-01 17:22 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll 2006-06-01 17:22 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2006-06-01 17:22 425984 --a------ C:\WINDOWS\system32\keystone.exe 2006-06-01 17:22 35840 --a------ C:\WINDOWS\system32\nvcodins.dll 2006-06-01 17:22 35840 --a------ C:\WINDOWS\system32\nvcod.dll 2006-06-01 17:22 335872 --a------ C:\WINDOWS\system32\nvwrses.dll 2006-06-01 17:22 335872 --a------ C:\WINDOWS\system32\nvwrsel.dll 2006-06-01 17:22 327680 --a------ C:\WINDOWS\system32\nvwrsfr.dll 2006-06-01 17:22 327680 --a------ C:\WINDOWS\system32\nvwrsesm.dll 2006-06-01 17:22 327680 --a------ C:\WINDOWS\system32\nvrshe.dll 2006-06-01 17:22 327680 --a------ C:\WINDOWS\system32\nvrsar.dll 2006-06-01 17:22 323584 --a------ C:\WINDOWS\system32\nvwrspt.dll 2006-06-01 17:22 323584 --a------ C:\WINDOWS\system32\nvwrsit.dll 2006-06-01 17:22 319488 --a------ C:\WINDOWS\system32\nvwrsptb.dll 2006-06-01 17:22 319488 --a------ C:\WINDOWS\system32\nvwrsnl.dll 2006-06-01 17:22 315392 --a------ C:\WINDOWS\system32\nvwrsru.dll 2006-06-01 17:22 315392 --a------ C:\WINDOWS\system32\nvwrshu.dll 2006-06-01 17:22 311296 --a------ C:\WINDOWS\system32\nvwrsde.dll 2006-06-01 17:22 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll 2006-06-01 17:22 3100672 --a------ C:\WINDOWS\system32\nvgames.dll 2006-06-01 17:22 303104 --a------ C:\WINDOWS\system32\nvwrstr.dll 2006-06-01 17:22 303104 --a------ C:\WINDOWS\system32\nvwrssl.dll 2006-06-01 17:22 303104 --a------ C:\WINDOWS\system32\nvwrsfi.dll 2006-06-01 17:22 299008 --a------ C:\WINDOWS\system32\nvwrssk.dll 2006-06-01 17:22 299008 --a------ C:\WINDOWS\system32\nvwrsno.dll 2006-06-01 17:22 2977792 --a------ C:\WINDOWS\system32\nvvitvsr.dll 2006-06-01 17:22 294912 --a------ C:\WINDOWS\system32\nvwrssv.dll 2006-06-01 17:22 294912 --a------ C:\WINDOWS\system32\nvwrspl.dll 2006-06-01 17:22 294912 --a------ C:\WINDOWS\system32\nvwrsda.dll 2006-06-01 17:22 2924544 --a------ C:\WINDOWS\system32\nvvitvs.dll 2006-06-01 17:22 2916352 --a------ C:\WINDOWS\system32\nvgamesr.dll 2006-06-01 17:22 286720 --a------ C:\WINDOWS\system32\nvwrseng.dll 2006-06-01 17:22 286720 --a------ C:\WINDOWS\system32\nvwrscs.dll 2006-06-01 17:22 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll 2006-06-01 17:22 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll 2006-06-01 17:22 282624 --a------ C:\WINDOWS\system32\nvwrsar.dll 2006-06-01 17:22 282624 --a------ C:\WINDOWS\system32\nvrsit.dll 2006-06-01 17:22 282624 --a------ C:\WINDOWS\system32\nvrsfr.dll 2006-06-01 17:22 282624 --a------ C:\WINDOWS\system32\nvrses.dll 2006-06-01 17:22 282624 --a------ C:\WINDOWS\system32\nvrsel.dll 2006-06-01 17:22 278528 --a------ C:\WINDOWS\system32\nvwrshe.dll 2006-06-01 17:22 278528 --a------ C:\WINDOWS\system32\nvrsde.dll 2006-06-01 17:22 274432 --a------ C:\WINDOWS\system32\nvrspt.dll 2006-06-01 17:22 274432 --a------ C:\WINDOWS\system32\nvrsnl.dll 2006-06-01 17:22 274432 --a------ C:\WINDOWS\system32\nvrsesm.dll 2006-06-01 17:22 270336 --a------ C:\WINDOWS\system32\nvrsru.dll 2006-06-01 17:22 266240 --a------ C:\WINDOWS\system32\nvrsptb.dll 2006-06-01 17:22 266240 --a------ C:\WINDOWS\system32\nvrsja.dll 2006-06-01 17:22 262144 --a------ C:\WINDOWS\system32\nvrsko.dll 2006-06-01 17:22 258048 --a------ C:\WINDOWS\system32\nvrstr.dll 2006-06-01 17:22 258048 --a------ C:\WINDOWS\system32\nvrssl.dll 2006-06-01 17:22 258048 --a------ C:\WINDOWS\system32\nvrssk.dll 2006-06-01 17:22 258048 --a------ C:\WINDOWS\system32\nvrspl.dll 2006-06-01 17:22 258048 --a------ C:\WINDOWS\system32\nvrshu.dll 2006-06-01 17:22 253952 --a------ C:\WINDOWS\system32\nvrssv.dll 2006-06-01 17:22 253952 --a------ C:\WINDOWS\system32\nvrsno.dll 2006-06-01 17:22 253952 --a------ C:\WINDOWS\system32\nvrsda.dll 2006-06-01 17:22 249856 --a------ C:\WINDOWS\system32\nvrsfi.dll 2006-06-01 17:22 245760 --a------ C:\WINDOWS\system32\nvrseng.dll 2006-06-01 17:22 245760 --a------ C:\WINDOWS\system32\nvrscs.dll 2006-06-01 17:22 229376 --a------ C:\WINDOWS\system32\nvmccs.dll 2006-06-01 17:22 225280 --a------ C:\WINDOWS\system32\nvrszhc.dll 2006-06-01 17:22 212992 --a------ C:\WINDOWS\system32\nvwrsja.dll 2006-06-01 17:22 196608 --a------ C:\WINDOWS\system32\nvwrsko.dll 2006-06-01 17:22 196608 --a------ C:\WINDOWS\system32\nvapi.dll 2006-06-01 17:22 188416 --a------ C:\WINDOWS\system32\nvmccss.dll 2006-06-01 17:22 1740800 --a------ C:\WINDOWS\system32\nvwssr.dll 2006-06-01 17:22 167936 --a------ C:\WINDOWS\system32\nvwrszht.dll 2006-06-01 17:22 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll 2006-06-01 17:22 163840 --a------ C:\WINDOWS\system32\nvwrszhc.dll 2006-06-01 17:22 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe 2006-06-01 17:22 1519616 --a------ C:\WINDOWS\system32\nwiz.exe 2006-06-01 17:22 147456 --a------ C:\WINDOWS\system32\nvcolor.exe 2006-06-01 17:22 1466368 --a------ C:\WINDOWS\system32\nview.dll 2006-06-01 17:22 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe 2006-06-01 17:22 1257472 --a------ C:\WINDOWS\system32\nvwss.dll 2006-06-01 17:22 122880 --a------ C:\WINDOWS\system32\nvrszht.dll 2006-06-01 17:22 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll 2006-05-26 15:07 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC" "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC" "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName" "RTHDCPL"="RTHDCPL.EXE" "Alcmtr"="ALCMTR.EXE" "MedionVFD"="\"C:\\Programme\\Medion Info Display\\MdionLCM.exe\"" "CHotkey"="mHotkey.exe" "ledpointer"="CNYHKey.exe" "CmUCRRun"="C:\\WINDOWS\\system32\\CmUCReye.exe" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "pdfSaver3"="" "MMReminderService"="C:\\Programme\\Mindjet\\MindManager 6\\MMReminderService.exe" "Zone Labs Client"="\"C:\\Programme\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 "NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe\"" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "pdfSaver3"="\"C:\\Programme\\Tracker Software\\PDF-XChange 3\\pdfSaver\\pdfSaver3.exe\"" "Steam"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce] "ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,c4,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,80,00,00,00,00,00,00,00,80,03,00,00,e2,02,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,80,00,00,00,00,00,00,00,80,03,00,00,e2,02,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader - Schnellstart.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE " "item"="Adobe Reader - Schnellstart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^hp psc 1000 series.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\hp psc 1000 series.lnk" "backup"="C:\\WINDOWS\\pss\\hp psc 1000 series.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\HEWLET~1\\DIGITA~1\\bin\\hpohmr08.exe " "item"="hp psc 1000 series" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^hpoddt01.exe.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\hpoddt01.exe.lnk" "backup"="C:\\WINDOWS\\pss\\hpoddt01.exe.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\HEWLET~1\\DIGITA~1\\bin\\hpotdd01.exe " "item"="hpoddt01.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^InterVideo WinCinema Manager.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\InterVideo WinCinema Manager.lnk" "backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE " "item"="InterVideo WinCinema Manager" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Microsoft Office.lnk" "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\MICROS~4\\Office10\\OSA.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^NewShortcut4.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\NewShortcut4.lnk" "backup"="C:\\WINDOWS\\pss\\NewShortcut4.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Mindjet\\MINDMA~1\\sys\\PDF\\GER\\W2K\\PDFSaver.exe " "item"="NewShortcut4" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Anti-Blaxx Manager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Anti-Blaxx" "hkey"="HKLM" "command"="C:\\Programme\\Anti-Blaxx\\Anti-Blaxx.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AntivirusRegistration] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Register" "hkey"="HKLM" "command"="C:\\Programme\\CA\\Etrust Antivirus\\Register.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AnyDVD] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AnyDVD" "hkey"="HKLM" "command"="\"C:\\Programme\\SlySoft\\AnyDVD\\AnyDVD.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AOLMIcon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AOLMIcon" "hkey"="HKCU" "command"="C:\\Programme\\Gemeinsame Dateien\\AOLSHARE\\AOLMIcon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\avgnt] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="avgnt" "hkey"="HKLM" "command"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\CloneCDTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CloneCDTray" "hkey"="HKLM" "command"="\"C:\\Programme\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\H/PC Connection Agent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WCESCOMM" "hkey"="HKCU" "command"="\"C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ICQ Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ICQLite" "hkey"="HKLM" "command"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\InstantOn] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ion_install" "hkey"="HKLM" "command"="\"C:\\Programme\\CyberLink\\PowerCinema Linux\\ion_install.exe /c \"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PCMService] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PCMService" "hkey"="HKLM" "command"="\"C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RemoteControl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDVDServ" "hkey"="HKLM" "command"="\"C:\\Programme\\Home Cinema\\PowerDVD\\PDVDServ.exe\"" "inimapping"="0" ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20060426-170504-557 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 backup-20060426-170504-454 F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe backup-20060426-170504-358 O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe backup-20060426-170504-268 O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe backup-20060426-170504-217 F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe backup-20060426-170504-611 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe backup-20060425-172339-977 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 backup-20060425-172339-945 F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe backup-20060425-172339-340 O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe backup-20060425-172339-539 F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe backup-20060425-172339-155 O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe backup-20060425-172339-622 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe backup-20060425-172156-831 O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe backup-20060425-172156-799 F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe backup-20060425-172156-194 O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe backup-20060425-172156-977 F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe backup-20060425-170440-949 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 backup-20060425-170440-870 F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe backup-20060425-170440-860 O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe backup-20060425-170440-682 O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe backup-20060425-170440-650 F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe backup-20060425-170440-327 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe backup-20060425-170035-423 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 backup-20060425-170035-601 O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe backup-20060425-170035-849 O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe backup-20060425-170035-442 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe backup-20060425-170035-453 F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe backup-20060425-170035-674 F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe backup-20060425-165308-578 O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe backup-20060425-165308-245 F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe backup-20060425-165308-392 O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe backup-20060425-165308-215 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 backup-20060425-165308-233 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe backup-20060425-165308-465 F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe backup-20060425-164053-987 O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe backup-20060425-164053-810 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 backup-20060425-164053-778 F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe backup-20060425-164053-276 O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing) backup-20060425-164053-185 F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe backup-20060425-164053-173 O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe backup-20060425-164053-894 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe backup-20060425-162952-735 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\scvhost.exe backup-20060425-162935-692 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 backup-20060425-162935-870 O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe backup-20060425-162935-880 F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe backup-20060425-162935-660 O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe backup-20060425-162935-901 F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe backup-20060425-162328-680 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 backup-20060425-162328-679 O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe backup-20060425-162328-504 F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe backup-20060425-162328-283 O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe backup-20060425-162328-649 F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe backup-20060424-220529-740 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 backup-20060424-220529-186 O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe backup-20060424-220529-926 O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe backup-20060424-220529-407 F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe backup-20060424-220529-427 F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe backup-20060424-210632-915 O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe backup-20060424-210632-182 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 backup-20060424-210632-278 O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe backup-20060424-210632-227 F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe backup-20060424-210632-448 F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe backup-20060424-205843-249 O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe backup-20060424-205843-113 O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe backup-20060424-205843-469 F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe backup-20060424-205843-552 F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe backup-20060424-205207-945 F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe backup-20060424-205207-934 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 backup-20060424-205207-725 O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe backup-20060424-205207-434 F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe backup-20060424-205207-120 O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe backup-20060424-204130-540 O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe backup-20060424-204130-466 O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe backup-20060424-204130-280 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 backup-20060424-204130-760 F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe backup-20060424-204130-279 F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe backup-20060424-203759-927 F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe backup-20060424-203759-739 O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe backup-20060424-203759-135 O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\system32\scvhost.exe backup-20060424-203759-949 O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 backup-20060424-203759-479 F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1136623341.job Completion time: 26.08.2006 15:06:10.78 ComboFix.txt |
|
|
|
|
|
|
27.08.2006, 00:30
Ehrenmitglied
Beiträge: 29434 |
#4
Daniel2k
du haettest mir auch sagen koennen, dass du den win32:ciadoor-21 auf dem Rechner hast und schon fleissig mit hijackThis gefixt hast...  http://virus-protect.org/artikel/dienste/wsock32sys.html ** Start - Ausführen - regedit 1. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestore\ "DisableConfig" - loeschen 2. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System DisableTaskMgr - loeschen 3. HKEY_CURRENT_USER\Software\Microsoft\Windows\System\DisableCMD (Ohne den Schlüssel Policies) Wenn du jetzt im rechten Fenster einen Wert namens DisableCMD findest, lösche ihn. Spätestens nach einem Neustart sollte die Eingabeaufforderung wieder verfügbar sein PC neustarten ***** Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
27.08.2006, 11:58
Member
Themenstarter Beiträge: 22 |
#5
Hallo Sabina,
ja ich hatte den Ciadoor drauf. Beim Entfernen hattest du mir seinerzeit auch geholfen. Heißt das, ich habe ihn schon wieder drauf? Die anderen Sachen habe ich wieder beschrieben gemacht, der Taskmanager funktioniert wieder. |
|
|
|
|
|
|
27.08.2006, 13:24
Ehrenmitglied
Beiträge: 29434 |
#6
ich schaue noch mal nach, ob der backdoor vielleicht wieder drauf ist....
poste die 4 logs von datfindbat (5 Monate zurueck) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
27.08.2006, 14:47
Member
Themenstarter Beiträge: 22 |
#7
Hier die Logs:
Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: F845-9504 Verzeichnis von C:\WINDOWS\system32 27.08.2006 11:41 54.112 vsconfig.xml 27.08.2006 11:40 2.206 wpa.dbl 27.08.2006 11:39 62.958 nvapps.xml 09.08.2006 21:03 8.325.544 MRT.exe 27.07.2006 15:25 679.424 inetcomm.dll 26.07.2006 21:18 4.212 zllictbl.dat 21.07.2006 10:29 72.704 hlink.dll 14.07.2006 17:38 332.288 netapi32.dll 14.07.2006 17:25 546.304 hhctrl.ocx 13.07.2006 15:34 8.494.592 shell32.dll 12.07.2006 21:41 53.572 perfc009.dat 12.07.2006 21:41 392.842 perfh007.dat 12.07.2006 21:41 381.828 perfh009.dat 12.07.2006 21:41 64.650 perfc007.dat 12.07.2006 21:41 902.476 PerfStringBackup.INI 09.07.2006 13:42 42.920 vsutil_loc0407.dll 09.07.2006 13:42 392.824 vsdatant.sys 09.07.2006 13:42 83.960 zlcomm.dll 09.07.2006 13:42 71.672 zlcommdb.dll 09.07.2006 13:42 100.344 vsxml.dll 09.07.2006 13:42 59.384 vswmi.dll 09.07.2006 13:42 440.312 vsutil.dll 09.07.2006 13:42 71.672 vsregexp.dll 09.07.2006 13:42 157.688 vsinit.dll 09.07.2006 13:42 268.280 vspubapi.dll 09.07.2006 13:42 104.440 vsmonapi.dll 09.07.2006 13:42 83.960 vsdata.dll 05.07.2006 12:55 1.057.792 kernel32.dll 29.06.2006 09:10 22.752 spupdsvc.exe 29.06.2006 09:10 1.022.976 browseui.dll 29.06.2006 09:10 474.624 shlwapi.dll 29.06.2006 09:10 1.496.576 shdocvw.dll 29.06.2006 09:10 113.522 IE7Eula.rtf 26.06.2006 19:40 148.480 dnsapi.dll 26.06.2006 19:40 8.192 rasadhlp.dll 23.06.2006 09:28 5.512.704 ieframe.dll 23.06.2006 09:28 172.544 iepeers.dll 23.06.2006 09:28 223.744 webcheck.dll 23.06.2006 09:28 130.048 extmgr.dll 23.06.2006 09:28 675.840 mstime.dll 23.06.2006 09:28 179.200 ieui.dll 23.06.2006 09:28 454.144 msfeeds.dll 23.06.2006 09:28 413.696 vbscript.dll 23.06.2006 09:28 155.648 msls31.dll 23.06.2006 09:28 47.616 msfeedsbs.dll 23.06.2006 09:28 26.624 jsproxy.dll 23.06.2006 09:28 473.088 mshtmled.dll 23.06.2006 09:28 835.072 urlmon.dll 23.06.2006 09:28 3.388.416 mshtml.dll 23.06.2006 09:28 761.344 wininet.dll 23.06.2006 05:41 172.544 WinFXDocObj.exe 23.06.2006 05:41 425.472 html.iec 23.06.2006 05:41 1.402.368 inetcpl.cpl 23.06.2006 05:40 78.848 ieencode.dll 23.06.2006 05:40 40.960 url.dll 23.06.2006 05:39 183.296 msrating.dll 23.06.2006 05:39 39.424 licmgr10.dll 23.06.2006 05:39 99.328 occache.dll 23.06.2006 05:37 14.336 corpol.dll 23.06.2006 05:34 228.864 ieaksie.dll 23.06.2006 05:34 167.936 ieakeng.dll 23.06.2006 05:34 81.920 admparse.dll 23.06.2006 05:34 50.688 ie4uinit.exe 23.06.2006 05:34 372.736 iedkcs32.dll 23.06.2006 05:33 54.272 iesetup.dll 23.06.2006 05:33 91.648 inseng.dll 23.06.2006 05:33 41.984 iernonce.dll 23.06.2006 05:33 121.856 advpack.dll 23.06.2006 05:32 487.424 jscript.dll 23.06.2006 05:30 11.776 msfeedssync.exe 23.06.2006 05:29 55.296 icardie.dll 23.06.2006 05:29 44.032 pngfilt.dll 23.06.2006 05:29 346.112 dxtmsft.dll 23.06.2006 05:29 35.328 imgutil.dll 23.06.2006 05:29 213.504 dxtrans.dll 23.06.2006 05:27 251.392 iertutil.dll 23.06.2006 05:26 45.568 mshta.exe 23.06.2006 05:26 66.048 tdc.ocx 23.06.2006 04:48 55.976 ieuinit.inf 23.06.2006 04:46 377.856 ieapfltr.dll 23.06.2006 04:45 48.640 mshtmler.dll 23.06.2006 04:41 172.032 ieakui.dll 23.06.2006 04:31 1.383.936 mshtml.tlb 20.06.2006 23:32 796.584 libeay32_0.9.6l.dll 19.06.2006 15:36 8.798 icrav03.rat 19.06.2006 15:36 2.450.712 ieapfltr.dat 19.06.2006 15:18 23.552 idndl.dll 19.06.2006 15:18 57.150 normnfkd.nls 19.06.2006 15:18 63.176 normnfkc.nls 19.06.2006 15:18 42.918 normnfc.nls 19.06.2006 15:18 20.480 normaliz.dll 19.06.2006 15:18 59.342 normidna.nls 19.06.2006 15:18 36.644 normnfd.nls 10.06.2006 18:16 57.384 avsda.dll 02.06.2006 13:39 579.888 LegitCheckControl.dll 02.06.2006 13:39 286.000 WgaTray.exe 02.06.2006 13:39 402.736 WgaLogon.dll 02.06.2006 06:23 104.960 xpsp3res.dll 01.06.2006 20:47 163.840 jgdw400.dll 01.06.2006 20:47 27.648 jgpl400.dll 01.06.2006 19:09 208.896 NVUNINST.EXE 01.06.2006 19:09 208.896 nvudisp.exe 01.06.2006 17:22 225.280 nvrszhc.dll 01.06.2006 17:22 258.048 nvrstr.dll 01.06.2006 17:22 253.952 nvrssv.dll 01.06.2006 17:22 258.048 nvrssl.dll 01.06.2006 17:22 258.048 nvrssk.dll 01.06.2006 17:22 270.336 nvrsru.dll 01.06.2006 17:22 266.240 nvrsptb.dll 01.06.2006 17:22 274.432 nvrspt.dll 01.06.2006 17:22 258.048 nvrspl.dll 01.06.2006 17:22 253.952 nvrsno.dll 01.06.2006 17:22 274.432 nvrsnl.dll 01.06.2006 17:22 262.144 nvrsko.dll 01.06.2006 17:22 266.240 nvrsja.dll 01.06.2006 17:22 282.624 nvrsit.dll 01.06.2006 17:22 323.584 nvwrsit.dll 01.06.2006 17:22 327.680 nvrshe.dll 01.06.2006 17:22 122.880 nvrszht.dll 01.06.2006 17:22 249.856 nvrsfi.dll 01.06.2006 17:22 274.432 nvrsesm.dll 01.06.2006 17:22 155.715 nvsvc32.exe 01.06.2006 17:22 282.624 nvrses.dll 01.06.2006 17:22 245.760 nvrseng.dll 01.06.2006 17:22 282.624 nvrsel.dll 01.06.2006 17:22 278.528 nvrsde.dll 01.06.2006 17:22 253.952 nvrsda.dll 01.06.2006 17:22 245.760 nvrscs.dll 01.06.2006 17:22 327.680 nvrsar.dll 01.06.2006 17:22 315.392 nvwrshu.dll 01.06.2006 17:22 5.632.000 nvoglnt.dll 01.06.2006 17:22 286.720 nvnt4cpl.dll 01.06.2006 17:22 2.859.008 nvmoblsr.dll 01.06.2006 17:22 888.832 nvmobls.dll 01.06.2006 17:22 86.016 nvmctray.dll 01.06.2006 17:22 282.624 nvrsfr.dll 01.06.2006 17:22 188.416 nvmccss.dll 01.06.2006 17:22 45.056 nvmccsrs.dll 01.06.2006 17:22 229.376 nvmccs.dll 01.06.2006 17:22 1.466.368 nview.dll 01.06.2006 17:22 581.632 nvhwvid.dll 01.06.2006 17:22 2.916.352 nvgamesr.dll 01.06.2006 17:22 3.100.672 nvgames.dll 01.06.2006 17:22 311.296 nvexpbar.dll 01.06.2006 17:22 1.339.392 nvdspsch.exe 01.06.2006 17:22 5.246.976 nvdispsr.dll 01.06.2006 17:22 5.652.480 nvdisps.dll 01.06.2006 17:22 16.960 nvdisp.nvu 01.06.2006 17:22 794.624 nvcplui.exe 01.06.2006 17:22 7.618.560 nvcpl.dll 01.06.2006 17:22 69.632 nvcpl.cpl 01.06.2006 17:22 147.456 nvcolor.exe 01.06.2006 17:22 35.840 nvcodins.dll 01.06.2006 17:22 35.840 nvcod.dll 01.06.2006 17:22 212.992 nvwrsja.dll 01.06.2006 17:22 442.368 nvappbar.exe 01.06.2006 17:22 196.608 nvapi.dll 01.06.2006 17:22 4.529.408 nv4_disp.dll 01.06.2006 17:22 466.944 nvshell.dll 01.06.2006 17:22 2.924.544 nvvitvs.dll 01.06.2006 17:22 2.977.792 nvvitvsr.dll 01.06.2006 17:22 81.920 nvwddi.dll 01.06.2006 17:22 1.662.976 nvwdmcpl.dll 01.06.2006 17:22 1.019.904 nvwimg.dll 01.06.2006 17:22 196.608 nvwrsko.dll 01.06.2006 17:22 319.488 nvwrsnl.dll 01.06.2006 17:22 299.008 nvwrsno.dll 01.06.2006 17:22 294.912 nvwrspl.dll 01.06.2006 17:22 323.584 nvwrspt.dll 01.06.2006 17:22 319.488 nvwrsptb.dll 01.06.2006 17:22 315.392 nvwrsru.dll 01.06.2006 17:22 282.624 nvwrsar.dll 01.06.2006 17:22 299.008 nvwrssk.dll 01.06.2006 17:22 286.720 nvwrscs.dll 01.06.2006 17:22 303.104 nvwrssl.dll 01.06.2006 17:22 294.912 nvwrssv.dll 01.06.2006 17:22 303.104 nvwrstr.dll 01.06.2006 17:22 163.840 nvwrszhc.dll 01.06.2006 17:22 167.936 nvwrszht.dll 01.06.2006 17:22 1.257.472 nvwss.dll 01.06.2006 17:22 1.740.800 nvwssr.dll 01.06.2006 17:22 1.519.616 nwiz.exe 01.06.2006 17:22 294.912 nvwrsda.dll 01.06.2006 17:22 311.296 nvwrsde.dll 01.06.2006 17:22 335.872 nvwrsel.dll 01.06.2006 17:22 286.720 nvwrseng.dll 01.06.2006 17:22 335.872 nvwrses.dll 01.06.2006 17:22 425.984 keystone.exe 01.06.2006 17:22 327.680 nvwrsesm.dll 01.06.2006 17:22 303.104 nvwrsfi.dll 01.06.2006 17:22 278.528 nvwrshe.dll 01.06.2006 17:22 462.848 nvmccssr.dll 01.06.2006 17:22 327.680 nvwrsfr.dll 01.06.2006 17:22 73.728 nvtuicpl.cpl 01.06.2006 17:22 258.048 nvrshu.dll 26.05.2006 15:07 34.308 BASSMOD.dll 19.05.2006 15:09 112.128 dhcpcsvc.dll 19.05.2006 15:09 95.744 iphlpapi.dll 14.05.2006 10:48 181.248 rasmans.dll 10.05.2006 07:22 1.056.256 danim.dll 10.05.2006 07:22 152.064 cdfview.dll 01.05.2006 21:24 81.920 ElbyCDIO.dll 29.04.2006 06:07 5.533.696 wmp.dll 21.04.2006 20:07 279.744 FNTCACHE.DAT 24.03.2006 06:37 49.152 wdigest.dll 17.03.2006 02:38 28.672 verclsid.exe 08.03.2006 14:24 117.760 xmllite.dll 01.03.2006 21:43 426.496 msdtcprx.dll 01.03.2006 21:43 956.416 msdtctm.dll 01.03.2006 21:43 161.280 msdtcuiu.dll 01.03.2006 21:43 91.136 mtxoci.dll 01.03.2006 21:43 66.560 mtxclu.dll 01.03.2006 21:43 11.776 xolehlp.dll 2. Log: Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: F845-9504 Verzeichnis von C:\DOKUME~1\DANIEL~2\LOKALE~1\Temp 27.08.2006 14:43 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}27332.html 27.08.2006 14:43 16.384 ~DF6C62.tmp 27.08.2006 14:43 16.384 ~DF6600.tmp 27.08.2006 14:43 512 ~DF660E.tmp 27.08.2006 11:41 256 ZLT00b2a.TMP 27.08.2006 11:41 256 ZLT00b27.TMP 27.08.2006 11:40 179.956 WCESLog.log 27.08.2006 11:40 375 WCESCOMM.LOG 3. LOG: Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: F845-9504 Verzeichnis von C:\WINDOWS 27.08.2006 13:43 1.306.539 WindowsUpdate.log 27.08.2006 11:40 0 0.log 27.08.2006 11:40 3.836 ModemLog_Creatix V.92 Data Fax Modem.txt 27.08.2006 11:40 50 wiaservc.log 27.08.2006 11:40 159 wiadebug.log 27.08.2006 11:39 2.048 bootstat.dat 26.08.2006 21:56 32.608 SchedLgU.Txt 22.08.2006 22:23 108.846 wmsetup.log 22.08.2006 21:13 10 popcinfo.dat 20.08.2006 11:08 116 NeroDigital.ini 18.08.2006 16:45 54.156 QTFont.qfn 15.08.2006 17:04 282.591 setupapi.log 13.08.2006 03:01 1.374 imsins.log 13.08.2006 03:01 108.857 ntdtcsetup.log 13.08.2006 03:01 28.788 ocmsn.log 13.08.2006 03:01 82.513 iis6.log 13.08.2006 03:01 180.719 comsetup.log 13.08.2006 03:01 206.264 tsoc.log 13.08.2006 03:01 12.806 KB920214.log 13.08.2006 03:01 25.955 msgsocm.log 13.08.2006 03:01 259.340 ocgen.log 13.08.2006 03:01 528.984 FaxSetup.log 13.08.2006 03:01 1.374 imsins.BAK 13.08.2006 03:01 13.112 KB922616.log 13.08.2006 03:01 57.991 updspapi.log 13.08.2006 03:00 12.688 KB921398.log 13.08.2006 03:00 11.767 KB920670.log 13.08.2006 03:00 11.926 KB917422.log 13.08.2006 03:00 12.125 KB920683.log 09.08.2006 18:33 12.484 KB921883.log 07.08.2006 19:20 73.728 ALCFDRTM.EXE 07.08.2006 19:06 737.280 iun6002.exe 06.08.2006 21:52 0 muveeapp.INI 06.08.2006 19:30 6.761 spupdsvc.log 06.08.2006 19:28 17.427 ie7beta3_main.log 06.08.2006 19:28 60.288 ie7beta3.log 06.08.2006 19:27 4.460 KB915865.log 06.08.2006 19:26 5.224 KB914440.log 06.08.2006 19:26 10.987 KB904942.log 31.07.2006 20:02 1.409 QTFont.for 13.07.2006 17:19 227 system.ini 13.07.2006 17:19 676 win.ini 12.07.2006 21:24 13.226 KB917159.log 12.07.2006 21:24 13.792 KB914388.log 12.07.2006 21:24 11.970 KB916595.log 27.06.2006 20:36 9.590 WgaNotify.log 17.06.2006 03:01 14.545 KB917734.log 17.06.2006 03:00 15.717 KB918439.log 17.06.2006 03:00 16.396 KB917344.log 17.06.2006 03:00 15.355 KB917953.log 17.06.2006 03:00 15.335 KB911280.log 17.06.2006 03:00 18.471 KB916281.log 17.06.2006 03:00 11.573 KB914389.log 16.06.2006 16:59 231.669 setupact.log 10.05.2006 16:55 11.989 KB913580.log 09.05.2006 22:24 73 MINDMA~1.INI 29.04.2006 10:31 2.347.418 ntbtlog.txt 28.04.2006 23:00 6.408 mozver.dat 27.04.2006 20:55 107.132 UninstallThunderbird.exe 27.04.2006 17:10 176 wininit.ini 26.04.2006 22:24 460 wmsetup10.log 26.04.2006 20:39 2.554 OEWABLog.txt 26.04.2006 18:47 11.258 KB900485.log 16.04.2006 00:23 16.093 KB908531.log 16.04.2006 00:23 15.397 KB911562.log 16.04.2006 00:23 18.170 KB912812.log 16.04.2006 00:22 16.792 KB911565.log 16.04.2006 00:22 10.848 KB911567.log 08.04.2006 00:20 0 PhotoNow.INI 07.04.2006 21:15 434 goldwave.ini 07.04.2006 20:58 6.592 gwpreset.ini 07.04.2006 20:58 3.362 express.eqx 20.03.2006 20:35 17.572 KB894476.log 20.03.2006 20:31 9.105 KB909394.log 17.03.2006 18:16 97.490 DirectX.log 11.03.2006 13:20 107.132 UninstallFirefox.exe 4. LOG Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: F845-9504 Verzeichnis von C:\ 27.08.2006 14:46 0 sys.txt 27.08.2006 14:46 12.398 system.txt 27.08.2006 14:46 730 systemtemp.txt 27.08.2006 14:45 112.240 system32.txt 27.08.2006 11:39 1.072.156.672 hiberfil.sys 27.08.2006 11:39 1.610.612.736 pagefile.sys 26.08.2006 15:06 29.927 ComboFix.txt 26.08.2006 00:21 9.080.928 WMDesktop.log 26.08.2006 00:01 83.778 WmpPpcItnSync.log 24.08.2006 19:06 519 hpfr3420.xml 24.08.2006 19:05 20.004 hpfr3425.log 13.07.2006 17:39 228 RVInfo.txt 13.07.2006 17:19 211 boot.ini 27.04.2006 16:43 2.512 phatnotessynctable.dat 26.04.2006 19:43 2.524 avenger.txt 24.04.2006 21:46 639 DirDPF.txt 24.04.2006 21:46 2 DirDPFCns.txt |
|
|
|
|
|
|
27.08.2006, 15:02
Ehrenmitglied
Beiträge: 29434 |
#8
gehe in den ordner vom HijackThis und loesche die backups
Hijackthis Backups hast du damals mit Counterspy gescannt ? http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
27.08.2006, 19:23
Member
Themenstarter Beiträge: 22 |
#9
Also die Backups habe ich gelöscht.
Damals habe ich nicht mit Counterspy gescannt. Habe es eben durchlaufen lassen. Es wurde 1x Spyware gefunden. War aber nichts was mit dem Ciadoor zu tun hatte. |
|
|
|
|
|
|
27.08.2006, 19:41
Ehrenmitglied
Beiträge: 29434 |
||
|
|
|
|
|
27.08.2006, 22:14
Member
Themenstarter Beiträge: 22 |
#11
Super! Danke wieder mal für deine Hilfe!!
|
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Seit einigen Tagen kann ich meinen Taskmanager nicht mehr aufrufen.
Habe schon Adaware, Antivir und a-squad drüber laufen lassen. Nichts hat geholfen.
Hier mein HijackThis Logfile:
Logfile of HijackThis v1.99.1
Scan saved at 12:23:33, on 26.08.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Medion Info Display\MdionLCM.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Mindjet\MindManager 6\MMReminderService.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Software\[#Sicherheit#]\Ciadoor\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MedionVFD] "C:\Programme\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MMReminderService] C:\Programme\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: MedionShop - {A461BF3E-96B0-488F-9ACA-202335DDCC4B} - http://www.medionshop.de/ (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128778405937
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe