Security Alerts und "Geisterfenster"Thema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
20.09.2006, 10:37
...neu hier
Beiträge: 2 |
||
|
||
20.09.2006, 12:17
Ehrenmitglied
Beiträge: 29434 |
#2
drumy
1. mediacodec.zip laden http://virus-protect.org/zip/mediacodec.zip entpacken auf dem Desktop -> mediacodec.reg ->doppeltklicken und der Registry mit "ja/yes" beifügen 2. Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat registry keys to delete:3. scanne mit smitfraudfix (option 1 und 2 ) http://virus-protect.org/artikel/tools/smitfrautfix.html --------------- Start - Ausfuehren - regedit falls du Windowsupdates machen willst: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoWindowsUpdate"=dword:00000001 -> in 0 aendern __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
20.09.2006, 12:41
...neu hier
Themenstarter Beiträge: 2 |
||
|
Bei mir öffnen sich wie von Geisterhand Fenster und in der Taskleiste öffnen sich immer wieder Security Alerts. Angeblich wird Spyware gefunden. Diese soll ich dann mit Virus Blast, AntiVirusGolden, System Doctor, Antimalware usw. angeblich entfernen.
Bitte hilf mir?!
Gruß
Drumy
Ach ja, das VirusBurst-Geblinke konnte ich durch die Informationen hier im Forum selbst schon entfernen. Ich hoffe ich hab da nichts kaputt gemacht!
Hier meine Logs:
Hijack+++++++++++++++++++++++++++++++++++++++++++++++++++++
Logfile of HijackThis v1.99.1
Scan saved at 10:01:07, on 20.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Centenn.ial\Audit\CAgent32.exe
C:\Centenn.ial\Audit\xferwan.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
c:\_integra\bin\ccmagent.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\ON Technology\ON Command Remote Host\ph32svc.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
c:\_integra\bin\shstart.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Media-Codec\pmsngr.exe
C:\Program Files\Media-Codec\isamonitor.exe
C:\Program Files\Media-Codec\pmmon.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Media-Codec\isamini.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\ON Technology\ON Command Remote Host\phtray.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zf-world.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.zf-world.com/ml/P/Brandenburg/index.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://zfworld.zf-group.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://webpac.emea.zf-world.com/FRD.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\_integra\bin\shstart.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\Media-Codec\isaddon.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [ProxyHostTrayIcon] "C:\Program Files\ON Technology\ON Command Remote Host\phtray.exe"
O4 - HKLM\..\Run: [CCM User Profile Manager] "c:\_integra\upm\bin\CCM_User.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google-Suche - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Program Files\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Program Files\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.zf-world.com/ml/P/Brandenburg/index.html
O16 - DPF: {79E7DCE2-6306-4996-B7CB-C2601B2B7BD1} (DownloadCtrl Class) - https://stream.web.de/v/notify/Download.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.zf-world.com
O17 - HKLM\Software\..\Telephony: DomainName = emea.zf-world.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FB82B02-7859-4C15-96A9-25D4ED889D4D}: NameServer = 192.168.122.252,192.168.122.253
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emea.zf-world.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = emea.zf-world.com
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CentennialClientAgent - Centennial Software Limited - C:\Centenn.ial\Audit\CAgent32.exe
O23 - Service: CentennialIPTransferAgent - Centennial Software Limited - C:\Centenn.ial\Audit\xferwan.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Program Files\Common Files\AVM\de_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ON Command Remote Host Service (ProxyHostService) - Funk Software, Inc. - c:\Program Files\ON Technology\ON Command Remote Host\ph32svc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: CCM Windows Agent (WControl) - Symantec Corporation - c:\_integra\bin\ccmagent.exe
Combofix++++++++++++++++++++++++++++++++++++++++++++++++++
F33278 - 06-09-20 10:02:28,21 Service Pack 2
ComboFix 06.09.20 - Running from: "C:\"
((((((((((((((((((((((((((((((( Files Created from 2006-08-20 to 2006-09-20 ))))))))))))))))))))))))))))))))))
2006-09-20 09:53 276,062 --a------ C:\combofix.exe
2006-09-20 09:52 339,257 --a------ C:\CleanUp452.exe
2006-09-19 16:47 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-09-19 16:47 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-09-19 16:47 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-09-19 16:47 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-09-19 04:35 57,384 --a------ C:\WINDOWS\system32\avsda.dll
2006-08-24 18:20 73,728 --a------ C:\WINDOWS\system32\AW32n50.dll
2006-08-24 18:20 16,194 --a------ C:\WINDOWS\system32\AWINDIS5.SYS
2006-08-24 14:31 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2006-08-24 14:31 328,704 --a------ C:\WINDOWS\IsUn0407.exe
2006-08-24 14:31 31,232 --a------ C:\WINDOWS\system32\i2errDeu.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-09-20 09:00 16 -r-hs---- C:\WINDOWS\MSCIOTL.SYS
2006-09-20 09:00 16 -r-hs---- C:\MSCIOTL.SYS
2006-09-19 17:24 -------- d-------- C:\Program Files\CleanUp!
2006-09-19 15:21 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-19 08:29 -------- d-------- C:\Program Files\xp-AntiSpy
2006-09-19 04:36 -------- d-------- C:\Program Files\AntiVir PersonalEdition Classic
2006-09-19 04:06 -------- d-------- C:\Program Files\Virus-Burst
2006-09-19 03:57 -------- d-------- C:\Program Files\Media-Codec
2006-09-12 11:21 26920 --a------ C:\Documents and Settings\f33278\Application Data\GDIPFONTCACHEV1.DAT
2006-09-04 15:07 -------- d-------- C:\Program Files\REFLEX Demo
2006-08-24 18:37 -------- d-------- C:\Program Files\FRITZ!DSL
2006-08-24 18:36 -------- d-------- C:\Program Files\FRITZ!Box
2006-08-24 18:20 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-24 18:20 -------- d-------- C:\Program Files\NETGEAR
2006-08-24 14:57 -------- d-------- C:\Documents and Settings\f33278\Application Data\FRITZ!
2006-08-24 14:31 -------- d-------- C:\Program Files\Common Files\AVM
2006-08-24 14:31 -------- d-------- C:\Program Files\Common Files
2006-08-22 15:58 -------- d-------- C:\Program Files\Yahoo!
2006-08-22 15:57 -------- dr-h----- C:\Documents and Settings\f33278\Application Data\yahoo!
2006-08-10 10:23 -------- d-------- C:\Program Files\Internet Explorer
2006-08-03 14:22 -------- d-------- C:\Program Files\WinAVIVideoConverter
2006-08-02 14:08 -------- d-------- C:\Program Files\Tecnomatix
2006-07-27 16:22 -------- d-------- C:\Documents and Settings\f33278\Application Data\Adobe
2006-07-27 15:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-27 14:14 94208 --a------ C:\WINDOWS\system32\Connect.dll
2006-07-21 10:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-06-22 07:06 69120 --a------ C:\WINDOWS\system32\ciodm.dll
2006-06-22 07:06 1435648 --a------ C:\WINDOWS\system32\query.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,\
73,74,65,6d,33,32,5c,6d,6f,62,73,79,6e,63,2e,65,78,65,20,2f,6c,6f,67,6f,6e,\
00
"LTSMMSG"="LTSMMSG.exe"
"ATIModeChange"="Ati2mdxx.exe"
"AtiPTA"="atiptaxx.exe"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"SchedulingAgent"="mstinit.exe /firstlogon"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~2\\VPTray.exe"
"ProxyHostTrayIcon"="\"C:\\Program Files\\ON Technology\\ON Command Remote Host\\phtray.exe\""
"CCM User Profile Manager"="\"c:\\_integra\\upm\\bin\\CCM_User.exe\""
"FreePDF Assistant"="C:\\Program Files\\FreePDF_XP\\fpassist.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"WG511WLU"="C:\\Program Files\\NETGEAR\\WG511\\Utility\\WG511WLU.exe"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,2b,01,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoSimpleNetIDList"=dword:00000001
"NoDesktopCleanupWizard"=dword:00000001
"NoWindowsUpdate"=dword:00000001
"NoSMBalloonTip"=dword:00000001
"DisablePersonalDirChange"=dword:00000001
"NoWelcomeScreen"=dword:00000001
"NoAutoUpdate"=dword:00000000
"NoSharedDocuments"=dword:00000001
"NoThumbnailCache"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"disablecad"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoStrCmpLogical"=dword:00000001
"PerInstanceIconHandlerForOffline"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
"pmsngr.exe"="C:\\Program Files\\Media-Codec\\pmsngr.exe"
"homepage.monitor.exe"="C:\\Program Files\\Media-Codec\\isamonitor.exe"
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 20.09.2006 10:03:02.56
ComboFix.txt
Datfind++++++++++++++++++++++++++++++++++++++++++++++++++
System32++++++++++++++++
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 48F3-BC46
Verzeichnis von C:\WINDOWS\system32
19.09.2006 10:40 133.280 FNTCACHE.DAT
18.09.2006 09:21 2.206 wpa.dbl
02.09.2006 17:12 10.507 QuickTime.qtp
02.09.2006 17:11 2.222 QuickTimeFavorites.qtr
29.08.2006 19:43 135.168 swreg.exe
16.08.2006 14:09 3.058.176 mshtml.dll
02.08.2006 11:39 673 LMGRD.LOG
27.07.2006 15:24 679.424 inetcomm.dll
27.07.2006 14:14 94.208 Connect.dll
25.07.2006 22:42 615.424 urlmon.dll
21.07.2006 10:24 72.704 hlink.dll
14.07.2006 17:31 332.288 netapi32.dll
14.07.2006 17:25 546.304 hhctrl.ocx
13.07.2006 16:03 8.457.728 shell32.dll
13.07.2006 13:22 150.016 xpsp3res.dll
05.07.2006 12:55 984.064 kernel32.dll
26.06.2006 19:37 148.480 dnsapi.dll
26.06.2006 19:37 8.192 rasadhlp.dll
23.06.2006 13:25 664.576 wininet.dll
23.06.2006 13:25 448.512 mshtmled.dll
23.06.2006 13:25 15.872 jsproxy.dll
23.06.2006 13:25 39.424 pngfilt.dll
23.06.2006 13:25 251.904 iepeers.dll
23.06.2006 13:25 96.256 inseng.dll
23.06.2006 13:25 474.112 shlwapi.dll
23.06.2006 13:25 146.432 msrating.dll
23.06.2006 13:25 532.480 mstime.dll
23.06.2006 13:25 1.497.088 shdocvw.dll
23.06.2006 13:25 151.040 cdfview.dll
23.06.2006 13:25 1.054.208 danim.dll
23.06.2006 13:25 1.022.976 browseui.dll
23.06.2006 13:25 357.888 dxtmsft.dll
23.06.2006 13:25 205.312 dxtrans.dll
23.06.2006 13:25 55.808 extmgr.dll
22.06.2006 07:06 1.435.648 query.dll
22.06.2006 07:06 69.120 ciodm.dll
17.06.2006 10:36 47.616 ODBCMON.DLL
07.06.2006 17:35 23.151 ATMenuxx.GID
02.06.2006 11:04 57.384 avsda.dll
01.06.2006 20:47 163.840 jgdw400.dll
01.06.2006 20:47 27.648 jgpl400.dll
systemtemp+++++++++++++++++++++++++++++++++++
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 48F3-BC46
Verzeichnis von C:\DOCUME~1\f33278\LOCALS~1\Temp
20.09.2006 09:17 49.152 ~DFDF10.tmp
20.09.2006 09:17 16.384 ~DFDEFC.tmp
20.09.2006 09:02 16.384 ~DF289D.tmp
3 Datei(en) 81.920 Bytes
0 Verzeichnis(se), 19.443.958.784 Bytes frei
system+++++++++++++++++++++++++++++++++++++++++
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 48F3-BC46
Verzeichnis von C:\WINDOWS
20.09.2006 09:00 16 MSCIOTL.SYS
20.09.2006 08:59 0 0.log
20.09.2006 08:59 2.048 bootstat.dat
19.09.2006 17:37 32.552 SchedLgU.Txt
19.09.2006 17:37 42.912 WindowsUpdate.log
14.09.2006 18:31 86.770 setupapi.log
14.09.2006 11:34 1.409 QTFont.for
14.09.2006 11:34 54.156 QTFont.qfn
14.09.2006 09:55 6.413 KB923996.log
14.09.2006 09:55 38.030 updspapi.log
14.09.2006 09:54 5.824 KB920685.log
sys+++++++++++++++++++++++++++++++++++++++++++
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 48F3-BC46
Verzeichnis von C:\
20.09.2006 10:35 0 sys.txt
20.09.2006 10:34 13.187 system.txt
20.09.2006 10:34 391 systemtemp.txt
20.09.2006 10:33 108.733 system32.txt
20.09.2006 10:03 8.160 ComboFix.txt
20.09.2006 10:01 8.978 hijackthis.log
20.09.2006 09:56 26.624 How_To.doc
20.09.2006 09:53 276.062 combofix.exe
20.09.2006 09:52 339.257 CleanUp452.exe
20.09.2006 09:00 16 MSCIOTL.SYS
20.09.2006 08:59 535.871.488 hiberfil.sys
20.09.2006 08:59 805.306.368 pagefile.sys
22.08.2006 15:58 150 YServer.txt
19.07.2006 14:29 746 midi studio g6.Key
03.04.2006 11:00 236 boot.ini
03.04.2006 09:45 47.564 NTDETECT.COM
03.04.2006 09:45 250.032 ntldr
31.03.2006 17:56 512 BOOTSECT.DOS
31.03.2006 17:49 6 MSDOS.SYS
31.03.2006 16:20 0 CONFIG.SYS
31.03.2006 16:20 0 AUTOEXEC.BAT
23.01.2006 15:36 429 datFind.bat