"safeiepage.com" seit Sonntag - IE ist völlig außer GefechtThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
24.10.2006, 23:15
...neu hier
Beiträge: 9 |
||
|
||
25.10.2006, 11:57
Ehrenmitglied
Beiträge: 29434 |
#2
aries-b
1. scanne mit smitfraudfix - option 1 und 2 - poste hier die scanreporte http://virus-protect.org/artikel/tools/smitfrautfix.html 2. öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O2 - BHO: (no name) - {5EFD170F-AA84-49D2-A87E-28D6B007AAC2} - C:\WINDOWS\system32\kbdfi132.dll3. poste dieses log http://virus-protect.org/artikel/tools/combofix.html 4. stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html 5. Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
25.10.2006, 21:09
...neu hier
Themenstarter Beiträge: 9 |
#3
Hallo Sabrina, bevor ich deine Mail bekam, habe ich im abgesicherten Modus aus der Reg. 2 Einträge gelöscht und den Ordner"VIDEOCOMPRESSIONCODECS" mit folgenden Exen:
1. pmmon.exe 2. isamonitor.exe 3. isamini.exe 4. isadon.dll und 5. pmsngr.exe . Ich hoffe, dass der I.E.. wieder fehlerfrei arbeitet. Ich werde morgen berichten. Großen Dank und mehr----- Noch nen schönen Abend! edit |
|
|
||
25.10.2006, 23:02
Ehrenmitglied
Beiträge: 29434 |
#4
du musst alles abarbeiten, worum ich gebeten habe
beginnend bei smitfraudfix ...usw... __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.10.2006, 22:10
...neu hier
Themenstarter Beiträge: 9 |
#5
Hallo sabina, das ist das erste file:
SmitFraudFix v2.113 Scan done at 20:16:10,10, 26.10.2006 Run from F:\1 Setups - Updates\craagle.exe !!!!!!!!!!\Smitfraudfix.zip\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process Nr2: Logfile of HijackThis v1.99.1 Scan saved at 20:41:01, on 26.10.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\GEARSec.exe D:\PROGRAMME\KERIO\Personal Firewall 4\kpf4ss.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE D:\PROGRAMME\KERIO\Personal Firewall 4\kpf4gui.exe C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe D:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe C:\WINDOWS\System32\MsPMSPSv.exe D:\PROGRAMME\KERIO\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\Explorer.EXE C:\Programme\T-Online\ISDN SpeedManager\Tomcat.exe C:\Programme\Microsoft IntelliType Pro\type32.exe C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe C:\Programme\Microsoft IntelliPoint\point32.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe D:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\Dit.exe C:\Programme\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\NCLAUNCH.EXe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe D:\Programme\FRITZ!\IWatch.exe D:\Programme\Nikon\PictureProject\NkbMonitor.exe D:\Programme\WEBDE\SmartSurfer3.1\SmartSurfer.exe D:\Programme\Mozilla\Firefox 1.5\firefox.exe D:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE F:\1 Setups - Updates\craagle.exe !!!!!!!!!!\higthjackthis\HijackThis.exe F1 - win.ini: load=c:\01comm32\bin\01comm32.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PreispiratenSearchURL - {0B660087-931C-4056-A04F-0423890E40B6} - d:\Programme\Preispiraten\Preispiraten2\PPSearchURL.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: metaspinner media GmbH - {84B94901-3645-4D80-A6B7-4D0050B19455} - d:\Programme\Preispiraten\Preispiraten2\IEButtonAmazonInterface.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: metaspinner media GmbH - {D3AA56A9-8137-4950-A6F9-D0190A82AF2A} - d:\Programme\Preispiraten\Preispiraten2\IEButtonPPInterface.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [ISDN SpeedManager] "C:\Programme\T-Online\ISDN SpeedManager\Tomcat.exe" O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [PINNACLEDRIVERCHECK] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [KAVPersonal50] "D:\PROGRAMME\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\kav.exe" /minimize O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [hp imaging helper] C:\WINDOWS\system32\hpusbscr.exe O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "D:\PROGRAMME\ELABORATE BYTES\CLONECD\ELBYCHECK.EXE" /L ELBYCDFL O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [UVS10 Preload] d:\Programme\Ulead Systems\Ulead VideoStudio 10.0\uvPL.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\PROGRAMME\QUICKTIME\qttask.exe" -atboottime O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: SmartSurfer.lnk = D:\Programme\WEBDE\SmartSurfer3.1\SmartSurfer.exe O4 - Global Startup: ISDNWatch.lnk = D:\Programme\FRITZ!\IWatch.exe O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NkbMonitor.exe.lnk = D:\Programme\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - d:\\Programme\\Preispiraten\\Preispiraten2\\preispiraten.html O8 - Extra context menu item: amazon Suche - d:\Programme\Preispiraten\Preispiraten2\Searchamazon.htm O8 - Extra context menu item: amazon Suche starten - d:\Programme\Preispiraten\Preispiraten2\Searchamazon.htm O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: eBay - Mein eBay - d:\Programme\Preispiraten\Preispiraten2\SearchEbaymein.htm O8 - Extra context menu item: eBay - Powersuche - d:\Programme\Preispiraten\Preispiraten2\SearchEbaypower.htm O8 - Extra context menu item: eBay - Startseite - d:\Programme\Preispiraten\Preispiraten2\SearchEbay.htm O8 - Extra context menu item: eBay Suche starten - d:\Programme\Preispiraten\Preispiraten2\SearchEbay.htm O8 - Extra context menu item: Google Suche - d:\Programme\Preispiraten\Preispiraten2\SearchGoogle.htm O8 - Extra context menu item: Google Suche starten - d:\Programme\Preispiraten\Preispiraten2\SearchGoogle.htm O8 - Extra context menu item: In Adobe PDF konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Preispiraten 2.5 - {2638A03E-1669-43BE-8119-B47087629A7F} - d:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe O9 - Extra button: (no name) - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - (no file) O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.4mbo.de O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120061423441 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139682237151 O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/de/check/qdiagh.cab?326 O17 - HKLM\System\CCS\Services\Tcpip\..\{7767466E-11F8-4311-95CA-8853A59F3C37}: NameServer = 192.168.120.252,192.168.120.253 O17 - HKLM\System\CCS\Services\Tcpip\..\{7AE18BC8-C8EE-480A-8ABF-BD8262A18194}: NameServer = 217.237.149.225 217.237.151.115 O17 - HKLM\System\CS1\Services\Tcpip\..\{F861D9CF-1C61-4A0F-A836-67C3385D48E1}: NameServer = 141.48.3.3 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Unknown owner - C:\Programme\iPod\bin\iPodService.exe (file missing) O23 - Service: kavsvc - Kaspersky Lab - D:\PROGRAMME\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAVSVC.EXE O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - D:\PROGRAMME\KERIO\Personal Firewall 4\kpf4ss.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: V2i Protector - PowerQuest Corporation - D:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe Nr3 : Dr. Bernd Mller - 06-10-26 21:03:19,69 Service Pack 2 ComboFix 06.10.19 - Running from: "F:\1 Setups - Updates\craagle.exe !!!!!!!!!!\combofix" ((((((((((((((((((((((((((((((( Files Created from 2006-09-26 to 2006-10-26 )))))))))))))))))))))))))))))))))) 2006-10-11 21:57 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-26 20:48 17408 --a------ C:\WINDOWS\system32\drivers\USBCRFT.SYS 2006-10-25 20:59 -------- d-------- C:\Programme\CleanUp! 2006-10-22 19:34 -------- d-------- C:\Programme\Apple Software Update 2006-10-22 00:02 2828 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2006-10-15 17:24 -------- d-------- C:\Programme\MSXML 4.0 2006-10-12 20:55 -------- d-------- C:\Programme\Java 2006-10-12 20:12 61072 --a------ C:\WINDOWS\system32\drivers\klick.sys 2006-10-12 20:12 59536 --a------ C:\WINDOWS\system32\drivers\klin.sys 2006-09-25 21:04 1880 --a------ C:\WINDOWS\AUTOLNCH.REG 2006-09-23 23:14 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll 2006-09-23 22:50 -------- d-------- C:\Programme\Gemeinsame Dateien\ACD Systems 2006-09-23 08:39 -------- d-------- C:\Dokumente und Einstellungen\Dr. Bernd Mller\Anwendungsdaten\Google 2006-09-20 21:10 -------- d-------- C:\Programme\Google 2006-09-16 14:11 -------- d-------- C:\Dokumente und Einstellungen\Dr. Bernd Mller\Anwendungsdaten\Ulead Systems 2006-09-16 12:55 -------- d--h----- C:\Programme\InstallShield Installation Information 2006-09-13 07:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll 2006-09-12 17:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll 2006-09-05 20:19 -------- d-------- C:\Dokumente und Einstellungen\Dr. Bernd Mller\Anwendungsdaten\Adobe 2006-09-04 22:39 -------- d-------- C:\Programme\Gemeinsame Dateien\Real 2006-09-04 22:38 -------- d-------- C:\Programme\Gemeinsame Dateien 2006-09-04 22:38 -------- d-------- C:\Dokumente und Einstellungen\Dr. Bernd Mller\Anwendungsdaten\Real 2006-08-25 17:46 617472 --a------ C:\WINDOWS\system32\comctl32.dll 2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-16 13:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll 2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-26 13:27 3997696 --a------ C:\WINDOWS\system32\NkNEFPlugin.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "NCLaunch"="C:\\WINDOWS\\NCLAUNCH.EXe" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\"" "swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ISDN SpeedManager"="\"C:\\Programme\\T-Online\\ISDN SpeedManager\\Tomcat.exe\"" "type32"="\"C:\\Programme\\Microsoft IntelliType Pro\\type32.exe\"" "PINNACLEDRIVERCHECK"="C:\\WINDOWS\\System32\\PSDrvCheck.exe" "NVMixerTray"="\"C:\\Programme\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\"" "KAVPersonal50"="\"D:\\PROGRAMME\\KASPERSKY LAB\\KASPERSKY ANTI-VIRUS PERSONAL\\kav.exe\" /minimize" "ISUSScheduler"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\issch.exe\" -start" "ISUSPM Startup"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\isuspm.exe\" -startup" "IntelliPoint"="\"C:\\Programme\\Microsoft IntelliPoint\\point32.exe\"" "HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe" "hp imaging helper"="C:\\WINDOWS\\system32\\hpusbscr.exe" "ElbyCheckElbyCDFL"="\"D:\\PROGRAMME\\ELABORATE BYTES\\CLONECD\\ELBYCHECK.EXE\" /L ELBYCDFL" "Acrobat Assistant 7.0"="\"D:\\Programme\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\"" "Dit"="Dit.exe" "NeroFilterCheck"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe" "SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_09\\bin\\jusched.exe\"" "UVS10 Preload"="d:\\Programme\\Ulead Systems\\Ulead VideoStudio 10.0\\uvPL.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "nForce Tray Options"="sstray.exe /r" "iTunesHelper"="\"D:\\Programme\\iTunes\\iTunesHelper.exe\"" "QuickTime Task"="\"D:\\PROGRAMME\\QUICKTIME\\qttask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000004 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:000ff255 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\1-Klick-Wartung.job C:\WINDOWS\tasks\AppleSoftwareUpdate.job Completion time: 06-10-26 21:06:18.70 C:\ComboFix.txt ... 06-10-26 21:06 C:\ComboFix2.txt ... 06-10-25 20:47 edit \Sabina Nr:5 hier kam ich nicht weiter! irgend etwas funktionierte nicht! MvG Aries |
|
|
||
27.10.2006, 00:19
Ehrenmitglied
Beiträge: 29434 |
#6
wenn du smitfraudfix angewendet hast...muesste alles wieder o.k. sein
oder ??? «« virustotal Oben auf der Seite --> auf Durchsuchen klicken --> Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten http://www.virustotal.com/flash/index_en.html C:\WINDOWS\system32\kbdfi132.dll c:\01comm32\bin\01comm32.exe poste den report __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
31.10.2006, 19:17
...neu hier
Themenstarter Beiträge: 9 |
#7
Hallo Sabina, ich 3 Tage unterwegs,
ich glaube auch, dass der Rechner wieder frei von "Ungeziefer" ist . Vielen und großen Dank B.M. - aries-b VirusTotal VirusTotal is a free file analisys service that works using several antivirus engines. Select file : Distribute SSL Enter your email, choose the file to be scanned with multiple antivirus engines and click Send. Menu: * News Hot news in the virus/antivirus sector. * Estadisticas Statistics of VirusTotal procesing. * Virustotal More info about Virustotal. STATUS: FINISHED Complete scanning result of "kbdfi132.dll", received in VirusTotal at 10.31.2006, 19:06:27 (CET). Antivirus Version Update Result AntiVir 7.2.0.34 10.31.2006 no virus found Authentium 4.93.8 10.31.2006 no virus found Avast 4.7.892.0 10.31.2006 no virus found AVG 386 10.31.2006 no virus found BitDefender 7.2 10.31.2006 no virus found CAT-QuickHeal 8.00 10.31.2006 no virus found ClamAV devel-20060426 10.31.2006 no virus found DrWeb 4.33 10.31.2006 no virus found eTrust-InoculateIT 23.73.41 10.31.2006 no virus found eTrust-Vet 30.3.3170 10.31.2006 no virus found Ewido 4.0 10.31.2006 no virus found Fortinet 2.82.0.0 10.31.2006 no virus found F-Prot 3.16f 10.31.2006 no virus found F-Prot4 4.2.1.29 10.31.2006 no virus found Ikarus 0.2.65.0 10.31.2006 no virus found Kaspersky 4.0.2.24 10.31.2006 no virus found McAfee 4884 10.30.2006 no virus found Microsoft 1.1609 10.31.2006 no virus found NOD32v2 1.1845 10.31.2006 no virus found Norman 5.80.02 10.31.2006 no virus found Panda 9.0.0.4 10.31.2006 no virus found Sophos 4.10.0 10.26.2006 no virus found TheHacker 6.0.1.109 10.30.2006 no virus found UNA 1.83 10.31.2006 no virus found VBA32 3.11.1 10.31.2006 no virus found VirusBuster 4.3.15:9 10.31.2006 no virus found Aditional Information File size: 0 bytes MD5: d41d8cd98f00b204e9800998ecf8427e SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. > Go to: Home Contactar En Español www.virustotal.com :: ©Hispasec Sistemas 2004-06:: e-mail info@virustotal.com VirusTotal VirusTotal is a free file analisys service that works using several antivirus engines. Select file : Distribute SSL Enter your email, choose the file to be scanned with multiple antivirus engines and click Send. Menu: * News Hot news in the virus/antivirus sector. * Estadisticas Statistics of VirusTotal procesing. * Virustotal More info about Virustotal. STATUS: FINISHED Complete scanning result of "01comm32.exe", received in VirusTotal at 10.31.2006, 19:12:20 (CET). Antivirus Version Update Result AntiVir 7.2.0.34 10.31.2006 no virus found Authentium 4.93.8 10.31.2006 no virus found Avast 4.7.892.0 10.31.2006 no virus found AVG 386 10.31.2006 no virus found BitDefender 7.2 10.31.2006 no virus found CAT-QuickHeal 8.00 10.31.2006 no virus found ClamAV devel-20060426 10.31.2006 no virus found DrWeb 4.33 10.31.2006 no virus found eTrust-InoculateIT 23.73.41 10.31.2006 no virus found eTrust-Vet 30.3.3170 10.31.2006 no virus found Ewido 4.0 10.31.2006 no virus found Fortinet 2.82.0.0 10.31.2006 no virus found F-Prot 3.16f 10.31.2006 no virus found F-Prot4 4.2.1.29 10.31.2006 no virus found Ikarus 0.2.65.0 10.31.2006 no virus found Kaspersky 4.0.2.24 10.31.2006 no virus found McAfee 4884 10.30.2006 no virus found Microsoft 1.1609 10.31.2006 no virus found NOD32v2 1.1845 10.31.2006 no virus found Norman 5.80.02 10.31.2006 no virus found Panda 9.0.0.4 10.31.2006 no virus found Sophos 4.10.0 10.26.2006 no virus found TheHacker 6.0.1.109 10.30.2006 no virus found UNA 1.83 10.31.2006 no virus found VBA32 3.11.1 10.31.2006 no virus found VirusBuster 4.3.15:9 10.31.2006 no virus found Aditional Information File size: 0 bytes MD5: d41d8cd98f00b204e9800998ecf8427e SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. > Go to: Home Contactar En Español www.virustotal.com :: ©Hispasec Sistemas 2004-06:: e-mail info@virustotal.com |
|
|
||
01.11.2006, 00:07
Ehrenmitglied
Beiträge: 29434 |
#8
das gefaellt mir nicht - und googeln erbringt auch nichts
dazu ist es eine 0-Datei, will mal wissen, wieso das geladen wird... es sieht sehr nach einem Startseiten Trojaner aus F1 - win.ini: load=c:\01comm32\bin\01comm32.exe O2 - BHO: (no name) - {5EFD170F-AA84-49D2-A87E-28D6B007AAC2} - C:\WINDOWS\system32\kbdfi132.dll ich schaue mit mal das ladedatum an: Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint Zitat cd\ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
01.11.2006, 22:09
...neu hier
Themenstarter Beiträge: 9 |
#9
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp. C:\Dokumente und Einstellungen\Bernd Müller>cd\ C:\>dir "c:\01comm32\bin">>files.txt Datei nicht gefunden C:\>dir "C:\WINDOWS\system32\kbdfi132.dll">>files.txt Datei nicht gefunden C:\> Ich bin über Start ,Ausführen in den Editor gegangen mit cmd, dateien hatte er nicht gefunden. mvG B.Müller |
|
|
||
01.11.2006, 22:19
Ehrenmitglied
Beiträge: 29434 |
#10
1.
HijackThis starten, "Open the misc tools section" klicken, die beiden Kästchen "List also minor sections" und "List empty sections" markieren und dann "Generate StartupList log" klicken. - poste den report 2. fixe falls vorhanden: öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat F1 - win.ini: load=c:\01comm32\bin\01comm32.exePC neustarten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
02.11.2006, 20:29
...neu hier
Themenstarter Beiträge: 9 |
#11
Hallo Sabina!
Hier der Report : StartupList report, 02.11.2006, 20:09:48 StartupList version: 1.52.2 Started from : F:\1 Setups - Updates\craagle.exe !!!!!!!!!!\higthjackthis\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\GEARSec.exe D:\PROGRAMME\KERIO\Personal Firewall 4\kpf4ss.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE D:\PROGRAMME\KERIO\Personal Firewall 4\kpf4gui.exe C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe D:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe C:\WINDOWS\System32\MsPMSPSv.exe D:\PROGRAMME\KERIO\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\Explorer.EXE C:\Programme\T-Online\ISDN SpeedManager\Tomcat.exe C:\Programme\Microsoft IntelliType Pro\type32.exe C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe C:\Programme\Microsoft IntelliPoint\point32.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe D:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\Dit.exe C:\Programme\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\NCLAUNCH.EXe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe D:\Programme\FRITZ!\IWatch.exe D:\Programme\Nikon\PictureProject\NkbMonitor.exe D:\Programme\WEBDE\SmartSurfer3.1\SmartSurfer.exe D:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE D:\PROGRAMME\MICROSOFT OFFICE\OFFICE11\WINWORD.EXE C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe D:\Programme\Mozilla\Firefox 1.5\firefox.exe F:\1 Setups - Updates\craagle.exe !!!!!!!!!!\higthjackthis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Dokumente und Einstellungen\Dr. Bernd Müller\Startmenü\Programme\Autostart] Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe SmartSurfer.lnk = D:\Programme\WEBDE\SmartSurfer3.1\SmartSurfer.exe Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart] ISDNWatch.lnk = D:\Programme\FRITZ!\IWatch.exe Microsoft Office.lnk = D:\Programme\Microsoft Office\Office10\OSA.EXE NkbMonitor.exe.lnk = D:\Programme\Nikon\PictureProject\NkbMonitor.exe Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run ISDN SpeedManager = "C:\Programme\T-Online\ISDN SpeedManager\Tomcat.exe" type32 = "C:\Programme\Microsoft IntelliType Pro\type32.exe" PINNACLEDRIVERCHECK = C:\WINDOWS\System32\PSDrvCheck.exe NVMixerTray = "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe" KAVPersonal50 = "D:\PROGRAMME\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\kav.exe" /minimize ISUSScheduler = "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start ISUSPM Startup = "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup IntelliPoint = "C:\Programme\Microsoft IntelliPoint\point32.exe" HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe hp imaging helper = C:\WINDOWS\system32\hpusbscr.exe ElbyCheckElbyCDFL = "D:\PROGRAMME\ELABORATE BYTES\CLONECD\ELBYCHECK.EXE" /L ELBYCDFL Acrobat Assistant 7.0 = "D:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" Dit = Dit.exe NeroFilterCheck = C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe SunJavaUpdateSched = "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe" UVS10 Preload = d:\Programme\Ulead Systems\Ulead VideoStudio 10.0\uvPL.exe NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup nwiz = nwiz.exe /install iTunesHelper = "D:\Programme\iTunes\iTunesHelper.exe" QuickTime Task = "D:\PROGRAMME\QUICKTIME\qttask.exe" -atboottime -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run NCLaunch = C:\WINDOWS\NCLAUNCH.EXe ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" swg = C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] *No values found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\System32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install [{8b15971b-5355-4c82-8c07-7e181ea07608}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=c:\01comm32\bin\01comm32.exe run= Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Company name OK: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE' - File description: 'Registrierungs-Editor' Registry check passed -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - d:\Programme\Preispiraten\Preispiraten2\PPSearchURL.dll - {0B660087-931C-4056-A04F-0423890E40B6} (no name) - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - d:\Programme\Preispiraten\Preispiraten2\IEButtonAmazonInterface.dll - {84B94901-3645-4D80-A6B7-4D0050B19455} (no name) - c:\programme\google\googletoolbar3.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} (no name) - D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910} (no name) - d:\Programme\Preispiraten\Preispiraten2\IEButtonPPInterface.dll - {D3AA56A9-8137-4950-A6F9-D0190A82AF2A} -------------------------------------------------- Enumerating Task Scheduler jobs: 1-Klick-Wartung.job AppleSoftwareUpdate.job -------------------------------------------------- Enumerating Download Program Files: [Microsoft XML Parser for Java] CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd [Windows Genuine Advantage Validation Tool] InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204 [YInstStarter Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab [Office Update Installation Engine] InProcServer32 = C:\WINDOWS\opuc.dll CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab [WUWebControl Class] InProcServer32 = C:\WINDOWS\System32\wuweb.dll CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120061423441 [MUWebControl Class] InProcServer32 = C:\WINDOWS\system32\muweb.dll CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139682237151 [Java Plug-in 1.5.0_09] InProcServer32 = C:\Programme\Java\jre1.5.0_09\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab [TLIEFlashObj Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\TLFlsCtl.dll CODEBASE = https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB [Java Plug-in 1.5.0_07] InProcServer32 = C:\Programme\Java\jre1.5.0_09\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab [Java Plug-in 1.5.0_09] InProcServer32 = C:\Programme\Java\jre1.5.0_09\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab [Java Plug-in 1.5.0_09] InProcServer32 = C:\Programme\Java\jre1.5.0_09\bin\npjpi150_09.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx CODEBASE = http://active.macromedia.com/flash4/cabs/swflash.cab [QDiagHUpdateObj Class] InProcServer32 = C:\WINDOWS\System32\qdiagh.ocx CODEBASE = http://h30043.www3.hp.com/hpdj/de/check/qdiagh.cab?326 -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll NameSpace #4: C:\WINDOWS\system32\pnrpnsp.dll NameSpace #5: C:\WINDOWS\system32\pnrpnsp.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll Protocol #16: C:\WINDOWS\system32\mswsock.dll Protocol #17: C:\WINDOWS\system32\mswsock.dll Protocol #18: C:\WINDOWS\system32\mswsock.dll Protocol #19: C:\WINDOWS\system32\mswsock.dll Protocol #20: C:\WINDOWS\system32\mswsock.dll Protocol #21: C:\WINDOWS\system32\mswsock.dll Protocol #22: C:\WINDOWS\system32\mswsock.dll Protocol #23: C:\WINDOWS\system32\mswsock.dll Protocol #24: C:\WINDOWS\system32\mswsock.dll Protocol #25: C:\WINDOWS\system32\mswsock.dll Protocol #26: C:\WINDOWS\system32\mswsock.dll Protocol #27: C:\WINDOWS\system32\mswsock.dll Protocol #28: C:\WINDOWS\system32\mswsock.dll Protocol #29: C:\WINDOWS\system32\mswsock.dll Protocol #30: C:\WINDOWS\system32\mswsock.dll Protocol #31: C:\WINDOWS\system32\mswsock.dll Protocol #32: C:\WINDOWS\system32\mswsock.dll Protocol #33: C:\WINDOWS\system32\mswsock.dll Protocol #34: C:\WINDOWS\system32\mswsock.dll Protocol #35: C:\WINDOWS\system32\mswsock.dll Protocol #36: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services IPv6-Hilfsdienst: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Microsoft ACPI-Treiber: System32\DRIVERS\ACPI.sys (system) Adobe LM Service: "C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start) Microsoft Kernel-Echounterdrückung: system32\drivers\aec.sys (manual start) Umgebung für die AFD-Netzwerkunterstützung: \SystemRoot\System32\drivers\afd.sys (system) Warndienst: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) Gatewaydienst auf Anwendungsebene: %SystemRoot%\System32\alg.exe (manual start) ALi PCI to USB Enhanced Host Controller: System32\Drivers\ALIEHCI.sys (autostart) USB 2.0 Root Hub: System32\DRIVERS\AliRtHub.sys (manual start) AMD K7-Prozessortreiber: System32\DRIVERS\amdk7.sys (system) Anwendungsverwaltung: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) 1394-ARP-Clientprotokoll: System32\DRIVERS\arp1394.sys (manual start) ASP.NET-Statusdienst: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start) Asynchroner RAS -Medientreiber: System32\DRIVERS\asyncmac.sys (manual start) Standard-IDE/ESDI-Festplattencontroller: System32\DRIVERS\atapi.sys (system) Protokoll für ATM ARP-Client: System32\DRIVERS\atmarpc.sys (manual start) Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Audiostubtreiber: System32\DRIVERS\audstub.sys (manual start) AVMCOWAN: System32\DRIVERS\AVMCOWAN.sys (manual start) AVM NDIS WAN CAPI Treiber: System32\DRIVERS\avmwan.sys (manual start) basic2: System32\DRIVERS\HSF_BSC2.sys (manual start) Intelligenter Hintergrundübertragungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Computerbrowser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) C-DillaCdaC11BA: C:\WINDOWS\system32\drivers\CDAC11BA.EXE (autostart) Card Reader Filter: \??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS (manual start) Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start) CdaC15BA: \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS (autostart) CD-ROM-Laufwerktreiber: System32\DRIVERS\cdrom.sys (system) Cherry Universal Treiber: System32\DRIVERS\ChyWDMKb.sys (manual start) Indexdienst: C:\WINDOWS\System32\cisvc.exe (manual start) Ablagemappe: %SystemRoot%\system32\clipsrv.exe (disabled) COM+-Systemanwendung: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Kryptografiedienste: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) DCOM-Server-Prozessstart: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) AVM FRITZ!web Routing Service: C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (manual start) DHCP-Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Laufwerktreiber: System32\DRIVERS\disk.sys (system) Verwaltungsdienst für die Verwaltung logischer Datenträger: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) dmio: System32\drivers\dmio.sys (disabled) dmload: System32\drivers\dmload.sys (disabled) Verwaltung logischer Datenträger: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Microsoft Kernel-DLS-Synthesizer: system32\drivers\DMusic.sys (manual start) DNS-Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart) Microsoft Kernel-DRM-Audioentschlüsselung: system32\drivers\drmkaud.sys (manual start) ElbyCDFL: System32\Drivers\ElbyCDFL.sys (manual start) ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (autostart) Fehlerberichterstattungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Ereignisprotokoll: %SystemRoot%\system32\services.exe (autostart) COM+-Ereignissystem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start) Fallback: System32\DRIVERS\HSF_FALL.sys (autostart) Kompatibilität für schnelle Benutzerumschaltung: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Fax: %systemroot%\system32\fxssvc.exe (autostart) Diskettencontrollertreiber: System32\DRIVERS\fdc.sys (manual start) Diskettenlaufwerktreiber: System32\DRIVERS\flpydisk.sys (manual start) FltMgr: system32\drivers\fltmgr.sys (system) FRITZ!Card PCI: System32\DRIVERS\fpcibase.sys (manual start) Fsks: System32\DRIVERS\HSF_FSKS.sys (autostart) Treiber für Volume-Manager: System32\DRIVERS\ftdisk.sys (system) Firewall Driver: \SystemRoot\system32\drivers\fwdrv.sys (system) Teledat USB 2 a/b (WinXP/2000): System32\DRIVERS\fxusbase.sys (manual start) Gameport-Enumerator: System32\DRIVERS\gameenum.sys (manual start) GearAspiWDM: SYSTEM32\DRIVERS\GEARAspiWDM.sys (system) GEARSecurity: %SystemRoot%\System32\GEARSec.exe (autostart) Standardpaketklassifizierung: System32\DRIVERS\msgpc.sys (manual start) Hauppauge WinTV PVR PCI II (Encoder/Decoder): system32\DRIVERS\hcwPVRP2.sys (manual start) Hilfe und Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Microsoft HID Class-Treiber: System32\DRIVERS\hidusb.sys (manual start) Hewlett-Packard USB Filter Class: System32\DRIVERS\hpusbfd.sys (manual start) HSFHWBS2: System32\DRIVERS\HSFBS2S2.sys (manual start) HSF_DP: System32\DRIVERS\HSFDPSP2.sys (manual start) hsf_msft: System32\DRIVERS\HSF_MSFT.sys (manual start) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP-SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) i8042-Tastatur- und PS/2-Mausanschluss-Treiber: System32\DRIVERS\i8042prt.sys (system) InstallDriver Table Manager: "C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start) ids0004C: \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Anti-Virus Personal\5.0\bases\ids0004C.sys (manual start) Filtertreiber für CD-Brennen: System32\DRIVERS\imapi.sys (system) IMAPI-CD-Brenn-COM-Dienste: C:\WINDOWS\System32\imapi.exe (manual start) IPv6-Windows-Firewalltreiber: system32\drivers\ip6fw.sys (manual start) Microsoft IntelliPoint Features driver: System32\DRIVERS\IPFilter.sys (manual start) Filtertreiber für IP-Verkehr: System32\DRIVERS\ipfltdrv.sys (manual start) IP/IP-Tunneltreiber: System32\DRIVERS\ipinip.sys (manual start) Übersetzer für IP-Netzwerkadressen: System32\DRIVERS\ipnat.sys (manual start) iPod Service: "C:\Programme\iPod\bin\iPodService.exe" (manual start) RIP-Überwachung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) IPSEC-Treiber: System32\DRIVERS\ipsec.sys (system) IR-Enumeratordienst: System32\DRIVERS\irenum.sys (manual start) PnP-ISA/EISA-Bus-Treiber: System32\DRIVERS\isapnp.sys (system) K56: System32\DRIVERS\HSF_K56K.sys (autostart) kavsvc: "D:\PROGRAMME\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAVSVC.EXE" (autostart) Tastaturklassentreiber: System32\DRIVERS\kbdclass.sys (system) Tastatur-HID-Treiber: System32\DRIVERS\kbdhid.sys (system) Kerio HIPS Driver: \SystemRoot\system32\drivers\khips.sys (system) Kl1: System32\drivers\kl1.sys (system) Klif: System32\drivers\klif.sys (system) Klmc: System32\drivers\klmc.sys (system) Microsoft Kernel-Waveaudiomixer: system32\drivers\kmixer.sys (manual start) Kerio Personal Firewall 4: "D:\PROGRAMME\KERIO\Personal Firewall 4\kpf4ss.exe" (autostart) Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Arbeitsstationsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) TCP/IP-NetBIOS-Hilfsprogramm: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Machine Debug Manager: "C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart) mdmxsdk: System32\DRIVERS\mdmxsdk.sys (autostart) Nachrichtendienst: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) NetMeeting-Remotedesktop-Freigabe: C:\WINDOWS\System32\mnmsrvc.exe (manual start) Unimodem-Datenstromfiltergerät: system32\drivers\MODEMCSA.sys (manual start) Mausklassentreiber: System32\DRIVERS\mouclass.sys (system) Redirector für WebDav-Client: System32\DRIVERS\mrxdav.sys (manual start) MRXSMB: System32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start) Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start) Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start) Microsoft Proxy für Streaming Clock: system32\drivers\MSPCLOCK.sys (manual start) Microsoft Proxy für Streaming Quality Manager: system32\drivers\MSPQM.sys (manual start) Microsoft-Systemverwaltungs-BIOS-Treiber: System32\DRIVERS\mssmbios.sys (manual start) Microsoft Streaming Tee/Sink-to-Sink-Konvertierung: system32\drivers\MSTEE.sys (manual start) Microsoft MPU-401 MIDI UART-Treiber: system32\drivers\msmpu401.sys (manual start) NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start) Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start) RAS-NDIS-TAPI-Treiber: System32\DRIVERS\ndistapi.sys (manual start) NDIS-Benutzermodus-E/A-Protokoll: System32\DRIVERS\ndisuio.sys (manual start) RAS-NDIS-WAN-Treiber: System32\DRIVERS\ndiswan.sys (manual start) NetBIOS-Schnittstelle: System32\DRIVERS\netbios.sys (system) NetBios über TCP/IP: System32\DRIVERS\netbt.sys (system) Netzwerk-DDE-Dienst: %SystemRoot%\system32\netdde.exe (disabled) Netzwerk-DDE-Serverdienst: %SystemRoot%\system32\netdde.exe (disabled) AVM FRITZ!web PPP over ISDN: System32\DRIVERS\NETFRITZ.SYS (manual start) Anmeldedienst: %SystemRoot%\System32\lsass.exe (manual start) Netzwerkverbindungen: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) PPP over ISDN: System32\DRIVERS\NETPPPOI.SYS (manual start) 1394-Netzwerktreiber: System32\DRIVERS\nic1394.sys (manual start) NLA (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Norton Unerase Protection Driver: \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS (manual start) Norton Unerase Protection: C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (autostart) NT-LM-Sicherheitsdienst: %SystemRoot%\System32\lsass.exe (manual start) Wechselmedien: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) nv: System32\DRIVERS\nv4_mini.sys (manual start) Service for NVIDIA(R) nForce(TM) Audio Enumerator: system32\drivers\nvax.sys (manual start) NVIDIA nForce MCP Networking Controller Driver: system32\DRIVERS\NVENET.sys (manual start) Service for NVIDIA(R) nForce(TM) MIDI UART: system32\drivers\nvmpu401.sys (manual start) Service for NVIDIA(R) nForce(TM) Audio: system32\drivers\nvapu.sys (manual start) NVIDIA Driver Helper Service: %SystemRoot%\system32\nvsvc32.exe (autostart) NVIDIA nForce AGP Bus Filter: System32\DRIVERS\nv_agp.sys (system) Filtertreiber für IPX-Verkehr: System32\DRIVERS\nwlnkflt.sys (manual start) Treiber für IPX-Verkehrsweiterleitung: System32\DRIVERS\nwlnkfwd.sys (manual start) VIA OHCI-konformer IEEE 1394-Hostcontroller: System32\DRIVERS\ohci1394.sys (system) Office Source Engine: "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE" (manual start) Peernetzwerk-Gruppenauthentifizierung: %SystemRoot%\System32\svchost.exe -k p2psvc (manual start) Peernetzwerkidentitäts-Manager: %SystemRoot%\System32\svchost.exe -k p2psvc (manual start) Peernetzwerk: %SystemRoot%\System32\svchost.exe -k p2psvc (manual start) Treiber für parallelen Anschluss: System32\DRIVERS\parport.sys (manual start) PCI Bus Driver: System32\DRIVERS\pci.sys (system) PCIIde: System32\DRIVERS\pciide.sys (system) Padus ASPI Shell: system32\drivers\pfc.sys (manual start) Plug & Play: %SystemRoot%\system32\services.exe (autostart) Peer Name Resolution-Protokoll: %SystemRoot%\System32\svchost.exe -k p2psvc (manual start) Microsoft IntelliPoint Filter Driver: System32\DRIVERS\point32.sys (manual start) IPSEC-Dienste: %SystemRoot%\System32\lsass.exe (autostart) WAN-Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start) Prozessortreiber: System32\DRIVERS\processr.sys (system) Geschützter Speicher: %SystemRoot%\system32\lsass.exe (autostart) QoS-Paketplaner: System32\DRIVERS\psched.sys (manual start) Treiber für direkte Parallelverbindung: System32\DRIVERS\ptilink.sys (manual start) Treiber für automatische RAS-Verbindung: System32\DRIVERS\rasacd.sys (system) Verwaltung für automatische RAS-Verbindung: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WAN-Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start) RAS-Verbindungsverwaltung: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Remotezugriff-PPPOE-Treiber: System32\DRIVERS\raspppoe.sys (manual start) Parallelanschluss (direkt): System32\DRIVERS\raspti.sys (manual start) Rdbss: System32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Sitzungs-Manager für Remotedesktophilfe: C:\WINDOWS\system32\sessmgr.exe (manual start) Filtertreiber für digitale CD-Audiowiedergabe: System32\DRIVERS\redbook.sys (system) Routing und RAS: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Rksample: System32\DRIVERS\HSF_SAMP.sys (manual start) Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (autostart) RPC-Locator: %SystemRoot%\System32\locator.exe (manual start) Remoteprozeduraufruf (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS-RSVP: %SystemRoot%\System32\rsvp.exe (manual start) NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernetadapter: System32\DRIVERS\RTL8139.SYS (manual start) Sicherheitskontenverwaltung: %SystemRoot%\system32\lsass.exe (autostart) Bustreiber für SBP2-Transport/Protokoll: system32\DRIVERS\sbp2port.sys (system) Smartcard: %SystemRoot%\System32\SCardSvr.exe (manual start) Taskplaner: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: System32\DRIVERS\secdrv.sys (manual start) Sekundäre Anmeldung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Systemereignisbenachrichtigung: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Serenum-Filtertreiber: System32\DRIVERS\serenum.sys (manual start) Treiber für seriellen Anschluss: System32\DRIVERS\serial.sys (system) Windows-Firewall/Gemeinsame Nutzung der Internetverbindung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Shellhardwareerkennung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Einfache TCP/IP-Dienste: %SystemRoot%\System32\tcpsvcs.exe (autostart) BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start) SNMP-Dienst: %SystemRoot%\System32\snmp.exe (autostart) SNMP-Trap-Dienst: %SystemRoot%\System32\snmptrap.exe (manual start) SoftFax: System32\DRIVERS\HSF_FAXX.sys (autostart) Speed Disk service: C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe (autostart) Microsoft Kernel-Audiosplitter: system32\drivers\splitter.sys (manual start) Druckwarteschlange: %SystemRoot%\system32\spoolsv.exe (autostart) Filtertreiber für Systemwiederherstellung: System32\DRIVERS\sr.sys (system) Systemwiederherstellungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Srv: System32\DRIVERS\srv.sys (manual start) SSDP-Suchdienst: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Windows-Bilderfassung (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart) BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start) Software-Bus-Treiber: System32\DRIVERS\swenum.sys (manual start) Microsoft Kernel GS Wavetablesynthesizer: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{C393E3EA-0280-4FFD-AAAE-944FF29CC4A4} (manual start) SymEvent: \??\C:\Programme\Symantec\SYMEVENT.SYS (manual start) Microsoft Kernel-Systemaudiogerät: system32\drivers\sysaudio.sys (manual start) Leistungsdatenprotokolle und Warnungen: %SystemRoot%\system32\smlogsvc.exe (manual start) Telefonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) TCP/IP-Protokolltreiber: System32\DRIVERS\tcpip.sys (system) Microsoft IPv6-Protokolltreiber: system32\DRIVERS\tcpip6.sys (system) Terminal-Gerätetreiber: System32\DRIVERS\termdd.sys (system) Terminaldienste: %SystemRoot%\System32\svchost -k DComLaunch (manual start) Designs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) T-Online DynamicISDN (WDM): system32\DRIVERS\WTOMCAT.SYS (manual start) Tones: System32\DRIVERS\HSF_TONE.sys (autostart) Überwachung verteilter Verknüpfungen (Client): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Microsoft Tun-Miniportadaptertreiber: system32\DRIVERS\tunmp.sys (manual start) Ulead Burning Helper: C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (autostart) Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart) Microcode Updatetreiber: System32\DRIVERS\update.sys (manual start) Universeller Plug & Play-Gerätehost: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Unterbrechungsfreie Stromversorgung: %SystemRoot%\System32\ups.exe (manual start) Microsoft Standard-USB-Haupttreiber: System32\DRIVERS\usbccgp.sys (manual start) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start) USB Root Hub (usbport): System32\DRIVERS\usbhub.sys (manual start) Miniporttreiber für Microsoft USB Open Host-Controller: System32\DRIVERS\usbohci.sys (manual start) Microsoft USB-Druckerklasse: System32\DRIVERS\usbprint.sys (manual start) USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start) USB-Massenspeichertreiber: system32\DRIVERS\USBSTOR.SYS (manual start) Miniporttreiber für universellen Microsoft USB-Hostcontroller: system32\DRIVERS\usbuhci.sys (manual start) TuneUp Designerweiterung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) V124: System32\DRIVERS\HSF_V124.sys (autostart) V2i Protector: D:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe (autostart) VGA-Anzeigecontroller.: \SystemRoot\System32\drivers\vga.sys (system) vsdatant: System32\vsdatant.sys (manual start) Volumeschattenkopie: %SystemRoot%\System32\vssvc.exe (manual start) Windows-Zeitgeber: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) RAS-IP-ARP-Treiber: System32\DRIVERS\wanarp.sys (manual start) WAN Network Driver: System32\DRIVERS\wandrv.sys (manual start) Treiber für Microsoft WINMM-WDM-Audiokompatibilität: system32\drivers\wdmaud.sys (manual start) Webclient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) winachsf: System32\DRIVERS\HSFCXTS2.sys (manual start) Windows-Verwaltungsinstrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Windows Media Connect (WMC): c:\programme\windows media connect\mswmccds.exe (manual start) Windows Media Connect-Hilfsprogramm: C:\Programme\Windows Media Connect\mswmcls.exe (manual start) WMDM PMSP Service: C:\WINDOWS\System32\MsPMSPSv.exe (autostart) Dienst für Seriennummern der tragbaren Medien: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WMI-Leistungsadapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start) Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung: \SystemRoot\System32\drivers\ws2ifsl.sys (system) Sicherheitscenter: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start) Automatische Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Konfigurationsfreie drahtlose Verbindung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Netzwerkversorgungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk /p \??\I: Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll UPnPMonitor: C:\WINDOWS\system32\upnpui.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *No values found* -------------------------------------------------- End of report, 42.917 bytes Report generated in 0,550 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only StartupList report, 02.11.2006, 20:09:48 StartupList version: 1.52.2 Started from : F:\1 Setups - Updates\craagle.exe !!!!!!!!!!\higthjackthis\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\GEARSec.exe D:\PROGRAMME\KERIO\Personal Firewall 4\kpf4ss.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE D:\PROGRAMME\KERIO\Personal Firewall 4\kpf4gui.exe C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe D:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe C:\WINDOWS\System32\MsPMSPSv.exe D:\PROGRAMME\KERIO\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\Explorer.EXE C:\Programme\T-Online\ISDN SpeedManager\Tomcat.exe C:\Programme\Microsoft IntelliType Pro\type32.exe C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe C:\Programme\Microsoft IntelliPoint\point32.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe D:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\Dit.exe C:\Programme\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\NCLAUNCH.EXe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe D:\Programme\FRITZ!\IWatch.exe D:\Programme\Nikon\PictureProject\NkbMonitor.exe D:\Programme\WEBDE\SmartSurfer3.1\SmartSurfer.exe D:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE D:\PROGRAMME\MICROSOFT OFFICE\OFFICE11\WINWORD.EXE C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe D:\Programme\Mozilla\Firefox 1.5\firefox.exe F:\1 Setups - Updates\craagle.exe !!!!!!!!!!\higthjackthis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Dokumente und Einstellungen\Dr. Bernd Müller\Startmenü\Programme\Autostart] Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe SmartSurfer.lnk = D:\Programme\WEBDE\SmartSurfer3.1\SmartSurfer.exe Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart] ISDNWatch.lnk = D:\Programme\FRITZ!\IWatch.exe Microsoft Office.lnk = D:\Programme\Microsoft Office\Office10\OSA.EXE NkbMonitor.exe.lnk = D:\Programme\Nikon\PictureProject\NkbMonitor.exe Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run ISDN SpeedManager = "C:\Programme\T-Online\ISDN SpeedManager\Tomcat.exe" type32 = "C:\Programme\Microsoft IntelliType Pro\type32.exe" PINNACLEDRIVERCHECK = C:\WINDOWS\System32\PSDrvCheck.exe NVMixerTray = "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe" KAVPersonal50 = "D:\PROGRAMME\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\kav.exe" /minimize ISUSScheduler = "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start ISUSPM Startup = "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup IntelliPoint = "C:\Programme\Microsoft IntelliPoint\point32.exe" HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe hp imaging helper = C:\WINDOWS\system32\hpusbscr.exe ElbyCheckElbyCDFL = "D:\PROGRAMME\ELABORATE BYTES\CLONECD\ELBYCHECK.EXE" /L ELBYCDFL Acrobat Assistant 7.0 = "D:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" Dit = Dit.exe NeroFilterCheck = C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe SunJavaUpdateSched = "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe" UVS10 Preload = d:\Programme\Ulead Systems\Ulead VideoStudio 10.0\uvPL.exe NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup nwiz = nwiz.exe /install iTunesHelper = "D:\Programme\iTunes\iTunesHelper.exe" QuickTime Task = "D:\PROGRAMME\QUICKTIME\qttask.exe" -atboottime -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run NCLaunch = C:\WINDOWS\NCLAUNCH.EXe ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" swg = C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] *No values found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\System32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install [{8b15971b-5355-4c82-8c07-7e181ea07608}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=c:\01comm32\bin\01comm32.exe run= Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Company name OK: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE' - File description: 'Registrierungs-Editor' Registry check passed -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - d:\Programme\Preispiraten\Preispiraten2\PPSearchURL.dll - {0B660087-931C-4056-A04F-0423890E40B6} (no name) - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - d:\Programme\Preispiraten\Preispiraten2\IEButtonAmazonInterface.dll - {84B94901-3645-4D80-A6B7-4D0050B19455} (no name) - c:\programme\google\googletoolbar3.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} (no name) - D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910} (no name) - d:\Programme\Preispiraten\Preispiraten2\IEButtonPPInterface.dll - {D3AA56A9-8137-4950-A6F9-D0190A82AF2A} -------------------------------------------------- Enumerating Task Scheduler jobs: 1-Klick-Wartung.job AppleSoftwareUpdate.job -------------------------------------------------- Enumerating Download Program Files: [Microsoft XML Parser for Java] CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd [Windows Genuine Advantage Validation Tool] InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204 [YInstStarter Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab [Office Update Installation Engine] InProcServer32 = C:\WINDOWS\opuc.dll CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab [WUWebControl Class] InProcServer32 = C:\WINDOWS\System32\wuweb.dll CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120061423441 [MUWebControl Class] InProcServer32 = C:\WINDOWS\system32\muweb.dll CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139682237151 [Java Plug-in 1.5.0_09] InProcServer32 = C:\Programme\Java\jre1.5.0_09\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab [TLIEFlashObj Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\TLFlsCtl.dll CODEBASE = https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB [Java Plug-in 1.5.0_07] InProcServer32 = C:\Programme\Java\jre1.5.0_09\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab [Java Plug-in 1.5.0_09] InProcServer32 = C:\Programme\Java\jre1.5.0_09\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab [Java Plug-in 1.5.0_09] InProcServer32 = C:\Programme\Java\jre1.5.0_09\bin\npjpi150_09.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx CODEBASE = http://active.macromedia.com/flash4/cabs/swflash.cab [QDiagHUpdateObj Class] InProcServer32 = C:\WINDOWS\System32\qdiagh.ocx CODEBASE = http://h30043.www3.hp.com/hpdj/de/check/qdiagh.cab?326 -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll NameSpace #4: C:\WINDOWS\system32\pnrpnsp.dll NameSpace #5: C:\WINDOWS\system32\pnrpnsp.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll Protocol #16: C:\WINDOWS\system32\mswsock.dll Protocol #17: C:\WINDOWS\system32\mswsock.dll Protocol #18: C:\WINDOWS\system32\mswsock.dll Protocol #19: C:\WINDOWS\system32\mswsock.dll Protocol #20: C:\WINDOWS\system32\mswsock.dll Protocol #21: C:\WINDOWS\system32\mswsock.dll Protocol #22: C:\WINDOWS\system32\mswsock.dll Protocol #23: C:\WINDOWS\system32\mswsock.dll Protocol #24: C:\WINDOWS\system32\mswsock.dll Protocol #25: C:\WINDOWS\system32\mswsock.dll Protocol #26: C:\WINDOWS\system32\mswsock.dll Protocol #27: C:\WINDOWS\system32\mswsock.dll Protocol #28: C:\WINDOWS\system32\mswsock.dll Protocol #29: C:\WINDOWS\system32\mswsock.dll Protocol #30: C:\WINDOWS\system32\mswsock.dll Protocol #31: C:\WINDOWS\system32\mswsock.dll Protocol #32: C:\WINDOWS\system32\mswsock.dll Protocol #33: C:\WINDOWS\system32\mswsock.dll Protocol #34: C:\WINDOWS\system32\mswsock.dll Protocol #35: C:\WINDOWS\system32\mswsock.dll Protocol #36: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services IPv6-Hilfsdienst: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Microsoft ACPI-Treiber: System32\DRIVERS\ACPI.sys (system) Adobe LM Service: "C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start) Microsoft Kernel-Echounterdrückung: system32\drivers\aec.sys (manual start) Umgebung für die AFD-Netzwerkunterstützung: \SystemRoot\System32\drivers\afd.sys (system) Warndienst: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) Gatewaydienst auf Anwendungsebene: %SystemRoot%\System32\alg.exe (manual start) ALi PCI to USB Enhanced Host Controller: System32\Drivers\ALIEHCI.sys (autostart) USB 2.0 Root Hub: System32\DRIVERS\AliRtHub.sys (manual start) AMD K7-Prozessortreiber: System32\DRIVERS\amdk7.sys (system) Anwendungsverwaltung: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) 1394-ARP-Clientprotokoll: System32\DRIVERS\arp1394.sys (manual start) ASP.NET-Statusdienst: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start) Asynchroner RAS -Medientreiber: System32\DRIVERS\asyncmac.sys (manual start) Standard-IDE/ESDI-Festplattencontroller: System32\DRIVERS\atapi.sys (system) Protokoll für ATM ARP-Client: System32\DRIVERS\atmarpc.sys (manual start) Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Audiostubtreiber: System32\DRIVERS\audstub.sys (manual start) AVMCOWAN: System32\DRIVERS\AVMCOWAN.sys (manual start) AVM NDIS WAN CAPI Treiber: System32\DRIVERS\avmwan.sys (manual start) basic2: System32\DRIVERS\HSF_BSC2.sys (manual start) Intelligenter Hintergrundübertragungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Computerbrowser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) C-DillaCdaC11BA: C:\WINDOWS\system32\drivers\CDAC11BA.EXE (autostart) Card Reader Filter: \??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS (manual start) Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start) CdaC15BA: \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS (autostart) CD-ROM-Laufwerktreiber: System32\DRIVERS\cdrom.sys (system) Cherry Universal Treiber: System32\DRIVERS\ChyWDMKb.sys (manual start) Indexdienst: C:\WINDOWS\System32\cisvc.exe (manual start) Ablagemappe: %SystemRoot%\system32\clipsrv.exe (disabled) COM+-Systemanwendung: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Kryptografiedienste: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) DCOM-Server-Prozessstart: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) AVM FRITZ!web Routing Service: C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (manual start) DHCP-Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Laufwerktreiber: System32\DRIVERS\disk.sys (system) Verwaltungsdienst für die Verwaltung logischer Datenträger: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) dmio: System32\drivers\dmio.sys (disabled) dmload: System32\drivers\dmload.sys (disabled) Verwaltung logischer Datenträger: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Microsoft Kernel-DLS-Synthesizer: system32\drivers\DMusic.sys (manual start) DNS-Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart) Microsoft Kernel-DRM-Audioentschlüsselung: system32\drivers\drmkaud.sys (manual start) ElbyCDFL: System32\Drivers\ElbyCDFL.sys (manual start) ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (autostart) Fehlerberichterstattungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Ereignisprotokoll: %SystemRoot%\system32\services.exe (autostart) COM+-Ereignissystem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start) Fallback: System32\DRIVERS\HSF_FALL.sy |
|
|
||
03.11.2006, 00:25
Ehrenmitglied
Beiträge: 29434 |
#12
es scheint alles wieder o.k. zu sein, falls du die kbdfi132.dll noch findest, loesche die dll, es sieht /sah nach Startseitentrojaner aus.
«« Registry Search Tool http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip eventuelle Meldung vom Virenscanner --- > warnmeldung:bösartiges skript entdeckt --> ignorieren Doppelklick:regsrch.vbs reinkopieren: {5EFD170F-AA84-49D2-A87E-28D6B007AAC2} Press 'OK' warten, bis die Suche beendet ist. (Ergebnis bitte posten) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
05.11.2006, 21:07
...neu hier
Themenstarter Beiträge: 9 |
#13
Hallo Sabina, nochmals Danke für die ausdauernde Hilfe deinerseits
B.Müller REGEDIT4 ; RegSrch.vbs © Bill James ; Registry search results for string "{5EFD170F-AA84-49D2-A87E-28D6B007AAC2}" 05.11.2006 20:57:08 ; NOTE: This file will be deleted when you close WordPad. ; You must manually save this file to a new location if you want to refer to it again later. ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.) [HKEY_USERS\S-1-5-21-905303659-784950871-2387590086-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EFD170F-AA84-49D2-A87E-28D6B007AAC2}] [HKEY_USERS\S-1-5-21-905303659-784950871-2387590086-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EFD170F-AA84-49D2-A87E-28D6B007AAC2}\iexplore] |
|
|
||
05.11.2006, 21:52
Ehrenmitglied
Beiträge: 29434 |
#14
gehe in die registry
Start - Ausfuehren - regedit [HKEY_USERS\S-1-5-21-905303659-784950871-2387590086-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ {5EFD170F-AA84-49D2-A87E-28D6B007AAC2} - loeschen PC neustarten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.11.2006, 21:49
...neu hier
Themenstarter Beiträge: 9 |
||
|
||
Mein IE streikt mit obiger Meldung.
Habe bereits:
Logfile of HijackThis v1.99.1
Scan saved at 17:41:50, on 24.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\GEARSec.exe
D:\PROGRAMME\KERIO\Personal Firewall 4\kpf4ss.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
D:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
D:\PROGRAMME\KERIO\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\MsPMSPSv.exe
D:\PROGRAMME\KERIO\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\VideoCompressionCodec\isamonitor.exe
C:\Programme\VideoCompressionCodec\pmsngr.exe
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Programme\VideoCompressionCodec\isamini.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\VideoCompressionCodec\pmmon.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
D:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\Dit.exe
C:\Programme\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
D:\Programme\FRITZ!\IWatch.exe
D:\Programme\Nikon\PictureProject\NkbMonitor.exe
D:\Programme\WEBDE\SmartSurfer3.1\SmartSurfer.exe
F:\1 Setups - Updates\craagle.exe !!!!!!!!!!\higthjackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.4mbo.de
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PreispiratenSearchURL - {0B660087-931C-4056-A04F-0423890E40B6} - d:\Programme\Preispiraten\Preispiraten2\PPSearchURL.dll
O2 - BHO: (no name) - {5EFD170F-AA84-49D2-A87E-28D6B007AAC2} - C:\WINDOWS\system32\kbdfi132.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Programme\VideoCompressionCodec\isaddon.dll
O2 - BHO: metaspinner media GmbH - {84B94901-3645-4D80-A6B7-4D0050B19455} - d:\Programme\Preispiraten\Preispiraten2\IEButtonAmazonInterface.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - (no file)
O2 - BHO: metaspinner media GmbH - {D3AA56A9-8137-4950-A6F9-D0190A82AF2A} - d:\Programme\Preispiraten\Preispiraten2\IEButtonPPInterface.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ISDN SpeedManager] "C:\Programme\T-Online\ISDN SpeedManager\Tomcat.exe"
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [PINNACLEDRIVERCHECK] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "D:\PROGRAMME\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\kav.exe" /minimize
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [hp imaging helper] C:\WINDOWS\system32\hpusbscr.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "D:\PROGRAMME\ELABORATE BYTES\CLONECD\ELBYCHECK.EXE" /L ELBYCDFL
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [UVS10 Preload] d:\Programme\Ulead Systems\Ulead VideoStudio 10.0\uvPL.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [QuickTime Task] "D:\PROGRAMME\QUICKTIME\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SmartSurfer.lnk = D:\Programme\WEBDE\SmartSurfer3.1\SmartSurfer.exe
O4 - Global Startup: ISDNWatch.lnk = D:\Programme\FRITZ!\IWatch.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = D:\Programme\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - d:\\Programme\\Preispiraten\\Preispiraten2\\preispiraten.html
O8 - Extra context menu item: amazon Suche - d:\Programme\Preispiraten\Preispiraten2\Searchamazon.htm
O8 - Extra context menu item: amazon Suche starten - d:\Programme\Preispiraten\Preispiraten2\Searchamazon.htm
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: eBay - Mein eBay - d:\Programme\Preispiraten\Preispiraten2\SearchEbaymein.htm
O8 - Extra context menu item: eBay - Powersuche - d:\Programme\Preispiraten\Preispiraten2\SearchEbaypower.htm
O8 - Extra context menu item: eBay - Startseite - d:\Programme\Preispiraten\Preispiraten2\SearchEbay.htm
O8 - Extra context menu item: eBay Suche starten - d:\Programme\Preispiraten\Preispiraten2\SearchEbay.htm
O8 - Extra context menu item: Google Suche - d:\Programme\Preispiraten\Preispiraten2\SearchGoogle.htm
O8 - Extra context menu item: Google Suche starten - d:\Programme\Preispiraten\Preispiraten2\SearchGoogle.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Preispiraten 2.5 - {2638A03E-1669-43BE-8119-B47087629A7F} - d:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe
O9 - Extra button: (no name) - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - (no file)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.4mbo.de
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120061423441
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139682237151
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/de/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{7767466E-11F8-4311-95CA-8853A59F3C37}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CS1\Services\Tcpip\..\{F861D9CF-1C61-4A0F-A836-67C3385D48E1}: NameServer = 141.48.3.3
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Programme\iPod\bin\iPodService.exe (file missing)
O23 - Service: kavsvc - Kaspersky Lab - D:\PROGRAMME\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAVSVC.EXE
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - D:\PROGRAMME\KERIO\Personal Firewall 4\kpf4ss.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: V2i Protector - PowerQuest Corporation - D:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
durchgeführt und den "The Avenger" geladen, komme aber nicht weiter !
Bitte helft mir.
Sabrina ich habe versucht in der Registry die Begriffe zu löschen, die ich vom "Search und Destroy" gemeldet bekam, aber ohne Erfolg!
UNter "VIdeocompressionscodeec" finde ich pmmon.exe; isamonitor.eceisamini.exeisadon.dll; und pmsngr.exe !
Löschen blieb erfolglos.
Noch nen schöen Abend!