Bei Start von Windows wird zuerst altes Hintergrundbild angezeigt..???Thema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
28.12.2006, 11:51
Member
Beiträge: 131 |
||
|
||
28.12.2006, 13:01
Ehrenmitglied
Beiträge: 29434 |
#2
master_man
poste dieses log - (so kann man sehen, was eingestellt ist) http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
29.12.2006, 01:05
Member
Themenstarter Beiträge: 131 |
#3
Das ist jetzt das log vom combofix:
Manuel - 06-12-29 1:03:45,26 Service Pack 2 ComboFix 06.11.27 - Running from: "C:\Dokumente und Einstellungen\Manuel\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-11-29 to 2006-12-29 )))))))))))))))))))))))))))))))))) 2006-12-20 19:25 <DIR> d-------- C:\Games 2006-12-18 19:06 <DIR> d-------- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Messenger Plus! 2006-12-06 18:31 <DIR> d-------- C:\Programme\Lavalys 2006-12-06 18:09 <DIR> d--hs---- C:\FOUND.020 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-12-28 11:46 23524 --a------ C:\WINDOWS\system32\drivers\GVTDrv.sys 2006-11-22 10:52 520192 --------- C:\WINDOWS\system32\ati2sgag.exe 2006-11-22 04:25 2829824 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys 2006-11-22 04:25 261120 --a------ C:\WINDOWS\system32\ati2dvag.dll 2006-11-22 04:20 118784 --a------ C:\WINDOWS\system32\atipdlxx.dll 2006-11-22 04:20 106496 --a------ C:\WINDOWS\system32\Oemdspif.dll 2006-11-22 04:19 90112 --a------ C:\WINDOWS\system32\ati2evxx.dll 2006-11-22 04:19 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll 2006-11-22 04:19 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe 2006-11-22 04:18 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL 2006-11-22 04:18 430080 --a------ C:\WINDOWS\system32\ati2evxx.exe 2006-11-22 04:12 2526688 --a------ C:\WINDOWS\system32\ati3duag.dll 2006-11-22 04:11 5279744 --a------ C:\WINDOWS\system32\atioglxx.dll 2006-11-22 04:08 1090016 --a------ C:\WINDOWS\system32\ativvaxx.dll 2006-11-22 03:57 217088 --a------ C:\WINDOWS\system32\atikvmag.dll 2006-11-22 03:56 17408 --a------ C:\WINDOWS\system32\atitvo32.dll 2006-11-22 03:51 294912 --a------ C:\WINDOWS\system32\ati2cqag.dll 2006-11-22 03:50 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll 2006-11-22 03:49 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll 2006-11-22 03:21 303104 --a------ C:\WINDOWS\system32\ATIDEMGR.dll 2006-11-13 17:49 -------- d-------- C:\Programme\Azureus 2006-11-13 17:49 -------- d-------- C:\Dokumente und Einstellungen\Manuel\Anwendungsdaten\Azureus 2006-11-13 17:38 -------- d-------- C:\Programme\D-Link 2006-11-13 17:38 -------- d-------- C:\Programme\ANI 2006-11-11 15:50 -------- d-------- C:\Dokumente und Einstellungen\Manuel\Anwendungsdaten\BitTorrent 2006-11-05 18:52 -------- d-------- C:\Programme\Messenger Plus! Live 2006-11-05 18:42 -------- d-------- C:\Programme\Windows Live Toolbar 2006-09-30 14:41 16 --a------ C:\WINDOWS\Windckl9.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" "SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe" "updateMgr"="C:\\Programme\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_0" "SUPERAntiSpyware"="C:\\Programme\\SUPERAntiSpyware\\SUPERAntiSpyware.exe" "BitTorrent"="\"C:\\Programme\\BitTorrent\\bittorrent.exe\" --force_start_minimized" "RocketDock"="\"C:\\Programme\\RocketDock\\RocketDock.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SoundMAXPnP"="C:\\Programme\\Analog Devices\\SoundMAX\\SMax4PNP.exe" "SoundMAX"="\"C:\\Programme\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray" "RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe" "type32"="\"C:\\Programme\\Microsoft IntelliType Pro\\type32.exe\"" "ccApp"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\"" "URLLSTCK.exe"="C:\\Programme\\Norton Internet Security\\UrlLstCk.exe" "Zone Labs Client"="C:\\Programme\\Zone Labs\\ZoneAlarm\\zlclient.exe" "VTTimer"="VTTimer.exe" "VTTrayp"="VTtrayp.exe" "WinampAgent"="C:\\Programme\\Winamp\\winampa.exe" "SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" "iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\"" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "RaidTool"="C:\\Programme\\VIA\\RAID\\raid_tool.exe" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "HydraVisionDesktopManager"="C:\\Programme\\ATI Technologies\\ATI HydraVision\\HydraDM.exe" "HydraVisionViewport"="C:\\Programme\\ATI Technologies\\ATI HydraVision\\HydraMD.exe" "VGAUtil"="C:\\Programme\\GigaByte\\VGA Utility Manager\\G-VGA.exe" "D-Link AirPlus G"="C:\\Programme\\D-Link\\AirPlus G\\AirGCFG.exe" "ANIWZCS2Service"="C:\\Programme\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe" "ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\CLIStart.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000004 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SASWinLogon [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Norton AntiVirus - Meinen Computer prfen - Manuel.job C:\WINDOWS\tasks\Symantec NetDetect.job C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job Completion time: 06-12-29 1:04:22.14 C:\ComboFix.txt ... 06-12-29 01:04 mfg master_man |
|
|
||
29.12.2006, 16:16
Ehrenmitglied
Beiträge: 29434 |
#4
1.
virustotal Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen http://www.virustotal.com/flash/index_en.html C:\WINDOWS\Windckl9.dll poste hier den report 2. poste dieses log http://virus-protect.org/silentrunner.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
29.12.2006, 17:24
Member
Themenstarter Beiträge: 131 |
#5
das ist der report:
Complete scanning result of "Windckl9.dll", received in VirusTotal at 12.29.2006, 17:11:30 (CET). Antivirus Version Update Result AntiVir 7.3.0.21 12.29.2006 no virus found Authentium 4.93.8 12.29.2006 no virus found Avast 4.7.892.0 12.21.2006 no virus found AVG 386 12.29.2006 no virus found BitDefender 7.2 12.29.2006 no virus found CAT-QuickHeal 8.00 12.29.2006 no virus found ClamAV devel-20060426 12.29.2006 no virus found DrWeb 4.33 12.29.2006 no virus found eSafe 7.0.14.0 12.28.2006 no virus found eTrust-InoculateIT 23.73.101 12.29.2006 no virus found eTrust-Vet 30.3.3289 12.29.2006 no virus found Ewido 4.0 12.29.2006 no virus found Fortinet 2.82.0.0 12.29.2006 no virus found F-Prot 3.16f 12.29.2006 no virus found F-Prot4 4.2.1.29 12.29.2006 no virus found Ikarus T3.1.0.27 12.29.2006 no virus found Kaspersky 4.0.2.24 12.29.2006 no virus found McAfee 4928 12.28.2006 no virus found Microsoft 1.1904 12.27.2006 no virus found NOD32v2 1946 12.29.2006 no virus found Norman 5.80.02 12.29.2006 no virus found Panda 9.0.0.4 12.28.2006 no virus found Prevx1 V2 12.29.2006 no virus found Sophos 4.13.0 12.28.2006 no virus found Sunbelt 2.2.907.0 12.18.2006 no virus found TheHacker 6.0.3.139 12.29.2006 no virus found UNA 1.83 12.28.2006 no virus found VBA32 3.11.1 12.28.2006 no virus found VirusBuster 4.3.19:9 12.29.2006 no virus found Aditional Information File size: 16 bytes MD5: b45b54d5c640f12eb23ed46b13c743e7 SHA1: 5b454edfe5cb65a91effd846942caac90629fa59 mfg master_man |
|
|
||
29.12.2006, 17:30
Member
Themenstarter Beiträge: 131 |
#6
das log vom silentrunner:
"Silent Runners.vbs", revision 47, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS] "SpybotSD TeaTimer" = "C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"] "updateMgr" = "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0" ["Adobe Systems Incorporated"] "SUPERAntiSpyware" = "C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" ["SUPERAntiSpyware.com"] "BitTorrent" = ""C:\Programme\BitTorrent\bittorrent.exe" --force_start_minimized" [file not found] "RocketDock" = ""C:\Programme\RocketDock\RocketDock.exe"" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "SoundMAXPnP" = "C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe" ["Analog Devices, Inc."] "SoundMAX" = ""C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray" ["Analog Devices, Inc."] "RemoteControl" = "C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" ["Cyberlink Corp."] "type32" = ""C:\Programme\Microsoft IntelliType Pro\type32.exe"" [MS] "Zone Labs Client" = "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"] "VTTimer" = "VTTimer.exe" ["S3 Graphics, Inc."] "VTTrayp" = "VTtrayp.exe" ["S3 Graphics Co., Ltd."] "WinampAgent" = "C:\Programme\Winamp\winampa.exe" [null data] "SunJavaUpdateSched" = ""C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"" ["Sun Microsystems, Inc."] "iTunesHelper" = ""C:\Programme\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."] "QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "RaidTool" = "C:\Programme\VIA\RAID\raid_tool.exe" ["VIA Technologies"] "avgnt" = ""C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"] "ATIPTA" = "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "HydraVisionDesktopManager" = "C:\Programme\ATI Technologies\ATI HydraVision\HydraDM.exe" ["ATI Technologies Inc."] "HydraVisionViewport" = "C:\Programme\ATI Technologies\ATI HydraVision\HydraMD.exe" ["ATI Technologies Inc."] "VGAUtil" = "C:\Programme\GigaByte\VGA Utility Manager\G-VGA.exe" [empty string] "D-Link AirPlus G" = "C:\Programme\D-Link\AirPlus G\AirGCFG.exe" ["D-Link"] "ANIWZCS2Service" = "C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe" ["Alpha Networks Inc."] "ATICCC" = ""C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Sign-in Helper" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Toolbar Helper" \InProcServer32\(Default) = "C:\Programme\Windows Live Toolbar\msntb.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MI1933~1\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung" \InProcServer32\(Default) = "C:\PROGRA~1\MI1933~1\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS] "{97FA8AA2-EE77-4FF2-9449-424D8924EF21}" = "IntelliType Pro Zooming Control Panel Property Page" -> {HKLM...CLSID} = "IntelliType Pro Zooming Property Page" \InProcServer32\(Default) = ""C:\Programme\Microsoft IntelliType Pro\itcplzm.dll"" [MS] "{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}" = "IntelliType Pro Scrolling Control Panel Property Page" -> {HKLM...CLSID} = "IntelliType Pro Scrolling Property Page" \InProcServer32\(Default) = ""C:\Programme\Microsoft IntelliType Pro\itcplwhl.dll"" [MS] "{A2569D1F-4E06-43EC-9825-0088B471BE47}" = "IntelliType Pro Wireless Control Panel Property Page" -> {HKLM...CLSID} = "IntelliType Pro Wireless Control Panel Property Page" \InProcServer32\(Default) = ""C:\Programme\Microsoft IntelliType Pro\itcplwir.dll"" [MS] "{20082881-FC36-4E47-9A7A-644C95FF749F}" = "IntelliPoint Wireless Control Panel Property Page" -> {HKLM...CLSID} = "Schnurlose Eigenschaften" \InProcServer32\(Default) = ""C:\Programme\Microsoft IntelliPoint\ipcplwir.dll"" [MS] "{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" = "IntelliPoint Wheel Control Panel Property Page" -> {HKLM...CLSID} = "Scrollrad-Eigenschaftenseite" \InProcServer32\(Default) = ""C:\Programme\Microsoft IntelliPoint\ipcplwhl.dll"" [MS] "{653DCCC2-13DB-45B2-A389-427885776CFE}" = "IntelliPoint Activities Control Panel Property Page" -> {HKLM...CLSID} = "Aktivitäten-Eigenschaftenseite" \InProcServer32\(Default) = ""C:\Programme\Microsoft IntelliPoint\ipcplact.dll"" [MS] "{124597D8-850A-41AE-849C-017A4FA99CA2}" = "IntelliPoint Buttons Control Panel Property Page" -> {HKLM...CLSID} = "Tasten-Eigenschaftenseite" \InProcServer32\(Default) = ""C:\Programme\Microsoft IntelliPoint\ipcplbtn.dll"" [MS] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Programme\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"] "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References" -> {HKLM...CLSID} = "ShellLink for Application References" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References" -> {HKLM...CLSID} = "Shell Icon Handler for Application References" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Meine freigegebenen Ordner" \InProcServer32\(Default) = "C:\Programme\MSN Messenger\fsshext.8.0.0812.00.dll" [MS] "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension" -> {HKLM...CLSID} = "SimpleShlExt Class" \InProcServer32\(Default) = "C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided) -> {HKLM...CLSID} = "SABShellExecuteHook Class" \InProcServer32\(Default) = "C:\Programme\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] INFECTION WARNING! SASWinLogon\DLLName = "C:\Programme\SUPERAntiSpyware\SASWINLO.dll" ["SUPERAntiSpyware.com"] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Dokumente und Einstellungen\Manuel\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\sstext3d.scr" [MS] Startup items in "Manuel" & "All Users" startup folders: -------------------------------------------------------- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart "WinZip Quick Pick" -> shortcut to: "C:\Programme\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc."] "Adobe Reader Speed Launch" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] Enabled Scheduled Tasks: ------------------------ "Check Updates for Windows Live Toolbar" -> launches: "C:\Programme\Windows Live Toolbar\MSNTBUP.EXE" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" -> {HKLM...CLSID} = "Windows Live Toolbar" \InProcServer32\(Default) = "C:\Programme\Windows Live Toolbar\msntb.dll" [MS] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = (no title provided) -> {HKLM...CLSID} = "Windows Live Toolbar" \InProcServer32\(Default) = "C:\Programme\Windows Live Toolbar\msntb.dll" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}" -> {HKLM...CLSID} = "Java Plug-in 1.5.0_10" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_10\bin\npjpi150_10.dll" ["Sun Microsystems, Inc."] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir PersonalEdition Classic Guard, AntiVirService, "C:\Programme\AntiVir PersonalEdition Classic\avguard.exe" ["AVIRA GmbH"] AntiVir PersonalEdition Classic Planer, AntiVirScheduler, "C:\Programme\AntiVir PersonalEdition Classic\sched.exe" ["Avira GmbH"] Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] iPodService, iPodService, "C:\Programme\iPod\bin\iPodService.exe" ["Apple Computer, Inc."] SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Programme\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."] TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZONELABS\vsmon.exe -service" ["Zone Labs, LLC"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 33 seconds, including 8 seconds for message boxes) mfg master_man |
|
|
||
30.12.2006, 00:04
Ehrenmitglied
Beiträge: 29434 |
#7
abgesehen von dieser dll, die ich nicht zuordnen kann, aber nicht als Virus erkannt wird... das Wallpaper ist an seinem platz....
Zitat HKCU\Control Panel\Desktop\Frage: was ist das ? C:\Programme\RocketDock __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.12.2006, 01:05
Moderator
Beiträge: 2312 |
#8
kann es sein, daß du einmal ein Hintergrundbild ausgewählt hast und zusätzlich den Active Desktop nutzt?
Das könnte auch so ein Verhalten erklären. - Desktophintergrund - Active Desktop Hintergrund. Das könnte vom Namen her gut auch vom Rocket Dock herkommen... __________ Woher soll ich wissen was ich denke, bevor ich höre was ich sage?? Sag NEIN zu HD+/CI+ - boykottiert die Etablierung von HD+/CI+! |
|
|
||
30.12.2006, 13:07
Member
Themenstarter Beiträge: 131 |
#9
rocket dock ist nur sowas ähnliches wie eine taskleiste wie man sie vom mac kennt...
hab ich mir aus spaß runtergeladen... ja ich habe active desktop.... ich kann da zwischen 9 verschiedenen desktops wählen... bei mir ist das erste als primäres desktop eingestellt... aber weis irgendwer wie ich das wieder wegbekomme??? mfg master_man |
|
|
||
30.12.2006, 13:37
Ehrenmitglied
Beiträge: 29434 |
#10
wenn du mit smitfraudfix scannst - option 2 (kann im normalmodus sein) - wird dein hintergrund wieder MS-blau
http://virus-protect.org/artikel/tools/smitfrautfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
30.12.2006, 13:40
Member
Themenstarter Beiträge: 131 |
||
|
||
30.12.2006, 15:38
Member
Themenstarter Beiträge: 131 |
#12
habe bei smitfraudfix option 2 ausgewählt...
hier der report vom scan: SmitFraudFix v2.83 Scan done at 15:35:50,71, 30.12.2006 Run from C:\Dokumente und Einstellungen\Manuel\Desktop\Programme\Erkennungsprogramme\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End mfg master_man |
|
|
||
30.12.2006, 16:48
Ehrenmitglied
Beiträge: 29434 |
||
|
||
30.12.2006, 17:37
Member
Themenstarter Beiträge: 131 |
#14
ich habe schon wieder einen neuen hintergrund eingestellt...
war das nicht richtig??? ist jetzt irgendwas??? was nicht gut für meinen pc ist???? mfg master_man |
|
|
||
30.12.2006, 17:50
Ehrenmitglied
Beiträge: 29434 |
#15
stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
ich hätte da mal eine frage:
immer wenn ich meinen pc abschalte oder aufstarte steht da benutrzereinstellungen werden geladen und so und dann wird mein desktop angezeigt mit meinem alten hintergrundbild, und erst nach einpaar sekunden wird mein aktuelles hintergrundbild angezeigt...
hat das was mit einem virus zu tun???
mfg master_man