Home » Spyware & Browser Hijacker Support Forum » Starseite lässt sich nicht ändern http://runonce.msn.com/runonce2.aspx » Themenansicht
Starseite lässt sich nicht ändern http://runonce.msn.com/runonce2.aspx |
||
|---|---|---|
| #0
| ||
|
03.02.2007, 18:56
Member
Beiträge: 16 |
||
 
|
|
|
|
03.02.2007, 21:29
Ehrenmitglied
 Beiträge: 29434 |
#2
abdomi_22
poste dieses log http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
03.02.2007, 22:29
Member
Themenstarter Beiträge: 16 |
#3
"Mirko" - 07-02-03 22:27:15 Service Pack 2
ComboFix 07.02.03 - Running from: "C:\Dokumente und Einstellungen\Mirko\Desktop" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\1161029282.exe C:\WINDOWS\system32\1170162307.exe C:\WINDOWS\system32\SVKP.sys ((((((((((((((((((((((((((((((( Files Created from 2007-01-03 to 2007-02-03 )))))))))))))))))))))))))))))))))) 2007-01-30 23:46 <DIR> d--h-c--- C:\WINDOWS\ie7 2007-01-30 15:40 <DIR> dr-h----- C:\DOKUME~1\ADMINI~1\Anwendungsdaten 2007-01-30 15:40 <DIR> dr------- C:\DOKUME~1\ADMINI~1\Startmen 2007-01-30 15:40 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Vorlagen 2007-01-30 15:40 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Netzwerkumgebung 2007-01-30 15:40 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Lokale Einstellungen 2007-01-30 15:40 <DIR> d--h----- C:\DOKUME~1\ADMINI~1\Druckumgebung 2007-01-30 15:40 <DIR> d-------- C:\DOKUME~1\ADMINI~1\Favoriten 2007-01-17 13:52 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-01-17 13:51 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-01-17 12:54 86,016 -ra------ C:\WINDOWS\system32\CNMCP61.exe 2007-01-17 12:54 7,680 --a------ C:\WINDOWS\system32\CNMVS61.DLL 2007-01-17 12:54 116,736 --a------ C:\WINDOWS\system32\CNMLM61.DLL 2007-01-13 15:57 <DIR> d-------- C:\WINDOWS\ie7updates 2007-01-03 21:02 50,688 --------- C:\WINDOWS\system32\wbhelp2.dll 2007-01-03 21:01 344,064 --------- C:\WINDOWS\system32\msvcr70.dll 2007-01-03 21:01 <DIR> d-------- C:\Programme\T-Online 2007-01-03 21:01 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Marmiko Shared 2007-01-03 21:01 <DIR> d-------- C:\DOKUME~1\Mirko\Anwendungsdaten\T-Online 2007-01-03 21:01 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\Anwendungsdaten\T-Online 2007-01-03 20:22 57,856 --a------ C:\WINDOWS\system\TRUN32I.EXE 2007-01-03 20:22 57,328 --a------ C:\WINDOWS\system\OLE2CONV.DLL 2007-01-03 20:22 51,712 --a------ C:\WINDOWS\system\OLE2PROX.DLL 2007-01-03 20:22 302,592 --a------ C:\WINDOWS\system\OLE2.DLL 2007-01-03 20:22 27,632 --a------ C:\WINDOWS\system\CTL3DV2.DLL 2007-01-03 20:22 27,026 --a------ C:\WINDOWS\system\OLE2.REG 2007-01-03 20:22 219,648 --a------ C:\WINDOWS\system\BC450RTL.DLL 2007-01-03 20:22 177,216 --a------ C:\WINDOWS\system\TYPELIB.DLL 2007-01-03 20:22 164,832 --a------ C:\WINDOWS\system\OLE2DISP.DLL 2007-01-03 20:22 157,696 --a------ C:\WINDOWS\system\STORAGE.DLL 2007-01-03 20:22 150,976 --a------ C:\WINDOWS\system\OLE2NLS.DLL 2007-01-03 20:22 146,976 --a------ C:\WINDOWS\system\MFCOLEUI.DLL 2007-01-03 20:22 108,544 --a------ C:\WINDOWS\system\COMPOBJ.DLL 2007-01-03 20:21 328,704 --a------ C:\WINDOWS\IsUn0407.exe 2007-01-03 20:15 5,486 -ra------ C:\WINDOWS\system32\adinst32.dll 2007-01-03 20:15 46,892 --a------ C:\WINDOWS\system32\ADADIX16.DLL 2007-01-03 20:15 4,981 --a------ C:\WINDOWS\system32\ADADIX2K.DLL 2007-01-03 20:15 31,479 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2007-01-03 20:15 259,625 --a------ C:\WINDOWS\system32\drivers\adiusbae.sys 2007-01-03 20:15 139,264 --a------ C:\WINDOWS\system32\adadix32.dll 2007-01-03 20:15 135,168 --a------ C:\WINDOWS\system32\unaddrv.exe 2007-01-03 20:15 118,784 --a------ C:\WINDOWS\system32\StaticIP.exe 2007-01-03 20:15 <DIR> d-------- C:\Programme\Analog Devices (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-02-03 22:20 -------- d-------- C:\Programme\Gemeinsame Dateien\buhl data service 2007-02-02 13:06 -------- d-------- C:\Programme\antivir personaledition classic 2007-02-01 14:03 -------- d-------- C:\DOKUME~1\Mirko\Anwendungsdaten\adobeum 2007-01-30 14:33 -------- d-------- C:\Programme\windows live safety center 2007-01-28 21:48 -------- d-------- C:\Programme\winclamavshield 2007-01-21 19:57 -------- d-------- C:\DOKUME~1\Mirko\Anwendungsdaten\azureus 2007-01-03 21:01 -------- d--h----- C:\Programme\installshield installation information 2006-12-29 20:48 -------- d-------- C:\Programme\Gemeinsame Dateien\wise installation wizard 2006-12-19 12:00 -------- d-------- C:\Programme\yahoo! 2006-12-13 15:56 34304 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys 2006-12-13 15:56 14848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys 2006-12-10 17:46 -------- d-------- C:\DOKUME~1\Mirko\Anwendungsdaten\adobe 2006-12-10 11:33 -------- d-------- C:\DOKUME~1\Mirko\Anwendungsdaten\macromedia 2006-12-09 19:05 -------- d-------- C:\Programme\viewpoint 2006-12-09 19:04 -------- d-------- C:\Programme\Gemeinsame Dateien\adobe 2006-12-07 05:14 2330624 --a------ C:\WINDOWS\system32\wmvcore.dll 2006-12-05 16:09 -------- d-------- C:\Programme\oxxogames 2006-12-05 16:09 -------- d-------- C:\DOKUME~1\Mirko\Anwendungsdaten\alawar 2006-11-08 06:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll 2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll 2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll 2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll 2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll 2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll 2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll 2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll 2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll 2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll 2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll 2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe 2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll 2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll 2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll 2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "IntelZeroConfig"="\"C:\\Programme\\Intel\\Wireless\\bin\\ZCfgSvc.exe\"" "IntelWireless"="\"C:\\Programme\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless" "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe" "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe" "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe" "SigmatelSysTrayApp"="stsystra.exe" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 "ToADiMon.exe"="D:\\Programme\\T-Online\\T-Online_Software_6\\Basis-Software\\Basis1\\ToADiMon.exe -TOnlineAutodialStart" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Yahoo! Pager"="\"D:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Nero PhotoShow Media Manager"="D:\\PROGRA~1\\Nero\\NEROPH~1\\data\\xtras\\mssysmgr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Dell QuickSet"="C:\\Programme\\Dell\\QuickSet\\quickset.exe" "ICQ Lite"="\"D:\\Programme\\ICQLite\\ICQLite.exe\" -minimize" "SunJavaUpdateSched"="D:\\Programme\\Java\\j2re1.4.2_01\\bin\\jusched.exe" "DAEMON Tools-1033"="\"D:\\Programme\\D-Tools\\daemon.exe\" -lang 1033" "SpywareTerminator"="\"D:\\Programme\\Spyware Terminator\\SpywareTerminatorShield.exe\"" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Acrobat Assistant.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Acrobat Assistant.lnk" "backup"="C:\\WINDOWS\\pss\\Acrobat Assistant.lnkCommon Startup" "location"="Common Startup" "command"="D:\\PROGRA~1\\Adobe\\ADOBEA~1.0\\Distillr\\acrotray.exe " "item"="Acrobat Assistant" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Bluetooth Manager.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Bluetooth Manager.lnk" "backup"="C:\\WINDOWS\\pss\\Bluetooth Manager.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Toshiba\\BLUETO~1\\TosBtMng.exe " "item"="Bluetooth Manager" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="YahooMessenger" "hkey"="HKCU" "command"="\"D:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{955F7C01-3417-4F1E-8C31-5A2EF48897CB}"="NSIS Media Extension" "{C8B1987A-0212-4CFE-A01D-8E605E3AD76B}"="Effects ShellHook Module" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ClearRecentDocsOnExit"=dword:00000001 "NoRecentDocsHistory"=dword:00000001 "NoLowDiskSpaceChecks"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 bthsvcs REG_MULTI_SZ BthServ\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070203-185126-658 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab backup-20070203-185125-342 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 backup-20070203-184046-202 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 backup-20070203-184046-989 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 backup-20070203-184046-175 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 backup-20070203-184046-780 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 backup-20070128-214309-601 O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\Programme\Yahoo!\Messenger\YahooMessenger.exe backup-20070128-214309-575 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) backup-20070128-214210-715 O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] D:\PROGRA~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe backup-20061210-132702-291 O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll backup-20061210-132702-865 O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll backup-20061210-132702-145 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll backup-20061210-132702-677 O2 - BHO: (no name) - {06653429-4DF7-4719-B6CE-60CA6FBE2DD9} - C:\WINDOWS\system32\kbdru32.dll backup-20061122-212033-912 O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} - http://www.flatcast.com/de/download/NpFv415.dll backup-20060808-150109-777 O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless backup-20060711-123721-953 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Mirko oder Sandra befinden sich auf der Datenautobahn... backup-20051208-230247-510 O23 - Service: Boonty Games - Unknown owner - C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe (file missing) backup-20051022-193325-184 O23 - Service: Boonty Games - BOONTY - C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe backup-20051022-104110-414 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank backup-20051022-104110-405 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank backup-20051022-104110-404 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank backup-20051022-104110-194 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank backup-20051022-104110-589 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank backup-20050919-195621-481 O23 - Service: Boonty Games - BOONTY - C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe backup-20050919-195620-680 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093090117696 backup-20050919-195620-566 O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE backup-20050919-195620-540 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab backup-20050919-195620-392 O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab backup-20050919-195619-404 O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE backup-20050919-195619-956 O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file) backup-20050806-162611-377 O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) backup-20050806-162611-395 O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe backup-20050806-162544-947 O4 - HKCU\..\Run: [BeFaster] D:\Programme\BeFaster\befaster3.exe backup-20050806-162544-847 O4 - Startup: Eurobarre.lnk = C:\Programme\eurobarre\eb.exe backup-20050615-165159-550 O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) backup-20050615-165158-616 O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Programme\Yahoo!\Messenger\yhexbmesde.dll backup-20050615-165158-121 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k backup-20050615-165159-857 O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Programme\Yahoo!\Messenger\yhexbmesde.dll backup-20050522-112741-365 O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) backup-20050522-112609-803 O4 - Global Startup: BlueSoleil.lnk = ? backup-20050522-112609-309 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k backup-20050522-112609-995 O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) backup-20050509-103257-239 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k backup-20050505-225938-810 O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe backup-20050419-195348-412 O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) backup-20050419-195348-918 O4 - Startup: Eurobarre.lnk = C:\Programme\eurobarre\eb.exe backup-20050414-132357-971 O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML backup-20050414-131347-212 O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) backup-20050414-131331-554 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 backup-20050414-131250-611 O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) backup-20050414-131208-704 O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE backup-20050414-131208-581 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe backup-20050414-131208-525 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe backup-20050414-131207-808 O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE backup-20050414-131207-791 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL backup-20050414-131207-764 O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll backup-20050414-131207-603 O9 - Extra button: eBay Homepage - {D4951B60-8FF9-4813-B716-FF3E75386E74} - http://www.preispiraten.de/cgi-bin/e/tracker_short.pl?http://www.ebay.de (file missing) backup-20050414-131207-597 O9 - Extra button: Preispiraten 2.1.2 - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - D:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe backup-20050414-131207-595 O9 - Extra button: SchnapperPlus - {D6243B39-211B-440D-B4C5-26D2A579CAC8} - D:\Programme\SchnapperPlus\SchnapperPlus.exe (file missing) backup-20050414-131207-210 O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe backup-20050414-131207-157 O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe backup-20050414-131206-239 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll backup-20050414-131051-861 O8 - Extra context menu item: Easy-WebPrint Schnelldruck - res://D:\Programme\Easy-WebPrint\Resource.dll/RC_HSPrint.html backup-20050414-131051-551 O8 - Extra context menu item: Easy-WebPrint Drucken - res://D:\Programme\Easy-WebPrint\Resource.dll/RC_Print.html backup-20050414-131051-257 O8 - Extra context menu item: Easy-WebPrint Vorschau - res://D:\Programme\Easy-WebPrint\Resource.dll/RC_Preview.html backup-20050414-131051-893 O8 - Extra context menu item: Easy-WebPrint Zu Druckliste hinzufügen - res://D:\Programme\Easy-WebPrint\Resource.dll/RC_AddToList.html backup-20050414-131021-627 O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML backup-20050414-130854-855 O2 - BHO: (no name) - {0057EC8A-CCA4-4B96-BC9A-7DD2EA1FD17E} - (no file) Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\1-Klick-Wartung.job ******************************************************************** catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... ? [1180] ? [3580] scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 2 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-02-03 22:28:37 |
|
|
|
|
|
|
04.02.2007, 12:35
Ehrenmitglied
Beiträge: 29434 |
#4
abdomi_22
«« stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html «« Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html «« Avenger http://virus-protect.org/artikel/tools/avenger.html Input script manually (anhaken) kopiere in: View/edit script Zitat Registry values to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
04.02.2007, 20:39
Member
Themenstarter Beiträge: 16 |
#5
bei avenger kommt diese fehlermeldung wenn ich das reinkopiere
Fatal error: could not create new script file. Error code: 0 Error logged to errorlog.txt. Aborting now! Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: 3ED2-60F9 Verzeichnis von C:\WINDOWS\system32 04.02.2007 11:58 2.206 wpa.dbl 04.01.2007 19:13 261.432 FNTCACHE.DAT 03.01.2007 21:02 9.070 NULL 03.01.2007 00:19 10.980.776 MRT.exe 12.12.2006 10:45 1.474.864 LegitCheckControl.DLL 07.12.2006 05:14 2.330.624 wmvcore.dll 19.11.2006 16:09 1.409 tmpDB0FE.FOT 19.11.2006 16:09 1.409 tmp110FE.FOT 19.11.2006 16:09 1.409 tmp8EEEE.FOT 19.11.2006 16:09 1.409 tmp33DEE.FOT 19.11.2006 16:09 1.409 tmpD8BEE.FOT 17.11.2006 18:54 1.040.384 ieframe.dll.mui 17.11.2006 18:53 12.288 advpack.dll.mui 16.11.2006 14:09 15.584 spmsg.dll 08.11.2006 06:06 679.424 inetcomm.dll 07.11.2006 21:03 3.577.856 mshtml.dll 07.11.2006 21:03 818.688 wininet.dll 07.11.2006 21:03 231.424 webcheck.dll 07.11.2006 21:03 413.696 vbscript.dll 07.11.2006 21:03 6.049.280 ieframe.dll 07.11.2006 21:03 180.736 ieui.dll 07.11.2006 21:03 458.752 msfeeds.dll 07.11.2006 21:03 50.688 msfeedsbs.dll 07.11.2006 21:03 670.720 mstime.dll 07.11.2006 21:03 191.488 iepeers.dll 07.11.2006 21:03 27.136 jsproxy.dll 07.11.2006 21:03 131.584 extmgr.dll 07.11.2006 21:03 1.162.240 urlmon.dll 07.11.2006 21:03 156.160 msls31.dll 07.11.2006 21:03 475.648 mshtmled.dll 07.11.2006 03:27 382.976 iedkcs32.dll 07.11.2006 03:27 229.376 ieaksie.dll 07.11.2006 03:26 152.064 ieakeng.dll 07.11.2006 03:26 71.680 admparse.dll 07.11.2006 03:26 55.296 iesetup.dll 07.11.2006 03:26 13.312 ieudinit.exe 07.11.2006 03:26 54.784 ie4uinit.exe 07.11.2006 03:26 43.008 iernonce.dll 07.11.2006 03:26 92.672 inseng.dll 07.11.2006 03:26 123.904 advpack.dll 07.11.2006 03:25 161.792 ieakui.dll 07.11.2006 03:24 56.483 ieuinit.inf 04.11.2006 14:14 1.245.696 msxml4.dll 03.11.2006 20:18 176.167 rmoc3260.dll 03.11.2006 20:18 278.528 pncrt.dll 01.11.2006 21:23 1.409 tmp3B19F.FOT 01.11.2006 21:23 1.409 tmp7119F.FOT 01.11.2006 21:23 1.409 tmpD009F.FOT 01.11.2006 21:23 1.409 tmp77E8F.FOT 01.11.2006 21:23 1.409 tmpF1D8F.FOT 30.10.2006 23:19 98.304 CmdLineExt.dll 30.10.2006 19:14 1.409 tmp1B1A3.FOT 30.10.2006 19:14 1.409 tmp6F0A3.FOT 30.10.2006 19:14 1.409 tmpCDF93.FOT 30.10.2006 19:14 1.409 tmp80E93.FOT 30.10.2006 19:14 1.409 tmpEFC93.FOT 29.10.2006 10:55 380.684 perfh009.dat 29.10.2006 10:55 53.098 perfc009.dat 29.10.2006 10:55 63.930 perfc007.dat 29.10.2006 10:55 391.518 perfh007.dat 29.10.2006 10:55 897.848 PerfStringBackup.INI 24.10.2006 18:36 1.409 tmp20750.FOT 24.10.2006 18:36 1.409 tmpE0550.FOT 24.10.2006 18:36 1.409 tmp5E350.FOT 24.10.2006 18:36 1.409 tmp2B150.FOT 24.10.2006 18:36 1.409 tmpECF40.FOT 23.10.2006 09:01 32.768 BrwsPtnr.dll 20.10.2006 22:22 15.378 kbdru32.dll 20.10.2006 02:38 715.776 sxs.dll 17.10.2006 12:06 443.904 html.iec 17.10.2006 12:06 78.336 ieencode.dll 17.10.2006 12:05 206.336 WinFXDocObj.exe 17.10.2006 12:05 1.817.088 inetcpl.cpl 17.10.2006 12:05 105.984 url.dll 17.10.2006 12:05 40.960 licmgr10.dll 17.10.2006 12:05 192.000 msrating.dll 17.10.2006 12:04 101.376 occache.dll 17.10.2006 12:03 17.408 corpol.dll 17.10.2006 12:00 491.520 jscript.dll 17.10.2006 11:58 12.288 msfeedssync.exe 17.10.2006 11:58 61.952 icardie.dll 17.10.2006 11:58 44.544 pngfilt.dll 17.10.2006 11:58 346.624 dxtmsft.dll 17.10.2006 11:57 36.352 imgutil.dll 17.10.2006 11:57 214.528 dxtrans.dll 17.10.2006 11:57 266.752 iertutil.dll 17.10.2006 11:56 45.568 mshta.exe 17.10.2006 11:55 66.560 tdc.ocx 17.10.2006 11:28 48.128 mshtmler.dll 17.10.2006 11:27 380.928 ieapfltr.dll 17.10.2006 11:19 1.383.424 mshtml.tlb 16.10.2006 12:19 270.336 xpsp3res.dll 13.10.2006 13:35 64.000 nwapi32.dll 13.10.2006 13:35 65.536 nwwks.dll 13.10.2006 13:35 146.432 nwprovau.dll 02.10.2006 10:52 1.044.480 roboex32.dll 02.10.2006 10:52 49.152 inetwh32.dll Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: 3ED2-60F9 Verzeichnis von C:\DOKUME~1\Mirko\LOKALE~1\Temp 04.02.2007 20:26 16.384 Perflib_Perfdata_c18.dat 04.02.2007 11:58 16.384 ~DFB06.tmp 03.02.2007 19:20 16.384 ~DF41D2.tmp 3 Datei(en) 49.152 Bytes 0 Verzeichnis(se), 3.122.884.608 Bytes frei Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: 3ED2-60F9 Verzeichnis von C:\WINDOWS 04.02.2007 20:38 1.772 ariovkhl.txt 04.02.2007 20:35 1.716 cxeupngo.txt 04.02.2007 20:35 1.772 qalwdsdl.txt 04.02.2007 20:34 1.772 shhrbpdu.txt 04.02.2007 20:27 560 win.ini 04.02.2007 11:58 5.150 ModemLog_Standard 33600 bps Modem.txt 04.02.2007 11:58 4.564 ModemLog_Conexant HDA D110 MDC V.92 Modem.txt 04.02.2007 11:57 0 0.log 04.02.2007 11:57 1.554.532 WindowsUpdate.log 04.02.2007 11:57 159 wiadebug.log 04.02.2007 11:57 50 wiaservc.log 04.02.2007 11:56 2.048 bootstat.dat 04.02.2007 00:28 32.610 SchedLgU.Txt 03.02.2007 22:20 437 wiso.ini 03.02.2007 21:01 110 GMouse.ini 03.02.2007 19:43 809 IE4 Error Log.txt 03.02.2007 19:24 76.540 setupapi.log 01.02.2007 18:18 255 setupact.log 30.01.2007 23:54 19.528 KB929969.log 30.01.2007 23:50 7.428 spupdsvc.log 30.01.2007 23:48 16.088 ie7_main.log 30.01.2007 23:48 3.870 MedCtrOC.log 30.01.2007 23:48 3.042 ehOCGen.log 30.01.2007 23:48 6.242 comsetup.log 30.01.2007 23:48 59.932 iis6.log 30.01.2007 23:48 11.148 ntdtcsetup.log 30.01.2007 23:48 2.799 tabletoc.log 30.01.2007 23:48 25.389 tsoc.log 30.01.2007 23:48 1.374 imsins.log 30.01.2007 23:48 3.078 ocmsn.log 30.01.2007 23:48 58.134 ie7.log 30.01.2007 23:48 6.201 plusoc.log 30.01.2007 23:48 8.748 ocgen.log 30.01.2007 23:48 2.727 msgsocm.log 30.01.2007 23:48 9.747 netfxocm.log 30.01.2007 23:48 55.641 FaxSetup.log 30.01.2007 23:48 16.894 msmqinst.log 30.01.2007 23:47 51.355 updspapi.log 30.01.2007 23:46 10.618 IDNMitigationAPIs.log 30.01.2007 23:46 10.645 NLSDownlevelMapping.log 30.01.2007 23:45 5.603 KB915865.log 30.01.2007 23:37 1.374 imsins.BAK 30.01.2007 23:30 704 iereseticons.log 30.01.2007 23:28 30.573 ie7Uninst.log 30.01.2007 20:31 116 NeroDigital.ini 30.01.2007 15:39 211.036 ntbtlog.txt 30.01.2007 14:33 0 setuperr.log 30.01.2007 14:05 1.611 wmsetup.log 21.01.2007 19:57 237 wmsetup10.log 16.01.2007 09:10 97 WirelessFTP.INI 19.12.2006 22:26 60 wininit.ini 15.12.2006 03:02 12.467 KB925398.log 15.12.2006 03:02 11.644 KB926251.log 15.12.2006 03:01 13.890 KB923689.log 15.12.2006 03:01 12.300 KB926255.log 15.12.2006 03:01 12.116 KB923694.log 11.12.2006 12:15 241 BUHL.INI 10.12.2006 17:46 4.161 ODBCINST.INI 10.12.2006 12:00 227 system.ini 19.10.2006 17:52 316.640 WMSysPr9.prx Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: 3ED2-60F9 Verzeichnis von C:\WINDOWS\temp 04.02.2007 11:58 409 WGANotify.settings 04.02.2007 11:57 0 WGAErrLog.txt 2 Datei(en) 409 Bytes 0 Verzeichnis(se), 3.122.974.720 Bytes frei Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: 3ED2-60F9 Verzeichnis von C:\WINDOWS\Downloaded Program Files 15.01.2007 22:50 320 wlscBase.inf 15.01.2007 22:50 463.768 wlscBase.dll 11.12.2006 16:44 367 LegitCheckControl.inf 09.11.2006 14:36 5.019 swflash.inf Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: 3ED2-60F9 Verzeichnis von C:\ 04.02.2007 20:46 0 sys.txt 04.02.2007 20:46 813 down.txt 04.02.2007 20:45 327 tmp.txt 04.02.2007 20:45 5.701 system.txt 04.02.2007 20:44 395 systemtemp.txt 04.02.2007 20:44 104.047 system32.txt 04.02.2007 20:38 2.806 avexport.bat 04.02.2007 20:34 126.976 zip.exe 04.02.2007 20:34 1.080 lqnioebx.bat 04.02.2007 11:56 1.598.029.824 pagefile.sys 03.02.2007 22:28 22.499 ComboFix.txt 10.12.2006 12:00 209 boot.ini Dieser Beitrag wurde am 04.02.2007 um 20:51 Uhr von abdomi_22 editiert.
|
|
|
|
|
|
|
04.02.2007, 21:54
Ehrenmitglied
Beiträge: 29434 |
#6
du musst den avenger korrekt anwenden - also kein "Zitat" mit reinkopieren und auch das richtige anhaken
schau noch mal nach auf der avenger seite  __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
04.02.2007, 22:19
Member
Themenstarter Beiträge: 16 |
||
|
|
|
|
|
04.02.2007, 23:09
Ehrenmitglied
Beiträge: 29434 |
#8
poste dieses log
http://virus-protect.org/silentrunner.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
04.02.2007, 23:21
Member
Themenstarter Beiträge: 16 |
#9
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS] "ehTray" = "C:\WINDOWS\ehome\ehtray.exe" [MS] "IntelZeroConfig" = ""C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"" ["Intel Corporation"] "IntelWireless" = ""C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless" ["Intel Corporation"] "igfxtray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"] "igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"] "igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"] "SigmatelSysTrayApp" = "stsystra.exe" ["SigmaTel, Inc."] "avgnt" = ""C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"] "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" "ToADiMon.exe" = "D:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart" ["Deutsche Telekom AG, Marmiko IT-Solutions GmbH"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\audiodev.dll" [MS] "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS] "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "D:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data] "{B8323370-FF27-11D2-97B6-204C4F4F5020}" = "SmartFTP Shell Extension DLL" -> {HKLM...CLSID} = "SmartFTP Shell Extension DLL" \InProcServer32\(Default) = "D:\Programme\SmartFTP Client 2.0\smarthook.dll" ["SmartFTP"] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "D:\Programme\ICQLite\ICQLiteShell.dll" [empty string] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice Property Sheet Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\Programme\OpenOffice.org1.1.5\program\shlxthdl.dll" ["Sun Microsystems, Inc."] "{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universelle Plug & Play-Geräte" -> {HKLM...CLSID} = "Universelle Plug & Play-Geräte" \InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS] "{2F25CF20-C569-11D1-B94C-00608CB45480}" = "TextPad" -> {HKLM...CLSID} = "TextPad" \InProcServer32\(Default) = "D:\Programme\TextPad 4\System\shellext.dll" ["Helios Software Solutions"] "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension" -> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension" \InProcServer32\(Default) = ""D:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"] "{C8B1987A-0212-4CFE-A01D-8E605E3AD76B}" = "Effects ShellHook Module" -> {HKLM...CLSID} = "EffectsExt Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\netsti.dll" [empty string] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] HKLM\System\CurrentControlSet\Control\Session Manager\ <<!>> "BootExecute" = "autocheck autochk *"| [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"] HKLM\Software\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "D:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "D:\Programme\ICQLite\ICQLiteShell.dll" [empty string] Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"] TextPad\(Default) = "{2F25CF20-C569-11D1-B94C-00608CB45480}" -> {HKLM...CLSID} = "TextPad" \InProcServer32\(Default) = "D:\Programme\TextPad 4\System\shellext.dll" ["Helios Software Solutions"] TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" -> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension" \InProcServer32\(Default) = ""D:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "D:\Programme\ICQLite\ICQLiteShell.dll" [empty string] TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" -> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension" \InProcServer32\(Default) = ""D:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Programme\WinRAR\rarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "NoRecentDocsHistory" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} "InstallVisualStyle" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles {unrecognized setting} "InstallTheme" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale.theme {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Dokumente und Einstellungen\Mirko\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Enabled Scheduled Tasks: ------------------------ "1-Klick-Wartung" -> launches: "D:\Programme\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 26 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "D:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data] "{F2CF5485-4E02-4F68-819C-B92DE9277049}" -> {HKLM...CLSID} = "&Links" \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "D:\Programme\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data] HKLM\Software\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "D:\Programme\Canon\Easy-WebPrint\Toolband.dll" [null data] HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Recherchieren" {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "D:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."] Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ <<H>> "DesktopItemNavigationFailure" = "res://shdoclc.dll/navcancl.htm" [MS] <<H>> "TuneUp" = "file://C|/Dokumente und Einstellungen/All Users/Anwendungsdaten/TuneUp Software/Common/base.css" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir PersonalEdition Classic Guard, AntiVirService, "C:\Programme\AntiVir PersonalEdition Classic\avguard.exe" ["AVIRA GmbH"] AntiVir PersonalEdition Classic Planer, AntiVirScheduler, "C:\Programme\AntiVir PersonalEdition Classic\sched.exe" ["Avira GmbH"] Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]} Intel(R) PROSet/Wireless Event Log, EvtEng, "C:\Programme\Intel\Wireless\Bin\EvtEng.exe" ["Intel Corporation"] Intel(R) PROSet/Wireless Registry Service, RegSrvc, "C:\Programme\Intel\Wireless\Bin\RegSrvc.exe" ["Intel Corporation"] Intel(R) PROSet/Wireless Service, S24EventMonitor, "C:\Programme\Intel\Wireless\Bin\S24EvMon.exe" ["Intel Corporation "] Intel(R) PROSet/Wireless SSO Service, WLANKEEPER, "C:\Programme\Intel\Wireless\Bin\WLKeeper.exe" ["Intel(R) Corporation"] Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] Media Center Extender Service, McrdSvc, "C:\WINDOWS\ehome\mcrdsvc.exe" [MS] Media Center Receiver Service, ehRecvr, "C:\WINDOWS\eHome\ehRecvr.exe" [MS] Media Center-Planerdienst, ehSched, "C:\WINDOWS\eHome\ehSched.exe" [MS] NICCONFIGSVC, NICCONFIGSVC, "C:\Programme\Dell\QuickSet\NICCONFIGSVC.exe" ["Dell Inc."] T-Online WLAN Adapter Steuerungsdienst, MZCCntrl, "C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe" ["Deutsche Telekom AG, Marmiko IT-Solutions GmbH"] TuneUp WinStyler Theme Service, TUWinStylerThemeSvc, ""D:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe"" ["TuneUp Software GmbH"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."] Canon BJ Language Monitor PIXMA iP3000\Driver = "CNMLM61.DLL" ["CANON INC."] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] Toshiba Bluetooth Monitor\Driver = "tbtmon.dll" ["Toshiba America Business Solutions, Inc."] ---------- <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 41 seconds, including 5 seconds for message boxes) |
|
|
|
|
|
|
04.02.2007, 23:27
Ehrenmitglied
Beiträge: 29434 |
#10
Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) netsti.dll in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. in: "Enter search strings" (reinschreiben oder reinkopieren) {06653429-4DF7-4719-B6CE-60CA6FBE2DD9} in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. ________ «« http://www.f-secure.com/blacklight/ starte die Datei, nimm die Lizenzbestimmung an und waehle scan, wenn es mit dem Scan fertig ist, druecke next und danach close. Nun befindet sich im selben Ordner von Blacklight eine FSB*.TXT Datei- poste den text __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
05.02.2007, 18:24
Member
Themenstarter Beiträge: 16 |
#11
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.2.0 ; Results at 05.02.2007 18:09:59 for strings: ; 'netsti.dll' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8B1987A-0212-4CFE-A01D-8E605E3AD76B}\InprocServer32] @="C:\\WINDOWS\\system32\\netsti.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9B74C090-6B62-4545-9A32-6DACD1BAE472}\1.0\0\win32] @="C:\\WINDOWS\\system32\\netsti.dll" ; End Of The Log... Windows Registry Editor Version 5.00 Windows Registry Editor Version 5.00 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.2.0 ; Results at 05.02.2007 18:13:31 for strings: ; '{06653429-4df7-4719-b6ce-60ca6fbe2dd9}' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06653429-4DF7-4719-B6CE-60CA6FBE2DD9}] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06653429-4DF7-4719-B6CE-60CA6FBE2DD9}\iexplore] ; End Of The Log... 02/05/07 18:16:35 [Info]: BlackLight Engine 1.0.55 initialized 02/05/07 18:16:35 [Info]: OS: 5.1 build 2600 (Service Pack 2) 02/05/07 18:16:35 [Note]: 7019 4 02/05/07 18:16:35 [Note]: 7005 0 02/05/07 18:16:36 [Note]: 7006 0 02/05/07 18:16:36 [Note]: 7011 1636 02/05/07 18:16:36 [Note]: 7026 0 02/05/07 18:16:36 [Note]: 7026 0 02/05/07 18:16:45 [Note]: FSRAW library version 1.7.1021 02/05/07 18:21:13 [Note]: 7007 0 |
|
|
|
|
|
|
05.02.2007, 23:43
Ehrenmitglied
Beiträge: 29434 |
#12
1.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fix.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Die Datei "fix.reg" auf dem Desktop doppelklicken und der Registry mit "ja" oder "yes" beifügen Zitat REGEDIT42. Avenger Zitat Files to delete:3. im Normalmodus http://virus-protect.org/artikel/tools/sdfix.html RunThis.bat doppelt klicken reinschreiben: 1 1 : es wird a-squared geladen - 3. full scan (heuristic/riskware scanning enabled) poste hier den scanreport __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
06.02.2007, 18:31
Member
Themenstarter Beiträge: 16 |
#13
Scan settings:
Objects: Memory, Traces, Cookies, C: Scan archives: On Heuristics: On ADS Scan: On Scan start: 06.02.2007 18:11:38 C:\Dokumente und Einstellungen\Mirko\Cookies\mirko@2o7[2].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Mirko\Cookies\mirko@adserver.easyad[2].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Mirko\Cookies\mirko@adtech[2].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Mirko\Cookies\mirko@advertising[1].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Mirko\Cookies\mirko@as1.falkag[2].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Mirko\Cookies\mirko@bfast[1].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Mirko\Cookies\mirko@bs.serving-sys[1].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Mirko\Cookies\mirko@comdirect[2].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Mirko\Cookies\mirko@count.xhit[2].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Mirko\Cookies\mirko@counter.solarcharts[1].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Mirko\Cookies\mirko@doubleclick[2].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Mirko\Cookies\mirko@fastclick[2].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Mirko\Cookies\mirko@mediaplex[1].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Mirko\Cookies\mirko@serving-sys[1].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Mirko\Cookies\mirko@statse.webtrendslive[2].txt detected: Trace.TrackingCookie C:\Dokumente und Einstellungen\Mirko\Cookies\mirko@tradedoubler[2].txt detected: Trace.TrackingCookie C:\avenger\backup-04.02.2007-22.16.47,56.zip/kbdru32.dll detected: Adware.Win32.Stud.b achso habe neu gestartet und es war weg, meine startseite funzt wieder, ein ganz großes DANKE « hallo, jetzt ist ein neues problem aufgetaucht, es funktionieren keine hyperlinks mehr im outlook Dieser Beitrag wurde am 07.02.2007 um 19:24 Uhr von abdomi_22 editiert.
|
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
seit kurzem lässt sich meine startseite nicht mehr ändern, habe mit hijack schon gefixt aber es kommt dauernd wieder
handelt sich um die seite hier http://runonce.msn.com/runonce2.aspx
hier mal mein log :
Logfile of HijackThis v1.99.1
Scan saved at 18:55:50, on 03.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
C:\Programme\Dell\QuickSet\NICCONFIGSVC.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
D:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Analog Devices\Teledat 300 USB Treiber\DSLMON.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
D:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
D:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
D:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
D:\Programme\Opera 8\Opera.exe
C:\WINDOWS\explorer.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
E:\Mirko\Download\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Mirko oder Sandra befinden sich auf der Datenautobahn...
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Programme\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ToADiMon.exe] D:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Programme\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DSLMON.lnk = C:\Programme\Analog Devices\Teledat 300 USB Treiber\DSLMON.exe
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://D:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://D:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://D:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://D:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQLite\ICQLite.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2EF3FB47-7B1E-4536-BA4D-51427BD45DFA} (PIXACO Drag and Drop upload plugin) - http://www.pixaco.de/static/download/pixacodndupload.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5B273AB-58FD-439F-B13B-B41FFD4FC848}: NameServer = 217.237.149.205 217.237.150.188
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programme\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe