entfernen von bootini.exe. posten von hijackthis.log

#1 hallo!

habe nach dem manuellen löschen der bootini.exe-einträge aus der REG noch immer das problem, dass ich z.t. nach weniogen sekunden aus dem netz geworfen werde und mich nicht mehr einloggen kann. bräuchte eine anleitung, was ich aus der REG noch löschen muss, um ruhe zu haben.
hijackthis.log:
Logfile of HijackThis v1.99.1
Scan saved at 21:25:31, on 04.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\TBridge\Flatbed.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Winamp\WINAMP5\winamp.exe
C:\Programme\HiJackThis-W32-FMN-Killer\HijackThis.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\ati2sgag.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.updatesearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netcologne.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.netcologne.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netcologne.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.updatesearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.updatesearches.com/search.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.updatesearches.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von NetCologne
R3 - URLSearchHook: (no name) - {9244909D-6F9B-206D-A2C6-415FE9897329} - bhoserv.dll (file missing)
F3 - REG:win.ini: load=C:\TBridge\Flatbed.exe
O1 - Hosts: localhost 127.0.0.1
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KAVPersonal50] C:\Programme\Kaspersky\kav.exe /minimize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: C2CMonitor.lnk.disabled
O4 - Global Startup: Microsoft-Indexerstellung.lnk.disabled
O4 - Global Startup: Office-Start.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1FD66DD-DEE8-4C95-9957-D787F644743F}: NameServer = 85.255.115.94,85.255.112.24
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9451F03-1DBF-4DE7-B5D2-F2CE3F2127D0}: NameServer = 85.255.115.94,85.255.112.24
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC5E1E9F-DDA0-45AE-BB8C-23033A294DD5}: NameServer = 85.255.115.94,85.255.112.24
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\dxocx.dll (file missing)
O21 - SSODL: WebCheck - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Microsoft sdk core (sdk) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: Vista ReadyService (VistaRS) - Unknown owner - C:\WINDOWS\system32\readysrv.exe (file missing)
O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - C:\WINDOWS\System32\wgareg.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe

wäre super, wenn mir jemand helfen könnte...!!!

danke und beste grüße
stanleyQ (TOBI)

#2 stanleyQ

1.
scanne + poste den scanreport
http://virus-protect.org/artikel/tools/fixwareout.html

2.
SDFix.zip entpacken
http://virus-protect.org/artikel/tools/sdfix.html
es erscheint folgende Meldung:

"The SDFix Folder has been extracted to %systemdrive% - Please run from that location.
(%systemdrive% = drive that contains the Windows directory - typically C:\SDFix )"

unter C:\ findet man nun den SDFix-Ordner

----------------------------------------------------------------------------------------------

öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked -PC neustarten

Zitat

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.updatesearches.com/search.php?qq=%1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.updatesearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.updatesearches.com/search.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.updatesearches.com/

R3 - URLSearchHook: (no name) - {9244909D-6F9B-206D-A2C6-415FE9897329} - bhoserv.dll (file missing)

O1 - Hosts: localhost 127.0.0.1
O1 - Hosts: localhost 127.0.0.1

O2 - BHO: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O17 - HKLM\System\CCS\Services\Tcpip\..\{A1FD66DD-DEE8-4C95-9957-D787F644743F}: NameServer = 85.255.115.94,85.255.112.24
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9451F03-1DBF-4DE7-B5D2-F2CE3F2127D0}: NameServer = 85.255.115.94,85.255.112.24
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC5E1E9F-DDA0-45AE-BB8C-23033A294DD5}: NameServer = 85.255.115.94,85.255.112.24

O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\dxocx.dll (file missing)

O21 - SSODL: WebCheck - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file)

O23 - Service: Microsoft sdk core (sdk) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)

O23 - Service: Vista ReadyService (VistaRS) - Unknown owner - C:\WINDOWS\system32\readysrv.exe (file missing)

O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - C:\WINDOWS\System32\wgareg.exe (file missing)

boote in den abgesicherten Modus (die Taste F8 drücken, während der Rechner neustartet)

gehe in den Ordner C:\SDFix

RunThis.bat doppelt klicken

schreibe: Y

folge allen Anweisungen, während gescannt wird - dann wird der Rechner neustarten
kopiere mit der rechten Maustaste den Text ab, der erscheint - und in den Beitrag,

---------------------


bootini - ist eine komplette Reinigung aufgefuehrt (habe ich mal gemacht... ), allerdings ist die verseuchung in jedem Fall verschieden
http://virus-protect.org/artikel/spyware/bootini.html
__________
MfG Sabina

rund um die PC-Sicherheit

#3 hi!
also, habe brav gescannt. das ist bei fixwareout rausgekommen:
Fixwareout
Last edited 1/30/2007
Post this report in the forums please
...
Prerun check
»»»»» HKLM run and Winlogon System values

Saving 'hklm\software\microsoft\windows\currentversion\run' to 'run1.hiv' was not successful


Saving 'hklm\software\microsoft\windows nt\currentversion\winlogon' to 'run2.hiv' was not successful


»»»»» System restarted


uns SDFix hat reported:

SDFix: Version 1.63

05.02.2007 - 21:37:32,90

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
Microsoft Agent
Microsoft Security Login Service
Microsoft update Service
Microsoft windows FTPd
MSDisk
MSWindows
sdk
VistaRS
wgareg

Path:
"C:\WINDOWS\System32\dllcache\msagent.exe"
"C:\WINDOWS\System32\dllcache\mssecure32.exe"
"C:\WINDOWS\System32\dllcache\msiupdate32.exe"
"C:\WINDOWS\lsass.exe"
"C:\WINDOWS\system32\readysrv.exe"
C:\WINDOWS\System32\wgareg.exe

Microsoft Agent Deleted
Microsoft Security Login Service Deleted
Microsoft update Service Deleted
Microsoft windows FTPd Deleted
MSDisk Deleted
MSWindows Deleted
sdk Deleted
VistaRS Deleted
wgareg Deleted

Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...


so, woher weiss ich jetzt, ob es das war (ausser wenn es wieder passiert)??
irgendwelche vorsichtsmassnahmen, ausser von einem eingeschränkten account online zu gehen??

danke und grüße
stanleyQ (TOBI)

#4 stanleyQ

das geht ja bunt zu auf deinem Rechner - voellig verseucht

««
im Normalmodus
http://virus-protect.org/artikel/tools/sdfix.html
RunThis.bat doppelt klicken
reinschreiben: 3
3 : wird Sophos geladen - waehle 6 - scanne und poste den report

««
stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

««
Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html

««
ServiceFilter.zip
http://virus-protect.org/artikel/tools/ServiceFilter.zip

- entzippen
- doppelklick auf die datei ServiceFilter.vbs
- versions-nummer bestätigen
- scannen
- öffnen von wordpad oder editor erlauben
- POST_THIS.TXT abkopieren
__________
MfG Sabina

rund um die PC-Sicherheit

#5 hi!
äääh,...ok!?!

hoffe, alles richtig gemacht zu haben:

Sophos Report:

Sophos Anti-Virus
Version 4.14.0 [Win32/Intel]
Virus data version 4.14, February 2007
Includes detection for 216095 viruses, trojans and worms
Copyright (c) 1989-2007 Sophos Plc, www.sophos.com

System time 15:29:42, System date 06 February 2007
Command line qualifiers are: -f -remove -nc -nb --stop-scan


Full Scanning

Password protected file C:\Programme\Adobe\Acrobat 6.0\Reader\Messages\DEU\RdrMsgDEU.pdf
Password protected file C:\Programme\Adobe\Acrobat 6.0\Reader\Messages\ENU\RdrMsgENU.pdf
>>> Virus 'Troj/Barin-A' found in file C:\Programme\webLCR\wbopen.exe
Removal successful
>>> Virus 'Troj/Clicker-AH' found in file C:\WINDOWS\system32\pppcgm.exe
Removal successful
>>> Virus 'Troj/Spyage-A' found in file C:\WINDOWS\system32\sphlp32.exe
Removal successful
Could not open D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\rvlsxrej.exe
Could not open D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\jnlhjljs.exe
Could not open D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\klqbetbr.exe
Could not open D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\khkjbsjq.exe
Could not open D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\qwwcnksj.exe
Could not open D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\bszszvtw.exe
Could not open D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\behntlrz.exe
Could not open D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\jblsbnex.exe
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\hqnrtbnq.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\xcvlkxzc.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\tbtllxnh.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\xslrnqtv.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\rcrxbsee.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\kwzqbejk.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\klnslswt.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\nsenkncs.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\jkvjbbcs.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\rsxnstjv.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\nwwrhbcs.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\tjsvqeje.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\snrqscbz.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\sjznbksq.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\lltklnrh.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\kvjkbknl.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\sreqtheb.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\errnlrlr.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\deutsch\ehzshjst.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\deutsch\rrrbhlln.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\deutsch\tzjbrbxx.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\deutsch\ejrrrjlc.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\deutsch\tcjjsrhr.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\deutsch\wkhjresv.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\deutsch\eehekkvk.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\deutsch\bjlhllhk.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\deutsch\brhzsrcl.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\deutsch\jtbvlrzb.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\deutsch\vzwneeeb.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\deutsch\zxxnkbrs.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\deutsch\tllnrbeb.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\deutsch\betsskhn.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\deutsch\tvbxjnsw.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\deutsch\qbhjvesx.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\english\xbvksxzt.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\english\xclkehke.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\english\sleshhlz.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\english\knvsrvjc.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\english\ncbhvvth.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\english\sjqrbekb.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\english\nqnrxbsn.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\english\nnzqjcbx.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\english\zekrescn.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\english\excetbes.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\english\slkenhlq.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\english\zrjbttkr.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\english\bewjtssc.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\english\jejntzsr.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\english\jjnqwsjw.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\Programme\Winace\html\english\bxktjxet.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\----alle Dateien-----\Alles vom TOBI !!\Bewerbungs-Kram\meinestadt-de\ausbildung_vnr-de-03151_dateien\zjtrnzlt.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\----alle Dateien-----\Alles vom TOBI !!\Bewerbungs-Kram\meinestadt-de\cbetkrhl.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\----alle Dateien-----\Alles vom TOBI !!\UNI\SS04 Flegel - Pieper\Internetseiten\kzxqxwts.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\----alle Dateien-----\Alles vom TOBI !!\UNI\SS04 Flegel - Pieper\Internetseiten\xccclnqn.exe
Removal successful
>>> Virus 'Mal/Allaple-A' found in file D:\----alle Dateien-----\Alles vom TOBI !!\UNI\SS04 Flegel - Pieper\Internetseiten\cecnvkec.exe
Removal successful

2 boot sectors swept.
28178 files swept in 31 minutes and 47 seconds.
10 errors were encountered.
58 viruses were discovered.
58 files out of 28178 were infected.
Please send infected samples to Sophos for analysis.
For advice consult www.sophos.com, email support@sophos.com
or telephone +44 1235 559933
2 encrypted files were not checked.
Ending Sophos Anti-Virus.


DATfind:

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: F0D3-4FAB

Verzeichnis von C:\WINDOWS\system32

28.01.2007 23:11 185.952 rmoc3260.dll
28.01.2007 23:11 6.656 pndx5016.dll
28.01.2007 23:11 5.632 pndx5032.dll
28.01.2007 23:11 278.528 pncrt.dll
27.01.2007 12:57 2.206 wpa.dbl
13.01.2007 19:29 1.606 PerfStringBackup.TMP
13.01.2007 19:27 255 spupdwxp.log
13.01.2007 19:25 110.192 FNTCACHE.DAT
09.01.2007 12:08 0 present1.txt
09.01.2007 12:08 0 present.txt
05.11.2006 01:14 4.179 FFASTLOG.TXT

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: F0D3-4FAB

Verzeichnis von C:\DOKUME~1\Tobi\LOKALE~1\Temp

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: F0D3-4FAB

Verzeichnis von C:\WINDOWS

06.02.2007 16:18 15.852 WindowsUpdate.log
06.02.2007 16:18 0 0.log
06.02.2007 16:16 2.048 bootstat.dat
06.02.2007 16:15 32.616 SchedLgU.Txt
06.02.2007 16:15 192 winamp.ini
05.02.2007 21:37 8.709.658 ntbtlog.txt
05.02.2007 20:25 506 wiadebug.log
05.02.2007 19:19 50 wiaservc.log
04.02.2007 21:42 5.820 xpsp1hfm.log
04.02.2007 21:42 3.886 KB828741.log
03.02.2007 16:05 1.024 ppengine.ini
01.02.2007 21:54 28 Tobi.acl
30.01.2007 15:47 977.824 setupapi.log
24.01.2007 22:22 253 tm.ini
24.01.2007 22:22 35 tdf.dii
20.01.2007 10:37 28 Bine.acl
17.01.2007 08:54 2.133 wmsetup.log
14.01.2007 10:59 1.864 OEWABLog.txt
13.01.2007 19:29 32 wininit.ini
13.01.2007 19:29 29.144 spupdsvc.log
13.01.2007 19:29 2.272 netcfg.log
13.01.2007 19:29 360 DtcInstall.log
13.01.2007 19:29 316.640 WMSysPr9.prx
13.01.2007 19:28 176.723 iis6.log
13.01.2007 19:28 47.384 comsetup.log
13.01.2007 19:28 28.296 ntdtcsetup.log
13.01.2007 19:28 72.772 ocgen.log
13.01.2007 19:28 56.858 tsoc.log
13.01.2007 19:28 5.910 msgsocm.log
13.01.2007 19:28 6.136 tabletoc.log
13.01.2007 19:28 4.696 imsins.log
13.01.2007 19:28 3.743 medctroc.Log
13.01.2007 19:28 4.963 ocmsn.log
13.01.2007 19:28 103.554 FaxSetup.log
13.01.2007 19:28 19.539 netfxocm.log
13.01.2007 19:28 43.786 msmqinst.log
13.01.2007 19:23 12.629 awprotoc.txt
13.01.2007 19:23 1.374 imsins.BAK
13.01.2007 19:23 430.365 svcpack.log
13.01.2007 19:20 200 cmsetacl.log
13.01.2007 19:20 768.617 setuplog.txt
13.01.2007 19:20 1.259 win.ini
13.01.2007 19:19 1.330 sessmgr.setup.log
13.01.2007 18:58 61 awerror.txt
10.01.2007 14:50 100.994 ModemLog_TI 56000 Voice Modem.txt
10.01.2007 14:20 483 oleco.ini
09.01.2007 13:49 2.850 system.ini
19.12.2006 22:13 10.240 Thumbs.db
19.12.2006 22:13 49 NeroDigital.ini
04.11.2006 11:40 49.152 outlook.pst

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: F0D3-4FAB

Verzeichnis von C:\WINDOWS\temp

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: F0D3-4FAB

Verzeichnis von C:\WINDOWS\Downloaded Program Files

11.04.2006 16:10 135.168 asinst.dll
03.04.2006 10:00 537 asinst.inf
22.02.2005 23:14 65 desktop.ini
20.01.2000 15:25 1.162 Microsoft XML Parser for Java.osd
14.10.1997 18:52 697 DirectAnimation Java Classes.osd
5 Datei(en) 137.629 Bytes
0 Verzeichnis(se), 27.101.089.792 Bytes frei

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: F0D3-4FAB

Verzeichnis von C:\

06.02.2007 16:23 0 sys.txt
06.02.2007 16:23 533 down.txt
06.02.2007 16:23 117 tmp.txt
06.02.2007 16:22 6.730 system.txt
06.02.2007 16:22 132 systemtemp.txt
06.02.2007 16:20 115.050 system32.txt
06.02.2007 16:16 805.306.368 pagefile.sys
06.02.2007 16:11 339.257 CleanUp452.exe
13.01.2007 19:20 211 boot.ini
13.01.2007 19:09 47.564 NTDETECT.COM
13.01.2007 19:09 251.184 ntldr
09.01.2007 12:08 1.274 smitfiles.txt
09.01.2007 12:06 13.322 smitfrau.reg
09.01.2007 12:03 36 direct.txt

POST-THIS:

The script did not recognize the services listed below.
This does not mean that they are a problem.

To copy the entire contents of this document for posting:
At the top of this window click "Edit" then "Select All"
Next click "Edit" again then "Copy"
Now right click in the forum post box then click "Paste"

########################################

ServiceFilter 1.1
by rand1038

Microsoft Windows XP Professional
Version: 5.1.2600 Service Pack 2
Feb 6, 2007 16:26:20


---> Begin Service Listing <---

Unknown Service # 1
Service Name: AntiVirScheduler
Display Name: AntiVir PersonalEdition Classic Planer
Start Mode: Auto
Start Name: LocalSystem
Description: Dienst zur Steuerung von AntiVir Prüfaufträgen und ...
Service Type: Own Process
Path: c:\programme\antivir personaledition classic\sched.exe
State: Running
Process ID: 1812
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 2
Service Name: AntiVirService
Display Name: AntiVir PersonalEdition Classic Guard
Start Mode: Auto
Start Name: LocalSystem
Description: Bietet permanenten Schutz vor Viren und Malware mit der AntiVir ...
Service Type: Own Process
Path: c:\programme\antivir personaledition classic\avguard.exe
State: Running
Process ID: 1908
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 3
Service Name: bdss
Display Name: BitDefender Scan Server
Start Mode: Auto
Start Name: LocalSystem
Description: Scans media for viruses and other security ...
Service Type: Own Process
Path: c:\programme\gemeinsame dateien\softwin\bitdefender scan server\bdss.exe /service
State: Running
Process ID: 528
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 4
Service Name: kavsvc
Display Name: kavsvc
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\programme\kaspersky lab\kaspersky anti-virus personal\kavsvc.exe"
State: Running
Process ID: 1992
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service #5
Service Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Start Mode: Manual
Start Name: LocalSystem
Description: Verwaltet Software-basierte Schattenkopien des Volumeschattenkopie-Dienstes. Software-basierte ...
Service Type: Own Process
Path: c:\windows\system32\dllhost.exe /processid:{b2925bb6-a7c9-48df-ba32-22275d9fa1a2}
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 6
Service Name: XCOMM
Display Name: BitDefender Communicator
Start Mode: Auto
Start Name: LocalSystem
Description: Ensures proper communication between BitDefender ...
Service Type: Own Process
Path: c:\programme\gemeinsame dateien\softwin\bitdefender communicator\xcommsvr.exe /service
State: Running
Process ID: 344
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

---> End Service Listing <---

There are 86 Win32 services on this machine.
6 were unrecognized.

Script Execution Time: 1,859375 seconds.



so, das war's oder???

grüße
stanleyQ

#6 Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:

Zitat

Files to delete:
D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\rvlsxrej.exe
D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\jnlhjljs.exe
D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\klqbetbr.exe
D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\khkjbsjq.exe
D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\qwwcnksj.exe
D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\bszszvtw.exe
D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\behntlrz.exe
D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\jblsbnex.exe

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

«
poste das log vom avenger, was nach neustart erscheint

»»
http://virus-protect.org/artikel/tools/sdfix.html
scanne mit norman
2 : wird Norman geladen + poste de report

+
poste das neue log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit

#7 hi!
also denn:

avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\sfjriita

*******************

Script file located at: \??\C:\dengheuh.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\rvlsxrej.exe deleted successfully.
File D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\jnlhjljs.exe deleted successfully.
File D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\klqbetbr.exe deleted successfully.
File D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\khkjbsjq.exe deleted successfully.
File D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\qwwcnksj.exe deleted successfully.
File D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\bszszvtw.exe deleted successfully.
File D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\behntlrz.exe deleted successfully.
File D:\Programme\Gemeinsame Dateien\Microsoft Shared\Stationery\jblsbnex.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Nfix:

Norman Generic Fix
Copyright © 1990 - 2007, Norman ASA. Built 2007/02/06 15:31:36

Norman Scanner Engine Version: 5.90.30
Nvcbin.def Version: 5.90.00, Date: 2007/02/06 15:31:36, Variants: 202204
Nvcmacro.def Version: 5.90.00, Date: 2007/02/06 15:31:36, Variants: 12
Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2
Logged on user: HAL-9000\Tobi

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> NoDispAppearancePage = 0x00000000
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> NoDispBackgroundPage = 0x00000000




Scanning running processes and process memory...

Number of processes/threads found: 410
Number of processes/threads scanned: 410
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 3s 562ms


Scanning file system...

Scanning: C:\*.*

Scanning: D:\*.*


Running post-scan cleanup routine:


Number of files found: 57462
Number of archives unpacked: 0
Number of files scanned: 57378
Number of files not scanned: 84
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 23m 5s


HiJackThis:

Logfile of HijackThis v1.99.1
Scan saved at 23:17:28, on 07.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\TBridge\Flatbed.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programme\NetCologne\signup\WlanMon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\HiJackThis-W32-FMN-Killer\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netcologne.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.netcologne.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netcologne.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von NetCologne
F3 - REG:win.ini: load=C:\TBridge\Flatbed.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KAVPersonal50] C:\Programme\Kaspersky\kav.exe /minimize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: C2CMonitor.lnk.disabled
O4 - Global Startup: Microsoft-Indexerstellung.lnk.disabled
O4 - Global Startup: Office-Start.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O21 - SSODL: ShellFolder for CD Burning - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe


sodele!
hoffe der sch... is bald gegessen...

grüße
stanleyQ

#8 1.
poste dieses log
http://virus-protect.org/artikel/tools/combofix.html

2.
Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten.
in: "Enter search strings" (reinschreiben oder reinkopieren)

Microsoft sdk core

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

gleiches mit :

{E61B5E20-DE35-11CF-9C87-1579005127ED}

{A8B28872-3324-4CD2-8AA3-7D555C872D96}

Vista ReadyService

Windows Genuine Advantage Registration Service

___________

3.
poste dieses log
http://virus-protect.org/winpfind.html
__________
MfG Sabina

rund um die PC-Sicherheit

#9 hi sabina!

los geht's:

Combofix:

"Tobi" - 07-02-11 15:10:54 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Programme\Gemeinsame Dateien\{30D34~1
C:\Programme\Gemeinsame Dateien\{F0D34~1


((((((((((((((((((((((((((((((( Files Created from 2007-01-11 to 2007-02-11 ))))))))))))))))))))))))))))))))))


2007-02-11 15:08 880,702 --a------ C:\combofix.exe
2007-02-07 22:02 <DIR> d-------- C:\avenger
2007-02-07 21:57 <DIR> d-------- C:\Programme\Avenger
2007-02-06 16:25 <DIR> d-------- C:\Programme\servicefilter
2007-02-06 16:12 339,257 --a------ C:\CleanUp452.exe
2007-02-06 15:29 <DIR> d-------- C:\SAV32CLI
2007-02-05 20:50 <DIR> d-------- C:\SDFix
2007-02-05 20:36 <DIR> d-------- C:\fixwareout
2007-02-03 12:35 <DIR> d-------- C:\DOKUME~1\Bine\Anwendungsdaten\Real
2007-02-02 15:21 <DIR> d---s---- C:\DOKUME~1\TOBINE~1\UserData
2007-01-28 23:40 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-01-28 23:22 <DIR> d-------- C:\DOKUME~1\TOBINE~1\Anwendungsdaten\Real
2007-01-28 23:11 <DIR> d-------- C:\Programme\Gemeinsame Dateien\xing shared
2007-01-28 23:11 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Real
2007-01-28 23:09 <DIR> d-------- C:\DOKUME~1\Tobi\Anwendungsdaten\Real
2007-01-24 22:20 <DIR> d-------- C:\Programme\ElsterFormular
2007-01-24 22:19 <DIR> d-------- C:\Programme\Elster
2007-01-18 18:58 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-01-14 14:18 <DIR> d-------- C:\DOKUME~1\TOBINE~1\Anwendungsdaten\Adobe
2007-01-14 11:00 <DIR> d-------- C:\data
2007-01-14 00:44 <DIR> d-------- C:\DOKUME~1\TOBINE~1\Anwendungsdaten\Sun
2007-01-13 23:23 <DIR> dr------- C:\DOKUME~1\TOBINE~1\Eigene Dateien
2007-01-13 23:20 2,097,152 --ah----- C:\DOKUME~1\TOBINE~1\NTUSER.DAT
2007-01-13 23:20 <DIR> dr-h----- C:\DOKUME~1\TOBINE~1\Anwendungsdaten
2007-01-13 23:20 <DIR> dr------- C:\DOKUME~1\TOBINE~1\Startmen�
2007-01-13 23:20 <DIR> dr------- C:\DOKUME~1\TOBINE~1\Favoriten
2007-01-13 23:20 <DIR> d--h----- C:\DOKUME~1\TOBINE~1\Vorlagen
2007-01-13 23:20 <DIR> d--h----- C:\DOKUME~1\TOBINE~1\Netzwerkumgebung
2007-01-13 23:20 <DIR> d--h----- C:\DOKUME~1\TOBINE~1\Lokale Einstellungen
2007-01-13 23:20 <DIR> d--h----- C:\DOKUME~1\TOBINE~1\Druckumgebung
2007-01-13 19:34 8,192 --a------ C:\WINDOWS\suecmdial.dll
2007-01-13 19:25 <DIR> d-------- C:\WINDOWS\Prefetch
2007-01-13 19:20 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-01-13 19:18 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-01-13 19:18 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2007-01-13 19:18 88,064 --------- C:\WINDOWS\system32\p2pnetsh.dll
2007-01-13 19:18 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2007-01-13 19:18 86,016 --------- C:\WINDOWS\system32\p2pgasvc.dll
2007-01-13 19:18 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2007-01-13 19:18 81,920 --------- C:\WINDOWS\system32\ieencode.dll
2007-01-13 19:18 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2007-01-13 19:18 8,192 --------- C:\WINDOWS\system32\smbinst.exe
2007-01-13 19:18 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-01-13 19:18 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-01-13 19:18 75,776 --------- C:\WINDOWS\system32\strmfilt.dll
2007-01-13 19:18 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2007-01-13 19:18 73,796 --------- C:\WINDOWS\system32\slserv.exe
2007-01-13 19:18 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-01-13 19:18 71,680 --------- C:\WINDOWS\system32\blastcln.exe
2007-01-13 19:18 7,680 --------- C:\WINDOWS\system32\kbdsmsno.dll
2007-01-13 19:18 7,680 --------- C:\WINDOWS\system32\kbdsmsfi.dll
2007-01-13 19:18 7,168 --------- C:\WINDOWS\system32\kbdukx.dll
2007-01-13 19:18 7,168 --------- C:\WINDOWS\system32\kbdno1.dll
2007-01-13 19:18 7,168 --------- C:\WINDOWS\system32\kbdfi1.dll
2007-01-13 19:18 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-01-13 19:18 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-01-13 19:18 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2007-01-13 19:18 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-01-13 19:18 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-01-13 19:18 60,416 --------- C:\WINDOWS\system32\fwcfg.dll
2007-01-13 19:18 6,656 --------- C:\WINDOWS\system32\kbdinmal.dll
2007-01-13 19:18 6,656 --------- C:\WINDOWS\system32\kbdinben.dll
2007-01-13 19:18 6,144 --------- C:\WINDOWS\system32\kbdmlt48.dll
2007-01-13 19:18 6,144 --------- C:\WINDOWS\system32\kbdmlt47.dll
2007-01-13 19:18 6,144 --------- C:\WINDOWS\system32\kbdinbe1.dll
2007-01-13 19:18 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2007-01-13 19:18 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-01-13 19:18 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-01-13 19:18 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-01-13 19:18 526,848 --------- C:\WINDOWS\system32\p2psvc.dll
2007-01-13 19:18 52,736 --------- C:\WINDOWS\system32\mspmsnsv.dll
2007-01-13 19:18 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-01-13 19:18 50,688 --------- C:\WINDOWS\system32\btpanui.dll
2007-01-13 19:18 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll
2007-01-13 19:18 5,632 --------- C:\WINDOWS\system32\kbdmaori.dll
2007-01-13 19:18 49,152 --------- C:\WINDOWS\system32\powercfg.exe
2007-01-13 19:18 48,640 --------- C:\WINDOWS\system32\pnrpnsp.dll
2007-01-13 19:18 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-01-13 19:18 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-01-13 19:18 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-01-13 19:18 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2007-01-13 19:18 44,032 --------- C:\WINDOWS\system32\twext.dll
2007-01-13 19:18 438,784 --------- C:\WINDOWS\system32\xpob2res.dll
2007-01-13 19:18 431,616 --------- C:\WINDOWS\system32\wuapi.dll
2007-01-13 19:18 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2007-01-13 19:18 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2007-01-13 19:18 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys
2007-01-13 19:18 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2007-01-13 19:18 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2007-01-13 19:18 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2007-01-13 19:18 40,832 --------- C:\WINDOWS\system32\drivers\irbus.sys
2007-01-13 19:18 40,192 --------- C:\WINDOWS\system32\drivers\intelppm.sys
2007-01-13 19:18 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2007-01-13 19:18 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-01-13 19:18 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2007-01-13 19:18 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-01-13 19:18 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2007-01-13 19:18 36,864 --------- C:\WINDOWS\system32\wups.dll
2007-01-13 19:18 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-01-13 19:18 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2007-01-13 19:18 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-01-13 19:18 327,168 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-01-13 19:18 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2007-01-13 19:18 32,866 --------- C:\WINDOWS\slrundll.exe
2007-01-13 19:18 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
2007-01-13 19:18 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2007-01-13 19:18 312,320 --------- C:\WINDOWS\system32\p2pgraph.dll
2007-01-13 19:18 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-01-13 19:18 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-01-13 19:18 30,208 --------- C:\WINDOWS\system32\bthserv.dll
2007-01-13 19:18 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-01-13 19:18 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-01-13 19:18 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2007-01-13 19:18 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-01-13 19:18 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-01-13 19:18 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-01-13 19:18 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-01-13 19:18 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-01-13 19:18 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-01-13 19:18 29,184 --------- C:\WINDOWS\system32\sdhcinst.dll
2007-01-13 19:18 29,056 --------- C:\WINDOWS\system32\drivers\ip6fw.sys
2007-01-13 19:18 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2007-01-13 19:18 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-01-13 19:18 275,200 --------- C:\WINDOWS\system32\drivers\bthport.sys
2007-01-13 19:18 263,040 --------- C:\WINDOWS\system32\drivers\http.sys
2007-01-13 19:18 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-01-13 19:18 25,856 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2007-01-13 19:18 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-01-13 19:18 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-01-13 19:18 24,576 --------- C:\WINDOWS\system32\httpapi.dll
2007-01-13 19:18 233,472 --------- C:\WINDOWS\system32\wmpdxm.dll
2007-01-13 19:18 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-01-13 19:18 22,528 --------- C:\WINDOWS\system32\fltmc.exe
2007-01-13 19:18 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-01-13 19:18 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-01-13 19:18 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-01-13 19:18 202,752 --------- C:\WINDOWS\system32\wmerror.dll
2007-01-13 19:18 20,992 --------- C:\WINDOWS\system32\bthci.dll
2007-01-13 19:18 193,024 --------- C:\WINDOWS\system32\fsquirt.exe
2007-01-13 19:18 188,508 --------- C:\WINDOWS\system32\slgen.dll
2007-01-13 19:18 183,808 --------- C:\WINDOWS\system32\wuaueng1.dll
2007-01-13 19:18 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-01-13 19:18 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2007-01-13 19:18 17,408 --------- C:\WINDOWS\system32\winshfhc.dll
2007-01-13 19:18 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-01-13 19:18 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2007-01-13 19:18 168,448 --------- C:\WINDOWS\system32\wuauclt1.exe
2007-01-13 19:18 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-01-13 19:18 16,896 --------- C:\WINDOWS\system32\fltlib.dll
2007-01-13 19:18 15,872 --------- C:\WINDOWS\system32\w3ssl.dll
2007-01-13 19:18 15,488 --------- C:\WINDOWS\system32\drivers\mssmbios.sys
2007-01-13 19:18 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-01-13 19:18 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2007-01-13 19:18 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-01-13 19:18 14,336 --------- C:\WINDOWS\system32\auditusr.exe
2007-01-13 19:18 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-01-13 19:18 13,824 --------- C:\WINDOWS\system32\wscntfy.exe
2007-01-13 19:18 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-01-13 19:18 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-01-13 19:18 13,824 --------- C:\WINDOWS\system32\cmsetacl.dll
2007-01-13 19:18 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2007-01-13 19:18 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2007-01-13 19:18 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-01-13 19:18 129,536 --------- C:\WINDOWS\system32\xmlprov.dll
2007-01-13 19:18 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-01-13 19:18 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-01-13 19:18 124,800 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2007-01-13 19:18 120,320 --------- C:\WINDOWS\system32\wuweb.dll
2007-01-13 19:18 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-01-13 19:18 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2007-01-13 19:18 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-01-13 19:18 118,784 --------- C:\WINDOWS\system32\msdadiag.dll
2007-01-13 19:18 116,224 --------- C:\WINDOWS\system32\p2p.dll
2007-01-13 19:18 114,688 --------- C:\WINDOWS\system32\wmpasf.dll
2007-01-13 19:18 113,664 --------- C:\WINDOWS\system32\wucltui.dll
2007-01-13 19:18 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-01-13 19:18 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-01-13 19:18 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-01-13 19:18 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-01-13 19:18 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-01-13 19:18 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-01-13 19:18 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll
2007-01-13 19:18 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2007-01-13 19:18 11,136 --------- C:\WINDOWS\system32\drivers\sffdisk.sys
2007-01-13 19:18 108,032 --------- C:\WINDOWS\system32\wshbth.dll
2007-01-13 19:18 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-01-13 19:18 100,992 --------- C:\WINDOWS\system32\drivers\bthpan.sys
2007-01-13 19:18 10,240 --------- C:\WINDOWS\system32\drivers\sffp_sd.sys
2007-01-13 19:18 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-01-13 19:18 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2007-01-13 19:18 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2007-01-13 19:18 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-01-13 19:18 <DIR> d-------- C:\WINDOWS\provisioning
2007-01-13 19:18 <DIR> d-------- C:\WINDOWS\peernet
2007-01-13 19:14 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-01-13 19:08 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-01-13 19:04 <DIR> d-------- C:\WINDOWS\EHome
2007-01-13 18:56 <DIR> d-------- C:\Programme\NetCologne
2007-01-13 18:56 <DIR> d-------- C:\Programme\Gemeinsame Dateien\NetCologne


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-07 23:17 -------- d-------- C:\Programme\hijackthis-w32-fmn-killer
2007-02-06 16:05 -------- d-------- C:\Programme\weblcr
2007-02-04 13:16 -------- d-------- C:\Programme\antivir personaledition classic
2007-02-02 16:05 -------- d-------- C:\Programme\ad-aware 6
2007-01-24 22:20 -------- d--h----- C:\Programme\installshield installation information
2007-01-13 19:18 -------- d-------- C:\Programme\movie maker
2007-01-13 19:18 -------- d-------- C:\Programme\messenger
2007-01-13 19:13 -------- d-------- C:\Programme\windows nt
2007-01-09 12:39 -------- d-------- C:\Programme\datfind-dat-killer
2007-01-09 12:37 -------- d-------- C:\Programme\clearprog-browserspuren-l”scher
2007-01-09 12:27 -------- d-------- C:\Programme\winamp
2007-01-09 12:27 -------- d-------- C:\Programme\wik and the fable of souls
2007-01-09 12:27 -------- d-------- C:\Programme\quicktime
2007-01-09 12:27 -------- d-------- C:\Programme\pdf toolbox
2007-01-09 12:27 -------- d-------- C:\Programme\cdex
2007-01-09 12:06 13322 --a------ C:\smitfrau.reg
2007-01-09 12:01 -------- d-------- C:\Programme\dll-killer!!!!!!
2006-12-28 17:49 34304 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2006-12-28 17:49 14848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"KAVPersonal50"="C:\\Programme\\Kaspersky\\kav.exe /minimize"
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"BDNewsAgent"="C:\\Programme\\Softwin\\BitDefender Free Edition\\bdnagent.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"nForce Tray Options"="sstray.exe /r"
"QuickTime Task"="\"C:\\WINDOWS\\System32\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"Winamp Agent"="C:\\WINDOWS\\System32\\winamp.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"="cspjb.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
@="{E61B5E20-DE35-11CF-9C87-1579005127ED}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=dword:00000000
"NoThemesTab"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0




~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070205-213411-224
O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - C:\WINDOWS\System32\wgareg.exe (file missing)
backup-20070205-213411-342
O23 - Service: Vista ReadyService (VistaRS) - Unknown owner - C:\WINDOWS\system32\readysrv.exe (file missing)
backup-20070205-213411-391
O23 - Service: Microsoft sdk core (sdk) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
backup-20070205-213411-996
O21 - SSODL: WebCheck - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file)
backup-20070205-213411-374
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\dxocx.dll (file missing)
backup-20070205-213411-231
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1FD66DD-DEE8-4C95-9957-D787F644743F}: NameServer = 85.255.115.94,85.255.112.24
backup-20070205-213411-566
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9451F03-1DBF-4DE7-B5D2-F2CE3F2127D0}: NameServer = 85.255.115.94,85.255.112.24
backup-20070205-213411-961
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
backup-20070205-213411-295
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC5E1E9F-DDA0-45AE-BB8C-23033A294DD5}: NameServer = 85.255.115.94,85.255.112.24
backup-20070205-213411-220
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
backup-20070205-213411-979
O2 - BHO: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
backup-20070205-213411-549
O1 - Hosts: localhost 127.0.0.1
backup-20070205-213411-204
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
backup-20070205-213411-541
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.updatesearches.com/
backup-20070205-213411-534
R3 - URLSearchHook: (no name) - {9244909D-6F9B-206D-A2C6-415FE9897329} - bhoserv.dll (file missing)
backup-20070205-213411-288
O1 - Hosts: localhost 127.0.0.1
backup-20070205-213411-872
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesearches.com/search.php?qq=%1
backup-20070205-213411-905
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.updatesearches.com/search.php?qq=%1
backup-20070205-213411-114
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.updatesearches.com/search.php?qq=%1
backup-20070205-213411-125
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
backup-20070205-213411-300
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
backup-20070205-213411-937
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.updatesearches.com/search.php?qq=%1
backup-20070130-203447-453
O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - C:\WINDOWS\System32\wgareg.exe (file missing)
backup-20070130-203447-500
O23 - Service: Vista ReadyService (VistaRS) - Unknown owner - C:\WINDOWS\system32\readysrv.exe (file missing)
backup-20070130-203355-859
O21 - SSODL: msp.cpl - {E21B5E20-DE35-11CF-9C87-157900512701} - C:\WINDOWS\System32\msp.cpl (file missing)
backup-20070130-203355-676
O23 - Service: Vista ReadyService (VistaRS) - Unknown owner - C:\WINDOWS\system32\readysrv.exe (file missing)
backup-20070130-203355-804
O21 - SSODL: SysTray - {E61B5E20-DE35-11CF-9C87-1579005127ED} - C:\WINDOWS\System32\msc.cpl (file missing)
backup-20070130-203355-135
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,bootini.exe
backup-20070130-203355-936
F2 - REG:system.ini: Shell=Explorer.exe bootini.exe
backup-20070130-203230-690
O23 - Service: Microsoft sdk core (sdk) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
backup-20070130-203230-515
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\System32\dllcache\msagent.exe (file missing)
backup-20070130-203230-505
O23 - Service: Vista ReadyService (VistaRS) - Unknown owner - C:\WINDOWS\system32\readysrv.exe (file missing)
backup-20070130-203230-327
O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - C:\WINDOWS\System32\wgareg.exe (file missing)
backup-20070130-203230-295
O23 - Service: Microsoft windows FTPd - Unknown owner - (no file)
backup-20070130-203110-195
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Programme\Deskbar\deskbar.dll (file missing)
backup-20070121-160704-613
O23 - Service: Microsoft Security Login Service - Unknown owner - C:\WINDOWS\System32\dllcache\mssecure32.exe (file missing)
backup-20070121-160704-655
O23 - Service: Microsoft update Service - Unknown owner - C:\WINDOWS\System32\dllcache\msiupdate32.exe (file missing)
backup-20070111-001144-395
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,bootini.exe
backup-20070111-001144-477
F2 - REG:system.ini: Shell=Explorer.exe bootini.exe
backup-20070110-141103-533
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,bootini.exe
backup-20070110-141103-678
F2 - REG:system.ini: Shell=Explorer.exe bootini.exe

********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-11 15:12:49

RegSearch:

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.2.0

; Results at 11.02.2007 15:18:39 for strings:
; 'microsoft sdk core'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.2.0

; Results at 11.02.2007 15:20:46 for strings:
; '{e61b5e20-de35-11cf-9c87-1579005127ed}'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
@="{E61B5E20-DE35-11CF-9C87-1579005127ED}"

; End Of The Log...

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.2.0

; Results at 11.02.2007 15:23:26 for strings:
; '{a8b28872-3324-4cd2-8aa3-7d555c872d96}'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.2.0

; Results at 11.02.2007 15:24:43 for strings:
; 'vista readyservice'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.2.0

; Results at 11.02.2007 15:25:48 for strings:
; 'windows genuine advantage registration service '
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...


WinPFind:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
UPX! 11.02.2007 15:08:22 880702 C:\combofix.exe
KavSvc 01.10.2006 16:04:30 4315588 C:\resolve.log

Checking %ProgramFilesDir% folder...
PEC2 14.07.2005 18:52:38 67850752 C:\Programme\Open Office v1.1.0 Win32Intel install deutsch.zip
qoologic 11.02.2007 15:09:38 204131 C:\Programme\WinPFind.zip

Checking %WinDir% folder...
KavSvc 13.01.2007 19:28:26 176723 C:\WINDOWS\iis6.log

Checking %System% folder...
UPX! 25.03.2003 06:49:02 R 58880 C:\WINDOWS\SYSTEM32\avi2ac3dts.ax
PEC2 18.08.2001 20:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc
UPX! 25.03.2003 06:49:02 R 67072 C:\WINDOWS\SYSTEM32\dtssource.ax
UPX! 25.03.2003 06:49:02 R 65536 C:\WINDOWS\SYSTEM32\DVDAudio.ax
UPX! 25.03.2003 06:49:02 R 86528 C:\WINDOWS\SYSTEM32\DVDVideo.ax
UPX! 13.01.2005 20:41:48 11254 C:\WINDOWS\SYSTEM32\locate.com
aspack 04.08.2004 00:57:10 733696 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 04.08.2004 00:57:34 686592 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 18.08.2001 20:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 03.08.2004 22:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
11.02.2007 15:01:52 S 2048 C:\WINDOWS\bootstat.dat
19.12.2006 22:13:38 HS 10240 C:\WINDOWS\Thumbs.db
13.01.2007 19:20:10 RHS 333502 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_6.cab
11.02.2007 15:13:00 H 1024 C:\WINDOWS\system32\config\default.LOG
11.02.2007 15:03:26 H 1024 C:\WINDOWS\system32\config\SAM.LOG
11.02.2007 15:12:02 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
11.02.2007 15:31:34 H 1024 C:\WINDOWS\system32\config\software.LOG
11.02.2007 15:28:54 H 1024 C:\WINDOWS\system32\config\system.LOG
11.02.2007 15:01:54 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
03.04.2003 00:17:40 172032 C:\WINDOWS\SYSTEM32\ac3filter.cpl
Microsoft Corporation 04.08.2004 00:58:24 70656 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 04.08.2004 00:58:24 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 04.08.2004 00:58:24 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 04.08.2004 00:58:24 138240 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 25.03.2003 06:49:02 R 122880 C:\WINDOWS\SYSTEM32\directx.cpl
Microsoft Corporation 03.09.1997 23:00:00 22528 C:\WINDOWS\SYSTEM32\FINDFAST.CPL
Microsoft Corporation 04.08.2004 00:58:24 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 04.08.2004 00:58:24 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Ahead Software AG 23.12.2003 15:40:52 57344 C:\WINDOWS\SYSTEM32\ImageDrive.cpl
Microsoft Corporation 04.08.2004 00:58:24 359424 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 04.08.2004 00:58:24 133120 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 04.08.2004 00:58:24 381440 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 04.08.2004 00:58:24 69632 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 10.11.2005 13:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 18.08.2001 20:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 03.09.1997 23:00:00 55568 C:\WINDOWS\SYSTEM32\MLCFG32.CPL
Microsoft Corporation 04.08.2004 00:58:24 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl
Kristal Studio 25.03.2003 06:49:02 R 121856 C:\WINDOWS\SYSTEM32\Mp3cnfg.cpl
Microsoft Corporation 18.08.2001 20:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 04.08.2004 00:58:24 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 04.08.2004 00:58:24 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 18.08.2001 20:00:00 38400 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 04.08.2004 00:58:24 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 04.08.2004 00:58:24 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 27.05.2003 12:42:58 295936 C:\WINDOWS\SYSTEM32\QuickTime.cpl
NVIDIA Corporation 13.08.2003 05:24:40 R 73728 C:\WINDOWS\SYSTEM32\sscpl.cpl
25.03.2003 06:49:02 R 98304 C:\WINDOWS\SYSTEM32\Startup.cpl
Microsoft Corporation 04.08.2004 00:58:24 303104 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 18.08.2001 20:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 04.08.2004 00:58:24 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 25.03.2003 06:49:02 R 106544 C:\WINDOWS\SYSTEM32\tweakui.cpl
Microsoft Corporation 04.08.2004 00:58:24 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 04.08.2004 00:58:24 162816 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 18.08.2001 20:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 18.08.2001 20:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 18.08.2001 20:00:00 38400 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 18.08.2001 20:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
18.07.2005 17:52:12 662 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\C2CMonitor.lnk.disabled
22.02.2005 23:15:52 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
10.07.2005 16:04:06 741 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft-Indexerstellung.lnk.disabled
10.07.2005 16:04:00 716 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Office-Start.lnk.disabled

Checking files in %ALLUSERSPROFILE%\Application Data folder...
09.01.2007 12:55:54 305 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
22.02.2005 23:03:02 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
22.02.2005 23:15:52 HS 84 C:\Dokumente und Einstellungen\Tobi\Startmenü\Programme\Autostart\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
22.02.2005 23:03:02 HS 62 C:\Dokumente und Einstellungen\Tobi\Anwendungsdaten\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{2D1C37C7-62C9-446E-B0A5-EAF400EBD6F7} = C:\WINDOWS\system32\dxocx.dll
{42D3BDE2-D5CA-4F92-BA2B-FBA57A8F4A6E} = C:\WINDOWS\system32\mxvfw32.dll
{513280BE-80BF-42B8-8A9A-582A59F57231} = C:\WINDOWS\system32\uhdmxfrm.dll
{B3B25B02-519A-4935-94DF-DFA5BBE349E2} = C:\WINDOWS\system32\sse.dll
{407F94E7-D2C3-44A9-A7E6-31972A549EA3} = C:\WINDOWS\system32\clmpstui.dll
{A84D0263-9803-4AE0-A2FB-7357BA55F23B} = C:\WINDOWS\system32\fpusd.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BitDefender Antivirus v7
{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\Programme\Softwin\BitDefender Free Edition\bdshelxt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Kaspersky Anti-Virus
{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Shell Extension for Malware scanning
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TagRename_ContextMenu
{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5} = C:\PROGRA~1\TAG&RE~1\TRshell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BitDefender Antivirus v7
{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\Programme\Softwin\BitDefender Free Edition\bdshelxt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Kaspersky Anti-Virus
{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Shell Extension for Malware scanning
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TagRename_ContextMenu
{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5} = C:\PROGRA~1\TAG&RE~1\TRshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Konsole : C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Programme\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer-Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
avgnt "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
KAVPersonal50 C:\Programme\Kaspersky\kav.exe /minimize
KernelFaultCheck %systemroot%\system32\dumprep 0 -k
TkBellExe "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
UserFaultCheck %systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE C:\WINDOWS\system32\ctfmon.exe
SpybotSD TeaTimer C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoChangingWallPaper 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoSaveSettings 0
ClassicShell 0
NoThemesTab 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
NoDispScrSavPage 0
NoDispCPL 0
NoColorChoice 0
NoSizeChoice 0
NoVisualStyleChoice 0
NoDispSettingsPage 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
{E61B5E20-DE35-11CF-9C87-1579005127ED} =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System = cspjb.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 11.02.2007 15:33:32



ok, danke für die mühen.

stanleyQ

#10 stanleyQ

virustotal
Oben auf der Seite --> gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen
http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\system32\cspjb.exe
C:\WINDOWS\system32\dxocx.dll
C:\WINDOWS\system32\mxvfw32.dll
C:\WINDOWS\system32\uhdmxfrm.dll
C:\WINDOWS\system32\sse.dll
C:\WINDOWS\system32\clmpstui.dll
C:\WINDOWS\system32\fpusd.dll

poste hier die reporte

--------------------------------------------------------------

Gehe in die registry
Start - Ausfuehren - regedit

oben links - bearbeiten suchen -

{E61B5E20-DE35-11CF-9C87-1579005127ED}

cspjb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
@="{E61B5E20-DE35-11CF-9C87-1579005127ED}" -> loeschen

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
System = cspjb.exe - loeschen

---------------------------------------------------------

PC neustarten

»»
scanne mit Qoofix (es sind zwei Proggies) - scanne mit beiden - poste beide scanreporte
http://virus-protect.org/artikel/tools/quofixhttp.html

»
poste das neue log vom Hijackthis
__________
MfG Sabina

rund um die PC-Sicherheit

#11 hi!

äääh, bei virustotal welche datei wo reinkopieren / scannen???

sorry, raffe das gerade nich...

#12 virustotal
Oben auf der Seite --> gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen
http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\system32\cspjb.exe
C:\WINDOWS\system32\dxocx.dll
C:\WINDOWS\system32\mxvfw32.dll
C:\WINDOWS\system32\uhdmxfrm.dll
C:\WINDOWS\system32\sse.dll
C:\WINDOWS\system32\clmpstui.dll
C:\WINDOWS\system32\fpusd.dll

poste hier die reporte

gleich die Datei mit korrektem Pfad einkopieren)

__________
MfG Sabina

rund um die PC-Sicherheit

#13 hi sabina,
also, ich habe nicht das gefühl, alles richtig gemacht zu haben, da die angegebenen dateien aus system32 alle nicht wirklich da waren und ich mit virustotal nur leere dateikopien gescannt habe...
außerdem habe ich mit qoofix keine qoofix.bat downgeloadet. ist nur ne .exe und ne .dll da...

trotzdem hier schonmal der virustotal-report:
Complete scanning result of "cspjb.exe", received in VirusTotal at 02.12.2007, 10:45:19 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.36 02.12.2007 no virus found
Authentium 4.93.8 02.12.2007 no virus found
Avast 4.7.936.0 02.11.2007 no virus found
AVG 386 02.11.2007 no virus found
BitDefender 7.2 02.12.2007 no virus found
CAT-QuickHeal 9.00 02.12.2007 no virus found
ClamAV devel-20060426 02.12.2007 no virus found
DrWeb 4.33 02.12.2007 no virus found
eSafe 7.0.14.0 02.12.2007 no virus found
eTrust-Vet 30.4.3391 02.12.2007 no virus found
Ewido 4.0 02.11.2007 no virus found
Fortinet 2.85.0.0 02.12.2007 no virus found
F-Prot 4.2.1.29 02.12.2007 no virus found
F-Secure 6.70.13030.0 02.12.2007 no virus found
Ikarus T3.1.0.31 02.12.2007 no virus found
Kaspersky 4.0.2.24 02.12.2007 no virus found
McAfee 4960 02.09.2007 no virus found
Microsoft 1.2204 02.12.2007 no virus found
NOD32v2 2053 02.11.2007 no virus found
Norman 5.80.02 02.09.2007 no virus found
Panda 9.0.0.4 02.12.2007 no virus found
Prevx1 V2 02.12.2007 no virus found
Sophos 4.13.0 02.12.2007 no virus found
Sunbelt 2.2.907.0 02.09.2007 no virus found
Symantec 10 02.12.2007 no virus found
TheHacker 6.1.6.056 02.11.2007 no virus found
UNA 1.83 02.09.2007 no virus found
VBA32 3.11.2 02.11.2007 no virus found
VirusBuster 4.3.19:9 02.11.2007 no virus found

Aditional Information
File size: 0 bytes
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709

Complete scanning result of "dxocx.dll", received in VirusTotal at 02.12.2007, 11:00:12 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.36 02.12.2007 no virus found
Authentium 4.93.8 02.12.2007 no virus found
Avast 4.7.936.0 02.11.2007 no virus found
AVG 386 02.11.2007 no virus found
BitDefender 7.2 02.12.2007 no virus found
CAT-QuickHeal 9.00 02.12.2007 no virus found
ClamAV devel-20060426 02.12.2007 no virus found
DrWeb 4.33 02.12.2007 no virus found
eSafe 7.0.14.0 02.12.2007 no virus found
eTrust-Vet 30.4.3391 02.12.2007 no virus found
Ewido 4.0 02.11.2007 no virus found
Fortinet 2.85.0.0 02.12.2007 no virus found
F-Prot 4.2.1.29 02.12.2007 no virus found
F-Secure 6.70.13030.0 02.12.2007 no virus found
Ikarus T3.1.0.31 02.12.2007 no virus found
Kaspersky 4.0.2.24 02.12.2007 no virus found
McAfee 4960 02.09.2007 no virus found
Microsoft 1.2204 02.12.2007 no virus found
NOD32v2 2053 02.11.2007 no virus found
Norman 5.80.02 02.09.2007 no virus found
Panda 9.0.0.4 02.12.2007 no virus found
Prevx1 V2 02.12.2007 no virus found
Sophos 4.13.0 02.12.2007 no virus found
Sunbelt 2.2.907.0 02.09.2007 no virus found
Symantec 10 02.12.2007 no virus found
TheHacker 6.1.6.056 02.11.2007 no virus found
UNA 1.83 02.09.2007 no virus found
VBA32 3.11.2 02.11.2007 no virus found
VirusBuster 4.3.19:9 02.11.2007 no virus found

Aditional Information
File size: 0 bytes
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709

Complete scanning result of "mxvfw32.dll", received in VirusTotal at 02.12.2007, 11:08:00 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.36 02.12.2007 no virus found
Authentium 4.93.8 02.12.2007 no virus found
Avast 4.7.936.0 02.11.2007 no virus found
AVG 386 02.11.2007 no virus found
BitDefender 7.2 02.12.2007 no virus found
CAT-QuickHeal 9.00 02.12.2007 no virus found
ClamAV devel-20060426 02.12.2007 no virus found
DrWeb 4.33 02.12.2007 no virus found
eSafe 7.0.14.0 02.12.2007 no virus found
eTrust-Vet 30.4.3391 02.12.2007 no virus found
Ewido 4.0 02.11.2007 no virus found
Fortinet 2.85.0.0 02.12.2007 no virus found
F-Prot 4.2.1.29 02.12.2007 no virus found
F-Secure 6.70.13030.0 02.12.2007 no virus found
Ikarus T3.1.0.31 02.12.2007 no virus found
Kaspersky 4.0.2.24 02.12.2007 no virus found
McAfee 4960 02.09.2007 no virus found
Microsoft 1.2204 02.12.2007 no virus found
NOD32v2 2054 02.12.2007 no virus found
Norman 5.80.02 02.09.2007 no virus found
Panda 9.0.0.4 02.12.2007 no virus found
Prevx1 V2 02.12.2007 no virus found
Sophos 4.13.0 02.12.2007 no virus found
Sunbelt 2.2.907.0 02.09.2007 no virus found
Symantec 10 02.12.2007 no virus found
TheHacker 6.1.6.056 02.11.2007 no virus found
UNA 1.83 02.09.2007 no virus found
VBA32 3.11.2 02.11.2007 no virus found
VirusBuster 4.3.19:9 02.11.2007 no virus found

Aditional Information
File size: 0 bytes
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709

Complete scanning result of "uhdmxfrm.dll", received in VirusTotal at 02.12.2007, 11:18:11 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.36 02.12.2007 no virus found
Authentium 4.93.8 02.12.2007 no virus found
Avast 4.7.936.0 02.11.2007 no virus found
AVG 386 02.11.2007 no virus found
BitDefender 7.2 02.12.2007 no virus found
CAT-QuickHeal 9.00 02.12.2007 no virus found
ClamAV devel-20060426 02.12.2007 no virus found
DrWeb 4.33 02.12.2007 no virus found
eSafe 7.0.14.0 02.12.2007 no virus found
eTrust-Vet 30.4.3391 02.12.2007 no virus found
Ewido 4.0 02.11.2007 no virus found
Fortinet 2.85.0.0 02.12.2007 no virus found
F-Prot 4.2.1.29 02.12.2007 no virus found
F-Secure 6.70.13030.0 02.12.2007 no virus found
Ikarus T3.1.0.31 02.12.2007 no virus found
Kaspersky 4.0.2.24 02.12.2007 no virus found
McAfee 4960 02.09.2007 no virus found
Microsoft 1.2204 02.12.2007 no virus found
NOD32v2 2054 02.12.2007 no virus found
Norman 5.80.02 02.09.2007 no virus found
Panda 9.0.0.4 02.12.2007 no virus found
Prevx1 V2 02.12.2007 no virus found
Sophos 4.13.0 02.12.2007 no virus found
Sunbelt 2.2.907.0 02.09.2007 no virus found
Symantec 10 02.12.2007 no virus found
TheHacker 6.1.6.056 02.11.2007 no virus found
UNA 1.83 02.09.2007 no virus found
VBA32 3.11.2 02.11.2007 no virus found
VirusBuster 4.3.19:9 02.11.2007 no virus found

Aditional Information
File size: 0 bytes
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709

Complete scanning result of "sse.dll", received in VirusTotal at 02.12.2007, 14:41:24 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.36 02.12.2007 no virus found
Authentium 4.93.8 02.12.2007 no virus found
Avast 4.7.936.0 02.12.2007 no virus found
AVG 386 02.11.2007 no virus found
BitDefender 7.2 02.12.2007 no virus found
CAT-QuickHeal 9.00 02.12.2007 no virus found
ClamAV devel-20060426 02.12.2007 no virus found
DrWeb 4.33 02.12.2007 no virus found
eSafe 7.0.14.0 02.12.2007 no virus found
eTrust-Vet 30.4.3391 02.12.2007 no virus found
Ewido 4.0 02.11.2007 no virus found
Fortinet 2.85.0.0 02.12.2007 no virus found
F-Prot 4.2.1.29 02.12.2007 no virus found
F-Secure 6.70.13030.0 02.12.2007 no virus found
Ikarus T3.1.0.31 02.12.2007 no virus found
Kaspersky 4.0.2.24 02.12.2007 no virus found
McAfee 4960 02.09.2007 no virus found
Microsoft 1.2204 02.12.2007 no virus found
NOD32v2 2054 02.12.2007 no virus found
Norman 5.80.02 02.12.2007 no virus found
Panda 9.0.0.4 02.12.2007 no virus found
Prevx1 V2 02.12.2007 no virus found
Sophos 4.13.0 02.12.2007 no virus found
Sunbelt 2.2.907.0 02.09.2007 no virus found
Symantec 10 02.12.2007 no virus found
TheHacker 6.1.6.056 02.11.2007 no virus found
UNA 1.83 02.09.2007 no virus found
VBA32 3.11.2 02.11.2007 no virus found
VirusBuster 4.3.19:9 02.11.2007 no virus found

Aditional Information
File size: 0 bytes
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709

Complete scanning result of "clmpstui.dll", received in VirusTotal at 02.12.2007, 14:55:43 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.36 02.12.2007 no virus found
Authentium 4.93.8 02.12.2007 no virus found
Avast 4.7.936.0 02.12.2007 no virus found
AVG 386 02.11.2007 no virus found
BitDefender 7.2 02.12.2007 no virus found
CAT-QuickHeal 9.00 02.12.2007 no virus found
ClamAV devel-20060426 02.12.2007 no virus found
DrWeb 4.33 02.12.2007 no virus found
eSafe 7.0.14.0 02.12.2007 no virus found
eTrust-Vet 30.4.3391 02.12.2007 no virus found
Ewido 4.0 02.11.2007 no virus found
Fortinet 2.85.0.0 02.12.2007 no virus found
F-Prot 4.2.1.29 02.12.2007 no virus found
F-Secure 6.70.13030.0 02.12.2007 no virus found
Ikarus T3.1.0.31 02.12.2007 no virus found
Kaspersky 4.0.2.24 02.12.2007 no virus found
McAfee 4960 02.09.2007 no virus found
Microsoft 1.2204 02.12.2007 no virus found
NOD32v2 2054 02.12.2007 no virus found
Norman 5.80.02 02.12.2007 no virus found
Panda 9.0.0.4 02.12.2007 no virus found
Prevx1 V2 02.12.2007 no virus found
Sophos 4.13.0 02.12.2007 no virus found
Sunbelt 2.2.907.0 02.09.2007 no virus found
Symantec 10 02.12.2007 no virus found
TheHacker 6.1.6.056 02.11.2007 no virus found
UNA 1.83 02.09.2007 no virus found
VBA32 3.11.2 02.11.2007 no virus found
VirusBuster 4.3.19:9 02.11.2007 no virus found

Aditional Information
File size: 0 bytes
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709

Complete scanning result of "fpusd.dll", received in VirusTotal at 02.12.2007, 15:06:52 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.36 02.12.2007 no virus found
Authentium 4.93.8 02.12.2007 no virus found
Avast 4.7.936.0 02.12.2007 no virus found
AVG 386 02.11.2007 no virus found
BitDefender 7.2 02.12.2007 no virus found
CAT-QuickHeal 9.00 02.12.2007 no virus found
ClamAV devel-20060426 02.12.2007 no virus found
DrWeb 4.33 02.12.2007 no virus found
eSafe 7.0.14.0 02.12.2007 no virus found
eTrust-Vet 30.4.3391 02.12.2007 no virus found
Ewido 4.0 02.11.2007 no virus found
Fortinet 2.85.0.0 02.12.2007 no virus found
F-Prot 4.2.1.29 02.12.2007 no virus found
F-Secure 6.70.13030.0 02.12.2007 no virus found
Ikarus T3.1.0.31 02.12.2007 no virus found
Kaspersky 4.0.2.24 02.12.2007 no virus found
McAfee 4960 02.09.2007 no virus found
Microsoft 1.2204 02.12.2007 no virus found
NOD32v2 2054 02.12.2007 no virus found
Norman 5.80.02 02.12.2007 no virus found
Panda 9.0.0.4 02.12.2007 no virus found
Prevx1 V2 02.12.2007 no virus found
Sophos 4.13.0 02.12.2007 no virus found
Sunbelt 2.2.907.0 02.09.2007 no virus found
Symantec 10 02.12.2007 no virus found
TheHacker 6.1.6.056 02.11.2007 no virus found
UNA 1.83 02.09.2007 no virus found
VBA32 3.11.2 02.11.2007 no virus found
VirusBuster 4.3.19:9 02.11.2007 no virus found

Aditional Information
File size: 0 bytes
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709


qoofix-report:
Qoofix v1.04 by http://www.malwarebytes.org
Scan started on [12.02.2007] at [15:39:42]
-------------------------------------------------------------
No malicious modules found!
-------------------------------------------------------------
No Qoologic infected files found!
-------------------------------------------------------------
Scan COMPLETED SUCCESSFULLY on [12.02.2007] at [15:41:02]

Note: Some registry keys may have been removed.

was ist denn da wohl mit qoofix / BFU falsch gelaufen?

grüße
stanleyQ

#14 Gehe in die registry
Start - Ausfuehren - regedit

oben links - bearbeiten suchen -

{E61B5E20-DE35-11CF-9C87-1579005127ED}

cspjb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
@="{E61B5E20-DE35-11CF-9C87-1579005127ED}" -> loeschen

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
System = cspjb.exe - loeschen

-----------

C:\WINDOWS\system32\cspjb.exe - loeschen

PC neustarten

««
Look2Me-Destroyer V1.0.5 -scanne und poste den scanreport
http://virus-protect.org/l2mfix.html

»»
poste das neue log von winpfind
__________
MfG Sabina

rund um die PC-Sicherheit

#15 hi!

sooooo, denn ma los!!

l2mfix

The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{2D1C37C7-62C9-446E-B0A5-EAF400EBD6F7}"=-
"{42D3BDE2-D5CA-4F92-BA2B-FBA57A8F4A6E}"=-
"{513280BE-80BF-42B8-8A9A-582A59F57231}"=-
"{B3B25B02-519A-4935-94DF-DFA5BBE349E2}"=-
"{407F94E7-D2C3-44A9-A7E6-31972A549EA3}"=-
"{A84D0263-9803-4AE0-A2FB-7357BA55F23B}"=-
[-HKEY_CLASSES_ROOT\CLSID\{2D1C37C7-62C9-446E-B0A5-EAF400EBD6F7}]
[-HKEY_CLASSES_ROOT\CLSID\{42D3BDE2-D5CA-4F92-BA2B-FBA57A8F4A6E}]
[-HKEY_CLASSES_ROOT\CLSID\{513280BE-80BF-42B8-8A9A-582A59F57231}]
[-HKEY_CLASSES_ROOT\CLSID\{B3B25B02-519A-4935-94DF-DFA5BBE349E2}]
[-HKEY_CLASSES_ROOT\CLSID\{407F94E7-D2C3-44A9-A7E6-31972A549EA3}]
[-HKEY_CLASSES_ROOT\CLSID\{A84D0263-9803-4AE0-A2FB-7357BA55F23B}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************


L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{C30200B8-F244-884A-75A2-9D08FCC169D4}"=""
"SV1"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Eigenschaften f�r Multimediadatei"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite f�r Dokumente"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen f�r Freigaben"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Grafikkarten"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Bildschirme"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Anzeigeverschiebung"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung f�r Datentr„gerkopien"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen f�r Microsoft Windows-Netzwerkobjekte"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen f�r die Dateikomprimierung"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung f�r Webdrucker"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen� f�r die Verschl�sselung"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung f�r HyperTerminal-Icons"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen f�r Freigaben"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen f�r Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverkn�pfung"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen�"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausf�hren..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Syntaxanalyse der Adressleiste"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begr�áungsbildschirm"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abz�gen �ber das Internet"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverkn�pfung"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v7"
"{BB7DF450-F119-11CD-8465-00AA00425D90}"="Microsoft Access Custom Icon Handler"
"{59850401-6664-101B-B21C-00AA004BA90B}"="Microsoft Office Sammelmappen-Teiler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{01945296-99E6-4CE0-B58E-13F0261B381D}"="PDF Toolbox Context Menu Shell Extension"
"{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}"="Context Menu Shell Extension"
"{2D1C37C7-62C9-446E-B0A5-EAF400EBD6F7}"=""
"{42D3BDE2-D5CA-4F92-BA2B-FBA57A8F4A6E}"=""
"{513280BE-80BF-42B8-8A9A-582A59F57231}"=""
"{B3B25B02-519A-4935-94DF-DFA5BBE349E2}"=""
"{407F94E7-D2C3-44A9-A7E6-31972A549EA3}"=""
"{A84D0263-9803-4AE0-A2FB-7357BA55F23B}"=""
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"="Shell Extension for Malware scanning"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2D1C37C7-62C9-446E-B0A5-EAF400EBD6F7}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{2D1C37C7-62C9-446E-B0A5-EAF400EBD6F7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2D1C37C7-62C9-446E-B0A5-EAF400EBD6F7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2D1C37C7-62C9-446E-B0A5-EAF400EBD6F7}\InprocServer32]
@="C:\\WINDOWS\\system32\\dxocx.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{42D3BDE2-D5CA-4F92-BA2B-FBA57A8F4A6E}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{42D3BDE2-D5CA-4F92-BA2B-FBA57A8F4A6E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{42D3BDE2-D5CA-4F92-BA2B-FBA57A8F4A6E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{42D3BDE2-D5CA-4F92-BA2B-FBA57A8F4A6E}\InprocServer32]
@="C:\\WINDOWS\\system32\\mxvfw32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{513280BE-80BF-42B8-8A9A-582A59F57231}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{513280BE-80BF-42B8-8A9A-582A59F57231}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{513280BE-80BF-42B8-8A9A-582A59F57231}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{513280BE-80BF-42B8-8A9A-582A59F57231}\InprocServer32]
@="C:\\WINDOWS\\system32\\uhdmxfrm.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B3B25B02-519A-4935-94DF-DFA5BBE349E2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B3B25B02-519A-4935-94DF-DFA5BBE349E2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B3B25B02-519A-4935-94DF-DFA5BBE349E2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B3B25B02-519A-4935-94DF-DFA5BBE349E2}\InprocServer32]
@="C:\\WINDOWS\\system32\\sse.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{407F94E7-D2C3-44A9-A7E6-31972A549EA3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{407F94E7-D2C3-44A9-A7E6-31972A549EA3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{407F94E7-D2C3-44A9-A7E6-31972A549EA3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{407F94E7-D2C3-44A9-A7E6-31972A549EA3}\InprocServer32]
@="C:\\WINDOWS\\system32\\clmpstui.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A84D0263-9803-4AE0-A2FB-7357BA55F23B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A84D0263-9803-4AE0-A2FB-7357BA55F23B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A84D0263-9803-4AE0-A2FB-7357BA55F23B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A84D0263-9803-4AE0-A2FB-7357BA55F23B}\InprocServer32]
@="C:\\WINDOWS\\system32\\fpusd.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
pncrt.dll Sun 28 Jan 2007 23:11:28 A.... 278.528 272,00 K
pndx5016.dll Sun 28 Jan 2007 23:11:28 A.... 6.656 6,50 K
pndx5032.dll Sun 28 Jan 2007 23:11:28 A.... 5.632 5,50 K
rmoc3260.dll Sun 28 Jan 2007 23:11:34 A.... 185.952 181,59 K

4 items found: 4 files, 0 directories.
Total of file sizes: 476.768 bytes 465,59 K
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
perfst~1.tmp Sat 13 Jan 2007 19:29:58 A.... 1.606 1,57 K

1 item found: 1 file, 0 directories.
Total of file sizes: 1.606 bytes 1,57 K
**********************************************************************************
Directory Listing of system files:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: F0D3-4FAB

Verzeichnis von C:\WINDOWS\System32

13.01.2007 19:18 <DIR> dllcache
23.02.2005 00:10 <DIR> Microsoft
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 27.011.796.992 Bytes frei

HJT:
Logfile of HijackThis v1.99.1
Scan saved at 21:59:10, on 12.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\HiJackThis-W32-FMN-Killer\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.netcologne.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von NetCologne
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KAVPersonal50] C:\Programme\Kaspersky\kav.exe /minimize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: C2CMonitor.lnk.disabled
O4 - Global Startup: Microsoft-Indexerstellung.lnk.disabled
O4 - Global Startup: Office-Start.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe



winpfind:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
UPX! 11.02.2007 15:08:22 880702 C:\combofix.exe
KavSvc 01.10.2006 16:04:30 4315588 C:\resolve.log

Checking %ProgramFilesDir% folder...
PEC2 14.07.2005 18:52:38 67850752 C:\Programme\Open Office v1.1.0 Win32Intel install deutsch.zip
qoologic 11.02.2007 15:09:38 204131 C:\Programme\WinPFind.zip

Checking %WinDir% folder...
KavSvc 13.01.2007 19:28:26 176723 C:\WINDOWS\iis6.log

Checking %System% folder...
UPX! 25.03.2003 06:49:02 R 58880 C:\WINDOWS\SYSTEM32\avi2ac3dts.ax
PEC2 18.08.2001 20:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc
UPX! 25.03.2003 06:49:02 R 67072 C:\WINDOWS\SYSTEM32\dtssource.ax
UPX! 25.03.2003 06:49:02 R 65536 C:\WINDOWS\SYSTEM32\DVDAudio.ax
UPX! 25.03.2003 06:49:02 R 86528 C:\WINDOWS\SYSTEM32\DVDVideo.ax
aspack 04.08.2004 00:57:10 733696 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 04.08.2004 00:57:34 686592 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 18.08.2001 20:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 03.08.2004 22:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
12.02.2007 21:52:50 S 2048 C:\WINDOWS\bootstat.dat
19.12.2006 22:13:38 HS 10240 C:\WINDOWS\Thumbs.db
13.01.2007 19:20:10 RHS 333502 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_6.cab
12.02.2007 21:55:32 H 1024 C:\WINDOWS\system32\config\default.LOG
12.02.2007 21:55:06 H 1024 C:\WINDOWS\system32\config\SAM.LOG
12.02.2007 22:02:58 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
12.02.2007 22:01:26 H 1024 C:\WINDOWS\system32\config\software.LOG
12.02.2007 22:01:12 H 1024 C:\WINDOWS\system32\config\system.LOG
12.02.2007 21:52:52 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
03.04.2003 00:17:40 172032 C:\WINDOWS\SYSTEM32\ac3filter.cpl
Microsoft Corporation 04.08.2004 00:58:24 70656 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 04.08.2004 00:58:24 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 04.08.2004 00:58:24 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 04.08.2004 00:58:24 138240 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 25.03.2003 06:49:02 R 122880 C:\WINDOWS\SYSTEM32\directx.cpl
Microsoft Corporation 03.09.1997 23:00:00 22528 C:\WINDOWS\SYSTEM32\FINDFAST.CPL
Microsoft Corporation 04.08.2004 00:58:24 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 04.08.2004 00:58:24 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Ahead Software AG 23.12.2003 15:40:52 57344 C:\WINDOWS\SYSTEM32\ImageDrive.cpl
Microsoft Corporation 04.08.2004 00:58:24 359424 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 04.08.2004 00:58:24 133120 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 04.08.2004 00:58:24 381440 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 04.08.2004 00:58:24 69632 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 10.11.2005 13:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 18.08.2001 20:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 03.09.1997 23:00:00 55568 C:\WINDOWS\SYSTEM32\MLCFG32.CPL
Microsoft Corporation 04.08.2004 00:58:24 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl
Kristal Studio 25.03.2003 06:49:02 R 121856 C:\WINDOWS\SYSTEM32\Mp3cnfg.cpl
Microsoft Corporation 18.08.2001 20:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 04.08.2004 00:58:24 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 04.08.2004 00:58:24 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 18.08.2001 20:00:00 38400 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 04.08.2004 00:58:24 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 04.08.2004 00:58:24 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 27.05.2003 12:42:58 295936 C:\WINDOWS\SYSTEM32\QuickTime.cpl
NVIDIA Corporation 13.08.2003 05:24:40 R 73728 C:\WINDOWS\SYSTEM32\sscpl.cpl
25.03.2003 06:49:02 R 98304 C:\WINDOWS\SYSTEM32\Startup.cpl
Microsoft Corporation 04.08.2004 00:58:24 303104 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 18.08.2001 20:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 04.08.2004 00:58:24 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 25.03.2003 06:49:02 R 106544 C:\WINDOWS\SYSTEM32\tweakui.cpl
Microsoft Corporation 04.08.2004 00:58:24 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 04.08.2004 00:58:24 162816 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 18.08.2001 20:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 18.08.2001 20:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 18.08.2001 20:00:00 38400 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 18.08.2001 20:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
18.07.2005 17:52:12 662 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\C2CMonitor.lnk.disabled
22.02.2005 23:15:52 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
10.07.2005 16:04:06 741 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft-Indexerstellung.lnk.disabled
10.07.2005 16:04:00 716 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Office-Start.lnk.disabled

Checking files in %ALLUSERSPROFILE%\Application Data folder...
09.01.2007 12:55:54 305 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
22.02.2005 23:03:02 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
22.02.2005 23:15:52 HS 84 C:\Dokumente und Einstellungen\Tobi\Startmenü\Programme\Autostart\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
22.02.2005 23:03:02 HS 62 C:\Dokumente und Einstellungen\Tobi\Anwendungsdaten\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BitDefender Antivirus v7
{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\Programme\Softwin\BitDefender Free Edition\bdshelxt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Kaspersky Anti-Virus
{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Shell Extension for Malware scanning
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TagRename_ContextMenu
{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5} = C:\PROGRA~1\TAG&RE~1\TRshell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BitDefender Antivirus v7
{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\Programme\Softwin\BitDefender Free Edition\bdshelxt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Kaspersky Anti-Virus
{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Shell Extension for Malware scanning
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TagRename_ContextMenu
{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5} = C:\PROGRA~1\TAG&RE~1\TRshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8B28872-3324-4CD2-8AA3-7D555C872D96}
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Konsole : C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Programme\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer-Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
avgnt "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
KAVPersonal50 C:\Programme\Kaspersky\kav.exe /minimize
KernelFaultCheck %systemroot%\system32\dumprep 0 -k
TkBellExe "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE C:\WINDOWS\system32\ctfmon.exe
SpybotSD TeaTimer C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoChangingWallPaper 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoSaveSettings 0
ClassicShell 0
NoThemesTab 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
NoDispScrSavPage 0
NoDispCPL 0
NoColorChoice 0
NoSizeChoice 0
NoVisualStyleChoice 0
NoDispSettingsPage 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 12.02.2007 22:05:23


ok?!!
danke und grüße
stanleyQ