.exe prozess HijackThis geht nicht

#0
19.09.2008, 00:31
Member

Beiträge: 66
#1 hey ich habe im Tskmgr eine ".exe" datei die ich mithilfe von PCtools, bitdefender 08, norman, panda-security, f-secure, avg nicht desinfiziert bekomme

der security taskmanager zeigt mir keinen pfad an...als ich mit prorat auf meinen pc zugegriffen hatte konnte ich die "versteckte" datei die ich vorher nicht sehen konnte obwohl alles auf "ein" eingestellt war sehen...und habe sie gelöscht...

wenn ich jetzt HijackThis oder ähnliche programme öffnen will, "blockiert" diese Datei das, indem sie sich wieder öffnet

hoffe mir kann jmd helfen
Seitenanfang Seitenende
19.09.2008, 00:49
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#2 Versuche mal um HijackThis umzubenennen nach z.b yak.com
__________
MfG Argus
Seitenanfang Seitenende
19.09.2008, 11:13
Member

Themenstarter

Beiträge: 66
#3 lol hey danke hat geklappt ;)
achja meine uhr stellt sich seit der .exe immer um

Zitat

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:15:44, on 15.11.1980
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Yakuza 112\Desktop\yak.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [] C:\WINDOWS\system32\.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Steam] "C:\Programme\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Veoh] "C:\Programme\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe

--
End of file - 2652 bytes

Zitat

StartupList report, 15.11.1980, 06:17:50
StartupList version: 1.52.2
Started from : C:\Dokumente und Einstellungen\Yakuza 112\Desktop\yak.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Yakuza 112\Desktop\yak.exe
C:\WINDOWS\system32\NOTEPAD.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
(Default) = C:\WINDOWS\system32\.exe
SunJavaUpdateSched = "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Steam = "C:\Programme\Steam\Steam.exe" -silent
Veoh = "C:\Programme\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
(Default) =
MsnMsgr = "C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
MSMSGS = "C:\Programme\Messenger\msmsgs.exe" /background

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

ICQ Lite = C:\Programme\ICQLite\ICQLite.exe -trayboot

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOKUME~1\YAKUZA~1\LOKALE~1\Temp\_iu14D2N.tmp||C:\DOKUME~1\YAKUZA~1\LOKALE~1\Temp\_iu14D2O.tmp||C:\DOKUME~1\YAKUZA~1\LOKALE~1\Temp\GLB1A2B.EXE


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

DirectX For Microsoft® Windows = C:\WINDOWS\system32\fservice.exe

--------------------------------------------------

End of report, 4.839 bytes
Report generated in 0,031 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
___________________________________________________________________

So hab jetzt was über RegRun gefunden, aber denke nicht dass jmd lust hat sich das komplettdurchzulesen lol.

auf jeden fall hat sich die datei in die sys32 eingenistet ;)

Zitat

SpyHolesList Version:2.6 Build:5.8.5.954
15.11.1980 14:50:18
WinDir=C:\WINDOWS
Startup=C:\Dokumente und Einstellungen\Yakuza 112\Startmenü\Programme\Autostart\
Common Startup=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\
Microsoft Windows XP Service Pack 2 (5.1.2600)
Internet Explorer 6.0.2900.2180
[Internet Explorer]
[Default Home Page] :HKLM Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Current Home Page] :HKCU Start Page=http://search.orbitdownloader.com
[Current Home Page] :HKCU HOMEOldSP=""
[Search URL Template] :HKLM 1=www.%s.com
[Search URL Template] :HKLM 2=www.%s.org
[Search URL Template] :HKLM 3=www.%s.net
[Search URL Template] :HKLM 4=www.%s.edu
[All Users Search] :HKLM Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[All Users Search] :HKLM Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[Current Users Search] :HKCU Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[Current Users Search] :HKCU Search Bar=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[IE Local Blank Page] :HKCU Local Page=C:\WINDOWS\system32\blank.htm
[IE Local Blank Page] :HKLM Local Page=%SystemRoot%\system32\blank.htm
[Browser Helper Objects] {000123B4-9B42-4900-B3F7-F4B073EFC214}=C:\Programme\Orbitdownloader\orbitcth.dll
[Browser Helper Objects] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
[Browser Helper Objects] {7E853D72-626A-48EC-A868-BA8D5E23E045}=C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
[Browser Helper Objects] {83B80A9C-D91A-4F22-8DCF-EA7204039F79}=C:\Programme\Xi\NetXfer\NXIEHelper.dll
[Auto Search URL] :HKCU provider=msn
[Auto Search URL] :HKCU "Default Value"=http://home.microsoft.com/access/autosearch.asp?p=%s
[Search Assistant] :HKCU SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
[Search Assistant] :HKLM SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
[Search Assistant] :HKCU CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
[Search Assistant] :HKLM CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
[CustomizeSearch] :HKLM CustomizeSearch=""
[URLSearchHook] :HKCU {CFBFAE00-17A6-11D0-99CB-00C04FD64497}=%SystemRoot%\system32\shdocvw.dll
[Default Prefix] :HKLM "Default Value"=http://
[URL Default Prefixes] :HKLM ftp=ftp://
[URL Default Prefixes] :HKLM gopher=gopher://
[URL Default Prefixes] :HKLM home=http://
[URL Default Prefixes] :HKLM mosaic=http://
[URL Default Prefixes] :HKLM www=http://
[Safe Sites] :HKLM ie.search.msn.com=http://ie.search.msn.com/*
[AboutURLs] :HKLM NavigationFailure=res://shdoclc.dll/navcancl.htm
[AboutURLs] :HKLM DesktopItemNavigationFailure=res://shdoclc.dll/navcancl.htm
[AboutURLs] :HKLM NavigationCanceled=res://shdoclc.dll/navcancl.htm
[AboutURLs] :HKLM OfflineInformation=res://shdoclc.dll/offcancl.htm
[AboutURLs] :HKLM Home=270
[AboutURLs] :HKLM blank=res://mshtml.dll/blank.htm
[AboutURLs] :HKLM PostNotCached=res://mshtml.dll/repost.htm
[User Style Sheet] :HKCU User Stylesheet=""
[User Style Sheet] :HKUS User Stylesheet=""
[User Style Sheet] :HKCU Use My Stylesheet=0
[User Style Sheet] :HKUS Use My Stylesheet=0
[Execute unsigned ActiveX in My Computer Zone] :HKCU 1201=1
[Execute unsigned ActiveX in My Computer Zone] :HKLM 1201=1
[Execute unsigned ActiveX in Local Intranet Zone] :HKCU 1201=3
[Execute unsigned ActiveX in Local Intranet Zone] :HKLM 1201=3
[Execute unsigned ActiveX in Internet Zone] :HKCU 1201=3
[Execute unsigned ActiveX in Internet Zone] :HKLM 1201=3
[Links Toolbar] :HKCU LinksFolderName=Links
[Toolbars] :HKLM {D0943516-5076-4020-A3B5-AEFAF26AB263}=C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
[Toolbars] :HKLM {C55BBCD6-41AD-48AD-9953-3609C48EACC7}=C:\Programme\Orbitdownloader\GrabPro.dll
[Toolbars] :HKLM {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A}=C:\Programme\Xi\NetXfer\NXToolBar.dll
[Explorer Bars] :HKLM {4D5C8C25-D075-11d0-B416-00C04FB90376}=%SystemRoot%\system32\shdocvw.dll
[IE Extensions - All Users] :HKLM {08B0E5C0-4FCB-11CF-AAA5-00401C608501}=%SystemRoot%\system32\shdocvw.dll
[IE Extensions - All Users] :HKLM {FB5F1910-F110-11d2-BB9E-00C04F795683}=C:\Programme\Messenger\msmsgs.exe
[Context menu items] :HKCU &Download by Orbit=res://C:\Programme\Orbitdownloader\orbitmxt.dll/201
[Context menu items] :HKCU &Grab video by Orbit=res://C:\Programme\Orbitdownloader\orbitmxt.dll/204
[Context menu items] :HKCU Alles mit NetXfer herunterladen=C:\Programme\Xi\NetXfer\NXAddList.html
[Context menu items] :HKCU Do&wnload selected by Orbit=res://C:\Programme\Orbitdownloader\orbitmxt.dll/203
[Context menu items] :HKCU Down&load all by Orbit=res://C:\Programme\Orbitdownloader\orbitmxt.dll/202
[Context menu items] :HKCU Herunterladen mit NetXfer=C:\Programme\Xi\NetXfer\NXAddLink.html
[Proxy] :HKCU ProxyServer=""
[Proxy] :HKCU ProxyEnable=0
[Network Settings]
[Hosts File Path] :HKLM DataBasePath=%SystemRoot%\System32\drivers\etc
[Hosts File Contents] :HKLM 127.0.0.1 localhost
[Domain Name] :HKLM Domain=""
[Name Server] {31539D2C-0B37-4AEB-A013-5E2A76A2DE3C}=192.168.1.1
[WinSock2 Components] :HKLM mswsock.dll=%SystemRoot%\System32\mswsock.dll
[WinSock2 Components] :HKLM winrnr.dll=%SystemRoot%\System32\winrnr.dll
[WinSock2 Components] :HKLM rsvpsp.dll=%SystemRoot%\system32\rsvpsp.dll
[Software Components]
[Internet Components] :HKLM C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe=C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
[Windows Shell]
[Display Scrap's Extensions] :HKLM NeverShowExt=""
[ScreenSaver] :HKCU SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
[System.ini] shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
[User Shell] :HKCU shell=""
[Main File Extensions] :HKLM .exe="%1" %*
[Main File Extensions] :HKLM .com="%1" %*
[Main File Extensions] :HKLM .pif="%1" %*
[Main File Extensions] :HKLM .bat="%1" %*
[Main File Extensions] :HKLM .cmd="%1" %*
[Main File Extensions] :HKLM .scr="%1" /S
[Main File Extensions] :HKLM .txt=%SystemRoot%\system32\NOTEPAD.EXE %1
[Main File Extensions] :HKLM .reg=regedit.exe "%1"
[Main File Extensions] :HKLM .inf=%SystemRoot%\System32\NOTEPAD.EXE %1
[Main File Extensions] :HKLM .ini=%SystemRoot%\System32\NOTEPAD.EXE %1
[Main File Extensions] :HKLM .js=%SystemRoot%\System32\WScript.exe "%1" %*
[Main File Extensions] :HKLM .vbs=%SystemRoot%\System32\WScript.exe "%1" %*
[Main File Extensions] :HKLM .vbe=%SystemRoot%\System32\WScript.exe "%1" %*
[Main File Extensions] :HKLM .msc=%SystemRoot%\system32\mmc.exe "%1" %*
[Main File Extensions] :HKLM .html="C:\Programme\Internet Explorer\iexplore.exe" -nohome
[Main File Extensions] :HKLM .jpg=rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_Fullscreen %1
[Main File Extensions] :HKLM .jpeg=rundll32.exe C:\WINDOWS\system32\shimgvw.dll,ImageView_Fullscreen %1
[Shell Execute Hooks] :HKLM {AEB6717E-7E19-11d0-97EE-00C04FD91972}=shell32.dll
[UserInit Value] :HKLM UserInit=C:\WINDOWS\system32\userinit.exe,
[Winlogon Notification] :HKLM crypt32chain=crypt32.dll
[Winlogon Notification] :HKLM cryptnet=cryptnet.dll
[Winlogon Notification] :HKLM cscdll=cscdll.dll
[Winlogon Notification] :HKLM ScCertProp=wlnotify.dll
[Winlogon Notification] :HKLM Schedule=wlnotify.dll
[Winlogon Notification] :HKLM sclgntfy=sclgntfy.dll
[Winlogon Notification] :HKLM SensLogn=WlNotify.dll
[Winlogon Notification] :HKLM termsrv=wlnotify.dll
[Winlogon Notification] :HKLM wlballoon=wlnotify.dll
[Shell Services DelayLoad] :HKLM PostBootReminder=%SystemRoot%\system32\SHELL32.dll
[Shell Services DelayLoad] :HKLM CDBurn=%SystemRoot%\system32\SHELL32.dll
[Shell Services DelayLoad] :HKLM WebCheck=%SystemRoot%\system32\webcheck.dll
[Shell Services DelayLoad] :HKLM SysTray=C:\WINDOWS\system32\stobject.dll
[Explorer Run] :HKLM DirectX For Microsoft® Windows=C:\WINDOWS\system32\fservice.exe
[App Paths] :HKLM bckgzm.exe=C:\Programme\MSN Gaming Zone\Windows\bckgzm.exe
[App Paths] :HKLM chkrzm.exe=C:\Programme\MSN Gaming Zone\Windows\chkrzm.exe
[App Paths] :HKLM CONF.EXE=C:\Programme\NetMeeting\conf.exe
[App Paths] :HKLM dialer.exe=C:\Programme\Windows NT\dialer.exe
[App Paths] :HKLM firefox.exe=C:\Programme\Mozilla Firefox\firefox.exe
[App Paths] :HKLM HELPCTR.EXE=C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
[App Paths] :HKLM HijackThis.exe=C:\Dokumente und Einstellungen\Yakuza 112\Desktop\hijackthis.exe
[App Paths] :HKLM hrtzzm.exe=C:\Programme\MSN Gaming Zone\Windows\hrtzzm.exe
[App Paths] :HKLM hypertrm.exe="C:\Programme\Windows NT\hypertrm.exe"
[App Paths] :HKLM ICWCONN1.EXE="C:\Programme\Internet Explorer\Connection Wizard\ICWCONN1.EXE"
[App Paths] :HKLM ICWCONN2.EXE="C:\Programme\Internet Explorer\Connection Wizard\ICWCONN2.EXE"
[App Paths] :HKLM IEXPLORE.EXE=C:\Programme\Internet Explorer\iexplore.exe
[App Paths] :HKLM INETWIZ.EXE="C:\Programme\Internet Explorer\Connection Wizard\INETWIZ.EXE"
[App Paths] :HKLM install.exe
[App Paths] :HKLM ISIGNUP.EXE="C:\Programme\Internet Explorer\Connection Wizard\ISIGNUP.EXE"
[App Paths] :HKLM javaws.exe=C:\Programme\Java\jre1.6.0_07\bin\javaws.exe
[App Paths] :HKLM migwiz.exe=%SystemRoot%\system32\usmt\migwiz.exe
[App Paths] :HKLM moviemk.exe=C:\Programme\Movie Maker\moviemk.exe
[App Paths] :HKLM mplayer2.exe="C:\Programme\Windows Media Player\mplayer2.exe"
[App Paths] :HKLM MSCONFIG.EXE=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
[App Paths] :HKLM msimn.exe=%ProgramFiles%\Outlook Express\msimn.exe
[App Paths] :HKLM msinfo32.exe=C:\Programme\Gemeinsame Dateien\Microsoft Shared\MSInfo\MSInfo32.exe
[App Paths] :HKLM MSMSGS.EXE=C:\Programme\Messenger\msmsgs.exe
[App Paths] :HKLM MSNMSGR.EXE=C:\Programme\Windows Live\Messenger\MsnMsgr.Exe
[App Paths] :HKLM pbrush.exe=%SystemRoot%\system32\mspaint.exe
[App Paths] :HKLM pinball.exe=C:\Programme\Windows NT\Pinball\pinball.exe
[App Paths] :HKLM rvsezm.exe=C:\Programme\MSN Gaming Zone\Windows\rvsezm.exe
[App Paths] :HKLM setup.exe
[App Paths] :HKLM shvlzm.exe=C:\Programme\MSN Gaming Zone\Windows\shvlzm.exe
[App Paths] :HKLM table30.exe
[App Paths] :HKLM Visual Basic 6.0 Runtime und Controls.exe=c:\Visual Basic 6.0 Runtime und Controls.exe
[App Paths] :HKLM wab.exe=%ProgramFiles%\Outlook Express\wab.exe
[App Paths] :HKLM wabmig.exe=%ProgramFiles%\Outlook Express\wabmig.exe
[App Paths] :HKLM winnt32.exe
[App Paths] :HKLM WinRAR.exe=C:\Programme\WinRAR\WinRAR.exe
[App Paths] :HKLM wmplayer.exe=C:\Programme\Windows Media Player\wmplayer.exe
[App Paths] :HKLM WORDPAD.EXE="%ProgramFiles%\Windows NT\Zubehör\WORDPAD.EXE"
[App Paths] :HKLM WRITE.EXE="%ProgramFiles%\Windows NT\Zubehör\WORDPAD.EXE"
[Prevents Display in Control Panel from running.] :HKCU NoDispCpl=0
[Disable Registry Tools] :HKCU DisableRegistryTools =0
[SharedTaskScheduler] :HKLM {438755C2-A8BA-11D1-B96B-00A0C90312E1}=%SystemRoot%\system32\browseui.dll
[SharedTaskScheduler] :HKLM {8C7461EF-2B13-11d2-BE35-3078302C2030}=%SystemRoot%\system32\browseui.dll
[Kernel Auto Boot]
[ActiveSetup] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}=C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[ActiveSetup] {5Y99AE78-58TT-11dW-BE53-Y67078979Y}=C:\WINDOWS\system\sservice.exe
[Bootexecute] :HKLM BootExecute=autocheck autochk *
Partizan
[KnownDLLs] :HKLM advapi32=advapi32.dll
[KnownDLLs] :HKLM comdlg32=comdlg32.dll
[KnownDLLs] :HKLM DllDirectory=%SystemRoot%\system32
[KnownDLLs] :HKLM gdi32=gdi32.dll
[KnownDLLs] :HKLM imagehlp=imagehlp.dll
[KnownDLLs] :HKLM kernel32=kernel32.dll
[KnownDLLs] :HKLM lz32=lz32.dll
[KnownDLLs] :HKLM ole32=ole32.dll
[KnownDLLs] :HKLM oleaut32=oleaut32.dll
[KnownDLLs] :HKLM olecli32=olecli32.dll
[KnownDLLs] :HKLM olecnv32=olecnv32.dll
[KnownDLLs] :HKLM olesvr32=olesvr32.dll
[KnownDLLs] :HKLM olethk32=olethk32.dll
[KnownDLLs] :HKLM rpcrt4=rpcrt4.dll
[KnownDLLs] :HKLM shell32=shell32.dll
[KnownDLLs] :HKLM url=url.dll
[KnownDLLs] :HKLM urlmon=urlmon.dll
[KnownDLLs] :HKLM user32=user32.dll
[KnownDLLs] :HKLM version=version.dll
[KnownDLLs] :HKLM wininet=wininet.dll
[KnownDLLs] :HKLM wldap32=wldap32.dll
[Environment - Path] :HKLM Path=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
[List of Injected DLLs] :HKLM AppInit_DLLs=""
[Auto Services] AudioSrv
[Auto Services] Browser
[Auto Services] CryptSvc
[Auto Services] DcomLaunch
[Auto Services] Dhcp
[Auto Services] dmserver
[Auto Services] Dnscache
[Auto Services] ERSvc
[Auto Services] Eventlog
[Auto Services] HidServ
[Auto Services] lanmanserver
[Auto Services] lanmanworkstation
[Auto Services] LmHosts
[Auto Services] PlugPlay
[Auto Services] PolicyAgent
[Auto Services] ProtectedStorage
[Auto Services] RemoteRegistry
[Auto Services] RpcSs
[Auto Services] SamSs
[Auto Services] Schedule
[Auto Services] seclogon
[Auto Services] SENS
[Auto Services] ShellHWDetection
[Auto Services] Spooler
[Auto Services] srservice
[Auto Services] TermService
[Auto Services] Themes
[Auto Services] TrkWks
[Auto Services] upnphost
[Auto Services] W32Time
[Auto Services] WebClient
[Auto Services] winmgmt
[Auto Services] wuauserv
[Auto Services] WZCSVC
[Drivers] ntoskrnl.exe=C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE
[Drivers] hal.dll=C:\WINDOWS\SYSTEM32\HAL.DLL
[Drivers] KDCOM.DLL=C:\WINDOWS\SYSTEM32\KDCOM.DLL
[Drivers] BOOTVID.dll=C:\WINDOWS\SYSTEM32\BOOTVID.DLL
[Drivers] sptd.sys=sptd.sys
[Drivers] WMILIB.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\WMILIB.SYS
[Drivers] SCSIPORT.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\SCSIPORT.SYS
[Drivers] ACPI.sys=C:\WINDOWS\system32\DRIVERS\ACPI.sys
[Drivers] pci.sys=C:\WINDOWS\system32\DRIVERS\pci.sys
[Drivers] isapnp.sys=C:\WINDOWS\system32\DRIVERS\isapnp.sys
[Drivers] viaide.sys=C:\WINDOWS\system32\DRIVERS\viaide.sys
[Drivers] PCIIDEX.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\PCIIDEX.SYS
[Drivers] MountMgr.sys=C:\WINDOWS\system32\DRIVERS\MountMgr.sys
[Drivers] ftdisk.sys=C:\WINDOWS\system32\DRIVERS\ftdisk.sys
[Drivers] dmload.sys=C:\WINDOWS\system32\DRIVERS\dmload.sys
[Drivers] dmio.sys=C:\WINDOWS\system32\DRIVERS\dmio.sys
[Drivers] PartMgr.sys=C:\WINDOWS\system32\DRIVERS\PartMgr.sys
[Drivers] pavboot.sys=C:\WINDOWS\system32\DRIVERS\pavboot.sys
[Drivers] VolSnap.sys=C:\WINDOWS\system32\DRIVERS\VolSnap.sys
[Drivers] atapi.sys=C:\WINDOWS\system32\DRIVERS\atapi.sys
[Drivers] disk.sys=C:\WINDOWS\system32\DRIVERS\disk.sys
[Drivers] CLASSPNP.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\CLASSPNP.SYS
[Drivers] fltMgr.sys=C:\WINDOWS\system32\DRIVERS\fltMgr.sys
[Drivers] KSecDD.sys=C:\WINDOWS\system32\DRIVERS\KSecDD.sys
[Drivers] Ntfs.sys=C:\WINDOWS\system32\DRIVERS\Ntfs.sys
[Drivers] NDIS.sys=C:\WINDOWS\system32\DRIVERS\NDIS.sys
[Drivers] viaagp.sys=C:\WINDOWS\system32\DRIVERS\viaagp.sys
[Drivers] Mup.sys=C:\WINDOWS\system32\DRIVERS\Mup.sys
[Drivers] amdk7.sys=C:\WINDOWS\SYSTEM32\DRIVERS\AMDK7.SYS
[Drivers] ati2mtag.sys=C:\WINDOWS\SYSTEM32\DRIVERS\ATI2MTAG.SYS
[Drivers] VIDEOPRT.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\VIDEOPRT.SYS
[Drivers] usbohci.sys=C:\WINDOWS\SYSTEM32\DRIVERS\USBOHCI.SYS
[Drivers] USBPORT.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\USBPORT.SYS
[Drivers] usbehci.sys=C:\WINDOWS\SYSTEM32\DRIVERS\USBEHCI.SYS
[Drivers] RTL8139.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.SYS
[Drivers] i8042prt.sys=C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS
[Drivers] kbdclass.sys=C:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS
[Drivers] cdrom.sys=C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS
[Drivers] redbook.sys=C:\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS
[Drivers] ks.sys=C:\WINDOWS\SYSTEM32\DRIVERS\KS.SYS
[Drivers] usbuhci.sys=C:\WINDOWS\SYSTEM32\DRIVERS\USBUHCI.SYS
[Drivers] fdc.sys=C:\WINDOWS\SYSTEM32\DRIVERS\FDC.SYS
[Drivers] serial.sys=C:\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS
[Drivers] serenum.sys=C:\WINDOWS\SYSTEM32\DRIVERS\SERENUM.SYS
[Drivers] parport.sys=C:\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS
[Drivers] gameenum.sys=C:\WINDOWS\SYSTEM32\DRIVERS\GAMEENUM.SYS
[Drivers] audstub.sys=C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS
[Drivers] rasl2tp.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS
[Drivers] ndistapi.sys=C:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS
[Drivers] ndiswan.sys=C:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS
[Drivers] raspppoe.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS
[Drivers] raspptp.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS
[Drivers] TDI.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\TDI.SYS
[Drivers] psched.sys=C:\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS
[Drivers] msgpc.sys=C:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS
[Drivers] ptilink.sys=C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS
[Drivers] raspti.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS
[Drivers] rdpdr.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS
[Drivers] termdd.sys=C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS
[Drivers] mouclass.sys=C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS
[Drivers] swenum.sys=C:\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS
[Drivers] update.sys=C:\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS
[Drivers] mssmbios.sys=C:\WINDOWS\SYSTEM32\DRIVERS\MSSMBIOS.SYS
[Drivers] NDProxy.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\NDPROXY.SYS
[Drivers] usbhub.sys=C:\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS
[Drivers] USBD.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\USBD.SYS
[Drivers] Fs_Rec.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\FS_REC.SYS
[Drivers] Null.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\NULL.SYS
[Drivers] Beep.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\BEEP.SYS
[Drivers] vga.sys=C:\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS
[Drivers] mnmdd.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\MNMDD.SYS
[Drivers] RDPCDD.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS
[Drivers] Msfs.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\MSFS.SYS
[Drivers] Npfs.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\NPFS.SYS
[Drivers] rasacd.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS
[Drivers] ipsec.sys=C:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS
[Drivers] tcpip.sys=C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS
[Drivers] netbt.sys=C:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS
[Drivers] afd.sys=C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS
[Drivers] netbios.sys=C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS
[Drivers] rdbss.sys=C:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS
[Drivers] mrxsmb.sys=C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS
[Drivers] Fips.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\FIPS.SYS
[Drivers] wanarp.sys=C:\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS
[Drivers] hidusb.sys=C:\WINDOWS\SYSTEM32\DRIVERS\HIDUSB.SYS
[Drivers] HIDCLASS.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\HIDCLASS.SYS
[Drivers] HIDPARSE.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\HIDPARSE.SYS
[Drivers] usbccgp.sys=C:\WINDOWS\SYSTEM32\DRIVERS\USBCCGP.SYS
[Drivers] USBSTOR.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS
[Drivers] mouhid.sys=C:\WINDOWS\SYSTEM32\DRIVERS\MOUHID.SYS
[Drivers] usbaudio.sys=C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.SYS
[Drivers] drmk.sys=C:\WINDOWS\SYSTEM32\DRIVERS\DRMK.SYS
[Drivers] imapi.sys=C:\WINDOWS\SYSTEM32\DRIVERS\IMAPI.SYS
[Drivers] Cdfs.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\CDFS.SYS
[Drivers] atapi.sys=C:\WINDOWS\SYSTEM32\DRIVERS\DUMP_ATAPI.SYS
[Drivers] WMILIB.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\DUMP_WMILIB.SYS
[Drivers] win32k.sys=C:\WINDOWS\SYSTEM32\WIN32K.SYS
[Drivers] watchdog.sys=C:\WINDOWS\SYSTEM32\WATCHDOG.SYS
[Drivers] Dxapi.sys=C:\WINDOWS\SYSTEM32\DRIVERS\DXAPI.SYS
[Drivers] dxg.sys=C:\WINDOWS\SYSTEM32\DRIVERS\DXG.SYS
[Drivers] dxgthk.sys=C:\WINDOWS\SYSTEM32\DRIVERS\DXGTHK.SYS
[Drivers] ati2dvag.dll=C:\WINDOWS\SYSTEM32\ATI2DVAG.DLL
[Drivers] ati2cqag.dll=C:\WINDOWS\SYSTEM32\ATI2CQAG.DLL
[Drivers] ati3duag.dll=C:\WINDOWS\SYSTEM32\ATI3DUAG.DLL
[Drivers] ativvaxx.dll=C:\WINDOWS\SYSTEM32\ATIVVAXX.DLL
[Drivers] ndisuio.sys=C:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS
[Drivers] mrxdav.sys=C:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS
[Drivers] ParVdm.SYS=C:\WINDOWS\SYSTEM32\DRIVERS\PARVDM.SYS
[Drivers] HTTP.sys=C:\WINDOWS\SYSTEM32\DRIVERS\HTTP.SYS
[Drivers] srv.sys=C:\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS
[Drivers] wdmaud.sys=C:\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS
[Drivers] sysaudio.sys=C:\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS
[Drivers] sr.sys=C:\WINDOWS\SYSTEM32\DRIVERS\SR.SYS
[Drivers] UnHackMeDrv.sys=C:\WINDOWS\SYSTEM32\DRIVERS\UNHACKMEDRV.SYS
[Drivers] kmixer.sys=C:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS
[Drivers] ntdll.dll=C:\WINDOWS\SYSTEM32\NTDLL.DLL
[Auto Start Apps]
[Registry Run] :HKCU Steam="C:\Programme\Steam\Steam.exe" -silent
[Registry Run] :HKCU Veoh="C:\Programme\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
[Registry Run] :HKCU "Default Value"=""
[Registry Run] :HKCU MsnMsgr="C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" /background
[Registry Run] :HKCU MSMSGS="C:\Programme\Messenger\msmsgs.exe" /background
[Registry Run] :HKCU UnHackMe Monitor=C:\Programme\UnHackMe\hackmon.exe
[Registry Run] :HKLM IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
[Registry Run] :HKLM PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
[Registry Run] :HKLM PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
[Registry Run] :HKLM SunJavaUpdateSched="C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
[Registry RunOnce] :HKCU ICQ Lite=C:\Programme\ICQLite\ICQLite.exe -trayboot
[Registry RunOnceEx] :HKLM @UnHackMe=C:\PROGRA~2\UnHackMe\UnHackMe.exe /p Partizan
[Win.ini] load=""
[Win.ini] run=""
[Common Startup Folder] Orbit.lnk=C:\Programme\Orbitdownloader\orbitdm.exe
[In memory]
[Running Processes] C:\WINDOWS\SYSTEM32\SMSS.EXE
[Running Processes] C:\WINDOWS\SYSTEM32\WINLOGON.EXE
[Running Processes] C:\WINDOWS\SYSTEM32\SERVICES.EXE
[Running Processes] C:\WINDOWS\SYSTEM32\LSASS.EXE
[Running Processes] C:\WINDOWS\SYSTEM32\SVCHOST.EXE
[Running Processes] C:\WINDOWS\SYSTEM32\SVCHOST.EXE
[Running Processes] C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
[Running Processes] C:\WINDOWS\EXPLORER.EXE
[Running Processes] C:\PROGRAMME\JAVA\JRE1.6.0_07\BIN\JUSCHED.EXE
[Running Processes] C:\PROGRAMME\MESSENGER\MSMSGS.EXE
[Running Processes] C:\PROGRAMME\MOZILLA FIREFOX\FIREFOX.EXE
[Running Processes] C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
[Running Processes] C:\WINDOWS\SYSTEM32\WUAUCLT.EXE
[Running Processes] C:\PROGRAMME\UNHACKME\HACKMON.EXE
[Running Processes] C:\PROGRAMME\UNHACKME\UNHACKME.EXE
[Running Processes] C:\PROGRAMME\UNHACKME\UNHACKME.EXE
[Running Processes] C:\PROGRAMME\UNHACKME\REANIMATOR.EXE
[Loaded DLLs] C:\WINDOWS\system32\mstask.dll
[Loaded DLLs] C:\WINDOWS\system32\RICHED20.dll
[Loaded DLLs] C:\WINDOWS\system32\RICHED32.DLL
[Loaded DLLs] C:\WINDOWS\system32\olepro32.dll
[Loaded DLLs] C:\WINDOWS\system32\mucltui.dll
[Loaded DLLs] C:\WINDOWS\system32\wucltui.dll
[Loaded DLLs] C:\WINDOWS\system32\odbcint.dll
[Loaded DLLs] C:\WINDOWS\system32\racpldlg.dll
[Loaded DLLs] C:\WINDOWS\system32\remotepg.dll
[Loaded DLLs] C:\WINDOWS\system32\wuaucpl.cpl
[Loaded DLLs] C:\WINDOWS\system32\srclient.dll
[Loaded DLLs] C:\WINDOWS\System32\Wbem\framedyn.dll
[Loaded DLLs] C:\WINDOWS\system32\srrstr.dll
[Loaded DLLs] C:\WINDOWS\system32\netid.dll
[Loaded DLLs] C:\WINDOWS\system32\SYSDM.CPL
[Loaded DLLs] C:\WINDOWS\system32\odbcint.dll
[Loaded DLLs] C:\WINDOWS\system32\LZ32.dll
[Loaded DLLs] C:\WINDOWS\system32\fontext.dll
[Loaded DLLs] C:\WINDOWS\system32\icm32.dll
[Loaded DLLs] C:\WINDOWS\system32\mscms.dll
[Loaded DLLs] C:\WINDOWS\system32\D3DIM700.DLL
[Loaded DLLs] C:\WINDOWS\system32\DCIMAN32.dll
[Loaded DLLs] C:\WINDOWS\system32\DDRAW.dll
[Loaded DLLs] C:\WINDOWS\system32\KsUser.dll
[Loaded DLLs] C:\WINDOWS\system32\DSOUND.DLL
[Loaded DLLs] C:\WINDOWS\system32\quartz.dll
[Loaded DLLs] C:\WINDOWS\system32\wmnetmgr.dll
[Loaded DLLs] C:\WINDOWS\system32\DRMClien.DLL
[Loaded DLLs] C:\WINDOWS\system32\jscript.dll
[Loaded DLLs] C:\WINDOWS\system32\wmploc.dll
[Loaded DLLs] C:\WINDOWS\system32\wmp.dll
[Loaded DLLs] C:\WINDOWS\system32\wmpdxm.dll
[Loaded DLLs] C:\WINDOWS\system32\winkey.dll
[Loaded DLLs] C:\Programme\Mozilla Firefox\nssckbi.dll
[Loaded DLLs] C:\Programme\Mozilla Firefox\freebl3.dll
[Loaded DLLs] C:\Programme\Mozilla Firefox\nssdbm3.dll
[Loaded DLLs] C:\Programme\Mozilla Firefox\softokn3.dll
[Loaded DLLs] C:\Programme\Mozilla Firefox\components\brwsrcmp.dll
[Loaded DLLs] C:\Programme\Mozilla Firefox\components\browserdirprovider.dll
[Loaded DLLs] C:\WINDOWS\system32\dbghelp.dll
[Loaded DLLs] C:\Programme\Mozilla Firefox\xpcom.dll
[Loaded DLLs] C:\Programme\Mozilla Firefox\ssl3.dll
[Loaded DLLs] C:\Programme\Mozilla Firefox\plds4.dll
[Loaded DLLs] C:\Programme\Mozilla Firefox\plc4.dll
[Loaded DLLs] C:\Programme\Mozilla Firefox\nssutil3.dll
[Loaded DLLs] C:\Programme\Mozilla Firefox\nss3.dll
[Loaded DLLs] C:\Programme\Mozilla Firefox\smime3.dll
[Loaded DLLs] C:\Programme\Mozilla Firefox\nspr4.dll
[Loaded DLLs] C:\Programme\Mozilla Firefox\js3250.dll
[Loaded DLLs] C:\Programme\Mozilla Firefox\MOZCRT19.dll
[Loaded DLLs] C:\Programme\Mozilla Firefox\sqlite3.dll
[Loaded DLLs] C:\Programme\Mozilla Firefox\xul.dll
[Loaded DLLs] C:\WINDOWS\system32\xpsp2res.dll
[Loaded DLLs] C:\WINDOWS\system32\XPOB2RES.DLL
[Loaded DLLs] C:\WINDOWS\system32\actxprxy.dll
[Loaded DLLs] C:\WINDOWS\system32\odbcint.dll
[Loaded DLLs] C:\WINDOWS\system32\ODBC32.dll
[Loaded DLLs] C:\WINDOWS\system32\shgina.dll
[Loaded DLLs] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll
[Loaded DLLs] C:\Programme\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
[Loaded DLLs] C:\WINDOWS\system32\zipfldr.dll
[Loaded DLLs] C:\WINDOWS\system32\mydocs.dll
[Loaded DLLs] C:\WINDOWS\system32\sendmail.dll
[Loaded DLLs] C:\WINDOWS\system32\mlang.dll
[Loaded DLLs] C:\WINDOWS\system32\AVIFIL32.dll
[Loaded DLLs] C:\WINDOWS\system32\shmedia.dll
[Loaded DLLs] C:\WINDOWS\system32\wmpshell.dll
[Loaded DLLs] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
[Loaded DLLs] C:\WINDOWS\system32\DRMClien.DLL
[Loaded DLLs] C:\WINDOWS\system32\msdmo.dll
[Loaded DLLs] C:\WINDOWS\system32\WMASF.DLL
[Loaded DLLs] C:\WINDOWS\system32\wmidx.dll
[Loaded DLLs] C:\WINDOWS\system32\wmvcore.dll
[Loaded DLLs] C:\WINDOWS\system32\MSVFW32.dll
[Loaded DLLs] C:\WINDOWS\system32\DUSER.dll
[Loaded DLLs] C:\WINDOWS\system32\browselc.dll
[Loaded DLLs] C:\WINDOWS\system32\shdoclc.dll
[Loaded DLLs] C:\WINDOWS\system32\xpsp1res.dll
[Loaded DLLs] C:\WINDOWS\System32\davclnt.dll
[Loaded DLLs] C:\WINDOWS\System32\NETUI1.dll
[Loaded DLLs] C:\WINDOWS\System32\NETUI0.dll
[Loaded DLLs] C:\WINDOWS\System32\ntlanman.dll
[Loaded DLLs] C:\WINDOWS\System32\drprov.dll
[Loaded DLLs] C:\WINDOWS\system32\winkey.dll
[Loaded DLLs] C:\WINDOWS\system32\MFC42LOC.DLL
[Loaded DLLs] C:\WINDOWS\system32\MFC42.DLL
[Loaded DLLs] C:\Programme\ICQLite\ICQLiteShell.dll
[Loaded DLLs] C:\Programme\WinRAR\rarext.dll
[Loaded DLLs] C:\WINDOWS\system32\reginv.dll
[Loaded DLLs] C:\WINDOWS\system32\BatMeter.dll
[Loaded DLLs] C:\WINDOWS\system32\stobject.dll
[Loaded DLLs] C:\WINDOWS\system32\webcheck.dll
[Loaded DLLs] C:\WINDOWS\system32\ntshrui.dll
[Loaded DLLs] C:\WINDOWS\system32\LINKINFO.dll
[Loaded DLLs] C:\WINDOWS\system32\MSIMG32.dll
[Loaded DLLs] C:\WINDOWS\system32\themeui.dll
[Loaded DLLs] C:\WINDOWS\system32\SHDOCVW.dll
[Loaded DLLs] C:\WINDOWS\system32\BROWSEUI.dll
[Loaded DLLs] C:\WINDOWS\system32\inetpp.dll
[Loaded DLLs] C:\WINDOWS\system32\NETRAP.dll
[Loaded DLLs] C:\WINDOWS\system32\win32spl.dll
[Loaded DLLs] C:\WINDOWS\system32\usbmon.dll
[Loaded DLLs] C:\WINDOWS\system32\tcpmon.dll
[Loaded DLLs] C:\WINDOWS\system32\pjlmon.dll
[Loaded DLLs] C:\WINDOWS\system32\cnbjmon.dll
[Loaded DLLs] C:\WINDOWS\system32\localspl.dll
[Loaded DLLs] C:\WINDOWS\system32\SPOOLSS.DLL
[Loaded DLLs] C:\WINDOWS\System32\SensApi.dll
[Loaded DLLs] C:\WINDOWS\System32\cryptnet.dll
[Loaded DLLs] C:\WINDOWS\system32\advpack.dll
[Loaded DLLs] c:\windows\system32\SHFOLDER.dll
[Loaded DLLs] c:\windows\system32\qmgr.dll
[Loaded DLLs] C:\WINDOWS\system32\wups2.dll
[Loaded DLLs] C:\WINDOWS\System32\mspatcha.dll
[Loaded DLLs] C:\WINDOWS\system32\wuaueng.dll
[Loaded DLLs] c:\windows\system32\wuauserv.dll
[Loaded DLLs] C:\WINDOWS\System32\catsrv.dll
[Loaded DLLs] C:\WINDOWS\system32\urlmon.dll
[Loaded DLLs] C:\WINDOWS\System32\msi.dll
[Loaded DLLs] C:\WINDOWS\System32\MfcSubs.dll
[Loaded DLLs] C:\WINDOWS\System32\catsrvut.dll
[Loaded DLLs] C:\WINDOWS\system32\msxml3.dll
[Loaded DLLs] c:\windows\system32\POWRPROF.dll
[Loaded DLLs] c:\windows\system32\srsvc.dll
[Loaded DLLs] C:\WINDOWS\System32\rasadhlp.dll
[Loaded DLLs] C:\WINDOWS\system32\SSDPAPI.dll
[Loaded DLLs] C:\WINDOWS\system32\WINHTTP.dll
[Loaded DLLs] C:\WINDOWS\system32\upnp.dll
[Loaded DLLs] C:\WINDOWS\System32\RASDLG.dll
[Loaded DLLs] c:\windows\system32\WZCSAPI.DLL
[Loaded DLLs] c:\windows\system32\credui.dll
[Loaded DLLs] c:\windows\system32\netshell.dll
[Loaded DLLs] c:\windows\system32\netman.dll
[Loaded DLLs] C:\WINDOWS\system32\wbem\wbemcons.dll
[Loaded DLLs] C:\WINDOWS\system32\wbem\ncprov.dll
[Loaded DLLs] C:\WINDOWS\system32\wbem\wbemess.dll
[Loaded DLLs] C:\WINDOWS\system32\wbem\wmiprvsd.dll
[Loaded DLLs] C:\WINDOWS\system32\wbem\repdrvfs.dll
[Loaded DLLs] C:\WINDOWS\system32\wbem\wmiutils.dll
[Loaded DLLs] C:\WINDOWS\system32\wbem\esscli.dll
[Loaded DLLs] C:\WINDOWS\system32\wbem\wbemcore.dll
[Loaded DLLs] C:\WINDOWS\System32\winrnr.dll
[Loaded DLLs] C:\WINDOWS\System32\RESUTILS.DLL
[Loaded DLLs] C:\WINDOWS\System32\CLUSAPI.DLL
[Loaded DLLs] C:\WINDOWS\system32\colbact.DLL
[Loaded DLLs] C:\WINDOWS\system32\WSOCK32.dll
[Loaded DLLs] C:\WINDOWS\system32\MTXCLU.DLL
[Loaded DLLs] C:\WINDOWS\system32\comsvcs.dll
[Loaded DLLs] c:\windows\system32\browser.dll
[Loaded DLLs] C:\WINDOWS\system32\VSSAPI.DLL
[Loaded DLLs] c:\windows\system32\wbem\wmisvc.dll
[Loaded DLLs] c:\windows\system32\trkwks.dll
[Loaded DLLs] c:\windows\system32\sens.dll
[Loaded DLLs] c:\windows\system32\seclogon.dll
[Loaded DLLs] c:\windows\system32\srvsvc.dll
[Loaded DLLs] c:\windows\system32\HID.DLL
[Loaded DLLs] c:\windows\system32\hidserv.dll
[Loaded DLLs] c:\windows\system32\es.dll
[Loaded DLLs] c:\windows\system32\ersvc.dll
[Loaded DLLs] c:\windows\system32\dmserver.dll
[Loaded DLLs] c:\windows\system32\certcli.dll
[Loaded DLLs] c:\windows\system32\cryptsvc.dll
[Loaded DLLs] c:\windows\system32\wkssvc.dll
[Loaded DLLs] c:\windows\system32\audiosrv.dll
[Loaded DLLs] C:\WINDOWS\System32\MSIDLE.DLL
[Loaded DLLs] c:\windows\system32\schedsvc.dll
[Loaded DLLs] C:\WINDOWS\System32\raschap.dll
[Loaded DLLs] C:\WINDOWS\System32\TAPI32.dll
[Loaded DLLs] C:\WINDOWS\System32\rasman.dll
[Loaded DLLs] C:\WINDOWS\System32\RASAPI32.dll
[Loaded DLLs] C:\WINDOWS\System32\MPRAPI.dll
[Loaded DLLs] C:\WINDOWS\system32\WININET.dll
[Loaded DLLs] C:\WINDOWS\system32\CRYPTUI.dll
[Loaded DLLs] C:\WINDOWS\System32\rastls.dll
[Loaded DLLs] c:\windows\system32\ESENT.dll
[Loaded DLLs] c:\windows\system32\WMI.dll
[Loaded DLLs] c:\windows\system32\rtutils.dll
[Loaded DLLs] c:\windows\system32\wzcsvc.dll
[Loaded DLLs] c:\windows\system32\dhcpcsvc.dll
[Loaded DLLs] C:\WINDOWS\system32\rdpwsx.dll
[Loaded DLLs] c:\windows\system32\ATL.DLL
[Loaded DLLs] c:\windows\system32\adsldpc.dll
[Loaded DLLs] c:\windows\system32\ACTIVEDS.dll
[Loaded DLLs] c:\windows\system32\mstlsapi.dll
[Loaded DLLs] c:\windows\system32\ICAAPI.dll
[Loaded DLLs] c:\windows\system32\termsrv.dll
[Loaded DLLs] C:\WINDOWS\system32\xpsp2res.dll
[Loaded DLLs] c:\windows\system32\rpcss.dll
[Loaded DLLs] C:\WINDOWS\system32\dssenh.dll
[Loaded DLLs] C:\WINDOWS\system32\psbase.dll
[Loaded DLLs] C:\WINDOWS\system32\pstorsvc.dll
[Loaded DLLs] C:\WINDOWS\System32\wshtcpip.dll
[Loaded DLLs] C:\WINDOWS\system32\hnetcfg.dll
[Loaded DLLs] C:\WINDOWS\system32\mswsock.dll
[Loaded DLLs] C:\WINDOWS\system32\WINIPSEC.DLL
[Loaded DLLs] C:\WINDOWS\system32\oakley.DLL
[Loaded DLLs] C:\WINDOWS\system32\ipsecsvc.dll
[Loaded DLLs] C:\WINDOWS\system32\scecli.dll
[Loaded DLLs] C:\WINDOWS\system32\wdigest.dll
[Loaded DLLs] C:\WINDOWS\system32\schannel.dll
[Loaded DLLs] C:\WINDOWS\system32\w32time.dll
[Loaded DLLs] C:\WINDOWS\system32\netlogon.dll
[Loaded DLLs] C:\WINDOWS\system32\kerberos.dll
[Loaded DLLs] C:\WINDOWS\system32\msprivs.dll
[Loaded DLLs] C:\WINDOWS\system32\cryptdll.dll
[Loaded DLLs] C:\WINDOWS\system32\SAMSRV.dll
[Loaded DLLs] C:\WINDOWS\system32\LSASRV.dll
[Loaded DLLs] C:\WINDOWS\system32\eventlog.dll
[Loaded DLLs] C:\WINDOWS\AppPatch\AcGenral.DLL
[Loaded DLLs] C:\WINDOWS\system32\ShimEng.dll
[Loaded DLLs] C:\WINDOWS\system32\NCObjAPI.DLL
[Loaded DLLs] C:\WINDOWS\system32\umpnpmgr.dll
[Loaded DLLs] C:\WINDOWS\system32\SCESRV.dll
[Loaded DLLs] C:\WINDOWS\system32\Cabinet.dll
[Loaded DLLs] C:\WINDOWS\system32\DNSAPI.dll
[Loaded DLLs] C:\WINDOWS\system32\NTDSAPI.dll
[Loaded DLLs] C:\WINDOWS\system32\MSVCP60.dll
[Loaded DLLs] C:\WINDOWS\system32\wbem\fastprox.dll
[Loaded DLLs] C:\WINDOWS\system32\wbem\wbemsvc.dll
[Loaded DLLs] C:\WINDOWS\system32\wbem\wbemcomn.dll
[Loaded DLLs] C:\WINDOWS\system32\wbem\wbemprox.dll
[Loaded DLLs] C:\WINDOWS\system32\midimap.dll
[Loaded DLLs] C:\WINDOWS\system32\MSACM32.dll
[Loaded DLLs] C:\WINDOWS\system32\msacm32.drv
[Loaded DLLs] C:\WINDOWS\system32\wdmaud.drv
[Loaded DLLs] C:\WINDOWS\system32\NTMARTA.DLL
[Loaded DLLs] C:\WINDOWS\system32\CLBCATQ.DLL
[Loaded DLLs] C:\WINDOWS\system32\OLEAUT32.dll
[Loaded DLLs] C:\WINDOWS\system32\COMRes.dll
[Loaded DLLs] C:\WINDOWS\system32\xpsp2res.dll
[Loaded DLLs] C:\WINDOWS\system32\cscui.dll
[Loaded DLLs] C:\WINDOWS\system32\wldap32.dll
[Loaded DLLs] C:\WINDOWS\system32\iphlpapi.dll
[Loaded DLLs] C:\WINDOWS\system32\msv1_0.dll
[Loaded DLLs] C:\WINDOWS\system32\SAMLIB.dll
[Loaded DLLs] C:\WINDOWS\system32\rsaenh.dll
[Loaded DLLs] C:\WINDOWS\system32\MPR.dll
[Loaded DLLs] C:\WINDOWS\system32\WINSPOOL.DRV
[Loaded DLLs] C:\WINDOWS\system32\WlNotify.dll
[Loaded DLLs] C:\WINDOWS\system32\cscdll.dll
[Loaded DLLs] C:\WINDOWS\system32\WINMM.dll
[Loaded DLLs] C:\WINDOWS\system32\uxtheme.dll
[Loaded DLLs] C:\WINDOWS\system32\sxs.dll
[Loaded DLLs] C:\WINDOWS\system32\WTSAPI32.dll
[Loaded DLLs] C:\WINDOWS\system32\WINSCARD.DLL
[Loaded DLLs] C:\WINDOWS\system32\msctfime.ime
[Loaded DLLs] C:\WINDOWS\system32\Apphelp.dll
[Loaded DLLs] C:\WINDOWS\system32\ole32.dll
[Loaded DLLs] C:\WINDOWS\system32\sfc_os.dll
[Loaded DLLs] C:\WINDOWS\system32\sfc.dll
[Loaded DLLs] C:\WINDOWS\system32\SHSVCS.dll
[Loaded DLLs] C:\WINDOWS\system32\odbcint.dll
[Loaded DLLs] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[Loaded DLLs] C:\WINDOWS\system32\comdlg32.dll
[Loaded DLLs] C:\WINDOWS\system32\ODBC32.dll
[Loaded DLLs] C:\WINDOWS\system32\COMCTL32.dll
[Loaded DLLs] C:\WINDOWS\system32\SHLWAPI.dll
[Loaded DLLs] C:\WINDOWS\system32\SHELL32.dll
[Loaded DLLs] C:\WINDOWS\system32\MSGINA.dll
[Loaded DLLs] C:\WINDOWS\system32\USP10.dll
[Loaded DLLs] C:\WINDOWS\system32\LPK.DLL
[Loaded DLLs] C:\WINDOWS\system32\IMM32.DLL
[Loaded DLLs] C:\WINDOWS\system32\WS2HELP.dll
[Loaded DLLs] C:\WINDOWS\system32\WS2_32.dll
[Loaded DLLs] C:\WINDOWS\system32\IMAGEHLP.dll
[Loaded DLLs] C:\WINDOWS\system32\WINTRUST.dll
[Loaded DLLs] C:\WINDOWS\system32\WINSTA.dll
[Loaded DLLs] C:\WINDOWS\system32\VERSION.dll
[Loaded DLLs] C:\WINDOWS\system32\SETUPAPI.dll
[Loaded DLLs] C:\WINDOWS\system32\Secur32.dll
[Loaded DLLs] C:\WINDOWS\system32\REGAPI.dll
[Loaded DLLs] C:\WINDOWS\system32\PSAPI.DLL
[Loaded DLLs] C:\WINDOWS\system32\USERENV.dll
[Loaded DLLs] C:\WINDOWS\system32\NETAPI32.dll
[Loaded DLLs] C:\WINDOWS\system32\PROFMAP.dll
[Loaded DLLs] C:\WINDOWS\system32\NDdeApi.dll
[Loaded DLLs] C:\WINDOWS\system32\MSASN1.dll
[Loaded DLLs] C:\WINDOWS\system32\GDI32.dll
[Loaded DLLs] C:\WINDOWS\system32\USER32.dll
[Loaded DLLs] C:\WINDOWS\system32\CRYPT32.dll
[Loaded DLLs] C:\WINDOWS\system32\msvcrt.dll
[Loaded DLLs] C:\WINDOWS\system32\AUTHZ.dll
[Loaded DLLs] C:\WINDOWS\system32\RPCRT4.dll
[Loaded DLLs] C:\WINDOWS\system32\ADVAPI32.dll
[Loaded DLLs] C:\WINDOWS\system32\kernel32.dll
[Loaded DLLs] C:\WINDOWS\system32\ntdll.dll
[Explorer's DLLs] C:\WINDOWS\system32\actxprxy.dll
[Explorer's DLLs] C:\WINDOWS\system32\odbcint.dll
[Explorer's DLLs] C:\WINDOWS\system32\ODBC32.dll
[Explorer's DLLs] C:\WINDOWS\system32\shgina.dll
[Explorer's DLLs] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll
[Explorer's DLLs] C:\Programme\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
[Explorer's DLLs] C:\WINDOWS\system32\zipfldr.dll
[Explorer's DLLs] C:\WINDOWS\system32\mydocs.dll
[Explorer's DLLs] C:\WINDOWS\system32\sendmail.dll
[Explorer's DLLs] C:\WINDOWS\system32\mlang.dll
[Explorer's DLLs] C:\WINDOWS\system32\AVIFIL32.dll
[Explorer's DLLs] C:\WINDOWS\system32\shmedia.dll
[Explorer's DLLs] C:\WINDOWS\system32\wmpshell.dll
[Explorer's DLLs] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
[Explorer's DLLs] C:\WINDOWS\system32\DRMClien.DLL
[Explorer's DLLs] C:\WINDOWS\system32\msdmo.dll
[Explorer's DLLs] C:\WINDOWS\system32\WMASF.DLL
[Explorer's DLLs] C:\WINDOWS\system32\wmidx.dll
[Explorer's DLLs] C:\WINDOWS\system32\wmvcore.dll
[Explorer's DLLs] C:\WINDOWS\system32\MSVFW32.dll
[Explorer's DLLs] C:\WINDOWS\system32\DUSER.dll
[Explorer's DLLs] C:\WINDOWS\system32\browselc.dll
[Explorer's DLLs] C:\WINDOWS\system32\shdoclc.dll
[Explorer's DLLs] C:\WINDOWS\system32\xpsp1res.dll
[Explorer's DLLs] C:\WINDOWS\System32\davclnt.dll
[Explorer's DLLs] C:\WINDOWS\System32\NETUI1.dll
[Explorer's DLLs] C:\WINDOWS\System32\NETUI0.dll
[Explorer's DLLs] C:\WINDOWS\System32\ntlanman.dll
[Explorer's DLLs] C:\WINDOWS\System32\drprov.dll
[Explorer's DLLs] C:\WINDOWS\system32\winkey.dll
[Explorer's DLLs] C:\WINDOWS\system32\MFC42LOC.DLL
[Explorer's DLLs] C:\WINDOWS\system32\MFC42.DLL
[Explorer's DLLs] C:\Programme\ICQLite\ICQLiteShell.dll
[Explorer's DLLs] C:\Programme\WinRAR\rarext.dll
[Explorer's DLLs] C:\WINDOWS\system32\reginv.dll
[Explorer's DLLs] C:\WINDOWS\system32\BatMeter.dll
[Explorer's DLLs] C:\WINDOWS\system32\stobject.dll
[Explorer's DLLs] C:\WINDOWS\system32\webcheck.dll
[Explorer's DLLs] C:\WINDOWS\system32\ntshrui.dll
[Explorer's DLLs] C:\WINDOWS\system32\LINKINFO.dll
[Explorer's DLLs] C:\WINDOWS\system32\MSIMG32.dll
[Explorer's DLLs] C:\WINDOWS\system32\themeui.dll
[Explorer's DLLs] C:\WINDOWS\system32\SHDOCVW.dll
[Explorer's DLLs] C:\WINDOWS\system32\BROWSEUI.dll
[Explorer's DLLs] C:\WINDOWS\system32\NETRAP.dll
[Explorer's DLLs] C:\WINDOWS\System32\SensApi.dll
[Explorer's DLLs] C:\WINDOWS\System32\cryptnet.dll
[Explorer's DLLs] C:\WINDOWS\system32\urlmon.dll
[Explorer's DLLs] C:\WINDOWS\System32\msi.dll
[Explorer's DLLs] c:\windows\system32\POWRPROF.dll
[Explorer's DLLs] C:\WINDOWS\system32\WINHTTP.dll
[Explorer's DLLs] c:\windows\system32\credui.dll
[Explorer's DLLs] c:\windows\system32\netshell.dll
[Explorer's DLLs] C:\WINDOWS\system32\WSOCK32.dll
[Explorer's DLLs] C:\WINDOWS\System32\TAPI32.dll
[Explorer's DLLs] C:\WINDOWS\System32\rasman.dll
[Explorer's DLLs] C:\WINDOWS\System32\RASAPI32.dll
[Explorer's DLLs] C:\WINDOWS\system32\WININET.dll
[Explorer's DLLs] C:\WINDOWS\system32\CRYPTUI.dll
[Explorer's DLLs] c:\windows\system32\rtutils.dll
[Explorer's DLLs] c:\windows\system32\ATL.DLL
[Explorer's DLLs] C:\WINDOWS\system32\xpsp2res.dll
[Explorer's DLLs] C:\WINDOWS\AppPatch\AcGenral.DLL
[Explorer's DLLs] C:\WINDOWS\system32\ShimEng.dll
[Explorer's DLLs] C:\WINDOWS\system32\midimap.dll
[Explorer's DLLs] C:\WINDOWS\system32\MSACM32.dll
[Explorer's DLLs] C:\WINDOWS\system32\msacm32.drv
[Explorer's DLLs] C:\WINDOWS\system32\wdmaud.drv
[Explorer's DLLs] C:\WINDOWS\system32\CLBCATQ.DLL
[Explorer's DLLs] C:\WINDOWS\system32\OLEAUT32.dll
[Explorer's DLLs] C:\WINDOWS\system32\COMRes.dll
[Explorer's DLLs] C:\WINDOWS\system32\cscui.dll
[Explorer's DLLs] C:\WINDOWS\system32\wldap32.dll
[Explorer's DLLs] C:\WINDOWS\system32\iphlpapi.dll
[Explorer's DLLs] C:\WINDOWS\system32\SAMLIB.dll
[Explorer's DLLs] C:\WINDOWS\system32\rsaenh.dll
[Explorer's DLLs] C:\WINDOWS\system32\MPR.dll
[Explorer's DLLs] C:\WINDOWS\system32\cscdll.dll
[Explorer's DLLs] C:\WINDOWS\system32\WINMM.dll
[Explorer's DLLs] C:\WINDOWS\system32\uxtheme.dll
[Explorer's DLLs] C:\WINDOWS\system32\sxs.dll
[Explorer's DLLs] C:\WINDOWS\system32\WTSAPI32.dll
[Explorer's DLLs] C:\WINDOWS\system32\msctfime.ime
[Explorer's DLLs] C:\WINDOWS\system32\Apphelp.dll
[Explorer's DLLs] C:\WINDOWS\system32\ole32.dll
[Explorer's DLLs] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[Explorer's DLLs] C:\WINDOWS\system32\comdlg32.dll
[Explorer's DLLs] C:\WINDOWS\system32\COMCTL32.dll
[Explorer's DLLs] C:\WINDOWS\system32\SHLWAPI.dll
[Explorer's DLLs] C:\WINDOWS\system32\SHELL32.dll
[Explorer's DLLs] C:\WINDOWS\system32\MSGINA.dll
[Explorer's DLLs] C:\WINDOWS\system32\USP10.dll
[Explorer's DLLs] C:\WINDOWS\system32\LPK.DLL
[Explorer's DLLs] C:\WINDOWS\system32\IMM32.DLL
[Explorer's DLLs] C:\WINDOWS\system32\WS2HELP.dll
[Explorer's DLLs] C:\WINDOWS\system32\WS2_32.dll
[Explorer's DLLs] C:\WINDOWS\system32\IMAGEHLP.dll
[Explorer's DLLs] C:\WINDOWS\system32\WINTRUST.dll
[Explorer's DLLs] C:\WINDOWS\system32\WINSTA.dll
[Explorer's DLLs] C:\WINDOWS\system32\VERSION.dll
[Explorer's DLLs] C:\WINDOWS\system32\SETUPAPI.dll
[Explorer's DLLs] C:\WINDOWS\system32\Secur32.dll
[Explorer's DLLs] C:\WINDOWS\system32\USERENV.dll
[Explorer's DLLs] C:\WINDOWS\system32\NETAPI32.dll
[Explorer's DLLs] C:\WINDOWS\system32\MSASN1.dll
[Explorer's DLLs] C:\WINDOWS\system32\GDI32.dll
[Explorer's DLLs] C:\WINDOWS\system32\USER32.dll
[Explorer's DLLs] C:\WINDOWS\system32\CRYPT32.dll
[Explorer's DLLs] C:\WINDOWS\system32\msvcrt.dll
[Explorer's DLLs] C:\WINDOWS\system32\RPCRT4.dll
[Explorer's DLLs] C:\WINDOWS\system32\ADVAPI32.dll
[Explorer's DLLs] C:\WINDOWS\system32\kernel32.dll
[Explorer's DLLs] C:\WINDOWS\system32\ntdll.dll
[Running Services] AudioSrv
[Running Services] BITS
[Running Services] CryptSvc
[Running Services] DcomLaunch
[Running Services] Dhcp
[Running Services] dmserver
[Running Services] Dnscache
[Running Services] ERSvc
[Running Services] Eventlog
[Running Services] EventSystem
[Running Services] FastUserSwitchingCompatibility
[Running Services] HidServ
[Running Services] lanmanserver
[Running Services] lanmanworkstation
[Running Services] LmHosts
[Running Services] Netman
[Running Services] Nla
[Running Services] PlugPlay
[Running Services] PolicyAgent
[Running Services] ProtectedStorage
[Running Services] RemoteRegistry
[Running Services] RpcSs
[Running Services] SamSs
[Running Services] Schedule
[Running Services] seclogon
[Running Services] SENS
[Running Services] ShellHWDetection
[Running Services] Spooler
[Running Services] srservice
[Running Services] SSDPSRV
[Running Services] TermService
[Running Services] Themes
[Running Services] TrkWks
[Running Services] upnphost
[Running Services] W32Time
[Running Services] WebClient
[Running Services] winmgmt
[Running Services] wuauserv
[Running Services] WZCSVC
[Uninstall]
[Applications] :HKLM &RQ
[Applications] :HKLM Panda ActiveScan 2.0=C:\Programme\Panda Security\ActiveScan 2.0\as2uninst.exe
[Applications] :HKLM Adobe Flash Player ActiveX=C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
[Applications] :HKLM Adobe Flash Player Plugin=C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
[Applications] :HKLM Aleo Flash Intro Banner Maker 2.4.99="C:\Programme\Aleo Software\Flash Intro and Banner Maker\unins000.exe"
[Applications] :HKLM Alligator Flash Designer 7 (7.0.3.3) Trial=C:\PROGRA~2\Selteco\ALLIGA~1\Setup.exe /remove
[Applications] :HKLM Branding
[Applications] :HKLM Connection Manager
[Applications] :HKLM Flash Website Design Free 1.1563(563 Templates/Unicode UTF8)="C:\Programme\Flash Website Design\unins000.exe"
[Applications] :HKLM foobar2000 v0.9.5.5="C:\Programme\foobar2000\uninstall.exe"
[Applications] :HKLM Foxit Reader=C:\Programme\Foxit Software\Foxit Reader\Uninstall.exe
[Applications] :HKLM GrabPro - Toolbar=regsvr32 /u /s "C:\Programme\Orbitdownloader\GrabPro.dll"
[Applications] :HKLM HijackThis 2.0.2="C:\Dokumente und Einstellungen\Yakuza 112\Desktop\HijackThis.exe" /uninstall
[Applications] :HKLM HTMLProtector=C:\PROGRA~2\HTMLPR~1\UNWISE.EXE C:\PROGRA~2\HTMLPR~1\INSTALL.LOG
[Applications] :HKLM InstallShield Uninstall Information
[Applications] :HKLM VeohTV BETA=C:\Programme\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
[Applications] :HKLM KB884016
[Applications] :HKLM KB893803
[Applications] :HKLM Windows Installer 3.1 (KB893803)="C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
[Applications] :HKLM Messenger Plus! Live="C:\Programme\Messenger Plus! Live\Uninstall.exe"
[Applications] :HKLM Mozilla Firefox (3.0.1)=C:\Programme\Mozilla Firefox\uninstall\helper.exe
[Applications] :HKLM MSI30-Beta1
[Applications] :HKLM MSI30-Beta2
[Applications] :HKLM MSI30-KB884016
[Applications] :HKLM MSI30-RC1
[Applications] :HKLM MSI30-RC2
[Applications] :HKLM MSI30a-KB884016
[Applications] :HKLM MSI31-Beta
[Applications] :HKLM MSI31-RC1
[Applications] :HKLM NetXfer 2.64.422="C:\Programme\Xi\NetXfer\unins000.exe"
[Applications] :HKLM Orbit Downloader="C:\Programme\Orbitdownloader\unins000.exe"
[Applications] :HKLM PCHealth=rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
[Applications] :HKLM Security Task Manager 1.7f=C:\Programme\Security Task Manager\Uninstal.exe "C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager"
[Applications] :HKLM ShockwaveFlash
[Applications] :HKLM Sophos Anti-Rootkit 1.3.1=C:\Programme\Sophos\Sophos Anti-Rootkit\helper.exe remove
[Applications] :HKLM Visual Basic 6.0 Runtime&Steuerelemente=C:\WINDOWS\st6unst.exe -n "c:\ST6UNST.LOG"
[Applications] :HKLM Counter-Strike="C:\Programme\Steam\steam.exe" steam://uninstall/10
[Applications] :HKLM Trillian
[Applications] :HKLM UnHackMe 4.80 release="C:\Programme\UnHackMe\unins000.exe"
[Applications] :HKLM VideoLAN VLC media player 0.8.6c=C:\Programme\VideoLAN\VLC\uninstall.exe
[Applications] :HKLM Windows Live OneCare safety scanner=RunDll32.exe "C:\Programme\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
[Applications] :HKLM WinPcap 4.0=C:\Programme\WinPcap\uninstall.exe
[Applications] :HKLM WinRAR=C:\Programme\WinRAR\uninstall.exe
[Applications] :HKLM VeohTV BETA
[Applications] :HKLM Steam=MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
[Applications] :HKLM Windows Live Messenger=MsiExec.exe /X{2B091530-69AA-442E-AB09-39ED06B58220}
[Applications] :HKLM Java(TM) 6 Update 7=MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
[Applications] :HKLM WebFldrs XP
[Applications] :HKLM Windows Live installer=MsiExec.exe /X{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}
[Applications] :HKLM CuteFTP 8 Home=RunDll32 C:\PROGRA~2\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{949DBB22-2FB7-4DE1-804C-23D495A988D8}\Setup.exe" -l0x9
[Applications] :HKLM DirectX10 NCT Release 2="C:\Programme\Gemeinsame Dateien\unins000.exe"
Dieser Beitrag wurde am 19.09.2008 um 14:49 Uhr von Yakuza112 editiert.
Seitenanfang Seitenende
19.09.2008, 15:09
Moderator

Beiträge: 5694
#4 Hallo Yakuza 112

Du hast einen Backdoor auf deinem System. Meine Empfehlung wäre das System neu aufzusetzen und alles Passwörter zu ändern.

Du kannst auch noch abwarten was Arnold dazu sagt.

Gruss Swiss
Seitenanfang Seitenende
19.09.2008, 15:22
Member

Themenstarter

Beiträge: 66
#5 hmm an welchem prozess siehst du das..ich hatte mir vor kurzem auch sowas erstellt zur überwachung meines pcs und wer da noch alles drangeht...

das mit dem neu aufsetzen würde das problem nicht beheben...weil cih nioch ne externe platte habe und die auch mit der datei befallen ist und die werde ich ganz icher nicht formatten ;)
Seitenanfang Seitenende
19.09.2008, 17:42
Member

Beiträge: 3716
#6 hi, schließ deine platte mit an den rechner an. führe dann combofix nach anleitung aus und poste log.
http://virus-protect.org/artikel/tools/combofix.html
Seitenanfang Seitenende
19.09.2008, 18:22
Member

Themenstarter

Beiträge: 66
#7 "Steam"="C:\Programme\Steam\Steam.exe" [2008-09-15 1271032]
"Veoh"="C:\Programme\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"MsnMsgr"="C:\Programme\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-08-04 1667584]
"UnHackMe Monitor"="C:\Programme\UnHackMe\hackmon.exe" [2007-09-17 228352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\Orbitdownloader\\orbitdm.exe"=
"C:\\Programme\\Orbitdownloader\\orbitnet.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys [1980-11-15 30946]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000]

*Newly Created Service* - PROCEXP90
.
.
------- Zusätzlicher Suchlauf -------
.
FireFox -: Profile - C:\Dokumente und Einstellungen\Yakuza 112\Anwendungsdaten\Mozilla\Firefox\Profiles\2hrpkoa7.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://search.orbitdownloader.com
FF -: plugin - C:\Programme\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-19 18:18:17
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-09-19 18:19:40
ComboFix-quarantined-files.txt 2008-09-19 16:19:37

Vor Suchlauf: 13 Verzeichnis(se), 71,484,981,248 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 71,561,166,848 Bytes frei

213 --- E O F --- 2008-09-19 13:24:04
Seitenanfang Seitenende
19.09.2008, 18:33
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#8 Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei

Zitat

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [] C:\WINDOWS\system32\.exe
O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe
klicke: Fix checked
Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst

SDFix
Download SDFix zum Desktop

Starte dein Recher in
abgesicherten Modus

SDFix.zip entpacken
unter C:\ findet man nun den SDFix-Ordner

Doppelklick RunThis.bat
Schreibe: Y folge allen Anweisungen
Dann wird der Rechner neustarten
SDFix entfernt jetzt die gefundene Objekte
Kopiere den Inhalt des Berichts SophosReport.txt der jetzt auf dein Desktop steht in diesen Thread
Note:Wenn die Immunisierfunktion von Spybot s&d benutzt wird,nachher wieder installieren,weil SDFix sie entfernt

DrWeb CureIt!
Scanne mit DrWeb http://board.protecus.de/t29350.htm

Und installiere ein Virenscanner
__________
MfG Argus
Seitenanfang Seitenende
19.09.2008, 18:50
Member

Themenstarter

Beiträge: 66
#9

Zitat

SDFix: Version 1.227
Run by Yakuza 112 on 19.09.2008 at 18:41

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-19 18:47:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:dc6fd032
"s2"=dword:c352eb33

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programme\\Orbitdownloader\\orbitdm.exe"="C:\\Programme\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"
"C:\\Programme\\Orbitdownloader\\orbitnet.exe"="C:\\Programme\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sun 9 Mar 2008 236 A..H. --- "C:\Programme\Gemeinsame Dateien\dx.reg"
Thu 26 Jul 2007 52,224 ..SHR --- "C:\Programme\Selteco\Alligator Flash Designer 7\Setup.exe"
Fri 19 Sep 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b76443b8c3e363672b10791338cc85db\BIT6A.tmp"
Thu 3 Jul 2008 545,011 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2fd45636a16ced1056dcf39cf927496d\download\BIT8E.tmp"
Wed 23 Jul 2008 163,512 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f14fd8e5430c9159611462b685a23f24\download\BIT90.tmp"

Finished!

der einzige für mich gute av-scanner ist kaspersky und bei der letzten suche von ca 15000 funden ;) ist der hängen geblieben..
Seitenanfang Seitenende
19.09.2008, 19:08
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#10 Kann sein,aber du benutzt Kaspersky ja nicht lol

Zitat

der einzige für mich gute av-scanner ist kaspersky

__________
MfG Argus
Seitenanfang Seitenende
19.09.2008, 19:58
Member

Themenstarter

Beiträge: 66
#11 ich will das hetzt auch nicht weiter vertiefen

Zitat

Und installiere ein Virenscanner
dann hab ich

Zitat

Zitat

der einzige für mich gute av-scanner ist kaspersky
hähh du meintest doch ich solle n av installen ;)

Zitat

Kann sein,aber du benutzt Kaspersky ja nicht
oder ich bin einfach zu blöd um das zu verstehen lol
Seitenanfang Seitenende
19.09.2008, 20:43
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#12 Im log von Hijack This steht nirgendwo Kaspersky
Also benutzt du kein Virenscanner,scanne aber dein Rechner mit DrWeb Cureit wie angegeben
__________
MfG Argus
Seitenanfang Seitenende
20.09.2008, 23:26
Member

Themenstarter

Beiträge: 66
#13 hier erst mal von der externen Hd:

Zitat

D:\.exe;Win32.HLLW.Autoruner.129;Gelöscht.;
data040\regrun2.hhk;
D:\Meine Dateien\regrunplat580.exe\data040;Wahrscheinlich SCRIPT.Virus;;
data040;
D:\Meine Dateien\regrunplat580.exe;Archiv enthält infizierte Objekte;;
regrunplat580.exe;
D:\Meine Dateien;Archiv enthält infizierte Objekte;Verschoben.;
RLSetup_AdVantage.exe\data060;
D:\Meine Dateien\RLSetup_AdVantage.exe;Adware.SaveNow.origin;;
RLSetup_AdVantage.exe;
D:\Meine Dateien;Archiv enthält infizierte Objekte;Verschoben.;
data008\data006;
D:\Meine Dateien\Stealer-Pack_by_Sharky19722\PassStealer 3.0.exe\data008;Trojan.PWS.Logoner;;
data008;
D:\Meine Dateien\Stealer-Pack_by_Sharky19722\PassStealer 3.0.exe;Archiv enthält infizierte Objekte;;
PassStealer 3.0.exe;
D:\Meine Dateien\Stealer-Pack_by_Sharky19722;Archiv enthält infizierte Objekte;Verschoben.;
Pop-up Maker.exe;
D:\Meine Dateien\Viren\Jakash3 Virus Package\Pop-up Maker;Wahrscheinlich MULDROP.Trojan;Umbenannt.;
Windows Attacker.exe;
D:\Meine Dateien\Viren\Jakash3 Virus Package\Windows Attacker;Wahrscheinlich MULDROP.Trojan;Umbenannt.;
wobei bei D:\Meine Dateien\stealer pack und \viren es klar ist das da trojaner und viren sind lol

wieso eigentlich immer dr.web ist der besonders gut im gegensatz zu anderen oder wieso emphelt ihr denn hier so

Zitat

dr. web und norman laufen noch...
Dieser Beitrag wurde am 21.09.2008 um 00:34 Uhr von Yakuza112 editiert.
Seitenanfang Seitenende
21.09.2008, 01:52
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#14 Ist nur 10MB gross statt Kaspersky mit 25,4MB

Zitat

wieso eigentlich immer dr.web

__________
MfG Argus
Seitenanfang Seitenende
21.09.2008, 03:19
Member

Themenstarter

Beiträge: 66
#15

Zitat

Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/09/17 00:29:24

Norman Scanner Engine Version: 5.93.01
Nvcbin.def Version: 5.93.00, Date: 2008/09/17 00:29:24, Variants: 2163071

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 2
Logged on user: HACKER\Yakuza 112

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000
Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000

Scan started: 21/09/2008 00:19:30


Scanning running processes and process memory...

Number of processes/threads found: 1434
Number of processes/threads scanned: 1434
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 3m 28s


Scanning file system...

Scanning: C:\*.*

C:\alligator\aVitamin - Alligator Flash Designer\keygen\keygen.exe (Infected with W32/Packed/FSG_2.A)
Deleted file

C:\Dokumente und Einstellungen\Yakuza 112\Eigene Dateien\downloads\BlackFTP\Ico Degis.exe (Error opening file: Not found)

C:\SDFix\backups\backups.zip/backups/Pplugin4.exe (Infected with W32/LdPinch.UM)
Deleted file

C:\SDFix\backups\backups.zip (Empty archive after cleaning)
Deleted file

C:\System Volume Information\_restore{2BD6118C-83B0-4ED0-8383-4C7ECA14C4BE}\RP11\A0001313.exe (Infected with W32/Packed/FSG_2.A)
Deleted file

C:\System Volume Information\_restore{2BD6118C-83B0-4ED0-8383-4C7ECA14C4BE}\RP7\A0001121.exe (Infected with W32/LdPinch.UM)
Deleted file

C:\WINDOWS\eimsn.exe (Infected with W32/Prorat.EQY)
Deleted file

C:\WINDOWS\Pplugin8.exe (Infected with W32/Prorat.EXJ)
Deleted file

C:\WINDOWS\SERVICES.EXE.del (Infected with W32/Prorat.CTI)
Deleted file

C:\WINDOWS\system\SSERVICE.EXE.del (Infected with W32/Prorat.CTI)
Deleted file

C:\WINDOWS\system32\FSERVICE.EXE.del (Infected with W32/Prorat.CTI)
Deleted file

C:\WINDOWS\system32\Instmsng.dll (Infected with W32/Prorat.AMP)
Deleted file

Scanning: D:\*.*

D:\Stealer-Pack_by_Sharky19722.zip/Universal1337 - The Account Stealer 2/Universal1337 V2.exe (Infected with W32/VBTroj.IZD)
Deleted file

D:\Stealer-Pack_by_Sharky19722.zip/PW-Stealer v3.0 by c0d4.exe (Infected with W32/Smalltroj.IVU)
Deleted file

D:\Stealer-Pack_by_Sharky19722.zip/Codesoft-PW_Stealer v0.35.exe (Infected with W32/Packed_Nspack.A)
Deleted file

D:\Stealer-Pack_by_Sharky19722.zip/PenDStealR201.zip/PenDrive Stealer 2.0.1/batexe/iepv.exe (Infected with W32/Smalltroj.EYIU)
Deleted file

D:\Stealer-Pack_by_Sharky19722.zip/PenDStealR201.zip/PenDrive Stealer 2.0.1/batexe/netpass.exe (Infected with W32/PSWTool.B)
Deleted file

D:\downloads\BlackFTP\Ico Degis.exe (Error opening file: Not found)

D:\Meine Dateien\1 GB Stick\Meine Dateien\Counter - Strike\as_tundra.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

D:\Meine Dateien\1 GB Stick\Meine Dateien\Counter - Strike\de_vegas.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

D:\Meine Dateien\1 GB Stick\Meine Dateien\Programme\Ulead.VideoStudio.10 Plus.German.Sp33dcrew.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

D:\Meine Dateien\1000 Handy Games fuer alle java faehigen handys\1000 Handy Games fuer alle java faehigen handys\Snails\Snails.sis (Error whilst scanning file: I/O Error (0x00000000))

D:\Meine Dateien\1000 Handy Games fuer alle java faehigen handys\1000 Handy Games fuer alle java faehigen handys\Tomb Raider 2 - Quest For Cinnabar\TombRaider2QuestforCinnabar.jar/com/nokia/mid/sound/SoundListener.class (Error whilst scanning file: I/O Error (0x00220005))

D:\Meine Dateien\MEIN W810i\Sony Ericsson K800i Programs\SonyEricsson-K790,K800,W850-ThemesCreator,AnimierteGrafiken(224),Hintergrundbilder(634),Themes(39),Diverse Programme\Programme\Mobile Media Maker Sony Ericsson v1.2\Mobiledit v1.97 Setup Crack Keygen\patch.exe (Infected with W32/Packed/FSG_2.A)
Deleted file

D:\Meine Dateien\Mods + Patches\GTA Vice City\Grand.Theft.Auto.Vice.City.1.x.update.Fixe-FFF.rar/CMT (Error whilst scanning file: I/O Error (0x00220000))

D:\Meine Dateien\Stealer-Pack_by_Sharky19722\Codesoft-PW_Stealer v0.35.exe (Infected with W32/Packed_Nspack.A)
Deleted file

D:\Meine Dateien\tsspam_steamcracker\TeamSpeak-Spam\Spamer.exe (Infected with W32/Smalltroj.EMYA)
Deleted file

D:\Meine Dateien\Viren\Pinkt Virus.rar (Error opening file: Access denied)

D:\Meine Dateien\wwwhack19\wwhack19\wwwhack-1.946\patch.exe (Infected with W32/WwwHack.C)
Deleted file

D:\Meine Dateien\wwwhack19\wwhack19\wwwhack-1.946\wwwhack.exe (Infected with W32/WwwHack.B)
Deleted file
meine schönen tools deleted :-( lol

dr.web teil 2 :

Zitat

Process.exe;C:\SDFix\apps;Tool.Prockill;;

A0001281.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{2BD6118C-83B0-4ED0-8383-4C7ECA14C4BE}\RP11\A0001281.exe;Tool.Prockill;;

A0001281.exe;C:\System Volume Information\_restore{2BD6118C-83B0-4ED0-8383-4C7ECA14C4BE}\RP11;Archiv enthält infizierte Objekte;Verschoben.;

A0001314.exe;C:\System Volume Information\_restore{2BD6118C-83B0-4ED0-8383-4C7ECA14C4BE}\RP11;Trojan.MulDrop.6819;Gelöscht.;

A0001315.exe;C:\System Volume Information\_restore{2BD6118C-83B0-4ED0-8383-4C7ECA14C4BE}\RP11;Tool.ShowPass;;

A0001316.dll;C:\System Volume Information\_restore{2BD6118C-83B0-4ED0-8383-4C7ECA14C4BE}\RP11;BackDoor.ProRat.235;Gelöscht.;

A0000189.#at;C:\System Volume Information\_restore{2BD6118C-83B0-4ED0-8383-4C7ECA14C4BE}\RP7;Wahrscheinlich BATCH.Virus;;

A0001035.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{2BD6118C-83B0-4ED0-8383-4C7ECA14C4BE}\RP7\A0001035.exe;Tool.Prockill;;

A0001035.exe;C:\System Volume Information\_restore{2BD6118C-83B0-4ED0-8383-4C7ECA14C4BE}\RP7;Archiv enthält infizierte Objekte;Verschoben.;

A0001057.exe;C:\System Volume Information\_restore{2BD6118C-83B0-4ED0-8383-4C7ECA14C4BE}\RP7;Tool.Prockill;;

winp9.exe;C:\WINDOWS;Tool.DialupPass;;

imsn.exe;C:\WINDOWS\system32;Tool.MessenPass;;
Dieser Beitrag wurde am 21.09.2008 um 12:10 Uhr von Yakuza112 editiert.
Seitenanfang Seitenende