Informationsarchiv.net > Foren-Übersicht > Computerprobleme > Online- und PC-Sicherheit
Warum kostenlos registrieren?

Nur als registriertes Mitglied hast Du vollen Zugriff auf alle Funktionen unserer Website. So kannst Du eigene Fragen stellen und hast die volle Übersicht über neue interessante Themen im Forum.
Jetzt kostenlos registrieren.

Login


Start Page = *http://www.hotoffers.info/185/*

Warnungen vor Sicherheitslücken und Hilfe beim Enfernen von Viren, Würmern und Trojanern.
Antwort erstellen

Start Page = *http://www.hotoffers.info/185/*

Beitragvon King0Pin am 03.04.2005, 15:12

Hi
Ich habe auf meinem Pc ein Hijacker oder wie das heisst. Jedenfalls hat der seine eigene Startseite festgelegt und geht immer alleine ins Internet und öffnet dort irgendwelche Seiten.
Ich konnte mit Ad-Aware, Spybot S&D, Hijackthis, CWShredderer, und Spysubtract einiges zerstören.

Aber ein par Dateien wollen einfach net verschwinden.
Hijackthis hat mir angezeigt das er ein par dateien net löschen kann.
Ad-Aware findet auch immer noch 3 dateien. Aber nach dem Löschen sind diese wieder da. Mich kotzt der *lol* echt an weil ich auch keine Flatrate hab und ich meinen Pc nicht unbeaufsichtigt alleine lassen kann. Das kostet!

Also ich kenn mich in dem Gebiet net aus also bitte formuliert euch simple und mit wenig Fachbegriffen.

Danke schon ma im vorraus.
Hir ist die Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 15:11:44, on 03.04.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programme\Ideazon\Zboard Software\Driver\Zboard.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Dokumente und Einstellungen\KingPin\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/185/
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [SpionFrei] "C:\Programme\SinEspias\no-spy.exe" /autorun
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O10 - Hijacked Internet access by New.Net
O10 - Broken Internet access because of LSP provider 'xfire_lsp_11078.dll' missing
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
King0Pin
 
Beiträge: 16
Registriert: 03.04.2005, 15:02
Wohnort: Rostock
Nach oben

Beitragvon Nikita am 03.04.2005, 15:44

Hallo@King0Pin

•WinSock XP Fix 1.2
fix XP internet connectivity
http://www.spychecker.com/program/winsockxpfix.html


#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/185/
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [SpionFrei] "C:\Programme\SinEspias\no-spy.exe" /autorun

PC neustarten

Deinstallieren:
"Start -> Einstellungen -> Systemsteuerung -> Software"

New.net/NEWDOT
SpionFrei

•KillBox
http://www.bleepingcomputer.com/files/killbox.php

•Delete File on Reboot <--anhaken

und klick auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes

C:\WINDOWS\System32\systr.dll
C:\WINDOWS\System32\mt.exe
C:\WINDOWS\System32\popup_bl.dll
C:\WINDOWS\System32\serch_hook.dll
C:\WINDOWS\System32\setup.exe
C:\WINDOWS\System32\toolband_atl.dll

PC neustarten

L2mfix
1. Laden Sie L2mfix von hier :
2.
http://bilder.informationsarchiv.net/Ni ... l2mfix.exe
3. Speichern Sie die Datei auf Ihren Desktop und doppel-klicken Sie click l2mfix.exe.
4. Klicken Sie auf Installieren um die Dateien zu extrahieren und folgen Sie den Anweisungen während der Installation.
5. Dann öffnen Sie den auf Ihrem Desktop neuerstellten Ordner l2mfix
6. Doppel-klicken Sie die Datei l2mfix.bat und tippen sie eine 1 und drücken Sie [Enter], um Find log laufen zu lassen. Dies wird Ihren Computer scannen. Es kann sein, das es so aussieht als ob nichts passiert, aber nach 1 oder 2 Minuten wird sich Notepad mit einem Log öffnen.
7. Kopieren Sie den Inhalt durch Strg+A und fügen Sie den Inhalt in Ihren Thread durch Strg+V.

WICHTIG:Nutzen Sie nicht Option 2, oder jegliche andere Dateien aus dem l2mfix Ordner, bis Sie dazu aufgefordert werden!

8. Schließen Sie alle offenen Programme , da der nächste Schritt einen Neustart erfordert. Klicken Sie erneut auf l2mfix.bat und tippen Sie 2 ein --> [Enter].
9. Drücken Sie eine beliebige Taste um einen Systemneustart einzuleiten.
10. Nach dem Neustart, werden Ihre Icons auf dem Desktop kurz erscheinen und kurz verschwinden - dies ist NORMAL.
11. L2mfix wird den Systemscan fortsetzen und wenn es fertig ist, wird sich Notepad öffnen und einen Log anzeigen. Kopieren Sie auch diesen hier in den Thread rein (Strg+C & Strg+V). Posten Sie ausserdem einen aktuellen HijackThis Log.

WICHTIG: Nutzen Sie nicht Option 2, oder jegliche andere Dateien aus dem l2mfix Ordner, bis Sie dazu aufgefordert werden!

12. Doppel-klicken Sie erneut auf l2mfix.bat und geben Sie 4 ein. Bestätigen Sie mit [Enter].
13. Dies stellt die Winlogon Standardeinstellungen wieder her.
14. Posten Sie einen aktuellen HijackThis Log

__________
MfG
Nikita
Nikita
Moderator
 
Beiträge: 11478
Registriert: 07.12.2003, 16:53
Wohnort: Lissabon
Nach oben

Beitragvon King0Pin am 03.04.2005, 17:37

L2MFIX find log 1.02b
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Eigenschaften f
King0Pin
 
Beiträge: 16
Registriert: 03.04.2005, 15:02
Wohnort: Rostock
Nach oben

Beitragvon King0Pin am 03.04.2005, 17:42

L2Mfix 1.02b

Running From:
C:\DOKUME~1\KingPin\Desktop\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read VORDEFINIERT\Benutzer
(ID-IO) ALLOW Read VORDEFINIERT\Benutzer
(ID-NI) ALLOW Full access VORDEFINIERT\Administratoren
(ID-IO) ALLOW Full access VORDEFINIERT\Administratoren
(ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access ERSTELLER-BESITZER



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C access for really "Everyone"
- adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- Jeder
(ID-NI) ALLOW Read VORDEFINIERT\Benutzer
(ID-IO) ALLOW Read VORDEFINIERT\Benutzer
(ID-NI) ALLOW Full access VORDEFINIERT\Administratoren
(ID-IO) ALLOW Full access VORDEFINIERT\Administratoren
(ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access ERSTELLER-BESITZER



Setting up for Reboot


Starting Reboot!

C:\Dokumente und Einstellungen\KingPin\Desktop\l2mfix
System Rebooted!

Running From:
C:\Dokumente und Einstellungen\KingPin\Desktop\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1092 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1692 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!

Zipping up files for submission:
adding: clear.reg (164 bytes security) (deflated 2%)
adding: echo.reg (164 bytes security) (deflated 10%)
adding: direct.txt (164 bytes security) (stored 0%)
adding: lo2.txt (164 bytes security) (deflated 69%)
adding: readme.txt (164 bytes security) (deflated 49%)
adding: report.txt (164 bytes security) (deflated 63%)
adding: test.txt (164 bytes security) (stored 0%)
adding: test2.txt (164 bytes security) (stored 0%)
adding: test3.txt (164 bytes security) (stored 0%)
adding: test5.txt (164 bytes security) (stored 0%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for really "Everyone"


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read VORDEFINIERT\Benutzer
(ID-IO) ALLOW Read VORDEFINIERT\Benutzer
(ID-NI) ALLOW Full access VORDEFINIERT\Administratoren
(ID-IO) ALLOW Full access VORDEFINIERT\Administratoren
(ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access ERSTELLER-BESITZER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332


The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************

King0Pin
 
Beiträge: 16
Registriert: 03.04.2005, 15:02
Wohnort: Rostock
Nach oben

Beitragvon King0Pin am 03.04.2005, 17:43

Logfile of HijackThis v1.99.1
Scan saved at 17:43:16, on 03.04.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\Programme\Ideazon\Zboard Software\Driver\Zboard.exe
C:\WINDOWS\explorer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Dokumente und Einstellungen\KingPin\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/185/
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
King0Pin
 
Beiträge: 16
Registriert: 03.04.2005, 15:02
Wohnort: Rostock
Nach oben

Beitragvon King0Pin am 03.04.2005, 17:46

Logfile of HijackThis v1.99.1
Scan saved at 17:45:36, on 03.04.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\Programme\Ideazon\Zboard Software\Driver\Zboard.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Dokumente und Einstellungen\KingPin\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotoffers.info/185/
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
King0Pin
 
Beiträge: 16
Registriert: 03.04.2005, 15:02
Wohnort: Rostock
Nach oben

Beitragvon King0Pin am 03.04.2005, 17:47

so haffe ich hab alles richtig gemacht
aber dieses spionfrei wieso sollte ic hdas löschen?






(es war schon gelöscht)
King0Pin
 
Beiträge: 16
Registriert: 03.04.2005, 15:02
Wohnort: Rostock
Nach oben

Beitragvon Nikita am 03.04.2005, 22:00

•LSPfix.exe
http://www.spychecker.com/program/lspfix.html

<"I know what I'm doing" <--anhaken

bringe die NEWDOT~2.DLLvon links nach rechts und loesche sie.
(ist ein WinsockVirus)

•KillBox
http://www.bleepingcomputer.com/files/killbox.php

•Delete File on Reboot <--anhaken

und klick auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes

C:\WINDOWS\System32\popup_bl.dll
C:\WINDOWS\System32\sporder.dll
C:\WINDOWS\System32\systr.dll

PC neustarten

•eScan-Erkennungstool
eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich:
http://www.mwti.net/antivirus/free_utilities.asp
oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche
kavupd.exe, die klickst du an--> (Update- in DOS) ausführen

-->mwav.exe oeffnen-->alle Haekchen setzen-->scannen-->View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben
und nun alles rauskopieren, was angezeigt wird-->
Nikita
Moderator
 
Beiträge: 11478
Registriert: 07.12.2003, 16:53
Wohnort: Lissabon
Nach oben

Beitragvon King0Pin am 05.04.2005, 15:37

Tue Apr 05 15:15:30 2005 => **********************************************************
Tue Apr 05 15:15:30 2005 => MicroWorld AntiVirus Toolkit Utility.
Tue Apr 05 15:15:30 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Tue Apr 05 15:15:30 2005 => **********************************************************
Tue Apr 05 15:15:30 2005 => Version 6.0.5 (C:\DOKUME~1\KingPin\LOKALE~1\Temp\mwavscan.com)
Tue Apr 05 15:15:30 2005 => Log File: C:\DOKUME~1\KingPin\LOKALE~1\Temp\MWAV.LOG
Tue Apr 05 15:15:30 2005 => Latest Date of files inside MWAV: 04 Apr 2005 11:31:37.
Tue Apr 05 15:15:32 2005 => AV Library Loaded...
Tue Apr 05 15:15:32 2005 => MWAV doing self scanning...
Tue Apr 05 15:15:32 2005 => Scanning File C:\DOKUME~1\KingPin\LOKALE~1\Temp\kavss.exe
Tue Apr 05 15:15:33 2005 => Scanning File C:\DOKUME~1\KingPin\LOKALE~1\Temp\Getvlist.exe
Tue Apr 05 15:15:33 2005 => Scanning File C:\DOKUME~1\KingPin\LOKALE~1\Temp\kavss.dll
Tue Apr 05 15:15:33 2005 => Scanning File C:\DOKUME~1\KingPin\LOKALE~1\Temp\kavssdi.dll
Tue Apr 05 15:15:33 2005 => Scanning File C:\DOKUME~1\KingPin\LOKALE~1\Temp\kavssi.dll
Tue Apr 05 15:15:33 2005 => Scanning File C:\DOKUME~1\KingPin\LOKALE~1\Temp\kavvlg.dll
Tue Apr 05 15:15:33 2005 => Scanning File C:\DOKUME~1\KingPin\LOKALE~1\Temp\msvlclnt.dll
Tue Apr 05 15:15:33 2005 => Scanning File C:\DOKUME~1\KingPin\LOKALE~1\Temp\ipc.dll
Tue Apr 05 15:15:33 2005 => Scanning File C:\DOKUME~1\KingPin\LOKALE~1\Temp\main.avi
Tue Apr 05 15:15:33 2005 => Scanning File C:\DOKUME~1\KingPin\LOKALE~1\Temp\virus.avi
Tue Apr 05 15:15:33 2005 => MWAV files are clean.
Tue Apr 05 15:15:33 2005 => Virus Database Date: 2005/04/04
Tue Apr 05 15:15:33 2005 => Virus Database Count: 124577

Tue Apr 05 15:27:45 2005 => **********************************************************
Tue Apr 05 15:27:45 2005 => MicroWorld AntiVirus Toolkit Utility.
Tue Apr 05 15:27:45 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Tue Apr 05 15:27:45 2005 =>
Tue Apr 05 15:27:45 2005 => Support: support@mwti.net
Tue Apr 05 15:27:45 2005 => Web: http://www.mwti.net
Tue Apr 05 15:27:45 2005 => **********************************************************
Tue Apr 05 15:27:45 2005 => Version 6.0.5 (C:\DOKUME~1\KingPin\LOKALE~1\Temp\mwavscan.com)
Tue Apr 05 15:27:45 2005 => Log File: C:\DOKUME~1\KingPin\LOKALE~1\Temp\MWAV.LOG
Tue Apr 05 15:27:45 2005 => User Account: KingPin
Tue Apr 05 15:27:45 2005 => Windows Root Folder: C:\WINDOWS
Tue Apr 05 15:27:45 2005 => Windows Sys32 Folder: C:\WINDOWS\System32
Tue Apr 05 15:27:45 2005 => OS: Windows NT
Tue Apr 05 15:27:46 2005 => Latest Date of files inside MWAV: 04 Apr 2005 11:31:37.

Tue Apr 05 15:27:46 2005 => Options Selected by User:
Tue Apr 05 15:27:46 2005 => Memory Check: Enabled
Tue Apr 05 15:27:46 2005 => Registry Check: Enabled
Tue Apr 05 15:27:46 2005 => StartUp Folder Check: Enabled
Tue Apr 05 15:27:46 2005 => System Folder Check: Enabled
Tue Apr 05 15:27:46 2005 => System Area Check: Disabled
Tue Apr 05 15:27:46 2005 => Services Check: Enabled
Tue Apr 05 15:27:46 2005 => Drive Check: Enabled
Tue Apr 05 15:27:46 2005 => All Drive Check :Disabled
Tue Apr 05 15:27:46 2005 => Drive Selected = C:\
Tue Apr 05 15:27:46 2005 => Folder Check: Enabled
Tue Apr 05 15:27:46 2005 => Folder Selected = C:\WINDOWS

Tue Apr 05 15:27:46 2005 => ***** Scanning Memory Files *****
Tue Apr 05 15:27:46 2005 => Scanning File C:\WINDOWS\System32\smss.exe
Tue Apr 05 15:27:46 2005 => Scanning File C:\WINDOWS\System32\ntdll.dll
Tue Apr 05 15:27:46 2005 => Scanning File C:\WINDOWS\SYSTEM32\CSRSS.EXE
Tue Apr 05 15:27:46 2005 => Scanning File C:\WINDOWS\system32\CSRSRV.dll
Tue Apr 05 15:27:46 2005 => Scanning File C:\WINDOWS\system32\basesrv.dll
Tue Apr 05 15:27:46 2005 => Scanning File C:\WINDOWS\system32\winsrv.dll
Tue Apr 05 15:27:46 2005 => Scanning File C:\WINDOWS\system32\USER32.dll
Tue Apr 05 15:27:46 2005 => Scanning File C:\WINDOWS\system32\KERNEL32.dll
Tue Apr 05 15:27:46 2005 => Scanning File C:\WINDOWS\system32\GDI32.dll
Tue Apr 05 15:27:46 2005 => Scanning File C:\WINDOWS\system32\ADVAPI32.dll
Tue Apr 05 15:27:46 2005 => Scanning File C:\WINDOWS\system32\RPCRT4.dll
Tue Apr 05 15:27:46 2005 => Scanning File C:\WINDOWS\System32\sxs.dll
Tue Apr 05 15:27:46 2005 => Scanning File C:\WINDOWS\SYSTEM32\WINLOGON.EXE
Tue Apr 05 15:27:46 2005 => Scanning File C:\WINDOWS\system32\msvcrt.dll
Tue Apr 05 15:27:47 2005 => Scanning File C:\WINDOWS\system32\USERENV.dll
Tue Apr 05 15:27:47 2005 => Scanning File C:\WINDOWS\system32\NDdeApi.dll
Tue Apr 05 15:27:47 2005 => Scanning File C:\WINDOWS\system32\CRYPT32.dll
Tue Apr 05 15:27:47 2005 => Scanning File C:\WINDOWS\system32\MSASN1.dll
Tue Apr 05 15:27:47 2005 => Scanning File C:\WINDOWS\system32\Secur32.dll
Tue Apr 05 15:27:47 2005 => Scanning File C:\WINDOWS\system32\WINSTA.dll
Tue Apr 05 15:27:47 2005 => Scanning File C:\WINDOWS\system32\PROFMAP.dll
Tue Apr 05 15:27:47 2005 => Scanning File C:\WINDOWS\system32\NETAPI32.dll
Tue Apr 05 15:27:47 2005 => Scanning File C:\WINDOWS\system32\REGAPI.dll
Tue Apr 05 15:27:47 2005 => Scanning File C:\WINDOWS\system32\WS2_32.dll
Tue Apr 05 15:27:47 2005 => Scanning File C:\WINDOWS\system32\WS2HELP.dll
Tue Apr 05 15:27:47 2005 => Scanning File C:\WINDOWS\system32\AUTHZ.dll
Tue Apr 05 15:27:47 2005 => Scanning File C:\WINDOWS\system32\PSAPI.DLL
Tue Apr 05 15:27:47 2005 => Scanning File C:\WINDOWS\system32\VERSION.dll
Tue Apr 05 15:27:47 2005 => Scanning File C:\WINDOWS\system32\SETUPAPI.dll
Tue Apr 05 15:27:47 2005 => Scanning File C:\WINDOWS\System32\MSGINA.dll
Tue Apr 05 15:27:48 2005 => Scanning File C:\WINDOWS\system32\SHELL32.dll
Tue Apr 05 15:27:48 2005 => Scanning File C:\WINDOWS\system32\SHLWAPI.dll
Tue Apr 05 15:27:48 2005 => Scanning File C:\WINDOWS\system32\COMCTL32.dll
Tue Apr 05 15:27:48 2005 => Scanning File C:\WINDOWS\System32\ODBC32.dll
Tue Apr 05 15:27:48 2005 => Scanning File C:\WINDOWS\system32\comdlg32.dll
Tue Apr 05 15:27:48 2005 => Scanning File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
Tue Apr 05 15:27:48 2005 => Scanning File C:\WINDOWS\System32\odbcint.dll
Tue Apr 05 15:27:48 2005 => Scanning File C:\WINDOWS\System32\SHSVCS.dll
Tue Apr 05 15:27:48 2005 => Scanning File C:\WINDOWS\system32\sfc.dll
Tue Apr 05 15:27:48 2005 => Scanning File C:\WINDOWS\System32\sfc_os.dll
Tue Apr 05 15:27:48 2005 => Scanning File C:\WINDOWS\System32\WINTRUST.dll
Tue Apr 05 15:27:48 2005 => Scanning File C:\WINDOWS\system32\ole32.dll
Tue Apr 05 15:27:49 2005 => Scanning File C:\WINDOWS\system32\IMAGEHLP.dll
Tue Apr 05 15:27:49 2005 => Scanning File C:\WINDOWS\System32\WINSCARD.DLL
Tue Apr 05 15:27:49 2005 => Scanning File C:\WINDOWS\System32\WTSAPI32.dll
Tue Apr 05 15:27:49 2005 => Scanning File C:\WINDOWS\System32\uxtheme.dll
Tue Apr 05 15:27:49 2005 => Scanning File C:\WINDOWS\System32\WINMM.dll
Tue Apr 05 15:27:49 2005 => Scanning File C:\WINDOWS\system32\Ati2evxx.dll
Tue Apr 05 15:27:49 2005 => Scanning File C:\WINDOWS\system32\cscdll.dll
Tue Apr 05 15:27:49 2005 => Scanning File C:\WINDOWS\system32\WlNotify.dll
Tue Apr 05 15:27:49 2005 => Scanning File C:\WINDOWS\System32\WINSPOOL.DRV
Tue Apr 05 15:27:49 2005 => Scanning File C:\WINDOWS\system32\MPR.dll
Tue Apr 05 15:27:49 2005 => Scanning File C:\WINDOWS\System32\rsaenh.dll
Tue Apr 05 15:27:49 2005 => Scanning File C:\WINDOWS\System32\SAMLIB.dll
Tue Apr 05 15:27:49 2005 => Scanning File C:\WINDOWS\System32\cscui.dll
Tue Apr 05 15:27:49 2005 => Scanning File C:\WINDOWS\System32\NTMARTA.DLL
Tue Apr 05 15:27:49 2005 => Scanning File C:\WINDOWS\system32\WLDAP32.dll
Tue Apr 05 15:27:49 2005 => Scanning File C:\WINDOWS\System32\wdmaud.drv
Tue Apr 05 15:27:50 2005 => Scanning File C:\WINDOWS\System32\msacm32.drv
Tue Apr 05 15:27:50 2005 => Scanning File C:\WINDOWS\System32\MSACM32.dll
Tue Apr 05 15:27:50 2005 => Scanning File C:\WINDOWS\System32\midimap.dll
Tue Apr 05 15:27:50 2005 => Scanning File C:\WINDOWS\System32\COMRes.dll
Tue Apr 05 15:27:50 2005 => Scanning File C:\WINDOWS\system32\OLEAUT32.dll
Tue Apr 05 15:27:50 2005 => Scanning File C:\WINDOWS\System32\CLBCATQ.DLL
Tue Apr 05 15:27:50 2005 => Scanning File C:\WINDOWS\system32\msv1_0.dll
Tue Apr 05 15:27:50 2005 => Scanning File C:\WINDOWS\system32\services.exe
Tue Apr 05 15:27:50 2005 => Scanning File C:\WINDOWS\system32\SCESRV.dll
Tue Apr 05 15:27:50 2005 => Scanning File C:\WINDOWS\system32\umpnpmgr.dll
Tue Apr 05 15:27:50 2005 => Scanning File C:\WINDOWS\system32\NCObjAPI.DLL
Tue Apr 05 15:27:50 2005 => Scanning File C:\WINDOWS\system32\eventlog.dll
Tue Apr 05 15:27:50 2005 => Scanning File C:\WINDOWS\system32\lsass.exe
Tue Apr 05 15:27:50 2005 => Scanning File C:\WINDOWS\system32\LSASRV.dll
Tue Apr 05 15:27:50 2005 => Scanning File C:\WINDOWS\system32\SAMSRV.dll
Tue Apr 05 15:27:50 2005 => Scanning File C:\WINDOWS\system32\cryptdll.dll
Tue Apr 05 15:27:50 2005 => Scanning File C:\WINDOWS\system32\DNSAPI.dll
Tue Apr 05 15:27:51 2005 => Scanning File C:\WINDOWS\system32\NTDSAPI.dll
Tue Apr 05 15:27:51 2005 => Scanning File C:\WINDOWS\system32\msprivs.dll
Tue Apr 05 15:27:51 2005 => Scanning File C:\WINDOWS\system32\kerberos.dll
Tue Apr 05 15:27:51 2005 => Scanning File C:\WINDOWS\system32\netlogon.dll
Tue Apr 05 15:27:51 2005 => Scanning File C:\WINDOWS\system32\w32time.dll
Tue Apr 05 15:27:51 2005 => Scanning File C:\WINDOWS\system32\MSVCP60.dll
Tue Apr 05 15:27:51 2005 => Scanning File C:\WINDOWS\system32\iphlpapi.dll
Tue Apr 05 15:27:51 2005 => Scanning File C:\WINDOWS\system32\schannel.dll
Tue Apr 05 15:27:51 2005 => Scanning File C:\WINDOWS\system32\wdigest.dll
Tue Apr 05 15:27:51 2005 => Scanning File C:\WINDOWS\system32\scecli.dll
Tue Apr 05 15:27:51 2005 => Scanning File C:\WINDOWS\system32\ipsecsvc.dll
Tue Apr 05 15:27:51 2005 => Scanning File C:\WINDOWS\system32\oakley.DLL
Tue Apr 05 15:27:51 2005 => Scanning File C:\WINDOWS\system32\WINIPSEC.DLL
Tue Apr 05 15:27:51 2005 => Scanning File C:\WINDOWS\system32\pstorsvc.dll
Tue Apr 05 15:27:51 2005 => Scanning File C:\WINDOWS\system32\mswsock.dll
Tue Apr 05 15:27:51 2005 => Scanning File C:\WINDOWS\System32\wshtcpip.dll
Tue Apr 05 15:27:51 2005 => Scanning File C:\WINDOWS\System32\dssenh.dll
Tue Apr 05 15:27:52 2005 => Scanning File C:\WINDOWS\system32\psbase.dll
Tue Apr 05 15:27:52 2005 => Scanning File C:\WINDOWS\System32\Ati2evxx.exe
Tue Apr 05 15:27:52 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Apr 05 15:27:52 2005 => Scanning File c:\windows\system32\rpcss.dll
Tue Apr 05 15:27:52 2005 => Scanning File C:\WINDOWS\System32\winrnr.dll
Tue Apr 05 15:27:52 2005 => Scanning File C:\WINDOWS\system32\rasadhlp.dll
Tue Apr 05 15:27:52 2005 => Scanning File c:\windows\system32\dhcpcsvc.dll
Tue Apr 05 15:27:52 2005 => Scanning File c:\windows\system32\wzcsvc.dll
Tue Apr 05 15:27:52 2005 => Scanning File c:\windows\system32\rtutils.dll
Tue Apr 05 15:27:52 2005 => Scanning File c:\windows\system32\WMI.dll
Tue Apr 05 15:27:52 2005 => Scanning File c:\windows\system32\ESENT.dll
Tue Apr 05 15:27:52 2005 => Scanning File C:\WINDOWS\System32\rastls.dll
Tue Apr 05 15:27:52 2005 => Scanning File C:\WINDOWS\System32\ATL.DLL
Tue Apr 05 15:27:52 2005 => Scanning File C:\WINDOWS\System32\CRYPTUI.dll
Tue Apr 05 15:27:52 2005 => Scanning File C:\WINDOWS\system32\WININET.dll
Tue Apr 05 15:27:52 2005 => Scanning File C:\WINDOWS\System32\MPRAPI.dll
Tue Apr 05 15:27:53 2005 => Scanning File C:\WINDOWS\System32\ACTIVEDS.dll
Tue Apr 05 15:27:53 2005 => Scanning File C:\WINDOWS\System32\adsldpc.dll
Tue Apr 05 15:27:53 2005 => Scanning File C:\WINDOWS\System32\RASAPI32.dll
Tue Apr 05 15:27:53 2005 => Scanning File C:\WINDOWS\System32\rasman.dll
Tue Apr 05 15:27:53 2005 => Scanning File C:\WINDOWS\System32\TAPI32.dll
Tue Apr 05 15:27:53 2005 => Scanning File C:\WINDOWS\System32\raschap.dll
Tue Apr 05 15:27:53 2005 => Scanning File c:\windows\system32\schedsvc.dll
Tue Apr 05 15:27:53 2005 => Scanning File C:\WINDOWS\System32\MSIDLE.DLL
Tue Apr 05 15:27:53 2005 => Scanning File c:\windows\system32\audiosrv.dll
Tue Apr 05 15:27:53 2005 => Scanning File c:\windows\system32\wkssvc.dll
Tue Apr 05 15:27:53 2005 => Scanning File c:\windows\system32\cryptsvc.dll
Tue Apr 05 15:27:53 2005 => Scanning File c:\windows\system32\certcli.dll
Tue Apr 05 15:27:53 2005 => Scanning File c:\windows\system32\ersvc.dll
Tue Apr 05 15:27:53 2005 => Scanning File c:\windows\system32\es.dll
Tue Apr 05 15:27:53 2005 => Scanning File c:\windows\pchealth\helpctr\binaries\pchsvc.dll
Tue Apr 05 15:27:53 2005 => Scanning File c:\windows\system32\hidserv.dll
Tue Apr 05 15:27:53 2005 => Scanning File c:\windows\system32\HID.DLL
Tue Apr 05 15:27:53 2005 => Scanning File c:\windows\system32\srvsvc.dll
Tue Apr 05 15:27:54 2005 => Scanning File c:\windows\system32\msgsvc.dll
Tue Apr 05 15:27:54 2005 => Scanning File c:\windows\system32\seclogon.dll
Tue Apr 05 15:27:54 2005 => Scanning File c:\windows\system32\srsvc.dll
Tue Apr 05 15:27:54 2005 => Scanning File c:\windows\system32\POWRPROF.dll
Tue Apr 05 15:27:54 2005 => Scanning File c:\windows\system32\trkwks.dll
Tue Apr 05 15:27:54 2005 => Scanning File c:\windows\system32\wbem\wmisvc.dll
Tue Apr 05 15:27:54 2005 => Scanning File c:\windows\system32\wbem\wbemcomn.dll
Tue Apr 05 15:27:54 2005 => Scanning File C:\WINDOWS\System32\VSSAPI.DLL
Tue Apr 05 15:27:54 2005 => Scanning File c:\windows\system32\wuauserv.dll
Tue Apr 05 15:27:54 2005 => Scanning File C:\WINDOWS\System32\wuaueng.dll
Tue Apr 05 15:27:54 2005 => Scanning File C:\WINDOWS\System32\ADVPACK.dll
Tue Apr 05 15:27:54 2005 => Scanning File C:\WINDOWS\system32\comsvcs.dll
Tue Apr 05 15:27:54 2005 => Scanning File C:\WINDOWS\system32\MTXCLU.DLL
Tue Apr 05 15:27:54 2005 => Scanning File C:\WINDOWS\system32\WSOCK32.dll
Tue Apr 05 15:27:54 2005 => Scanning File C:\WINDOWS\system32\colbact.DLL
Tue Apr 05 15:27:54 2005 => Scanning File C:\WINDOWS\System32\CLUSAPI.DLL
Tue Apr 05 15:27:55 2005 => Scanning File C:\WINDOWS\System32\RESUTILS.DLL
Tue Apr 05 15:27:55 2005 => Scanning File C:\WINDOWS\System32\mtxoci.dll
Tue Apr 05 15:27:55 2005 => Scanning File c:\windows\system32\browser.dll
Tue Apr 05 15:27:55 2005 => Scanning File c:\windows\system32\sens.dll
Tue Apr 05 15:27:55 2005 => Scanning File c:\windows\system32\termsrv.dll
Tue Apr 05 15:27:55 2005 => Scanning File c:\windows\system32\ICAAPI.dll
Tue Apr 05 15:27:55 2005 => Scanning File c:\windows\system32\mstlsapi.dll
Tue Apr 05 15:27:55 2005 => Scanning File c:\windows\system32\netman.dll
Tue Apr 05 15:27:55 2005 => Scanning File C:\WINDOWS\system32\NETSHELL.dll
Tue Apr 05 15:27:55 2005 => Scanning File C:\WINDOWS\system32\credui.dll
Tue Apr 05 15:27:55 2005 => Scanning File C:\WINDOWS\System32\upnp.dll
Tue Apr 05 15:27:55 2005 => Scanning File C:\WINDOWS\System32\SSDPAPI.dll
Tue Apr 05 15:27:55 2005 => Scanning File C:\WINDOWS\System32\hnetcfg.dll
Tue Apr 05 15:27:55 2005 => Scanning File C:\WINDOWS\System32\Wbem\wbemcore.dll
Tue Apr 05 15:27:55 2005 => Scanning File C:\WINDOWS\System32\Wbem\esscli.dll
Tue Apr 05 15:27:56 2005 => Scanning File C:\WINDOWS\System32\Wbem\FastProx.dll
Tue Apr 05 15:27:56 2005 => Scanning File C:\WINDOWS\System32\wbem\wmiutils.dll
Tue Apr 05 15:27:56 2005 => Scanning File C:\WINDOWS\System32\wbem\repdrvfs.dll
Tue Apr 05 15:27:56 2005 => Scanning File C:\WINDOWS\System32\wbem\wmiprvsd.dll
Tue Apr 05 15:27:56 2005 => Scanning File C:\WINDOWS\System32\wbem\wbemess.dll
Tue Apr 05 15:27:56 2005 => Scanning File C:\WINDOWS\System32\RASDLG.dll
Tue Apr 05 15:27:56 2005 => Scanning File C:\WINDOWS\System32\winhttp.dll
Tue Apr 05 15:27:56 2005 => Scanning File C:\WINDOWS\System32\wbem\ncprov.dll
Tue Apr 05 15:27:56 2005 => Scanning File c:\windows\system32\dnsrslvr.dll
Tue Apr 05 15:27:56 2005 => Scanning File c:\windows\system32\lmhsvc.dll
Tue Apr 05 15:27:56 2005 => Scanning File c:\windows\system32\webclnt.dll
Tue Apr 05 15:27:56 2005 => Scanning File c:\windows\system32\ssdpsrv.dll
Tue Apr 05 15:27:57 2005 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Tue Apr 05 15:27:57 2005 => Scanning File C:\WINDOWS\system32\SPOOLSS.DLL
Tue Apr 05 15:27:57 2005 => Scanning File C:\WINDOWS\system32\localspl.dll
Tue Apr 05 15:27:57 2005 => Scanning File C:\WINDOWS\system32\cnbjmon.dll
Tue Apr 05 15:27:57 2005 => Scanning File C:\WINDOWS\system32\pjlmon.dll
Tue Apr 05 15:27:57 2005 => Scanning File C:\WINDOWS\system32\tcpmon.dll
Tue Apr 05 15:27:57 2005 => Scanning File C:\WINDOWS\system32\usbmon.dll
Tue Apr 05 15:27:57 2005 => Scanning File C:\WINDOWS\system32\win32spl.dll
Tue Apr 05 15:27:57 2005 => Scanning File C:\WINDOWS\system32\NETRAP.dll
Tue Apr 05 15:27:57 2005 => Scanning File C:\WINDOWS\system32\inetpp.dll
Tue Apr 05 15:27:57 2005 => Scanning File C:\WINDOWS\system32\icmp.dll
Tue Apr 05 15:27:57 2005 => Scanning File C:\WINDOWS\Explorer.EXE
Tue Apr 05 15:27:57 2005 => Scanning File C:\WINDOWS\System32\BROWSEUI.dll
Tue Apr 05 15:27:57 2005 => Scanning File C:\WINDOWS\System32\SHDOCVW.dll
Tue Apr 05 15:27:57 2005 => Scanning File C:\WINDOWS\system32\appHelp.dll
Tue Apr 05 15:27:57 2005 => Scanning File C:\WINDOWS\System32\themeui.dll
Tue Apr 05 15:27:58 2005 => Scanning File C:\WINDOWS\System32\MSIMG32.dll
Tue Apr 05 15:27:58 2005 => Scanning File C:\WINDOWS\System32\msutb.dll
Tue Apr 05 15:27:58 2005 => Scanning File C:\WINDOWS\System32\MSCTF.dll
Tue Apr 05 15:27:58 2005 => Scanning File C:\WINDOWS\System32\LINKINFO.dll
Tue Apr 05 15:27:58 2005 => Scanning File C:\WINDOWS\System32\ntshrui.dll
Tue Apr 05 15:27:58 2005 => Scanning File C:\WINDOWS\system32\urlmon.dll
Tue Apr 05 15:27:58 2005 => Scanning File C:\WINDOWS\System32\msi.dll
Tue Apr 05 15:27:58 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Tue Apr 05 15:27:58 2005 => Scanning File C:\WINDOWS\System32\stobject.dll
Tue Apr 05 15:27:58 2005 => Scanning File C:\WINDOWS\System32\BatMeter.dll
Tue Apr 05 15:27:58 2005 => Scanning File C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL
Tue Apr 05 15:28:01 2005 => File C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.

Tue Apr 05 15:28:01 2005 => Scanning File C:\WINDOWS\System32\printui.dll
Tue Apr 05 15:28:01 2005 => Scanning File C:\WINDOWS\System32\CFGMGR32.dll
Tue Apr 05 15:28:01 2005 => Scanning File C:\WINDOWS\System32\drprov.dll
Tue Apr 05 15:28:01 2005 => Scanning File C:\WINDOWS\System32\ntlanman.dll
Tue Apr 05 15:28:02 2005 => Scanning File C:\WINDOWS\System32\NETUI0.dll
Tue Apr 05 15:28:02 2005 => Scanning File C:\WINDOWS\System32\NETUI1.dll
Tue Apr 05 15:28:02 2005 => Scanning File C:\WINDOWS\System32\davclnt.dll
Tue Apr 05 15:28:02 2005 => Scanning File C:\WINDOWS\System32\MLANG.dll
Tue Apr 05 15:28:02 2005 => Scanning File C:\WINDOWS\System32\browselc.dll
Tue Apr 05 15:28:02 2005 => Scanning File C:\WINDOWS\System32\DUSER.dll
Tue Apr 05 15:28:02 2005 => Scanning File C:\PROGRA~1\Ideazon\ZBOARD~1\Driver\ZBOARD~3.EXE
Tue Apr 05 15:28:02 2005 => Scanning File C:\PROGRA~1\Ideazon\ZBOARD~1\Driver\Zutils.dll
Tue Apr 05 15:28:02 2005 => Scanning File C:\PROGRA~1\Ideazon\ZBOARD~1\Driver\APICLI~1.DLL
Tue Apr 05 15:28:02 2005 => Scanning File C:\PROGRA~1\Ideazon\ZBOARD~1\Driver\DE\RESOUR~1\RZbdTray.dll
Tue Apr 05 15:28:02 2005 => Scanning File C:\WINDOWS\System32\rundll32.exe
Tue Apr 05 15:28:02 2005 => Scanning File C:\PROGRA~1\Ideazon\ZBOARD~1\Driver\Zboard.exe
Tue Apr 05 15:28:02 2005 => Scanning File C:\PROGRA~1\Ideazon\ZBOARD~1\Driver\Zbase.dll
Tue Apr 05 15:28:02 2005 => Scanning File C:\PROGRA~1\Ideazon\ZBOARD~1\Driver\libxml2.dll
Tue Apr 05 15:28:02 2005 => Scanning File C:\PROGRA~1\Ideazon\ZBOARD~1\Driver\iconv.dll
Tue Apr 05 15:28:02 2005 => Scanning File C:\PROGRA~1\Ideazon\ZBOARD~1\Driver\FACE2D~1.DLL
Tue Apr 05 15:28:02 2005 => Scanning File C:\PROGRA~1\Ideazon\ZBOARD~1\Driver\MFC42.DLL
Tue Apr 05 15:28:03 2005 => Scanning File C:\PROGRA~1\Ideazon\ZBOARD~1\Driver\MSVCP60.dll
Tue Apr 05 15:28:03 2005 => Scanning File C:\PROGRA~1\Ideazon\ZBOARD~1\Driver\XMLPAR~1.DLL
Tue Apr 05 15:28:03 2005 => Scanning File C:\WINDOWS\System32\MFC42LOC.DLL
Tue Apr 05 15:28:03 2005 => Scanning File C:\Programme\AVPersonal\AVGUARD.EXE
Tue Apr 05 15:28:03 2005 => Scanning File C:\Programme\AVPersonal\GUARDMSG.DLL
Tue Apr 05 15:28:03 2005 => Scanning File C:\Programme\AVPersonal\AVPREF.DLL
Tue Apr 05 15:28:03 2005 => Scanning File C:\Programme\AVPersonal\SMTPLIB.DLL
Tue Apr 05 15:28:03 2005 => Scanning File C:\Programme\AVPersonal\AVEWIN32.DLL
Tue Apr 05 15:28:03 2005 => Scanning File C:\Programme\AVPersonal\AVWUPSRV.EXE
Tue Apr 05 15:28:03 2005 => Scanning File C:\WINDOWS\System32\MsPMSPSv.exe
Tue Apr 05 15:28:03 2005 => Scanning File C:\Programme\Ventrilo\Ventrilo.exe
Tue Apr 05 15:28:03 2005 => Scanning File C:\WINDOWS\System32\DINPUT8.dll
Tue Apr 05 15:28:03 2005 => Scanning File C:\WINDOWS\System32\DSOUND.dll
Tue Apr 05 15:28:03 2005 => Scanning File C:\WINDOWS\System32\oledlg.dll
Tue Apr 05 15:28:03 2005 => Scanning File C:\WINDOWS\System32\OLEPRO32.DLL
Tue Apr 05 15:28:04 2005 => Scanning File C:\WINDOWS\System32\RICHED32.DLL
Tue Apr 05 15:28:04 2005 => Scanning File C:\WINDOWS\System32\RICHED20.dll
Tue Apr 05 15:28:04 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\MICROS~1\Speech\sapi.dll
Tue Apr 05 15:28:04 2005 => Scanning File C:\WINDOWS\System32\SHFOLDER.dll
Tue Apr 05 15:28:04 2005 => Scanning File C:\WINDOWS\System32\imaadp32.acm
Tue Apr 05 15:28:04 2005 => Scanning File C:\WINDOWS\System32\msadp32.acm
Tue Apr 05 15:28:04 2005 => Scanning File C:\WINDOWS\System32\msg711.acm
Tue Apr 05 15:28:04 2005 => Scanning File C:\WINDOWS\System32\msgsm32.acm
Tue Apr 05 15:28:04 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\SPEECH~1\MICROS~1\TTS\1033\spttseng.dll
Tue Apr 05 15:28:04 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\SPEECH~1\MICROS~1\spcommon.dll
Tue Apr 05 15:28:04 2005 => Scanning File C:\PROGRA~1\MOZILL~1\firefox.exe
Tue Apr 05 15:28:05 2005 => Scanning File C:\PROGRA~1\MOZILL~1\js3250.dll
Tue Apr 05 15:28:05 2005 => Scanning File C:\PROGRA~1\MOZILL~1\nspr4.dll
Tue Apr 05 15:28:05 2005 => Scanning File C:\PROGRA~1\MOZILL~1\xpcom.dll
Tue Apr 05 15:28:05 2005 => Scanning File C:\PROGRA~1\MOZILL~1\plc4.dll
Tue Apr 05 15:28:05 2005 => Scanning File C:\PROGRA~1\MOZILL~1\plds4.dll
Tue Apr 05 15:28:05 2005 => Scanning File C:\PROGRA~1\MOZILL~1\smime3.dll
Tue Apr 05 15:28:05 2005 => Scanning File C:\PROGRA~1\MOZILL~1\nss3.dll
Tue Apr 05 15:28:05 2005 => Scanning File C:\PROGRA~1\MOZILL~1\softokn3.dll
Tue Apr 05 15:28:05 2005 => Scanning File C:\PROGRA~1\MOZILL~1\ssl3.dll
Tue Apr 05 15:28:05 2005 => Scanning File C:\PROGRA~1\MOZILL~1\XPCOM_~1.DLL
Tue Apr 05 15:28:05 2005 => Scanning File C:\WINDOWS\System32\msimtf.dll
Tue Apr 05 15:28:05 2005 => Scanning File C:\Programme\Java\j2re1.4.2_03\bin\NPOJI610.dll
Tue Apr 05 15:28:05 2005 => Scanning File C:\Programme\Java\j2re1.4.2_03\bin\jpins7.dll
Tue Apr 05 15:28:05 2005 => Scanning File C:\Programme\Java\j2re1.4.2_03\bin\jpinsp.dll
Tue Apr 05 15:28:05 2005 => Scanning File C:\Programme\Java\j2re1.4.2_03\bin\jpishare.dll
Tue Apr 05 15:28:05 2005 => Scanning File C:\PROGRA~1\MOZILL~1\COMPON~1\jar50.dll
Tue Apr 05 15:28:05 2005 => Scanning File c:\PROGRA~2\INTERM~1\SPYSUB~1\sshook.dll
Tue Apr 05 15:28:06 2005 => Scanning File C:\WINDOWS\System32\wuauclt.exe
Tue Apr 05 15:28:06 2005 => Scanning File C:\DOKUME~1\KingPin\LOKALE~1\Temp\mwavscan.com
Tue Apr 05 15:28:06 2005 => Scanning File C:\DOKUME~1\KingPin\LOKALE~1\Temp\msvlclnt.dll
Tue Apr 05 15:28:06 2005 => Scanning File C:\DOKUME~1\KingPin\LOKALE~1\Temp\kavssdi.dll
Tue Apr 05 15:28:06 2005 => Scanning File C:\DOKUME~1\KingPin\LOKALE~1\Temp\kavssd.dll
Tue Apr 05 15:28:06 2005 => Scanning File C:\DOKUME~1\KingPin\LOKALE~1\Temp\kavssi.dll
Tue Apr 05 15:28:06 2005 => Scanning File C:\DOKUME~1\KingPin\LOKALE~1\Temp\ipc.dll
Tue Apr 05 15:28:06 2005 => Scanning File C:\DOKUME~1\KingPin\LOKALE~1\Temp\RICHED32.DLL
Tue Apr 05 15:28:06 2005 => Scanning File C:\DOKUME~1\KingPin\LOKALE~1\Temp\PSAPI.DLL
Tue Apr 05 15:28:06 2005 => Scanning File C:\WINDOWS\System32\VDMDBG.DLL
Tue Apr 05 15:28:06 2005 => Scanning File C:\DOKUME~1\KingPin\LOKALE~1\Temp\kavss.exe
Tue Apr 05 15:28:06 2005 => Scanning File C:\DOKUME~1\KingPin\LOKALE~1\Temp\kavss.dll

Tue Apr 05 15:28:06 2005 => ***** Scanning Registry Files *****

Tue Apr 05 15:28:06 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Tue Apr 05 15:28:06 2005 => Scanning File C:\WINDOWS\system32\SHELL32.dll
Tue Apr 05 15:28:06 2005 => Scanning File C:\WINDOWS\system32\SHELL32.dll
Tue Apr 05 15:28:06 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Tue Apr 05 15:28:06 2005 => Scanning File C:\WINDOWS\System32\stobject.dll

Tue Apr 05 15:28:06 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Tue Apr 05 15:28:06 2005 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension

Tue Apr 05 15:28:06 2005 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar

Tue Apr 05 15:28:06 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects

Tue Apr 05 15:28:06 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler
Tue Apr 05 15:28:06 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:06 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:06 2005 => ERROR!!! Invalid Entry {12345678-0000-0010-8000-00AAFF6D2EA4} = C:\WINDOWS\System32\systr.dll (in key Software\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler). Removing it.

Tue Apr 05 15:28:06 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Tue Apr 05 15:28:06 2005 => Scanning File C:\WINDOWS\system32\mmsys.cpl
Tue Apr 05 15:28:07 2005 => Scanning File C:\WINDOWS\system32\icmui.dll
Tue Apr 05 15:28:07 2005 => Scanning File C:\WINDOWS\system32\rshx32.dll
Tue Apr 05 15:28:07 2005 => Scanning File C:\WINDOWS\system32\docprop.dll
Tue Apr 05 15:28:07 2005 => Scanning File C:\WINDOWS\system32\ntshrui.dll
Tue Apr 05 15:28:07 2005 => Scanning File C:\WINDOWS\System32\themeui.dll
Tue Apr 05 15:28:07 2005 => Scanning File C:\WINDOWS\system32\deskadp.dll
Tue Apr 05 15:28:07 2005 => Scanning File C:\WINDOWS\system32\deskmon.dll
Tue Apr 05 15:28:07 2005 => Scanning File C:\WINDOWS\system32\dssec.dll
Tue Apr 05 15:28:07 2005 => Scanning File C:\WINDOWS\system32\SlayerXP.dll
Tue Apr 05 15:28:07 2005 => Scanning File C:\WINDOWS\system32\shscrap.dll
Tue Apr 05 15:28:07 2005 => Scanning File C:\WINDOWS\system32\diskcopy.dll
Tue Apr 05 15:28:07 2005 => Scanning File C:\WINDOWS\system32\ntlanui2.dll
Tue Apr 05 15:28:07 2005 => Scanning File C:\WINDOWS\System32\icmui.dll
Tue Apr 05 15:28:07 2005 => Scanning File C:\WINDOWS\system32\icmui.dll
Tue Apr 05 15:28:07 2005 => Scanning File C:\WINDOWS\system32\printui.dll
Tue Apr 05 15:28:07 2005 => Scanning File C:\WINDOWS\system32\dskquoui.dll
Tue Apr 05 15:28:07 2005 => Scanning File C:\WINDOWS\system32\syncui.dll
Tue Apr 05 15:28:07 2005 => Scanning File C:\WINDOWS\System32\hticons.dll
Tue Apr 05 15:28:07 2005 => Scanning File C:\WINDOWS\system32\fontext.dll
Tue Apr 05 15:28:07 2005 => Scanning File C:\WINDOWS\system32\icmui.dll
Tue Apr 05 15:28:07 2005 => Scanning File C:\WINDOWS\system32\rshx32.dll
Tue Apr 05 15:28:07 2005 => Scanning File C:\WINDOWS\system32\ntshrui.dll
Tue Apr 05 15:28:07 2005 => Scanning File C:\WINDOWS\system32\deskperf.dll
Tue Apr 05 15:28:07 2005 => Scanning File C:\WINDOWS\system32\cryptext.dll
Tue Apr 05 15:28:07 2005 => Scanning File C:\WINDOWS\system32\cryptext.dll
Tue Apr 05 15:28:07 2005 => Scanning File C:\WINDOWS\system32\NETSHELL.dll
Tue Apr 05 15:28:07 2005 => Scanning File C:\WINDOWS\system32\NETSHELL.dll
Tue Apr 05 15:28:07 2005 => Scanning File C:\WINDOWS\system32\wiashext.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\system32\wiashext.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\system32\wiashext.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\system32\wiashext.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\system32\wiashext.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\remotepg.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\wuaueng.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\wshext.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\oledb32.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\mstask.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\mstask.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\mstask.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\shmedia.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\shmedia.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\shmedia.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\shmedia.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\shmedia.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\shmedia.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\sendmail.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\sendmail.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\occache.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\appwiz.cpl
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\appwiz.cpl
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\appwiz.cpl
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\shimgvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\shimgvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\shimgvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\shimgvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\shimgvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\shimgvw.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\netplwiz.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\netplwiz.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\netplwiz.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\netplwiz.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\zipfldr.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\zipfldr.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\zipfldr.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\cdfview.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\cdfview.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\cdfview.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\cdfview.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\cdfview.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\msieftp.dll
Tue Apr 05 15:28:08 2005 => Scanning File C:\WINDOWS\System32\docprop2.dll
Tue Apr 05 15:28:09 2005 => Scanning File C:\WINDOWS\System32\docprop2.dll
Tue Apr 05 15:28:09 2005 => Scanning File C:\WINDOWS\System32\docprop2.dll
Tue Apr 05 15:28:09 2005 => Scanning File C:\WINDOWS\System32\docprop2.dll
Tue Apr 05 15:28:09 2005 => Scanning File C:\WINDOWS\System32\docprop2.dll
Tue Apr 05 15:28:09 2005 => Scanning File C:\WINDOWS\System32\docprop2.dll
Tue Apr 05 15:28:09 2005 => Scanning File C:\WINDOWS\System32\dsquery.dll
Tue Apr 05 15:28:09 2005 => Scanning File C:\WINDOWS\System32\dsquery.dll
Tue Apr 05 15:28:09 2005 => Scanning File C:\WINDOWS\System32\dsquery.dll
Tue Apr 05 15:28:09 2005 => Scanning File C:\WINDOWS\System32\dsquery.dll
Tue Apr 05 15:28:09 2005 => Scanning File C:\WINDOWS\System32\dsuiext.dll
Tue Apr 05 15:28:09 2005 => Scanning File C:\WINDOWS\System32\dsuiext.dll
Tue Apr 05 15:28:09 2005 => Scanning File C:\WINDOWS\System32\mydocs.dll
Tue Apr 05 15:28:09 2005 => Scanning File C:\WINDOWS\System32\mydocs.dll
Tue Apr 05 15:28:09 2005 => Scanning File C:\WINDOWS\System32\mydocs.dll
Tue Apr 05 15:28:09 2005 => Scanning File C:\WINDOWS\System32\cscui.dll
Tue Apr 05 15:28:09 2005 => Scanning File C:\WINDOWS\System32\cscui.dll
Tue Apr 05 15:28:09 2005 => Scanning File C:\WINDOWS\System32\cscui.dll
Tue Apr 05 15:28:09 2005 => Scanning File C:\WINDOWS\msagent\agentpsh.dll
Tue Apr 05 15:28:09 2005 => Scanning File C:\WINDOWS\System32\dfsshlex.dll
Tue Apr 05 15:28:09 2005 => Scanning File C:\WINDOWS\System32\photowiz.dll
Tue Apr 05 15:28:09 2005 => Scanning File C:\WINDOWS\System32\mmcshext.dll
Tue Apr 05 15:28:09 2005 => Scanning File C:\WINDOWS\system32\cabview.dll
Tue Apr 05 15:28:09 2005 => Scanning File C:\PROGRA~1\OUTLOO~1\wabfind.dll
Tue Apr 05 15:28:09 2005 => Scanning File C:\WINDOWS\System32\wmpshell.dll
Tue Apr 05 15:28:09 2005 => Scanning File C:\WINDOWS\System32\wmpshell.dll
Tue Apr 05 15:28:09 2005 => Scanning File C:\WINDOWS\System32\wmpshell.dll
Tue Apr 05 15:28:09 2005 => Scanning File C:\WINDOWS\system32\mscoree.dll
Tue Apr 05 15:28:09 2005 => Scanning File C:\Programme\WinRAR\rarext.dll
Tue Apr 05 15:28:09 2005 => Scanning File C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
Tue Apr 05 15:28:10 2005 => Scanning File c:\PROGRA~2\INTERM~1\SPYSUB~1\sshook.dll

Tue Apr 05 15:28:10 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Tue Apr 05 15:28:10 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Tue Apr 05 15:28:10 2005 => Scanning File C:\WINDOWS\Explorer.exe
Tue Apr 05 15:28:10 2005 => Scanning File C:\WINDOWS\system32\userinit.exe
Tue Apr 05 15:28:10 2005 => Scanning File C:\WINDOWS\system32\dskquota.dll
Tue Apr 05 15:28:10 2005 => Scanning File C:\WINDOWS\system32\scecli.dll
Tue Apr 05 15:28:10 2005 => Scanning File C:\WINDOWS\system32\iedkcs32.dll
Tue Apr 05 15:28:10 2005 => Scanning File C:\WINDOWS\system32\scecli.dll
Tue Apr 05 15:28:10 2005 => ERROR!!! Invalid Entry DllName = appmgmts.dll (in key SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}). Removing it.
Tue Apr 05 15:28:10 2005 => Scanning File C:\WINDOWS\system32\Ati2evxx.dll
Tue Apr 05 15:28:10 2005 => Scanning File C:\WINDOWS\system32\crypt32.dll
Tue Apr 05 15:28:10 2005 => Scanning File C:\WINDOWS\system32\cryptnet.dll
Tue Apr 05 15:28:10 2005 => Scanning File C:\WINDOWS\system32\cscdll.dll
Tue Apr 05 15:28:10 2005 => Scanning File C:\WINDOWS\system32\wlnotify.dll
Tue Apr 05 15:28:10 2005 => Scanning File C:\WINDOWS\system32\wlnotify.dll
Tue Apr 05 15:28:10 2005 => Scanning File C:\WINDOWS\system32\sclgntfy.dll
Tue Apr 05 15:28:10 2005 => Scanning File C:\WINDOWS\system32\WlNotify.dll
Tue Apr 05 15:28:10 2005 => Scanning File C:\WINDOWS\system32\wlnotify.dll
Tue Apr 05 15:28:10 2005 => Scanning File C:\WINDOWS\system32\wlnotify.dll

Tue Apr 05 15:28:10 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Tue Apr 05 15:28:10 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Tue Apr 05 15:28:10 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Tue Apr 05 15:28:10 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDEBUG
Tue Apr 05 15:28:10 2005 => Scanning File C:\WINDOWS\system32\drwtsn32.exe

Tue Apr 05 15:28:10 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Tue Apr 05 15:28:10 2005 => Scanning File C:\WINDOWS\system32\ntsd.exe

Tue Apr 05 15:28:10 2005 => Scanning HKCU\Control Panel\Desktop
Tue Apr 05 15:28:10 2005 => Scanning File C:\WINDOWS\System32\Aquarium.scr

Tue Apr 05 15:28:10 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Control\WOW
Tue Apr 05 15:28:10 2005 => Scanning File C:\WINDOWS\system32\ntvdm.exe
Tue Apr 05 15:28:10 2005 => Scanning File C:\WINDOWS\system32\ntvdm.exe

Tue Apr 05 15:28:10 2005 => Scanning HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Tue Apr 05 15:28:10 2005 => Scanning File C:\WINDOWS\inf\unregmp2.exe
Tue Apr 05 15:28:10 2005 => Scanning File C:\WINDOWS\system32\shmgrate.exe
Tue Apr 05 15:28:10 2005 => Scanning File C:\WINDOWS\system32\RunDLL32.exe
Tue Apr 05 15:28:11 2005 => Scanning File C:\WINDOWS\system32\shmgrate.exe
Tue Apr 05 15:28:11 2005 => Scanning File C:\WINDOWS\system32\regsvr32.exe
Tue Apr 05 15:28:11 2005 => Scanning File C:\WINDOWS\System32\rundll32.exe
Tue Apr 05 15:28:11 2005 => Scanning File C:\PROGRA~1\OUTLOO~1\setup50.exe
Tue Apr 05 15:28:11 2005 => Scanning File C:\WINDOWS\system32\rundll32.exe
Tue Apr 05 15:28:11 2005 => Scanning File C:\WINDOWS\system32\rundll32.exe
Tue Apr 05 15:28:11 2005 => Scanning File C:\WINDOWS\system32\rundll32.exe
Tue Apr 05 15:28:11 2005 => Scanning File C:\PROGRA~1\OUTLOO~1\setup50.exe
Tue Apr 05 15:28:11 2005 => Scanning File C:\WINDOWS\system32\regsvr32.exe
Tue Apr 05 15:28:11 2005 => Scanning File C:\WINDOWS\system32\ie4uinit.exe
Tue Apr 05 15:28:11 2005 => Scanning File C:\WINDOWS\System32\Rundll32.exe

Tue Apr 05 15:28:11 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Tue Apr 05 15:28:11 2005 => Scanning File C:\PROGRA~1\Ideazon\ZBOARD~1\Driver\ZBOARD~3.EXE

Tue Apr 05 15:28:11 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Tue Apr 05 15:28:11 2005 => Scanning HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Run

Tue Apr 05 15:28:11 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Run

Tue Apr 05 15:28:11 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Tue Apr 05 15:28:11 2005 => Scanning File C:\WINDOWS\system32\rundll32.exe

Tue Apr 05 15:28:11 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Tue Apr 05 15:28:11 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Tue Apr 05 15:28:11 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Tue Apr 05 15:28:11 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce

Tue Apr 05 15:28:11 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Tue Apr 05 15:28:11 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Tue Apr 05 15:28:11 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Tue Apr 05 15:28:11 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Tue Apr 05 15:28:11 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup

Tue Apr 05 15:28:11 2005 => Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Tue Apr 05 15:28:11 2005 => Scanning File C:\WINDOWS\System32\CTFMON.EXE

Tue Apr 05 15:28:11 2005 => Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Tue Apr 05 15:28:11 2005 => Scanning HKCR\txtfile\shell\open\command

Tue Apr 05 15:28:11 2005 => Scanning HKCR\comfile\shell\open\command

Tue Apr 05 15:28:11 2005 => Scanning HKCR\exefile\shell\open\command

Tue Apr 05 15:28:11 2005 => Scanning HKCR\dllfile\shell\open\command

Tue Apr 05 15:28:11 2005 => Scanning HKCR\batfile\shell\open\command

Tue Apr 05 15:28:11 2005 => Scanning HKCR\piffile\shell\open\command

Tue Apr 05 15:28:11 2005 => Scanning HKCR\scrfile\shell\open\command

Tue Apr 05 15:28:11 2005 => Scanning HKCR\scrfile\shell\config\command

Tue Apr 05 15:28:11 2005 => Scanning HKCR\regfile\shell\open\command

Tue Apr 05 15:28:11 2005 => Scanning HKCR\htmlfile\shell\open\command
Tue Apr 05 15:28:11 2005 => Scanning File C:\PROGRA~1\INTERN~1\iexplore.exe

Tue Apr 05 15:28:11 2005 => Scanning HKCR\htafile\shell\open\command
Tue Apr 05 15:28:11 2005 => Scanning File C:\WINDOWS\System32\mshta.exe

Tue Apr 05 15:28:11 2005 => Scanning HKCR\jsfile\shell\open\command
Tue Apr 05 15:28:11 2005 => Scanning File C:\WINDOWS\System32\WScript.exe

Tue Apr 05 15:28:11 2005 => Scanning HKCR\jsefile\shell\open\command
Tue Apr 05 15:28:11 2005 => Scanning File C:\WINDOWS\System32\WScript.exe

Tue Apr 05 15:28:11 2005 => Scanning HKCR\vbsfile\shell\open\command
Tue Apr 05 15:28:11 2005 => Scanning File C:\WINDOWS\System32\WScript.exe

Tue Apr 05 15:28:11 2005 => Scanning HKCR\vbefile\shell\open\command
Tue Apr 05 15:28:11 2005 => Scanning File C:\WINDOWS\System32\WScript.exe

Tue Apr 05 15:28:11 2005 => Scanning HKCR\wshfile\shell\open\command
Tue Apr 05 15:28:11 2005 => Scanning File C:\WINDOWS\System32\WScript.exe

Tue Apr 05 15:28:11 2005 => Scanning HKCR\wsffile\shell\open\command
Tue Apr 05 15:28:11 2005 => Scanning File C:\WINDOWS\System32\WScript.exe

Tue Apr 05 15:28:11 2005 => ***** Scanning StartUp Folders *****

Tue Apr 05 15:28:11 2005 => ***** Scanning C:\Dokumente und Einstellungen\KingPin\Startmenü\Programme\Autostart Folder *****
Tue Apr 05 15:28:11 2005 => Scanning Folder: C:\Dokumente und Einstellungen\KingPin\Startmenü\Programme\Autostart\*.*
Tue Apr 05 15:28:11 2005 => Scanning File C:\Dokumente und Einstellungen\KingPin\Startmenü\Programme\Autostart\desktop.ini

Tue Apr 05 15:28:11 2005 => ***** Scanning C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Folder *****
Tue Apr 05 15:28:11 2005 => Scanning Folder: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\*.*
Tue Apr 05 15:28:11 2005 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

Tue Apr 05 15:28:11 2005 => ***** Scanning Service Files *****
Tue Apr 05 15:28:11 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
Tue Apr 05 15:28:11 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\a347bus.sys
Tue Apr 05 15:28:11 2005 => Scanning File C:\WINDOWS\System32\Drivers\a347scsi.sys
Tue Apr 05 15:28:11 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ACPI.sys
Tue Apr 05 15:28:11 2005 => Scanning File C:\WINDOWS\System32\drivers\aec.sys
Tue Apr 05 15:28:11 2005 => Scanning File C:\WINDOWS\System32\drivers\afd.sys
Tue Apr 05 15:28:11 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:11 2005 => Scanning File C:\WINDOWS\System32\alg.exe
Tue Apr 05 15:28:11 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\AN983.sys
Tue Apr 05 15:28:12 2005 => Scanning File C:\Programme\AVPersonal\AVGUARD.EXE
Tue Apr 05 15:28:12 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Apr 05 15:28:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\arp1394.sys
Tue Apr 05 15:28:12 2005 => Scanning File C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
Tue Apr 05 15:28:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\asyncmac.sys
Tue Apr 05 15:28:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\atapi.sys
Tue Apr 05 15:28:12 2005 => Scanning File C:\WINDOWS\System32\Ati2evxx.exe
Tue Apr 05 15:28:12 2005 => Scanning File C:\WINDOWS\system32\ati2sgag.exe
Tue Apr 05 15:28:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ati2mtag.sys
Tue Apr 05 15:28:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\atinrvxx.sys
Tue Apr 05 15:28:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\atmarpc.sys
Tue Apr 05 15:28:12 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\audstub.sys
Tue Apr 05 15:28:12 2005 => Scanning File C:\PROGRAMME\AVPERSONAL\AVGNTDD.SYS
Tue Apr 05 15:28:12 2005 => Scanning File C:\Programme\AVPersonal\AVWUPSRV.EXE
Tue Apr 05 15:28:12 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:12 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\CCDECODE.sys
Tue Apr 05 15:28:12 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\cdrom.sys
Tue Apr 05 15:28:12 2005 => Scanning File C:\WINDOWS\system32\cisvc.exe
Tue Apr 05 15:28:12 2005 => Scanning File C:\WINDOWS\system32\clipsrv.exe
Tue Apr 05 15:28:12 2005 => Scanning File C:\WINDOWS\System32\dllhost.exe
Tue Apr 05 15:28:12 2005 => Scanning File C:\WINDOWS\System32\CTSvcCDA.EXE
Tue Apr 05 15:28:13 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Apr 05 15:28:13 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\d347bus.sys
Tue Apr 05 15:28:13 2005 => Scanning File C:\WINDOWS\System32\Drivers\d347prt.sys
Tue Apr 05 15:28:13 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:13 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\disk.sys
Tue Apr 05 15:28:13 2005 => Scanning File C:\WINDOWS\System32\dmadmin.exe
Tue Apr 05 15:28:13 2005 => Scanning File C:\WINDOWS\System32\drivers\dmboot.sys
Tue Apr 05 15:28:13 2005 => Scanning File C:\WINDOWS\System32\drivers\dmio.sys
Tue Apr 05 15:28:13 2005 => Scanning File C:\WINDOWS\System32\drivers\dmload.sys
Tue Apr 05 15:28:13 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:13 2005 => Scanning File C:\WINDOWS\System32\drivers\DMusic.sys
Tue Apr 05 15:28:13 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:13 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\Dot4.sys
Tue Apr 05 15:28:13 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\hphid411.sys
Tue Apr 05 15:28:13 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys
Tue Apr 05 15:28:13 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\hphipr11.sys
Tue Apr 05 15:28:13 2005 => Scanning File C:\WINDOWS\System32\Drivers\hphs2k11.sys
Tue Apr 05 15:28:13 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\dot4usb.sys
Tue Apr 05 15:28:13 2005 => Scanning File C:\WINDOWS\System32\drivers\hphius11.sys
Tue Apr 05 15:28:13 2005 => Scanning File C:\WINDOWS\System32\drivers\drmkaud.sys
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\System32\Drivers\ElbyCDFL.sys
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\System32\Drivers\ElbyCDIO.sys
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\system32\services.exe
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\fdc.sys
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ftdisk.sys
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\gameenum.sys
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\msgpc.sys
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\hidusb.sys
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\System32\drivers\ifp800.sys
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\imapi.sys
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\System32\imapi.exe
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ipinip.sys
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ipnat.sys
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ipsec.sys
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\irenum.sys
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\isapnp.sys
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\kbdhid.sys
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\System32\drivers\kmixer.sys
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:14 2005 => Scanning File C:\WINDOWS\System32\mnmsrvc.exe
Tue Apr 05 15:28:15 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\mouclass.sys
Tue Apr 05 15:28:15 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\mouhid.sys
Tue Apr 05 15:28:15 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Tue Apr 05 15:28:15 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Tue Apr 05 15:28:15 2005 => Scanning File C:\WINDOWS\System32\msdtc.exe
Tue Apr 05 15:28:15 2005 => Scanning File C:\WINDOWS\System32\msiexec.exe
Tue Apr 05 15:28:15 2005 => Scanning File C:\WINDOWS\System32\drivers\MSKSSRV.sys
Tue Apr 05 15:28:15 2005 => Scanning File C:\WINDOWS\System32\drivers\MSPCLOCK.sys
Tue Apr 05 15:28:15 2005 => Scanning File C:\WINDOWS\System32\drivers\MSPQM.sys
Tue Apr 05 15:28:15 2005 => Scanning File C:\WINDOWS\System32\drivers\MSTEE.sys
Tue Apr 05 15:28:15 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\atinmdxx.sys
Tue Apr 05 15:28:15 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys
Tue Apr 05 15:28:15 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\NdisIP.sys
Tue Apr 05 15:28:15 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Tue Apr 05 15:28:15 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Tue Apr 05 15:28:15 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Tue Apr 05 15:28:15 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\netbios.sys
Tue Apr 05 15:28:15 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\netbt.sys
Tue Apr 05 15:28:15 2005 => Scanning File C:\WINDOWS\system32\netdde.exe
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\system32\netdde.exe
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\System32\lsass.exe
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\nic1394.sys
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\SYSTEM32\NPPTNT2.SYS
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\System32\lsass.exe
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ohci1394.sys
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\OmniDrv.sys
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\OmniUsb.sys
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\OmniUsbl.sys
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\System32\drivers\P17.sys
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\parport.sys
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\pci.sys
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\pciide.sys
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\system32\services.exe
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\System32\HPHipm11.exe
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\System32\lsass.exe
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\raspptp.sys
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\processr.sys
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\system32\lsass.exe
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\psched.sys
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ptilink.sys
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\rasacd.sys
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\raspti.sys
Tue Apr 05 15:28:16 2005 => Scanning File C:\WINDOWS\System32\Drivers\Razerlow.sys
Tue Apr 05 15:28:17 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\razerusb.sys
Tue Apr 05 15:28:17 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\rdbss.sys
Tue Apr 05 15:28:17 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Tue Apr 05 15:28:17 2005 => Scanning File C:\WINDOWS\system32\sessmgr.exe
Tue Apr 05 15:28:17 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\redbook.sys
Tue Apr 05 15:28:17 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:17 2005 => Scanning File C:\WINDOWS\System32\locator.exe
Tue Apr 05 15:28:17 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Apr 05 15:28:17 2005 => Scanning File C:\WINDOWS\System32\rsvp.exe
Tue Apr 05 15:28:17 2005 => Scanning File C:\WINDOWS\system32\lsass.exe
Tue Apr 05 15:28:17 2005 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Tue Apr 05 15:28:17 2005 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Tue Apr 05 15:28:17 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:17 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\secdrv.sys
Tue Apr 05 15:28:17 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:17 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Apr 05 15:28:17 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\serenum.sys
Tue Apr 05 15:28:17 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\serial.sys
Tue Apr 05 15:28:17 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:17 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:17 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\SLIP.sys
Tue Apr 05 15:28:17 2005 => Scanning File C:\WINDOWS\System32\drivers\splitter.sys
Tue Apr 05 15:28:17 2005 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Tue Apr 05 15:28:17 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\sr.sys
Tue Apr 05 15:28:17 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:17 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\srv.sys
Tue Apr 05 15:28:17 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:17 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:17 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\StreamIP.sys
Tue Apr 05 15:28:17 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\swenum.sys
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\System32\drivers\swmidi.sys
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\System32\dllhost.exe
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\System32\drivers\sysaudio.sys
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\system32\smlogsvc.exe
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\tcpip.sys
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\termdd.sys
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\update.sys
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\System32\ups.exe
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\System32\drivers\usbaudio.sys
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\usbccgp.sys
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\usbehci.sys
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\usbhub.sys
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\System32\drivers\vga.sys
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\viaide.sys
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\System32\vssvc.exe
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\wanarp.sys
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\System32\drivers\wdmaud.sys
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\System32\MsPMSPSv.exe
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Apr 05 15:28:18 2005 => Scanning File C:\WINDOWS\System32\wbem\wmiapsrv.exe
Tue Apr 05 15:28:19 2005 => Scanning File C:\WINDOWS\System32\drivers\ws2ifsl.sys
Tue Apr 05 15:28:19 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS
Tue Apr 05 15:28:19 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Apr 05 15:28:19 2005 => Scanning File C:\WINDOWS\System32\svchost.exe

Tue Apr 05 15:28:19 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Services\VxD
Tue Apr 05 15:28:19 2005 => System found infected with IEHijacker.Hotoffers Spyware/Adware ({12345678-0000-0010-8000-00aaff6d2ea4})! Action taken: No Action Taken.
Tue Apr 05 15:28:19 2005 => File System Found infected by "IEHijacker.Ho
King0Pin
 
Beiträge: 16
Registriert: 03.04.2005, 15:02
Wohnort: Rostock
Nach oben

Beitragvon Nikita am 05.04.2005, 15:51

Hallo@

Tue Apr 05 15:28:06 2005 => ERROR!!! Invalid Entry {12345678-0000-0010-8000-00AAFF6D2EA4} = C:\WINDOWS\System32\systr.dll (in key Software\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler). Removing it.
------------------------------------------------------------------------------------------------


Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.



Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\CLSID\{12345678-0000-0010-8000-00AAFF6D2EA4}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{12345678-0000-0010-8000-00AAFF6D2EA4}"=-





neustarten

Die Datei fixme.reg mit Rechts anklicken und Zusammenführen wählen.

mit der Killbox oder manuell:

Die folgende Datei löschen:
C:\WINDOWS\System32\systr.dll
C:\WINDOWS\System32\systr.dll
C:\WINDOWS\System32\mt.exe
C:\WINDOWS\System32\popup_bl.dll
C:\WINDOWS\System32\serch_hook.dll
C:\WINDOWS\System32\setup.exe
C:\WINDOWS\System32\toolband_atl.dll


Tue Apr 05 15:28:01 2005 => File C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL infected by "not-a-virus:AdWare.NewDotNet" Virus. Action Taken: No Action Taken.

dann musst du immer noch die NEWDOT~2.DLL mit dem Tool
loeschen
•LSPfix.exe
http://www.spychecker.com/program/lspfix.html

<"I know what I'm doing" <--anhaken
die NEWDOT~2.DLL von links nach rechts bringen und loeschen

L2mfix
1. Laden Sie L2mfix von hier :
2.
http://bilder.informationsarchiv.net/Ni ... l2mfix.exe
3. Speichern Sie die Datei auf Ihren Desktop und doppel-klicken Sie click l2mfix.exe.
4. Klicken Sie auf Installieren um die Dateien zu extrahieren und folgen Sie den Anweisungen während der Installation.
5. Dann öffnen Sie den auf Ihrem Desktop neuerstellten Ordner l2mfix
6. Doppel-klicken Sie die Datei l2mfix.bat und tippen sie eine 1 und drücken Sie [Enter], um Find log laufen zu lassen. Dies wird Ihren Computer scannen. Es kann sein, das es so aussieht als ob nichts passiert, aber nach 1 oder 2 Minuten wird sich Notepad mit einem Log öffnen.
7. Kopieren Sie den Inhalt durch Strg+A und fügen Sie den Inhalt in Ihren Thread durch Strg+V...oder einfach mit der Maus abkopieren Wink

WICHTIG:Nutzen Sie nicht Option 2, oder jegliche andere Dateien aus dem l2mfix Ordner, bis Sie dazu aufgefordert werden!

8. Schließen Sie alle offenen Programme , da der nächste Schritt einen Neustart erfordert. Klicken Sie erneut auf l2mfix.bat und tippen Sie 2 ein --> [Enter].
9. Drücken Sie eine beliebige Taste um einen Systemneustart einzuleiten.
10. Nach dem Neustart, werden Ihre Icons auf dem Desktop kurz erscheinen und kurz verschwinden - dies ist NORMAL.
11. L2mfix wird den Systemscan fortsetzen und wenn es fertig ist, wird sich Notepad öffnen und einen Log anzeigen. Kopieren Sie auch diesen hier in den Thread rein (Strg+C & Strg+V). Posten Sie ausserdem einen aktuellen HijackThis Log.

WICHTIG: Nutzen Sie nicht Option 2, oder jegliche andere Dateien aus dem l2mfix Ordner, bis Sie dazu aufgefordert werden!

12. Doppel-klicken Sie erneut auf l2mfix.bat und geben Sie 4 ein. Bestätigen Sie mit [Enter].
13. Dies stellt die Winlogon Standardeinstellungen wieder her.
14. Posten Sie einen aktuellen HijackThis Log
Nikita
Moderator
 
Beiträge: 11478
Registriert: 07.12.2003, 16:53
Wohnort: Lissabon
Nach oben
Antwort erstellen

Ähnliche Themen

Cheats Page...
Forum: Software-Hilfe
Autor: Spinne20
Antworten:
Beim jedem Start kommt eine Meldung : Laufzeitfehler 61. ??
Forum: Software-Hilfe
Autor: Care333
Antworten:
Laptop(Gericom Masterpeace)h