Hallo *,
bei meinem PC versucht sich die winlogon.exe seite eineigen Tagen mit dem Internet zu verbinden. Meine Sygate Personal Firewall zeigt folgende Meldung:
Windows NT-Anmeldung (einlogon.exe) is trying to connect to s133179636.websitehome.co.uk (82.165.87.237) using remote port 80(HTTP - World Wide Web).
Warum tut sie das ????
HP aus W
Warum kostenlos registrieren?
Nur als registriertes Mitglied hast Du vollen Zugriff auf alle Funktionen unserer Website. So kannst Du eigene Fragen stellen und hast die volle Übersicht über neue interessante Themen im Forum.
Jetzt kostenlos registrieren.
Login
winlogon.exe will sich automatisch mit Internet verbinden
11 Beiträge • Seite 1 von 1
von Nikita am 06.09.2005, 10:14
Hallo@HPausW
HijackThis
http://computercops.biz/zx/Merijn/hijackthis.zip
http://nikita.eddys-domain.de/hjtkurz.html
Lade/entpacke HijackThis in einem Ordner
-->None of the above,
just start the program --> Save--> Savelog -->es öffnet sich der
Editor -->
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins
Forum mit rechtem Mausklick "einfügen"
bitte abarbeiten nd alles posten
http://nikita.eddys-domain.de/findqoologic.html
HijackThis
http://computercops.biz/zx/Merijn/hijackthis.zip
http://nikita.eddys-domain.de/hjtkurz.html
Lade/entpacke HijackThis in einem Ordner
-->None of the above,
just start the program --> Save--> Savelog -->es öffnet sich der
Editor -->
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins
Forum mit rechtem Mausklick "einfügen"
bitte abarbeiten nd alles posten
http://nikita.eddys-domain.de/findqoologic.html
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
Logfile
von HPausW am 07.09.2005, 12:00
Hallo Nikita,
hier das Logfile:
Logfile of HijackThis v1.99.1
Scan saved at 11:57:09, on 07.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Internet Update Manager\UPDMGR.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Virtual CD v4\System\vcdsecs.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\AVPersonal\AVSCHED32.EXE
C:\Programme\AVPersonal\INETUPD.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\DOKUME~1\Harpie\LOKALE~1\Temp\_tc\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.100:800
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSCHED32.EXE /min
O8 - Extra context menu item: &Download by Morgul - C:\Programme\Morgul\brext_cp.htm
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Mit dem LeechGet Wizard laden - file://C:\Programme\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: Mit LeechGet herunterladen - file://C:\Programme\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Mit LeechGet parsen - file://C:\Programme\LeechGet 2004\\Parser.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programme\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: mcfG7A - C:\WINDOWS\SYSTEM32\mcfG7A.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update Manager (AVUpdateManager) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\Internet Update Manager\UPDMGR.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: Virtual CD v4 Security service (VCDSecS) - H+H Software GmbH - C:\Programme\Virtual CD v4\System\vcdsecs.exe
Mfg HPausW
hier das Logfile:
Logfile of HijackThis v1.99.1
Scan saved at 11:57:09, on 07.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Internet Update Manager\UPDMGR.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Virtual CD v4\System\vcdsecs.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\AVPersonal\AVSCHED32.EXE
C:\Programme\AVPersonal\INETUPD.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\DOKUME~1\Harpie\LOKALE~1\Temp\_tc\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.100:800
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSCHED32.EXE /min
O8 - Extra context menu item: &Download by Morgul - C:\Programme\Morgul\brext_cp.htm
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Mit dem LeechGet Wizard laden - file://C:\Programme\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: Mit LeechGet herunterladen - file://C:\Programme\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Mit LeechGet parsen - file://C:\Programme\LeechGet 2004\\Parser.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programme\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: mcfG7A - C:\WINDOWS\SYSTEM32\mcfG7A.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update Manager (AVUpdateManager) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\Internet Update Manager\UPDMGR.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: Virtual CD v4 Security service (VCDSecS) - H+H Software GmbH - C:\Programme\Virtual CD v4\System\vcdsecs.exe
Mfg HPausW
- HPausW
- Beiträge: 6
- Registriert: 05.09.2005, 10:01
von Nikita am 07.09.2005, 12:10
O20 - Winlogon Notify: mcfG7A - C:\WINDOWS\SYSTEM32\mcfG7A.dll O23 - Service:
Servicio de registro de McAfee (McAfeeFramework)
#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten
O20 - Winlogon Notify: mcfG7A - C:\WINDOWS\SYSTEM32\mcfG7A.dll
PC neustarten
dann sollte Ruhe herrschen
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
Leider noch nicht erledigt!
von HPausW am 09.09.2005, 09:30
Gerade bekam ich die Meldung wieder.
Hier das aktuelle Logfile
Logfile of HijackThis v1.99.0
Scan saved at 09:27:16, on 09.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Internet Update Manager\UPDMGR.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\ewido\security suite\ewidoguard.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Virtual CD v4\System\vcdsecs.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\AVPersonal\AVSCHED32.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\HijackThis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSCHED32.EXE /min
O8 - Extra context menu item: &Download by Morgul - C:\Programme\Morgul\brext_cp.htm
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Mit dem LeechGet Wizard laden - file://C:\Programme\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: Mit LeechGet herunterladen - file://C:\Programme\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Mit LeechGet parsen - file://C:\Programme\LeechGet 2004\\Parser.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programme\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7FB3A070-ACE5-43CE-BD9A-0314AF85ED61}: NameServer = 192.168.2.100
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update Manager - H+BEDV Datentechnik GmbH, Germany - C:\Programme\Internet Update Manager\UPDMGR.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: Virtual CD v4 Security service - H+H Software GmbH - C:\Programme\Virtual CD v4\System\vcdsecs.exe
Hier das aktuelle Logfile
Logfile of HijackThis v1.99.0
Scan saved at 09:27:16, on 09.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Internet Update Manager\UPDMGR.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\ewido\security suite\ewidoguard.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Virtual CD v4\System\vcdsecs.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\AVPersonal\AVSCHED32.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\HijackThis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSCHED32.EXE /min
O8 - Extra context menu item: &Download by Morgul - C:\Programme\Morgul\brext_cp.htm
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Mit dem LeechGet Wizard laden - file://C:\Programme\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: Mit LeechGet herunterladen - file://C:\Programme\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Mit LeechGet parsen - file://C:\Programme\LeechGet 2004\\Parser.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programme\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7FB3A070-ACE5-43CE-BD9A-0314AF85ED61}: NameServer = 192.168.2.100
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update Manager - H+BEDV Datentechnik GmbH, Germany - C:\Programme\Internet Update Manager\UPDMGR.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: Virtual CD v4 Security service - H+H Software GmbH - C:\Programme\Virtual CD v4\System\vcdsecs.exe
- HPausW
- Beiträge: 6
- Registriert: 05.09.2005, 10:01
von Nikita am 09.09.2005, 12:14
arbeite bitte die 4 Logs ab (alle mit pfad hier kopieren)
http://nikita.eddys-domain.de/datfindbat.html
http://nikita.eddys-domain.de/datfindbat.html
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
Logfiles
von HPausW am 12.09.2005, 20:11
Hallo Nikita,
hatte ein paar Tage keine Zeit! Hier die 4 Logs.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3868-1AE5
Verzeichnis von C:\
12.09.2005 20:02 0 sys.txt
12.09.2005 20:02 8.837 system.txt
12.09.2005 20:02 591 systemtemp.txt
12.09.2005 20:02 135.982 system32.txt
09.09.2005 07:32 804.495.360 pagefile.sys
17.08.2005 10:50 959.796 educheck.jpg
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3868-1AE5
Verzeichnis von C:\WINDOWS
12.09.2005 15:05 1.369.550 WindowsUpdate.log
09.09.2005 07:32 0 0.log
09.09.2005 07:32 159 wiadebug.log
09.09.2005 07:32 50 wiaservc.log
09.09.2005 07:32 2.048 bootstat.dat
08.09.2005 11:29 1.125 winamp.ini
04.09.2005 12:15 1.059 win.ini
02.09.2005 14:32 52 StreamRipper32.INI
02.09.2005 14:32 276 sripper.ini
22.08.2005 16:37 1.409 QTFont.for
22.08.2005 16:37 54.156 QTFont.qfn
21.08.2005 10:53 69 NeroDigital.ini
21.08.2005 00:07 1.535 Illuminator Settings.ini
20.08.2005 23:49 24 APHIB.ini
20.08.2005 23:49 24 SNYA.ini
20.08.2005 23:49 24 SEEYB.ini
20.08.2005 23:49 24 CONVB.ini
17.08.2005 12:28 737.280 iun6002.exe
15.08.2005 13:38 24.066 mozver.dat
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3868-1AE5
Verzeichnis von C:\DOKUME~1\Harpie\LOKALE~1\Temp
12.09.2005 18:37 682.314 Online-Antrag-Nr3905071.pdf
10.09.2005 14:41 130 Map.gif
09.09.2005 09:33 16.384 ~DFB049.tmp
09.09.2005 09:25 10.483 tmp-2.xpi
09.09.2005 09:25 67.569 tmp-1.xpi
09.09.2005 09:25 127.634 tmp.xpi
08.09.2005 08:31 16.384 ~DF2532.tmp
7 Datei(en) 920.898 Bytes
0 Verzeichnis(se), 80.390.025.216 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3868-1AE5
Verzeichnis von C:\WINDOWS\system32
07.09.2005 11:45 13.002 wpa.dbl
04.09.2005 12:16 0 asfiles.txt
04.09.2005 12:12 2.550 Uninstall.ico
04.09.2005 12:12 1.406 Help.ico
04.09.2005 12:12 1.718 Open.ico
04.09.2005 12:12 1.406 AddQuit.ico
04.09.2005 12:12 5.350 IE.ico
04.09.2005 12:12 9.470 Desktop.ico
04.09.2005 12:12 1.718 Quick.ico
03.09.2005 20:42 1.806 autoexec.nt
19.08.2005 11:05 376.980 perfh009.dat
19.08.2005 11:05 387.648 perfh007.dat
19.08.2005 11:05 51.562 perfc009.dat
19.08.2005 11:05 62.342 perfc007.dat
19.08.2005 11:05 886.148 PerfStringBackup.INI
09.08.2005 08:35 177.856 FNTCACHE.DAT
05.08.2005 03:31 1.457.496 MRT.exe
03.08.2005 10:33 520.456 LegitCheckControl.DLL
HPausW
hatte ein paar Tage keine Zeit! Hier die 4 Logs.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3868-1AE5
Verzeichnis von C:\
12.09.2005 20:02 0 sys.txt
12.09.2005 20:02 8.837 system.txt
12.09.2005 20:02 591 systemtemp.txt
12.09.2005 20:02 135.982 system32.txt
09.09.2005 07:32 804.495.360 pagefile.sys
17.08.2005 10:50 959.796 educheck.jpg
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3868-1AE5
Verzeichnis von C:\WINDOWS
12.09.2005 15:05 1.369.550 WindowsUpdate.log
09.09.2005 07:32 0 0.log
09.09.2005 07:32 159 wiadebug.log
09.09.2005 07:32 50 wiaservc.log
09.09.2005 07:32 2.048 bootstat.dat
08.09.2005 11:29 1.125 winamp.ini
04.09.2005 12:15 1.059 win.ini
02.09.2005 14:32 52 StreamRipper32.INI
02.09.2005 14:32 276 sripper.ini
22.08.2005 16:37 1.409 QTFont.for
22.08.2005 16:37 54.156 QTFont.qfn
21.08.2005 10:53 69 NeroDigital.ini
21.08.2005 00:07 1.535 Illuminator Settings.ini
20.08.2005 23:49 24 APHIB.ini
20.08.2005 23:49 24 SNYA.ini
20.08.2005 23:49 24 SEEYB.ini
20.08.2005 23:49 24 CONVB.ini
17.08.2005 12:28 737.280 iun6002.exe
15.08.2005 13:38 24.066 mozver.dat
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3868-1AE5
Verzeichnis von C:\DOKUME~1\Harpie\LOKALE~1\Temp
12.09.2005 18:37 682.314 Online-Antrag-Nr3905071.pdf
10.09.2005 14:41 130 Map.gif
09.09.2005 09:33 16.384 ~DFB049.tmp
09.09.2005 09:25 10.483 tmp-2.xpi
09.09.2005 09:25 67.569 tmp-1.xpi
09.09.2005 09:25 127.634 tmp.xpi
08.09.2005 08:31 16.384 ~DF2532.tmp
7 Datei(en) 920.898 Bytes
0 Verzeichnis(se), 80.390.025.216 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3868-1AE5
Verzeichnis von C:\WINDOWS\system32
07.09.2005 11:45 13.002 wpa.dbl
04.09.2005 12:16 0 asfiles.txt
04.09.2005 12:12 2.550 Uninstall.ico
04.09.2005 12:12 1.406 Help.ico
04.09.2005 12:12 1.718 Open.ico
04.09.2005 12:12 1.406 AddQuit.ico
04.09.2005 12:12 5.350 IE.ico
04.09.2005 12:12 9.470 Desktop.ico
04.09.2005 12:12 1.718 Quick.ico
03.09.2005 20:42 1.806 autoexec.nt
19.08.2005 11:05 376.980 perfh009.dat
19.08.2005 11:05 387.648 perfh007.dat
19.08.2005 11:05 51.562 perfc009.dat
19.08.2005 11:05 62.342 perfc007.dat
19.08.2005 11:05 886.148 PerfStringBackup.INI
09.08.2005 08:35 177.856 FNTCACHE.DAT
05.08.2005 03:31 1.457.496 MRT.exe
03.08.2005 10:33 520.456 LegitCheckControl.DLL
HPausW
- HPausW
- Beiträge: 6
- Registriert: 05.09.2005, 10:01
von Nikita am 12.09.2005, 22:48
http://websitehome.co.uk/
das ist meiner Meinung nach eine normale
Seite, dennoch:
hast du diesen Antrag auf dieser Seite gemacht?
12.09.2005 18:37 682.314 Online-Antrag-Nr3905071.pdf
ich kann nichts sehen an malware, mache bitte einen scan mit Silenrunner:
http://nikita.eddys-domain.de/silentrunner.html
und
winpfind
http://nikita.eddys-domain.de/winpfind.html
das ist meiner Meinung nach eine normale
Seite, dennoch:
hast du diesen Antrag auf dieser Seite gemacht?
12.09.2005 18:37 682.314 Online-Antrag-Nr3905071.pdf
ich kann nichts sehen an malware, mache bitte einen scan mit Silenrunner:
http://nikita.eddys-domain.de/silentrunner.html
und
winpfind
http://nikita.eddys-domain.de/winpfind.html
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
von HPausW am 17.09.2005, 02:32
Hallo,
die Logfiles:
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX! 16.06.2005 13:23:00 116736 C:\WINDOWS\dbxDigitalRiver.exe
UPX! 23.05.2005 15:22:00 183296 C:\WINDOWS\dbxesellerate.exe
Checking %System% folder...
UPX! 01.09.2004 16:49:56 284672 C:\WINDOWS\SYSTEM32\avisynth.dll
PEC2 18.08.2001 16:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc
UPX! 05.01.2003 02:42:32 67072 C:\WINDOWS\SYSTEM32\dtssource.ax
UPX! 29.01.2004 11:21:16 96256 C:\WINDOWS\SYSTEM32\hrPing.exe
PECompact2 05.08.2005 03:31:56 1457496 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 05.08.2005 03:31:56 1457496 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 04.08.2004 00:57:10 733696 C:\WINDOWS\SYSTEM32\ntdll.dll
PEC2 03.11.2003 19:02:38 131072 C:\WINDOWS\SYSTEM32\PBBalloon1.ocx
PEC2 26.08.2003 21:04:34 136192 C:\WINDOWS\SYSTEM32\PBEmail1.ocx
UPX! 30.04.2004 20:46:24 28672 C:\WINDOWS\SYSTEM32\qtalt.ax
Umonitor 04.08.2004 00:57:34 686592 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 26.03.2004 15:32:36 116224 C:\WINDOWS\SYSTEM32\rmalt.ax
UPX! 04.03.2003 23:12:44 20992 C:\WINDOWS\SYSTEM32\vbalIPrg.dll
winsync 18.08.2001 16:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
UPX! 24.06.2003 16:14:08 194048 C:\WINDOWS\SYSTEM32\xvid.dll
Checking %System%\Drivers folder and sub-folders...
PTech 21.04.2002 05:19:00 1295336 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
17.09.2005 02:15:10 S 2048 C:\WINDOWS\bootstat.dat
22.08.2005 16:37:32 H 54156 C:\WINDOWS\QTFont.qfn
03.09.2005 20:42:50 S 64 C:\WINDOWS\CSC\00000001
02.09.2005 23:51:38 S 64 C:\WINDOWS\CSC\00000002
01.09.2005 07:41:48 S 64 C:\WINDOWS\CSC\csc1.tmp
19.07.2005 19:18:04 S 18913 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896727.cat
17.09.2005 02:18:58 H 1024 C:\WINDOWS\system32\config\default.LOG
17.09.2005 02:15:34 H 1024 C:\WINDOWS\system32\config\SAM.LOG
17.09.2005 02:16:04 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
17.09.2005 02:23:18 H 1024 C:\WINDOWS\system32\config\software.LOG
17.09.2005 02:17:04 H 1024 C:\WINDOWS\system32\config\system.LOG
13.08.2005 06:32:36 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
21.08.2005 13:32:06 S 341 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8
21.08.2005 13:32:00 S 688 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
21.08.2005 13:32:10 S 413 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165
14.09.2005 17:59:02 S 70191 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\Content\F482C95F83F1B59228F1B1E720F2EDF1
21.08.2005 13:32:06 S 126 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8
21.08.2005 13:32:00 S 94 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
21.08.2005 13:32:10 S 98 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165
14.09.2005 17:59:02 S 128 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\MetaData\F482C95F83F1B59228F1B1E720F2EDF1
15.08.2005 10:23:20 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\aa818950-6b76-46cb-a7df-39945ab3426a
15.08.2005 10:23:20 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
14.08.2005 21:28:30 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\6ea5d93d-1cd7-46a8-bbde-7296cb8d06bd
14.08.2005 21:28:30 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
05.09.2005 09:13:36 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
05.09.2005 09:13:36 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CTAVWD6N\desktop.ini
05.09.2005 09:13:36 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\G3GVCPKX\desktop.ini
05.09.2005 09:13:36 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KTAB81QR\desktop.ini
05.09.2005 09:13:36 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WRL74VP0\desktop.ini
05.09.2005 09:13:36 HS 113 C:\WINDOWS\Temp\Verlauf\History.IE5\desktop.ini
Checking for CPL files...
19.08.2003 09:20:04 180224 C:\WINDOWS\SYSTEM32\ac3filter.cpl
Microsoft Corporation 04.08.2004 00:58:24 70656 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 04.08.2004 00:58:24 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl
11.05.2001 09:00:00 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl
Microsoft Corporation 04.08.2004 00:58:24 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 04.08.2004 00:58:24 138240 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 04.08.2004 00:58:24 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 04.08.2004 00:58:24 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Borland Software Corporation. 29.11.2001 01:50:00 430080 C:\WINDOWS\SYSTEM32\ibmgr.cpl
Ahead Software AG 15.09.2003 14:56:02 57344 C:\WINDOWS\SYSTEM32\ImageDrive.cpl
Microsoft Corporation 04.08.2004 00:58:24 359424 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 04.08.2004 00:58:24 133120 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 04.08.2004 00:58:24 381440 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 04.08.2004 00:58:24 69632 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 04.03.2005 20:01:12 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 18.08.2001 16:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 04.08.2004 00:58:24 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 18.08.2001 16:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 04.08.2004 00:58:24 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 04.08.2004 00:58:24 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 06.10.2003 15:16:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 18.08.2001 16:00:00 38400 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 04.08.2004 00:58:24 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
O&O Software GmbH 27.08.2003 18:01:40 368912 C:\WINDOWS\SYSTEM32\OOBCPRO.cpl
Microsoft Corporation 04.08.2004 00:58:24 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 03.10.2003 16:14:30 314880 C:\WINDOWS\SYSTEM32\QuickTime.cpl
SiSoftware 09.02.2004 15:42:30 53248 C:\WINDOWS\SYSTEM32\SanCpl.cpl
24.03.2003 18:43:32 401408 C:\WINDOWS\SYSTEM32\slcpappl.cpl
NVIDIA Corporation 13.11.2002 09:33:30 R 73728 C:\WINDOWS\SYSTEM32\sscpl.cpl
Microsoft Corporation 04.08.2004 00:58:24 303104 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 18.08.2001 16:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 04.08.2004 00:58:24 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 04.08.2004 00:58:24 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
NVIDIA Corporation 23.06.2003 11:24:00 R 143360 C:\WINDOWS\SYSTEM32\ReinstallBackups\0008\DriverFiles\nvtuicpl.cpl
NVIDIA Corporation 28.07.2003 16:19:00 143360 C:\WINDOWS\SYSTEM32\ReinstallBackups\0009\DriverFiles\nvtuicpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
Checking files in %ALLUSERSPROFILE%\Application Data folder...
11.11.2003 13:12:00 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini
31.01.2004 09:15:18 0 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\foozle.1836
Checking files in %USERPROFILE%\Startup folder...
Checking files in %USERPROFILE%\Application Data folder...
11.11.2003 13:12:00 HS 62 C:\Dokumente und Einstellungen\Harpie\Anwendungsdaten\desktop.ini
05.02.2005 21:22:26 65 C:\Dokumente und Einstellungen\Harpie\Anwendungsdaten\sversion.ini
05.02.2005 21:01:42 2048 C:\Dokumente und Einstellungen\Harpie\Anwendungsdaten\user60.rdb
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AntiVir/Win
{a7cda720-84ee-11d0-b5c0-00001b3ca278} = C:\Programme\AVPersonal\AVShlExt.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Cheetah Burner Menu
{88CBF1CB-6F55-11D8-ABF8-C5E6374AC960} = C:\Programme\Cheetah Burner\CheetahCtxMnu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\East-TecEraser
{E0BD38EB-C8EC-11D2-B274-B493B003B125} = C:\PROGRA~1\EAST-T~1\eteshell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Programme\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\HexWorkshopContextMenu
{7bc80fe0-4b41-11cf-8fba-444553540000} = C:\Programme\BreakPoint Software\Hex Workshop 3.1\hwext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LeechGet
{EBDF1F20-C829-14D1-8234-1420AF3E97A9} = C:\Programme\LeechGet 2004\ShellExtension.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Morgul
{6567D0AE-32DF-11D7-BC71-00408103CEAF} = C:\Programme\Morgul\morgulexplext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\QuickViewPlusMenu
{F0F08737-0C36-101B-B086-0020AF07D0F4} = C:\PROGRA~1\QUICKV~1\PROGRAM\QVPSE4.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\SrExt
{a90d5ea2-a1d7-11cf-8dc1-00805fc2353f} = C:\PROGRA~1\sr\srext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{616c1f06-bad8-11d2-b355-00104b642749}
= muangsys.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AntiVir/Win
{a7cda720-84ee-11d0-b5c0-00001b3ca278} = C:\Programme\AVPersonal\AVShlExt.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\East-TecEraser
{E0BD38EB-C8EC-11D2-B274-B493B003B125} = C:\PROGRA~1\EAST-T~1\eteshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LeechGet
{EBDF1F20-C829-14D1-8234-1420AF3E97A9} = C:\Programme\LeechGet 2004\ShellExtension.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SrExt
{a90d5ea2-a1d7-11cf-8dc1-00805fc2353f} = C:\PROGRA~1\sr\srext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{616c1f06-bad8-11d2-b355-00104b642749}
= muangsys.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Cheetah Burner Menu
{88CBF1CB-6F55-11D8-ABF8-C5E6374AC960} = C:\Programme\Cheetah Burner\CheetahCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Programme\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\LeechGet
{EBDF1F20-C829-14D1-8234-1420AF3E97A9} = C:\Programme\LeechGet 2004\ShellExtension.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Morgul
{6567D0AE-32DF-11D7-BC71-00408103CEAF} = C:\Programme\Morgul\morgulexplext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\QuickViewPlusMenu
{F0F08737-0C36-101B-B086-0020AF07D0F4} = C:\PROGRA~1\QUICKV~1\PROGRAM\QVPSE4.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{6F480F82-C3A6-4D35-96F7-B297AD49FBE8}
Copernic Agent Results = C:\Programme\Copernic Agent\CopernicAgentExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Konsole :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A}
ButtonText = eBay - Homepage : C:\Programme\IrfanView\Ebay\Ebay.htm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Programme\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer-Band = %SystemRoot%\System32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus :
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
{1CBF31FC-3C23-4BA6-AF16-2CEC501BD837} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus :
{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} = :
{38D2A281-0444-433C-9ED6-A2851795F32A} = :
{2685A3D0-1459-45EE-8426-5B8CF98899A8} = :
{1CBF31FC-3C23-4BA6-AF16-2CEC501BD837} = :
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SmcService C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
AVGCtrl "C:\Programme\AVPersonal\AVGNT.EXE" /min
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
AVSCHED32 C:\Programme\AVPersonal\AVSCHED32.EXE /min
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoControlPanel 0
NoResolveTrack 1
NoStrCmpLogical 1
NoSimpleStartMenu 1
NoStartBanner 1
GreyMSIAds 1
NoSMBalloonTip 1
ForceClassicControlPanel 1
NoDesktopCleanupWizard 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall
NoSupportInfo 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoStartMenuMFUprogramsList 0
NoThemesTab 0
ClearRecentDocsOnExit
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
NoDispScrSavPage 0
NoDispSettingsPage 0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall
NoRemovePage 0
NoAddPage 0
NoWindowsSetupPage 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mcfG7A
= mcfG7A.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.0 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 17.09.2005 02:23:24
"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SmcService" = "C:\PROGRA~1\Sygate\SPF\smc.exe -startgui" ["Sygate Technologies, Inc."]
"AVGCtrl" = ""C:\Programme\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"AVSCHED32" = "C:\Programme\AVPersonal\AVSCHED32.EXE /min" ["H+BEDV Datentechnik GmbH"]
HKLM\Software\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{EE337094-9F50-4B8C-9B53-C00F52A3289B}" = "GF Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\LizardTech Shared\lt_lib_gf_iconShellEx.dll" ["LizardTech Inc."]
"{88CBF1CB-6F55-11D8-ABF8-C5E6374AC960}" = "Cheetah Burner Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Cheetah Burner\CheetahCtxMnu.dll" ["Cheetah"]
"{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}" = "Context Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\TagRename\TRshell.dll" ["Softpointer Inc"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{0cab0400-7395-11d0-a5e5-0020afe2fdd9}" = "Quick View Plus - ShellExecute Hook" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "qvphook.dll" ["Stellent, Inc."]
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]
HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "Autocheck Autochk * A u t o c h k *" [file not found], [MS], [file not found], [file not found], [file not found], [file not found], [file not found], [file not found], [file not found], [file not found], [file not found]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! mcfG7A\DLLName = "mcfG7A.dll" [file not found]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
Cheetah Burner Menu\(Default) = "{88CBF1CB-6F55-11D8-ABF8-C5E6374AC960}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Cheetah Burner\CheetahCtxMnu.dll" ["Cheetah"]
East-TecEraser\(Default) = "{E0BD38EB-C8EC-11D2-B274-B493B003B125}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\EAST-T~1\eteshell.dll" ["EAST Technologies"]
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ewido\security suite\context.dll" ["ewido networks"]
HexWorkshopContextMenu\(Default) = "{7bc80fe0-4b41-11cf-8fba-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\BreakPoint Software\Hex Workshop 3.1\hwext.dll" ["BreakPoint Software, Inc."]
LeechGet\(Default) = "{EBDF1F20-C829-14D1-8234-1420AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\LeechGet 2004\ShellExtension.dll" [null data]
Morgul\(Default) = "{6567D0AE-32DF-11D7-BC71-00408103CEAF}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Morgul\morgulexplext.dll" ["Barad-Dur, LLC."]
QuickViewPlusMenu\(Default) = "{F0F08737-0C36-101B-B086-0020AF07D0F4}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\QUICKV~1\PROGRAM\QVPSE4.DLL" ["Stellent, Inc."]
SrExt\(Default) = "{a90d5ea2-a1d7-11cf-8dc1-00805fc2353f}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\sr\srext.dll" ["Funduc Software Inc. http://www.funduc.com"]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
Cheetah Burner Menu\(Default) = "{88CBF1CB-6F55-11D8-ABF8-C5E6374AC960}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Cheetah Burner\CheetahCtxMnu.dll" ["Cheetah"]
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ewido\security suite\context.dll" ["ewido networks"]
LeechGet\(Default) = "{EBDF1F20-C829-14D1-8234-1420AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\LeechGet 2004\ShellExtension.dll" [null data]
Morgul\(Default) = "{6567D0AE-32DF-11D7-BC71-00408103CEAF}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Morgul\morgulexplext.dll" ["Barad-Dur, LLC."]
QuickViewPlusMenu\(Default) = "{F0F08737-0C36-101B-B086-0020AF07D0F4}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\QUICKV~1\PROGRAM\QVPSE4.DLL" ["Stellent, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
East-TecEraser\(Default) = "{E0BD38EB-C8EC-11D2-B274-B493B003B125}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\EAST-T~1\eteshell.dll" ["EAST Technologies"]
LeechGet\(Default) = "{EBDF1F20-C829-14D1-8234-1420AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\LeechGet 2004\ShellExtension.dll" [null data]
SrExt\(Default) = "{a90d5ea2-a1d7-11cf-8dc1-00805fc2353f}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\sr\srext.dll" ["Funduc Software Inc. http://www.funduc.com"]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Grüne Idylle.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{6F480F82-C3A6-4D35-96F7-B297AD49FBE8}\ = "Copernic Agent Results" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Copernic Agent\CopernicAgentExt.dll" ["Copernic Technologies Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
{EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A}\
"ButtonText" = "eBay - Homepage"
"CLSIDExtension" = "{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
"Exec" = "C:\Programme\IrfanView\Ebay\Ebay.htm" [null data]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AntiVir Service, AntiVirService, ""C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Programme\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
AntiVir Update Manager, AVUpdateManager, "C:\Programme\Internet Update Manager\UPDMGR.EXE" ["H+BEDV Datentechnik GmbH, Germany"]
ewido security suite control, ewido security suite control, "C:\Programme\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
ewido security suite guard, ewido security suite guard, "C:\Programme\ewido\security suite\ewidoguard.exe" ["ewido networks"]
Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Sygate Personal Firewall, SmcService, "C:\Programme\Sygate\SPF\smc.exe" ["Sygate Technologies, Inc."]
Virtual CD v4 Security service, VCDSecS, "C:\Programme\Virtual CD v4\System\vcdsecs.exe" ["H+H Software GmbH"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 12 seconds)
die Logfiles:
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX! 16.06.2005 13:23:00 116736 C:\WINDOWS\dbxDigitalRiver.exe
UPX! 23.05.2005 15:22:00 183296 C:\WINDOWS\dbxesellerate.exe
Checking %System% folder...
UPX! 01.09.2004 16:49:56 284672 C:\WINDOWS\SYSTEM32\avisynth.dll
PEC2 18.08.2001 16:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc
UPX! 05.01.2003 02:42:32 67072 C:\WINDOWS\SYSTEM32\dtssource.ax
UPX! 29.01.2004 11:21:16 96256 C:\WINDOWS\SYSTEM32\hrPing.exe
PECompact2 05.08.2005 03:31:56 1457496 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 05.08.2005 03:31:56 1457496 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 04.08.2004 00:57:10 733696 C:\WINDOWS\SYSTEM32\ntdll.dll
PEC2 03.11.2003 19:02:38 131072 C:\WINDOWS\SYSTEM32\PBBalloon1.ocx
PEC2 26.08.2003 21:04:34 136192 C:\WINDOWS\SYSTEM32\PBEmail1.ocx
UPX! 30.04.2004 20:46:24 28672 C:\WINDOWS\SYSTEM32\qtalt.ax
Umonitor 04.08.2004 00:57:34 686592 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 26.03.2004 15:32:36 116224 C:\WINDOWS\SYSTEM32\rmalt.ax
UPX! 04.03.2003 23:12:44 20992 C:\WINDOWS\SYSTEM32\vbalIPrg.dll
winsync 18.08.2001 16:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
UPX! 24.06.2003 16:14:08 194048 C:\WINDOWS\SYSTEM32\xvid.dll
Checking %System%\Drivers folder and sub-folders...
PTech 21.04.2002 05:19:00 1295336 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
17.09.2005 02:15:10 S 2048 C:\WINDOWS\bootstat.dat
22.08.2005 16:37:32 H 54156 C:\WINDOWS\QTFont.qfn
03.09.2005 20:42:50 S 64 C:\WINDOWS\CSC\00000001
02.09.2005 23:51:38 S 64 C:\WINDOWS\CSC\00000002
01.09.2005 07:41:48 S 64 C:\WINDOWS\CSC\csc1.tmp
19.07.2005 19:18:04 S 18913 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896727.cat
17.09.2005 02:18:58 H 1024 C:\WINDOWS\system32\config\default.LOG
17.09.2005 02:15:34 H 1024 C:\WINDOWS\system32\config\SAM.LOG
17.09.2005 02:16:04 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
17.09.2005 02:23:18 H 1024 C:\WINDOWS\system32\config\software.LOG
17.09.2005 02:17:04 H 1024 C:\WINDOWS\system32\config\system.LOG
13.08.2005 06:32:36 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
21.08.2005 13:32:06 S 341 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8
21.08.2005 13:32:00 S 688 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
21.08.2005 13:32:10 S 413 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165
14.09.2005 17:59:02 S 70191 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\Content\F482C95F83F1B59228F1B1E720F2EDF1
21.08.2005 13:32:06 S 126 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8
21.08.2005 13:32:00 S 94 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
21.08.2005 13:32:10 S 98 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165
14.09.2005 17:59:02 S 128 C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\CryptnetUrlCache\MetaData\F482C95F83F1B59228F1B1E720F2EDF1
15.08.2005 10:23:20 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\aa818950-6b76-46cb-a7df-39945ab3426a
15.08.2005 10:23:20 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
14.08.2005 21:28:30 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\6ea5d93d-1cd7-46a8-bbde-7296cb8d06bd
14.08.2005 21:28:30 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
05.09.2005 09:13:36 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
05.09.2005 09:13:36 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CTAVWD6N\desktop.ini
05.09.2005 09:13:36 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\G3GVCPKX\desktop.ini
05.09.2005 09:13:36 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KTAB81QR\desktop.ini
05.09.2005 09:13:36 HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WRL74VP0\desktop.ini
05.09.2005 09:13:36 HS 113 C:\WINDOWS\Temp\Verlauf\History.IE5\desktop.ini
Checking for CPL files...
19.08.2003 09:20:04 180224 C:\WINDOWS\SYSTEM32\ac3filter.cpl
Microsoft Corporation 04.08.2004 00:58:24 70656 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 04.08.2004 00:58:24 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl
11.05.2001 09:00:00 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl
Microsoft Corporation 04.08.2004 00:58:24 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 04.08.2004 00:58:24 138240 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 04.08.2004 00:58:24 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 04.08.2004 00:58:24 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Borland Software Corporation. 29.11.2001 01:50:00 430080 C:\WINDOWS\SYSTEM32\ibmgr.cpl
Ahead Software AG 15.09.2003 14:56:02 57344 C:\WINDOWS\SYSTEM32\ImageDrive.cpl
Microsoft Corporation 04.08.2004 00:58:24 359424 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 04.08.2004 00:58:24 133120 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 04.08.2004 00:58:24 381440 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 04.08.2004 00:58:24 69632 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 04.03.2005 20:01:12 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 18.08.2001 16:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 04.08.2004 00:58:24 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 18.08.2001 16:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 04.08.2004 00:58:24 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 04.08.2004 00:58:24 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 06.10.2003 15:16:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 18.08.2001 16:00:00 38400 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 04.08.2004 00:58:24 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
O&O Software GmbH 27.08.2003 18:01:40 368912 C:\WINDOWS\SYSTEM32\OOBCPRO.cpl
Microsoft Corporation 04.08.2004 00:58:24 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 03.10.2003 16:14:30 314880 C:\WINDOWS\SYSTEM32\QuickTime.cpl
SiSoftware 09.02.2004 15:42:30 53248 C:\WINDOWS\SYSTEM32\SanCpl.cpl
24.03.2003 18:43:32 401408 C:\WINDOWS\SYSTEM32\slcpappl.cpl
NVIDIA Corporation 13.11.2002 09:33:30 R 73728 C:\WINDOWS\SYSTEM32\sscpl.cpl
Microsoft Corporation 04.08.2004 00:58:24 303104 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 18.08.2001 16:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 04.08.2004 00:58:24 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 04.08.2004 00:58:24 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
NVIDIA Corporation 23.06.2003 11:24:00 R 143360 C:\WINDOWS\SYSTEM32\ReinstallBackups\0008\DriverFiles\nvtuicpl.cpl
NVIDIA Corporation 28.07.2003 16:19:00 143360 C:\WINDOWS\SYSTEM32\ReinstallBackups\0009\DriverFiles\nvtuicpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
Checking files in %ALLUSERSPROFILE%\Application Data folder...
11.11.2003 13:12:00 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini
31.01.2004 09:15:18 0 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\foozle.1836
Checking files in %USERPROFILE%\Startup folder...
Checking files in %USERPROFILE%\Application Data folder...
11.11.2003 13:12:00 HS 62 C:\Dokumente und Einstellungen\Harpie\Anwendungsdaten\desktop.ini
05.02.2005 21:22:26 65 C:\Dokumente und Einstellungen\Harpie\Anwendungsdaten\sversion.ini
05.02.2005 21:01:42 2048 C:\Dokumente und Einstellungen\Harpie\Anwendungsdaten\user60.rdb
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AntiVir/Win
{a7cda720-84ee-11d0-b5c0-00001b3ca278} = C:\Programme\AVPersonal\AVShlExt.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Cheetah Burner Menu
{88CBF1CB-6F55-11D8-ABF8-C5E6374AC960} = C:\Programme\Cheetah Burner\CheetahCtxMnu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\East-TecEraser
{E0BD38EB-C8EC-11D2-B274-B493B003B125} = C:\PROGRA~1\EAST-T~1\eteshell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Programme\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\HexWorkshopContextMenu
{7bc80fe0-4b41-11cf-8fba-444553540000} = C:\Programme\BreakPoint Software\Hex Workshop 3.1\hwext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LeechGet
{EBDF1F20-C829-14D1-8234-1420AF3E97A9} = C:\Programme\LeechGet 2004\ShellExtension.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Morgul
{6567D0AE-32DF-11D7-BC71-00408103CEAF} = C:\Programme\Morgul\morgulexplext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\QuickViewPlusMenu
{F0F08737-0C36-101B-B086-0020AF07D0F4} = C:\PROGRA~1\QUICKV~1\PROGRAM\QVPSE4.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\SrExt
{a90d5ea2-a1d7-11cf-8dc1-00805fc2353f} = C:\PROGRA~1\sr\srext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{616c1f06-bad8-11d2-b355-00104b642749}
= muangsys.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AntiVir/Win
{a7cda720-84ee-11d0-b5c0-00001b3ca278} = C:\Programme\AVPersonal\AVShlExt.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\East-TecEraser
{E0BD38EB-C8EC-11D2-B274-B493B003B125} = C:\PROGRA~1\EAST-T~1\eteshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LeechGet
{EBDF1F20-C829-14D1-8234-1420AF3E97A9} = C:\Programme\LeechGet 2004\ShellExtension.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SrExt
{a90d5ea2-a1d7-11cf-8dc1-00805fc2353f} = C:\PROGRA~1\sr\srext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{616c1f06-bad8-11d2-b355-00104b642749}
= muangsys.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Cheetah Burner Menu
{88CBF1CB-6F55-11D8-ABF8-C5E6374AC960} = C:\Programme\Cheetah Burner\CheetahCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Programme\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\LeechGet
{EBDF1F20-C829-14D1-8234-1420AF3E97A9} = C:\Programme\LeechGet 2004\ShellExtension.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Morgul
{6567D0AE-32DF-11D7-BC71-00408103CEAF} = C:\Programme\Morgul\morgulexplext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\QuickViewPlusMenu
{F0F08737-0C36-101B-B086-0020AF07D0F4} = C:\PROGRA~1\QUICKV~1\PROGRAM\QVPSE4.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{6F480F82-C3A6-4D35-96F7-B297AD49FBE8}
Copernic Agent Results = C:\Programme\Copernic Agent\CopernicAgentExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Konsole :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A}
ButtonText = eBay - Homepage : C:\Programme\IrfanView\Ebay\Ebay.htm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Programme\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer-Band = %SystemRoot%\System32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus :
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
{1CBF31FC-3C23-4BA6-AF16-2CEC501BD837} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus :
{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} = :
{38D2A281-0444-433C-9ED6-A2851795F32A} = :
{2685A3D0-1459-45EE-8426-5B8CF98899A8} = :
{1CBF31FC-3C23-4BA6-AF16-2CEC501BD837} = :
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SmcService C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
AVGCtrl "C:\Programme\AVPersonal\AVGNT.EXE" /min
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
AVSCHED32 C:\Programme\AVPersonal\AVSCHED32.EXE /min
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoControlPanel 0
NoResolveTrack 1
NoStrCmpLogical 1
NoSimpleStartMenu 1
NoStartBanner 1
GreyMSIAds 1
NoSMBalloonTip 1
ForceClassicControlPanel 1
NoDesktopCleanupWizard 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall
NoSupportInfo 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoStartMenuMFUprogramsList 0
NoThemesTab 0
ClearRecentDocsOnExit
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
NoDispScrSavPage 0
NoDispSettingsPage 0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall
NoRemovePage 0
NoAddPage 0
NoWindowsSetupPage 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mcfG7A
= mcfG7A.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.0 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 17.09.2005 02:23:24
"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SmcService" = "C:\PROGRA~1\Sygate\SPF\smc.exe -startgui" ["Sygate Technologies, Inc."]
"AVGCtrl" = ""C:\Programme\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"AVSCHED32" = "C:\Programme\AVPersonal\AVSCHED32.EXE /min" ["H+BEDV Datentechnik GmbH"]
HKLM\Software\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{EE337094-9F50-4B8C-9B53-C00F52A3289B}" = "GF Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\LizardTech Shared\lt_lib_gf_iconShellEx.dll" ["LizardTech Inc."]
"{88CBF1CB-6F55-11D8-ABF8-C5E6374AC960}" = "Cheetah Burner Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Cheetah Burner\CheetahCtxMnu.dll" ["Cheetah"]
"{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}" = "Context Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\TagRename\TRshell.dll" ["Softpointer Inc"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{0cab0400-7395-11d0-a5e5-0020afe2fdd9}" = "Quick View Plus - ShellExecute Hook" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "qvphook.dll" ["Stellent, Inc."]
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]
HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "Autocheck Autochk * A u t o c h k *" [file not found], [MS], [file not found], [file not found], [file not found], [file not found], [file not found], [file not found], [file not found], [file not found], [file not found]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! mcfG7A\DLLName = "mcfG7A.dll" [file not found]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
Cheetah Burner Menu\(Default) = "{88CBF1CB-6F55-11D8-ABF8-C5E6374AC960}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Cheetah Burner\CheetahCtxMnu.dll" ["Cheetah"]
East-TecEraser\(Default) = "{E0BD38EB-C8EC-11D2-B274-B493B003B125}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\EAST-T~1\eteshell.dll" ["EAST Technologies"]
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ewido\security suite\context.dll" ["ewido networks"]
HexWorkshopContextMenu\(Default) = "{7bc80fe0-4b41-11cf-8fba-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\BreakPoint Software\Hex Workshop 3.1\hwext.dll" ["BreakPoint Software, Inc."]
LeechGet\(Default) = "{EBDF1F20-C829-14D1-8234-1420AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\LeechGet 2004\ShellExtension.dll" [null data]
Morgul\(Default) = "{6567D0AE-32DF-11D7-BC71-00408103CEAF}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Morgul\morgulexplext.dll" ["Barad-Dur, LLC."]
QuickViewPlusMenu\(Default) = "{F0F08737-0C36-101B-B086-0020AF07D0F4}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\QUICKV~1\PROGRAM\QVPSE4.DLL" ["Stellent, Inc."]
SrExt\(Default) = "{a90d5ea2-a1d7-11cf-8dc1-00805fc2353f}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\sr\srext.dll" ["Funduc Software Inc. http://www.funduc.com"]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
Cheetah Burner Menu\(Default) = "{88CBF1CB-6F55-11D8-ABF8-C5E6374AC960}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Cheetah Burner\CheetahCtxMnu.dll" ["Cheetah"]
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ewido\security suite\context.dll" ["ewido networks"]
LeechGet\(Default) = "{EBDF1F20-C829-14D1-8234-1420AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\LeechGet 2004\ShellExtension.dll" [null data]
Morgul\(Default) = "{6567D0AE-32DF-11D7-BC71-00408103CEAF}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Morgul\morgulexplext.dll" ["Barad-Dur, LLC."]
QuickViewPlusMenu\(Default) = "{F0F08737-0C36-101B-B086-0020AF07D0F4}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\QUICKV~1\PROGRAM\QVPSE4.DLL" ["Stellent, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
East-TecEraser\(Default) = "{E0BD38EB-C8EC-11D2-B274-B493B003B125}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\EAST-T~1\eteshell.dll" ["EAST Technologies"]
LeechGet\(Default) = "{EBDF1F20-C829-14D1-8234-1420AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\LeechGet 2004\ShellExtension.dll" [null data]
SrExt\(Default) = "{a90d5ea2-a1d7-11cf-8dc1-00805fc2353f}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\sr\srext.dll" ["Funduc Software Inc. http://www.funduc.com"]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Grüne Idylle.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{6F480F82-C3A6-4D35-96F7-B297AD49FBE8}\ = "Copernic Agent Results" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Copernic Agent\CopernicAgentExt.dll" ["Copernic Technologies Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
{EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A}\
"ButtonText" = "eBay - Homepage"
"CLSIDExtension" = "{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [MS]
"Exec" = "C:\Programme\IrfanView\Ebay\Ebay.htm" [null data]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AntiVir Service, AntiVirService, ""C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Programme\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
AntiVir Update Manager, AVUpdateManager, "C:\Programme\Internet Update Manager\UPDMGR.EXE" ["H+BEDV Datentechnik GmbH, Germany"]
ewido security suite control, ewido security suite control, "C:\Programme\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
ewido security suite guard, ewido security suite guard, "C:\Programme\ewido\security suite\ewidoguard.exe" ["ewido networks"]
Machine Debug Manager, MDM, ""C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Sygate Personal Firewall, SmcService, "C:\Programme\Sygate\SPF\smc.exe" ["Sygate Technologies, Inc."]
Virtual CD v4 Security service, VCDSecS, "C:\Programme\Virtual CD v4\System\vcdsecs.exe" ["H+H Software GmbH"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 12 seconds)
- HPausW
- Beiträge: 6
- Registriert: 05.09.2005, 10:01
von Nikita am 17.09.2005, 16:25
C:\Windows\SYSTEM32\mcfG7A.dll
rechtsklick-->Eigenschaften-->Erstellungsdatum
rechtsklick-->Eigenschaften-->Erstellungsdatum
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! mcfG7A\DLLName = "mcfG7A.dll" [file not found]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mcfG7A
= mcfG7A.dll
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
11 Beiträge • Seite 1 von 1
Ähnliche Themen
| Internet problem Forum: Software-Hilfe Autor: noodlez Antworten: |
PC hängt sich beim Runterladen mit flashget auf Forum: Software-Hilfe Autor: Anonymous Antworten: |
Spiele werden automatisch beendet Forum: Hardware-Hilfe Autor: Anonymous Antworten: |
XP erkennt USB-Festplatte nicht automatisch Forum: Hardware-Hilfe Autor: DigiBob Antworten: |
Fernsehen über Internet Forum: Off-Topic Hilfe Autor: Anonymous Antworten: |
Zurück zu Online- und PC-Sicherheit
Wer ist online?
Mitglieder in diesem Forum: 0 Mitglieder und 0 Gäste