Kann mir bitte irgendeiner helfen

von **mankenboy** am 01.11.2005, 06:47

ich brauche euro hilfe, wenn ihr mir helfen könnt dann seid ihr die besten.

Logfile of HijackThis v1.99.1
Scan saved at 05:38:41, on 01.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\Anti Virus\AVGNT.EXE
C:\Programme\Messenger\msmsgs.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\TGTSoft\StyleXP\StyleXP.exe
C:\Programme\Anti Virus\AVGUARD.EXE
C:\Programme\Anti Virus\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R3 - URLSearchHook: (no name) - {4D690DD1-CCE2-2C01-FA11-3DEC633ED70C} - StatusCheck.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [edyfsj] C:\WINDOWS\edyfsj.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Sygate Personal Block] Studio.exe
O4 - HKLM\..\Run: [Sygate Personal Firewall Start] servic.exe
O4 - HKLM\..\Run: [ms-its] zxc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [dmtji.exe] C:\WINDOWS\System32\dmtji.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\Anti Virus\AVGNT.EXE /min
O4 - HKLM\..\Run: [Windows XP SP2 KeyGen] C:\Dokumente und Einstellungen\Matrix\Desktop\Windows XP SP2 KeyGen.exe
O4 - HKLM\..\Run: [WinUpdate] C:\cmon.exe
O4 - HKLM\..\Run: [Anti-Trojan 4.0] C:\Dokumente und Einstellungen\Matrix\Desktop\Anti-Trojan 4.0.exe
O4 - HKLM\..\RunServices: [Sygate Personal Block] Studio.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall Start] servic.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sygate Personal Firewall Start] servic.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [abrek] pizda.exe
O4 - HKCU\..\Run: [TorontoMail] iehelper.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS600\WATCH.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... xmk134YYDE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{531326A9-0AAE-4FA8-A8C2-0D6F2250B37C}: NameServer = 69.50.161.130,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BE4B2ED-6394-47B9-86C1-0A61238C7C66}: NameServer = 69.50.161.130,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFA83B44-12F5-459F-8AA1-B062C4BC87F2}: NameServer = 69.50.161.130 85.255.112.13
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\Anti Virus\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\Anti Virus\AVWUPSRV.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe

würdet ihr mal einmal bitte hier rüberschauen.
bei stimmt was nicht, das weiss ich.

falls ihr sieht was für ein problem ich habe würdet ihr es mir schritt für schritt erklären wie ich die trojaner oder sonstige schädlinge für immer löschen kann.

unten rechts wo die uhr ist also an der taskleiste kommt immer eine warnung. diese lautet.
you must be at risk usw.
kann es sein das es davon hängt.
es wäre nett wenn ihr mir helfen könntet.
ich bedanke mich schonmal im vorraus.

von **Nikita** am 01.11.2005, 13:04

MachineHead

was soll dieser Unsinn.....der PC von mankenboy ist mir dem Warout verseucht und es bedarf vieler Schritte, um das sauber zu bekommen.
Es reicht nicht, irgendwas fixen zu lassen.

mankenboy
willst du reinigen (sehr aufwendig...) oder formatieren ?

von **mankenboy** am 01.11.2005, 15:31

es wäre nett wenn wir es in mehreren schritten versuchen würden.
weil auf diesem rechner sind mehrere wichtige dokumente mit den man arbeitet. ich weiss das regt dich jetzt ein bisschen auf aber ich bitte dich um deine hilfe.
ich bin schon total am verzweifeln.

von **Nikita** am 01.11.2005, 19:02

tsts.....SP2 KeyGen.exe...feiner Key ....nun ist der PC hoffnungslos verseucht....

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R3 - URLSearchHook: (no name) - {4D690DD1-CCE2-2C01-FA11-3DEC633ED70C} - StatusCheck.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O4 - HKLM\..\Run: [edyfsj] C:\WINDOWS\edyfsj.exe
O4 - HKLM\..\Run: [Sygate Personal Block] Studio.exe
O4 - HKLM\..\Run: [Sygate Personal Firewall Start] servic.exe
O4 - HKLM\..\Run: [ms-its] zxc.exe
O4 - HKLM\..\Run: [dmtji.exe] C:\WINDOWS\System32\dmtji.exe
O4 - HKLM\..\Run: [Windows XP SP2 KeyGen] C:\Dokumente und Einstellungen\Matrix\Desktop\Windows XP SP2 KeyGen.exe
O4 - HKLM\..\Run: [WinUpdate] C:\cmon.exe
O4 - HKLM\..\Run: [Anti-Trojan 4.0] C:\Dokumente und Einstellungen\Matrix\Desktop\Anti-Trojan 4.0.exe
O4 - HKLM\..\RunServices: [Sygate Personal Block] Studio.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall Start] servic.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall Start] servic.exe
O4 - HKCU\..\Run: [abrek] pizda.exe
O4 - HKCU\..\Run: [TorontoMail] iehelper.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... xmk134YYDE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{531326A9-0AAE-4FA8-A8C2-0D6F2250B37C}: NameServer = 69.50.161.130,85.255.112.13
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BE4B2ED-6394-47B9-86C1-0A61238C7C66}: NameServer = 69.50.161.130,85.255.112.13

pc neustarten

Winpfind
http://virus-protect.net/winpfind.html

Datfinbad - abarbeiten und alle 4 Logs in den Thread kopieren (mit Pfad)
http://virus-protect.net/datfindbat.html

Silentrunners
http://virus-protect.net/silentrunner.html
klicke: output file is in text format. --> Doppelklick und es oeffnet sich der Editor -- und poste alles, was angezeigt wird.

Download f-secure-Beta Trial
http://www.f-secure.com/blacklight/
doppelklick: blbeta.exe
nach dem Check klicke -- next
nun findet man eine Textdatei auf dem Desktop: kopiere sie in deinen Thread

von **mankenboy** am 01.11.2005, 20:01

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...
UPX! 16.02.2005 11:06:16 218112 C:\Programme\HijackThis.exe

Checking %WinDir% folder...
UPX! 16.02.2005 11:08:58 99594 C:\WINDOWS\IQProfi[iet-10095,1].exe

Checking %System% folder...
PEC2 18.08.2001 13:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc
PECompact2 05.10.2005 09:36:08 2301792 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 05.10.2005 09:36:08 2301792 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 04.08.2004 08:57:08 733696 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 04.08.2004 08:57:32 686592 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 18.08.2001 13:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 04.08.2004 06:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
12.10.2005 16:11:00 H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
11.10.2005 23:09:04 H 8628 C:\WINDOWS\Help\netcfg.GID
25.10.2005 03:10:42 H 10820 C:\WINDOWS\Help\nocontnt.GID
31.10.2005 18:28:22 H 0 C:\WINDOWS\inf\oem24.inf
12.10.2005 16:11:00 H 65 C:\WINDOWS\Offline Web Pages\desktop.ini
31.10.2005 22:42:12 RHS 333502 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_5.cab
05.10.2005 02:17:32 S 21737 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688.cat
28.09.2005 11:53:22 S 17402 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB900725.cat
09.09.2005 19:14:58 S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB901017.cat
01.11.2005 18:54:52 H 1024 C:\WINDOWS\system32\config\default.LOG
01.11.2005 18:53:32 H 1024 C:\WINDOWS\system32\config\SAM.LOG
01.11.2005 18:54:52 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
01.11.2005 19:00:42 H 1024 C:\WINDOWS\system32\config\software.LOG
01.11.2005 18:56:02 H 1024 C:\WINDOWS\system32\config\system.LOG
01.11.2005 03:57:14 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
01.11.2005 03:17:26 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\6d127ee2-95a0-4199-a449-88a8e54e1c9a
01.11.2005 03:17:26 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
01.11.2005 18:53:34 H 6 C:\WINDOWS\Tasks\SA.DAT
28.10.2005 15:26:24 H 8628 C:\WINDOWS\twain_32\A4CIS600\A4Ui1_g.GID

Checking for CPL files...
Microsoft Corporation 04.08.2004 08:58:22 70656 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 26.02.2004 18:40:40 14225408 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 04.08.2004 08:58:22 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 04.08.2004 08:58:22 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 04.08.2004 08:58:22 138240 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 04.08.2004 08:58:22 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 04.08.2004 08:58:22 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 02.11.2004 08:01:34 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Ahead Software AG 30.11.2004 12:28:36 86094 C:\WINDOWS\SYSTEM32\ImageDrive.cpl
Microsoft Corporation 04.08.2004 08:58:22 359424 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 04.08.2004 08:58:22 133120 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 04.08.2004 08:58:22 381440 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 04.08.2004 08:58:22 69632 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 03.06.2005 02:52:54 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 18.08.2001 13:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 04.08.2004 08:58:22 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 18.08.2001 13:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 04.08.2004 08:58:22 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 04.08.2004 08:58:22 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 18.08.2001 13:00:00 38400 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 04.08.2004 08:58:22 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 04.08.2004 08:58:22 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 04.08.2004 08:58:22 303104 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 18.08.2001 13:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 04.08.2004 08:58:22 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 04.08.2004 08:58:22 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 18.08.2001 13:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 18.08.2001 13:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 18.08.2001 13:00:00 38400 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 18.08.2001 13:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
23.12.2004 21:34:08 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
23.01.2005 15:29:24 1709 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
23.12.2004 21:24:24 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
23.12.2004 21:34:08 HS 84 C:\Dokumente und Einstellungen\Matrix\Startmenü\Programme\Autostart\desktop.ini
16.10.2005 04:25:56 740 C:\Dokumente und Einstellungen\Matrix\Startmenü\Programme\Autostart\Watch.lnk

Checking files in %USERPROFILE%\Application Data folder...
23.12.2004 21:24:24 HS 62 C:\Dokumente und Einstellungen\Matrix\Anwendungsdaten\desktop.ini
18.01.2005 14:46:52 123 C:\Dokumente und Einstellungen\Matrix\Anwendungsdaten\tvmdmns.dll

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AntiVir/Win
{a7cda720-84ee-11d0-b5c0-00001b3ca278} = C:\Programme\Anti Virus\AVShlExt.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AntiVir/Win
{a7cda720-84ee-11d0-b5c0-00001b3ca278} = C:\Programme\Anti Virus\AVShlExt.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BitDefender Antivirus v7
{D653647D-D607-4DF6-A5B8-48D2BA195F7B} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\SimpleX
{056D080D-DFCC-41D4-A6F1-81089A7F023E} = C:\Dokumente und Einstellungen\Matrix\Desktop\Neuer Ordner\SimpleXISOv03\SimpleXExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
=
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C333CF63-767F-4831-94AC-E683D962C63C}
CoTGT_BHO Class = C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}
MenuText = Uninstall BitDefender Online Scanner v8 :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Programme\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer-Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = :
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Toolbar :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
ewido security suite guard 2
ewido security suite control 2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^MyWebSearch Email Plugin.lnk
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\MyWebSearch Email Plugin.lnk
backup C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup
location Common Startup
command C:\Programme\MyWebSearch\bar\1.bin\MWSOEMON.EXE
item MyWebSearch Email Plugin
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\MyWebSearch Email Plugin.lnk
backup C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup
location Common Startup
command C:\Programme\MyWebSearch\bar\1.bin\MWSOEMON.EXE
item MyWebSearch Email Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^TrayMin.lnk
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TrayMin.lnk
backup C:\WINDOWS\pss\TrayMin.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Philips\SPC200~1\TrayMin.exe
item TrayMin
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TrayMin.lnk
backup C:\WINDOWS\pss\TrayMin.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Philips\SPC200~1\TrayMin.exe
item TrayMin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^Matrix^Startmenü^Programme^Autostart^MyWebSearch Email Plugin.lnk
path C:\Dokumente und Einstellungen\Matrix\Startmenü\Programme\Autostart\MyWebSearch Email Plugin.lnk
backup C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup
location Startup
command C:\Programme\MyWebSearch\bar\1.bin\MWSOEMON.EXE
item MyWebSearch Email Plugin
path C:\Dokumente und Einstellungen\Matrix\Startmenü\Programme\Autostart\MyWebSearch Email Plugin.lnk
backup C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup
location Startup
command C:\Programme\MyWebSearch\bar\1.bin\MWSOEMON.EXE
item MyWebSearch Email Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdTools Service
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AdTools
hkey HKLM
command C:\Program Files\AdTools Service\AdTools.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AdTools
hkey HKLM
command C:\Program Files\AdTools Service\AdTools.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AntiSpyware7
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item aspy7
hkey HKCU
command "C:\Programme\Steganos AntiSpyware 7\aspy7.exe" /0
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item aspy7
hkey HKCU
command "C:\Programme\Steganos AntiSpyware 7\aspy7.exe" /0
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BigDogPath
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item VM_STI
hkey HKLM
command C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item VM_STI
hkey HKLM
command C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EnergyPlugIn
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item EnergyPlugin
hkey HKLM
command C:\Programme\EnergyPlugIn\EnergyPlugin.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item EnergyPlugin
hkey HKLM
command C:\Programme\EnergyPlugIn\EnergyPlugin.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ERTYDF
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item media64
hkey HKLM
command media64.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item media64
hkey HKLM
command media64.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\InpriseMon
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item sysmon12
hkey HKCU
command sysmon12.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item sysmon12
hkey HKCU
command sysmon12.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Update Time
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item wuam
hkey HKCU
command wuam.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item wuam
hkey HKCU
command wuam.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Programme\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Programme\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RemoteControl
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PDVDServ
hkey HKLM
command C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PDVDServ
hkey HKLM
command C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Skype
hkey HKCU
command "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Skype
hkey HKCU
command "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spyware Vanisher
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item FreeScanner
hkey HKCU
command c:\spywarevanisher-free\FreeScanner.exe -FastScan
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item FreeScanner
hkey HKCU
command c:\spywarevanisher-free\FreeScanner.exe -FastScan
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sygate Personal Block
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Studio
hkey HKCU
command Studio.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Studio
hkey HKCU
command Studio.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WareOut
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WareOut
hkey HKCU
command "C:\Programme\WareOut\WareOut.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WareOut
hkey HKCU
command "C:\Programme\WareOut\WareOut.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 2
startup 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
SpecifyDefaultButtons 0
Btn_Search 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 01.11.2005 19:00:52

von **mankenboy** am 01.11.2005, 20:03

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: B004-A8B3

Verzeichnis von C:\WINDOWS\system32

01.11.2005 18:53 109.400 FNTCACHE.DAT
01.11.2005 04:10 311.604 perfh009.dat
01.11.2005 04:10 316.594 perfh007.dat
01.11.2005 04:10 39.992 perfc009.dat
01.11.2005 04:10 48.156 perfc007.dat
01.11.2005 04:10 723.744 PerfStringBackup.INI
31.10.2005 23:58 2.262 wpa.dbl
31.10.2005 23:57 245 spupdwxp.log
16.10.2005 04:10 150 autoexec.nt
16.10.2005 04:09 68 CONFIG.NT
14.10.2005 03:50 0 asfiles.txt
14.10.2005 03:47 2.550 Uninstall.ico
14.10.2005 03:47 1.406 Help.ico
14.10.2005 03:47 1.718 Open.ico
14.10.2005 03:47 5.350 IE.ico
14.10.2005 03:47 9.470 Desktop.ico
14.10.2005 03:47 1.718 Quick.ico
05.10.2005 09:36 2.301.792 MRT.exe
04.10.2005 17:26 3.013.120 mshtml.dll
23.09.2005 04:06 8.491.520 shell32.dll
21.09.2005 18:17 16.832 amcompat.tlb
21.09.2005 18:17 23.392 nscompat.tlb
10.09.2005 02:54 2.067.968 cdosys.dll
05.09.2005 11:38 493 WebPlayerInstaller.log
03.09.2005 00:53 664.064 wininet.dll
03.09.2005 00:53 448.512 mshtmled.dll
03.09.2005 00:53 1.484.288 shdocvw.dll
03.09.2005 00:53 39.424 pngfilt.dll
03.09.2005 00:53 146.432 msrating.dll
03.09.2005 00:53 205.312 dxtrans.dll
03.09.2005 00:53 251.392 iepeers.dll
03.09.2005 00:53 55.808 extmgr.dll
03.09.2005 00:53 474.112 shlwapi.dll
03.09.2005 00:53 605.696 urlmon.dll
03.09.2005 00:53 530.432 mstime.dll
03.09.2005 00:53 96.768 inseng.dll
03.09.2005 00:53 1.055.744 danim.dll
03.09.2005 00:53 1.019.904 browseui.dll
03.09.2005 00:53 152.064 cdfview.dll
02.09.2005 21:27 3.799 jupdate-1.5.0_04-b05.log
01.09.2005 02:44 292.352 winsrv.dll
01.09.2005 02:44 19.968 linkinfo.dll
30.08.2005 04:55 1.292.800 quartz.dll
23.08.2005 04:39 124.416 umpnpmgr.dll
22.08.2005 19:31 197.632 netman.dll
13.08.2005 20:41 118.784 sirenacm.dll
11.08.2005 16:11 65.024 nwwks.dll
29.07.2005 20:07 73.728 asuninst.exe
26.07.2005 05:39 74.752 olecli32.dll
26.07.2005 05:39 11.776 xolehlp.dll
26.07.2005 05:39 37.888 olecnv32.dll
26.07.2005 05:39 101.376 txflog.dll
26.07.2005 05:39 397.824 rpcss.dll
26.07.2005 05:39 1.285.120 ole32.dll
26.07.2005 05:39 66.560 mtxclu.dll
26.07.2005 05:39 945.152 msdtctm.dll
26.07.2005 05:39 161.280 msdtcuiu.dll
26.07.2005 05:39 91.136 mtxoci.dll
26.07.2005 05:39 425.472 msdtcprx.dll
26.07.2005 05:39 243.200 es.dll
26.07.2005 05:39 540.160 comuid.dll
26.07.2005 05:39 1.267.200 comsvcs.dll
26.07.2005 05:39 498.688 clbcatq.dll
26.07.2005 05:39 97.792 comrepl.dll
26.07.2005 05:39 60.416 colbact.dll
26.07.2005 05:39 225.792 catsrv.dll
26.07.2005 05:39 625.152 catsrvut.dll
26.07.2005 05:39 110.080 clbcatex.dll
08.07.2005 17:28 249.344 tapisrv.dll
08.07.2005 17:28 76.800 remotesp.tsp
04.07.2005 11:14 4 patchver.txt
04.07.2005 00:24 6 jpatchver.txt

von **mankenboy** am 01.11.2005, 20:04

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: B004-A8B3

Verzeichnis von C:\DOKUME~1\Matrix\LOKALE~1\Temp

01.11.2005 18:48 16.384 ~DF5F51.tmp
01.11.2005 17:40 68.224 java_install_reg.log
01.11.2005 12:32 10.013 jusched.log
01.11.2005 01:53 32.768 ~DF2F4E.tmp
01.11.2005 00:47 10.538 control.xml
31.10.2005 21:21 16.384 ~DFBE5F.tmp
31.10.2005 21:21 16.384 ~DFBA93.tmp
31.10.2005 21:21 16.384 ~DFBA8D.tmp
31.10.2005 21:15 16.384 ~DFAA44.tmp
31.10.2005 21:11 16.384 ~DF1423.tmp
31.10.2005 21:11 16.384 ~DF7C5F.tmp
31.10.2005 21:11 16.384 ~DF4BB2.tmp
31.10.2005 05:46 98 960
31.10.2005 05:46 126 560
31.10.2005 05:46 121 40
31.10.2005 05:46 75 177
31.10.2005 05:46 179 578
31.10.2005 05:45 124 689
31.10.2005 05:45 118 905
31.10.2005 05:45 110 792
31.10.2005 05:45 136 54
31.10.2005 05:45 104 553
31.10.2005 05:40 79.530 $$$6D.html
27.10.2005 12:23 113 DFC5A2B2.TMP
24.10.2005 12:07 67.560 TFR13B.tmp
24.10.2005 12:07 59.218 TFR138.tmp
24.10.2005 12:07 56.657 TFR134.tmp
24.10.2005 12:07 46.660 TFR12F.tmp
24.10.2005 12:07 40.950 TFR12C.tmp
24.10.2005 12:07 67.994 TFR127.tmp
24.10.2005 12:07 46.021 TFR126.tmp
24.10.2005 12:07 21.122 TFR113.tmp
24.10.2005 12:07 23.427 TFR110.tmp
24.10.2005 12:07 71.682 TFR10D.tmp
24.10.2005 12:07 10.225 TFR10B.tmp
24.10.2005 12:07 35.574 TFR10A.tmp
24.10.2005 12:07 32.204 TFR109.tmp
24.10.2005 12:07 27.777 TFR107.tmp
24.10.2005 12:07 20.560 TFR106.tmp
23.10.2005 15:54 24.903 TWAIN.LOG
23.10.2005 15:53 3 Twain001.Mtx
23.10.2005 15:53 156 Twunk001.MTX
22.10.2005 02:38 16.384 ~DFD8F0.tmp
21.10.2005 20:27 67.560 TFR33.tmp
21.10.2005 20:27 21.122 TFR30.tmp
21.10.2005 20:27 23.427 TFR2E.tmp
21.10.2005 20:27 71.682 TFR2A.tmp
21.10.2005 20:27 10.225 TFR29.tmp
21.10.2005 20:27 35.574 TFR28.tmp
21.10.2005 20:27 32.204 TFR25.tmp
21.10.2005 20:27 27.777 TFR23.tmp
21.10.2005 20:25 10.225 TFR1F.tmp
19.10.2005 22:39 10.225 TFR193.tmp
19.10.2005 21:02 2.810.560 MSW169.tmp
19.10.2005 15:48 45.096 _VWUPSRV.EXE
19.10.2005 03:20 0 MSWDC.tmp
19.10.2005 03:17 0 MSWDB.tmp
19.10.2005 00:39 1.388.232 Patch_MSN_Messenger.EXE
16.10.2005 02:27 0 Twunk002.MTX
14.10.2005 05:39 9.308.514 MWAV.LOG
14.10.2005 05:39 3.808 mwXface.log
14.10.2005 04:30 241.664 MYDB.DLL
13.10.2005 20:45 61 A5B56640.TMP
12.10.2005 19:51 32.768 ~DFF317.tmp
12.10.2005 16:40 32.768 ~DF8EAF.tmp
12.10.2005 16:40 126.976 4FC037.DLL
12.10.2005 16:40 113.054 3292C8CD.DLL
12.10.2005 16:40 299.008 95D12054.DLL
10.10.2005 12:10 74 AACAFA6F.TMP
08.10.2005 16:35 21.006 fa.avc
08.10.2005 16:35 148.694 troj034.avc
08.10.2005 16:35 25.220 ext005.avc
08.10.2005 16:35 41.854 malw004.avc
08.10.2005 16:35 687 daily-ex.avc
08.10.2005 16:35 147.009 unp026.avc
08.10.2005 16:35 52.101 unp009.avc
08.10.2005 16:35 50.740 unp001.avc
08.10.2005 16:35 48.724 troj030.avc
08.10.2005 16:35 36.070 virus020.avc
08.10.2005 16:35 27.999 worm006.avc
08.10.2005 16:35 11.403 avp.klb
08.10.2005 16:35 3.581 daily.avc
08.10.2005 14:15 327.680 esupdate.exe
08.10.2005 12:41 43.633 Finnish.Age
08.10.2005 12:41 41.180 Polish.Age
08.10.2005 12:41 46.388 French.Age
08.10.2005 12:41 47.186 Spanish.Age
08.10.2005 12:41 42.782 Romanian.Age
08.10.2005 12:41 46.354 Portuguese.Age
08.10.2005 12:41 54.339 Italian.Age
08.10.2005 12:41 56.184 German.Age
08.10.2005 12:41 56.184 language.ini
08.10.2005 09:50 145.065 spydb.avs
08.10.2005 09:50 145.065 spydb.old
08.10.2005 09:50 388.146 Dir.sdb
08.10.2005 09:50 131.224 Spyware.sdb
08.10.2005 09:50 118.031 File2.sdb
08.10.2005 09:50 1.690.977 File1.sdb
08.10.2005 09:50 562.476 Cid.sdb
07.10.2005 14:22 339.968 MWAVReg.EXE
07.10.2005 13:41 96.768 MWAVL.exe
06.10.2005 20:25 7.414 English.lic
06.10.2005 20:22 68.476 unp010.avc
06.10.2005 09:42 41.710 unp025.avc
06.10.2005 09:42 61.108 unp014.avc
06.10.2005 09:42 62.189 krnunp.avc
06.10.2005 09:42 50.654 unp022.avc
06.10.2005 02:00 25 FB703BE2.TMP
04.10.2005 10:20 50.675 troj007.avc
04.10.2005 10:20 8.271 unp000.avc
04.10.2005 10:20 70.739 ca.avc
04.10.2005 10:20 47.070 troj026.avc
03.10.2005 09:31 48.173 ext003.avc
03.10.2005 09:31 109.332 troj003.avc
01.10.2005 18:04 118.784 msvlclnt.dll
01.10.2005 10:44 49.449 worm005.avc
01.10.2005 10:44 54.701 malw002.avc
01.10.2005 10:44 49.600 troj033.avc
28.09.2005 10:21 49.127 ext001.avc
27.09.2005 10:25 44.295 krn001.avc
27.09.2005 10:25 27.019 unp004.avc
27.09.2005 10:25 8.717 kernel.avc
27.09.2005 10:25 56.337 unp006.avc
27.09.2005 00:35 41.024 Getvlist.exe
26.09.2005 11:30 48.209 ext002.avc
26.09.2005 11:30 50.208 troj010.avc
26.09.2005 11:30 43.381 troj027.avc
26.09.2005 11:30 48.084 ext004.avc
26.09.2005 11:30 75.027 virus014.avc
26.09.2005 11:30 50.231 troj020.avc
26.09.2005 11:30 17.722 ext999.avc
21.09.2005 14:41 81.306 unp023.avc
19.09.2005 09:36 50.490 troj029.avc
19.09.2005 09:36 49.994 troj019.avc
16.09.2005 09:51 101.225 troj001.avc
15.09.2005 09:48 54.966 unp003.avc
13.09.2005 11:10 49.281 troj032.avc
13.09.2005 11:10 79.269 virus017.avc
12.09.2005 11:09 43.035 gen999.avc
12.09.2005 11:09 29.332 gen004.avc
09.09.2005 10:22 36.207 unp012.avc
09.09.2005 10:22 50.052 troj031.avc
09.09.2005 10:22 56.620 troj022.avc
09.09.2005 10:22 51.447 troj025.avc
08.09.2005 10:30 57.965 unp013.avc
06.09.2005 09:58 41.454 troj028.avc
06.09.2005 09:58 55.660 troj023.avc
04.09.2005 22:12 56.341 troj024.avc
03.09.2005 11:49 80.833 virus016.avc
03.09.2005 11:49 41.540 gen003.avc
01.09.2005 09:21 43.227 unp024.avc
31.08.2005 09:44 49.965 troj015.avc
30.08.2005 09:27 75.197 virus008.avc
30.08.2005 09:27 77.385 virus012.avc
29.08.2005 09:49 1.970 eicar.avc
29.08.2005 09:49 47.309 gen002.avc
29.08.2005 09:49 1.570 avp.set
26.08.2005 11:06 50.483 troj008.avc
26.08.2005 11:06 51.801 troj011.avc
26.08.2005 11:06 50.406 troj016.avc
24.08.2005 15:29 4.749 Polish.dow
24.08.2005 15:29 1.693 Polish.tcp
24.08.2005 15:29 9.655 Polish.con
24.08.2005 15:29 1.886 French.tcp
24.08.2005 15:29 10.372 French.con
24.08.2005 15:29 5.412 French.dow
24.08.2005 15:29 5.354 Portuguese.dow
24.08.2005 15:29 10.655 Portuguese.con
24.08.2005 15:29 1.895 Portuguese.tcp
24.08.2005 12:01 78.228 virus013.avc
23.08.2005 14:51 487.424 Download.exe
20.08.2005 17:18 9.704 English.con
20.08.2005 13:48 59.950 malw001.avc
18.08.2005 16:45 71.736 unp002.avc
17.08.2005 15:36 50.230 troj021.avc
17.08.2005 15:36 49.623 troj012.avc
16.08.2005 14:33 74.128 virus007.avc
16.08.2005 14:33 56.352 virus019.avc
16.08.2005 14:33 51.387 troj006.avc
16.08.2005 14:33 34.766 gen001.avc
16.08.2005 14:24 58.536 about.bmp
16.08.2005 14:24 58.536 bitmap1.bmp
13.08.2005 18:43 50.873 troj009.avc
12.08.2005 18:01 51.739 worm003.avc
12.08.2005 18:01 80.280 unp019.avc
10.08.2005 17:32 76.290 virus015.avc
06.08.2005 14:11 41.565 English.Age
01.08.2005 12:10 14.376 Polish.lic
29.07.2005 15:43 10.060 Finnish.con
29.07.2005 15:43 1.748 Finnish.tcp
29.07.2005 15:43 4.946 Finnish.dow
29.07.2005 15:43 5.410 Spanish.dow
29.07.2005 15:43 10.405 Spanish.con
29.07.2005 15:43 1.718 Spanish.tcp
29.07.2005 15:43 5.015 Romanian.dow
29.07.2005 15:43 1.718 Romanian.tcp
29.07.2005 15:43 10.067 Romanian.con
29.07.2005 15:42 1.718 Italian.tcp
29.07.2005 15:42 5.037 Italian.dow
29.07.2005 15:42 9.710 Italian.con
29.07.2005 15:42 1.718 German.tcp
29.07.2005 15:42 4.961 Download.lan
29.07.2005 15:42 4.961 German.dow
29.07.2005 15:42 9.702 German.con
29.07.2005 15:42 9.702 config.lan
29.07.2005 15:42 1.718 ViewTcp.lan
26.07.2005 13:59 351.744 viewtcp.exe
25.07.2005 16:50 4.750 English.dow
24.07.2005 11:02 1.695 viewtcp.old
22.07.2005 16:12 1.062 000B45EB.key
22.07.2005 16:11 1.042 000B45EE.key
21.07.2005 14:12 52.439 troj004.avc
21.07.2005 14:12 74.210 virus010.avc
21.07.2005 14:12 70.881 unp016.avc
21.07.2005 14:12 31.324 x-files.avc
21.07.2005 14:12 50.121 troj017.avc
21.07.2005 14:12 571 daily-x.avc
20.07.2005 19:35 1.689 English.tcp
13.07.2005 11:56 6.633 Finnish.lic
12.07.2005 10:57 7.844 Portuguese.lic
05.07.2005 17:33 88.496 krnmacro.avc
05.07.2005 17:33 51.462 troj005.avc

von **mankenboy** am 01.11.2005, 20:06

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: B004-A8B3

Verzeichnis von C:\WINDOWS

01.11.2005 18:53 0 0.log
01.11.2005 18:53 157 wiadebug.log
01.11.2005 18:53 1.125.695 WindowsUpdate.log
01.11.2005 18:53 50 wiaservc.log
01.11.2005 18:52 32.574 SchedLgU.Txt
01.11.2005 17:39 6.400 balloon.wav
01.11.2005 16:16 116 NeroDigital.ini
01.11.2005 03:57 511.878 iis6.log
01.11.2005 03:57 79.954 ntdtcsetup.log
01.11.2005 03:57 70.986 comsetup.log
01.11.2005 03:57 11.013 tabletoc.log
01.11.2005 03:57 175.831 tsoc.log
01.11.2005 03:57 18.337 ocmsn.log
01.11.2005 03:57 1.374 imsins.log
01.11.2005 03:57 29.680 KB899587.log
01.11.2005 03:57 37.920 netfxocm.log
01.11.2005 03:57 16.592 medctroc.Log
01.11.2005 03:57 107.500 ocgen.log
01.11.2005 03:57 17.899 msgsocm.log
01.11.2005 03:57 352.842 FaxSetup.log
01.11.2005 03:57 132.076 msmqinst.log
01.11.2005 03:57 13.463 updspapi.log
01.11.2005 03:57 1.374 imsins.BAK
01.11.2005 03:57 28.800 KB896422.log
01.11.2005 03:56 28.546 KB885835.log
01.11.2005 03:56 27.544 KB885836.log
01.11.2005 03:56 28.168 KB885250.log
01.11.2005 03:56 27.897 KB901017.log
01.11.2005 03:56 28.019 KB899591.log
01.11.2005 03:56 27.840 KB893756.log
01.11.2005 03:56 26.435 KB896423.log
01.11.2005 03:56 24.916 KB873339.log
01.11.2005 03:55 27.160 KB888113.log
01.11.2005 03:55 27.504 KB887742.log
01.11.2005 03:55 27.108 KB887472.log
01.11.2005 03:55 375.037 setupapi.log
01.11.2005 03:55 26.867 KB896358.log
01.11.2005 03:55 25.536 KB891781.log
01.11.2005 03:55 30.768 KB902400.log
01.11.2005 03:54 22.470 KB890046.log
01.11.2005 03:54 20.722 KB896688.log
01.11.2005 03:54 20.866 KB893066.log
01.11.2005 03:54 20.594 KB899589.log
01.11.2005 03:54 20.718 KB905414.log
01.11.2005 03:54 19.370 KB901214.log
01.11.2005 03:54 19.761 KB888302.log
01.11.2005 03:53 20.406 KB900725.log
01.11.2005 03:53 12.106 KB886185.log
01.11.2005 03:53 18.473 KB904706.log
01.11.2005 03:53 18.675 KB905749.log
01.11.2005 03:53 16.773 KB896428.log
01.11.2005 03:53 17.295 KB894391.log
01.11.2005 03:53 17.018 KB890859.log
01.11.2005 03:17 7.064 KB893803v2.log
01.11.2005 03:16 6.844 KB898461.log
01.11.2005 00:47 53.489 wmsetup.log
01.11.2005 00:46 459 wmsetup10.log
01.11.2005 00:00 29.232 spupdsvc.log
01.11.2005 00:00 232 DtcInstall.log
31.10.2005 23:59 316.640 WMSysPr9.prx
31.10.2005 23:58 345 OEWABLog.txt
31.10.2005 23:57 126.619 setuplog.txt
31.10.2005 22:45 493.938 svcpack.log
31.10.2005 22:42 200 cmsetacl.log
31.10.2005 22:41 1.330 sessmgr.setup.log
31.10.2005 18:35 0 setuperr.log
31.10.2005 18:35 0 setupact.log
31.10.2005 07:22 365.452 ntbtlog.txt
31.10.2005 06:33 227 system.ini
28.10.2005 05:30 1.408 win.ini
28.10.2005 03:02 724.992 iun6002.exe
16.10.2005 17:12 656 Ulead32.ini
16.10.2005 16:59 2.110 ACROREAD.INI
16.10.2005 04:45 0 WATCH.INI
16.10.2005 02:18 50 BRQIKMON.INI
16.10.2005 02:18 27 BrmfBidi.ini
14.10.2005 04:37 3.030.365 REGBK00.ZIP
14.10.2005 04:30 0 Lic.xxx
21.09.2005 18:14 299.552 WMSysPrx.prx
01.08.2005 15:16 99 ncc1.txt
01.08.2005 15:16 99 acc1.txt
13.07.2005 15:29 37.750 Windows Update.log

von **mankenboy** am 01.11.2005, 20:07

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: B004-A8B3

Verzeichnis von C:\

01.11.2005 19:06 0 sys.txt
01.11.2005 19:05 8.363 system.txt
01.11.2005 19:04 14.907 systemtemp.txt
01.11.2005 19:02 101.520 system32.txt
01.11.2005 18:53 390.070.272 pagefile.sys
31.10.2005 22:42 211 boot.ini
31.10.2005 22:34 47.564 NTDETECT.COM
31.10.2005 22:34 251.184 ntldr
01.03.2005 19:34 3.290.034 AVG7DB_F.DAT
23.12.2004 21:34 0 CONFIG.SYS
23.12.2004 21:34 0 IO.SYS
23.12.2004 21:34 0 MSDOS.SYS
23.12.2004 21:28 194 BOOT.BKK
18.08.2001 13:00 4.952 bootfont.bin
14 Datei(en) 393.789.201 Bytes
0 Verzeichnis(se), 5.208.334.336 Bytes frei

von **mankenboy** am 01.11.2005, 20:16

"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{C333CF63-767F-4831-94AC-E683D962C63C}\(Default) = "CoTGT_BHO Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{056D080D-DFCC-41D4-A6F1-81089A7F023E}" = "SimpleX Shell Extension in Asm"
-> {CLSID}\InProcServer32\(Default) = "C:\Dokumente und Einstellungen\Matrix\Desktop\Neuer Ordner\SimpleXISOv03\SimpleXExt.dll" [file not found]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "cspcv.exe" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Anti Virus\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
SimpleX\(Default) = "{056D080D-DFCC-41D4-A6F1-81089A7F023E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Dokumente und Einstellungen\Matrix\Desktop\Neuer Ordner\SimpleXISOv03\SimpleXExt.dll" [file not found]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Anti Virus\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\Matrix\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\RESOUR~1\Themes\Trax\Saver\Shimmer.scr" ["Axialis Software"]

Startup items in "Matrix" & "All Users" startup folders:
--------------------------------------------------------

C:\Dokumente und Einstellungen\Matrix\Startmenü\Programme\Autostart
"Watch" -> shortcut to: "C:\WINDOWS\twain_32\A4CIS600\WATCH.exe" ["Common Group"]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office\OSA9.EXE -b -l" [MS]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [file not found]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]

Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

Missing lines (compared with English-language version):
"{4D690DD1-CCE2-2C01-FA11-3DEC633ED70C}" = "MNTP"
-> {CLSID}\InProcServer32\(Default) = "StatusCheck.dll" [file not found]

HOSTS file
----------

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\
HIJACK WARNING! "DataBasePath" = "%SystemRoot%\System32\drivers\etc"

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir Service, AntiVirService, "C:\Programme\Anti Virus\AVGUARD.EXE" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Programme\Anti Virus\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
StyleXPService, StyleXPService, ""C:\Programme\TGTSoft\StyleXP\StyleXPService.exe"" [empty string]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 29 seconds, including 4 seconds for message boxes)

von **mankenboy** am 01.11.2005, 20:31

11/01/05 19:29:13 [Info]: BlackLight Engine 1.0.24 initialized
11/01/05 19:29:13 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/01/05 19:29:13 [Note]: 4019 4
11/01/05 19:29:13 [Note]: 4005 0
11/01/05 19:29:15 [Note]: 4006 0
11/01/05 19:29:15 [Note]: 4011 1252
11/01/05 19:29:16 [Note]: FSRAW library version 1.7.1013
11/01/05 19:29:26 [Info]: Hidden file: C:\WINDOWS\system32\wbem\wbemtest.exe
11/01/05 19:29:26 [Note]: 10002 1
11/01/05 19:29:27 [Info]: Hidden file: C:\WINDOWS\system32\favme.exe
11/01/05 19:29:27 [Note]: 10002 1
11/01/05 19:29:29 [Info]: Hidden file: C:\WINDOWS\system32\hclean32.exe
11/01/05 19:29:29 [Note]: 10002 1
11/01/05 19:29:31 [Info]: Hidden file: C:\WINDOWS\system32\ntfsnlpa.exe
11/01/05 19:29:31 [Note]: 10002 1
11/01/05 19:29:33 [Info]: Hidden file: C:\WINDOWS\system32\cswai.exe
11/01/05 19:29:33 [Note]: 4002 32
11/01/05 19:29:33 [Note]: 4003 1
11/01/05 19:29:33 [Note]: 10002 1
11/01/05 19:29:58 [Note]: 4007 0

von **mankenboy** am 01.11.2005, 20:35

so und nun. hoffe gabe alles richtig gemacht.
könntes du mir vorher sagen was malware sind.
danke dir nochmals.

von **mankenboy** am 01.11.2005, 21:28

upps habe ein fehler gemacht.
ich habe ein paar malware vergessen zu fixen
ist das schlimm?

von **mankenboy** am 01.11.2005, 21:34

habe leider vorher ein fehler gemacht. kannst du bitte mal hier rüber gucken. danke nikita

von **mankenboy** am 01.11.2005, 21:35

Logfile of HijackThis v1.99.1
Scan saved at 20:32:52, on 01.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Anti Virus\AVGUARD.EXE
C:\Programme\Anti Virus\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\Anti Virus\AVGNT.EXE
C:\Programme\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS600\WATCH.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\Anti Virus\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\Anti Virus\AVWUPSRV.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe

Kann mir bitte irgendeiner helfen

Kann mir bitte irgendeiner helfen

helfe mir

soo

soo

sooo

soo

sooo

sooo

soo

hmmm

ohh nein

könntes du einmal hier rüber gucken. habe vorher ein fehler.

l

Wer ist online?