1. Selberschuld in Anführungszeichen!
2. Klar Datensicherung hab ich! Das hab ich gelernt :D
3. Wie Vertrauenswürig eine Exe ist, ist nicht immer vorherseebar
4. mmk hat herausgefunden das es sich um Optix Pro 13 handelt.
Hier Poste ich noch den Report, ist unter anderem auch im Spotlight Forum zu begutachten:
--- Search result list ---
--- Spybot-S&D version: 1.2 ---
2003-03-16 Includes\Cookies.sbi
2003-03-16 Includes\Dialer.sbi
2003-03-16 Includes\Hijackers.sbi
2003-03-16 Includes\Keyloggers.sbi
2003-03-16 Includes\Malware.sbi
2003-03-16 Includes\plugin-ignore.ini
2003-03-16 Includes\Security.sbi
2003-03-16 Includes\Spybots.sbi
2003-03-16 Includes\Temporary.sbi
2003-03-16 Includes\Tracks.uti
2003-03-16 Includes\Trojans.sbi
--- System information ---
Windows XP (Build: 2600)
/ Windows XP / SP1: Windows XP Hotfix - KB823980
/ Windows XP / SP1: Windows XP Hotfix (SP1) Q331953
--- Startup entries list ---
Spybot-S&D Startup list report, 16.08.2003 14:27:03
Located: HK_CU:Run, CTFMON.EXE
file: C:\WINDOWS\System32\ctfmon.exe
MD5: D7CE89274B884B6B59764D96B49003DF
Located: HK_CU:Run, NvMediaCenter
file: RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
Located: HK_CU:Run, MessengerPlus2
file: "C:\Programme\Messenger Plus! 2\MsgPlus.exe" /WinStart
Located: HK_CU:Run, Spamihilator
file: "C:\Programme\Spamihilator\spamihilator.exe"
Located: HK_CU:Run, msnmsgr
file: "C:\Programme\MSN Messenger\msnmsgr.exe" /background
Located: HK_CU:RunOnce, ICQ
file: C:\Programme\ICQ\ICQ.exe -trayboot
Located: HK_LM:Run, ccApp
file: "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
Located: HK_LM:Run, ccRegVfy
file: "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
Located: HK_LM:Run, NvCplDaemon
file: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
Located: HK_LM:Run, Mirabilis ICQ
file: C:\Programme\ICQ\ICQNet.exe
MD5: F071D458EBAF8A282767328946FC2B21
Located: HK_LM:Run, MessengerPlus2
file: "C:\Programme\Messenger Plus! 2\MsgPlus.exe"
Located: HK_LM:Run, KernelFaultCheck
file: %systemroot%\system32\dumprep 0 -k
Located: HK_LM:Run, GLSetIT32
file: C:\windows\system32\isass.exe
MD5: B8302D84CEA8FB2B2E76A76587839BEE
Located: HK_LM:Run, Tau Monitor
file: C:\PROGRA~1\Agnitum\TAUSCA~1.6\taumon.exe
MD5: 3B96A29E3DD4E79EB1652CEEE4D6EB53
Located: HK_LM:Run, Outpost Firewall
file: C:\Programme\Agnitum\Outpost Firewall\outpost.exe /waitservice
Located: HK_LM:RunServices, GLSetIT32
file: C:\windows\system32\isass.exe
MD5: B8302D84CEA8FB2B2E76A76587839BEE
Located: Startup (common), Acrobat Assistant.lnk
file: C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
MD5: 78BFE3201ADA2FE02D1E35D2488E5F55
Located: Startup (common), Adobe Gamma Loader.lnk
file: C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
MD5: 5CD0CD0EC4DC5DF459B3AC016764F5AA
Located: Startup (common), Microsoft Office.lnk
file: C:\Programme\Microsoft Office\Office10\OSA.EXE
MD5: 5BC65464354A9FD3BEAA28E18839734A
Located: win.ini, Run
file: C:\windows\system32\isass.exe
MD5: B8302D84CEA8FB2B2E76A76587839BEE
--- Browser helper object list ---
Spybot-S&D Browser helper object report, 16.08.2003 14:27:03
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Class file: AcroIEHelper.dll
Attributes: archive
Date: 15.05.2003 00:47:54
MD5: 0C0E1B2BCAED8DF401BE94D538BCB412
Path: C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\
Short name: ACROIE~1.DLL
Size: 50376 bytes
Version: 0.6.0.0
Class name: AcroIEHlprObj Class
CLSID database: legitimate software
Description: Adobe Acrobat reader
Filename: ACROIEHELPER.OCX
{AE7CD045-E861-484f-8273-0445EE161910}
Class file: AcroIEFavClient.dll
Attributes: archive
Date: 15.05.2003 01:03:46
MD5: 44BCFF08947790E74BD7CC7532D2B793
Path: C:\Programme\Adobe\Acrobat 6.0\Acrobat\
Short name: ACROIE~1.DLL
Size: 147456 bytes
Version: 255.255.255.255
Class name: AcroIEToolbarHelper Class
{BDF3E430-B101-42AD-A544-FADC6B084872}
Class file: NavShExt.dll
Attributes: archive
Date: 19.11.2002 10:26:24
MD5: 85086A0B091D58ECCAC7B8BB01333499
Path: C:\Programme\Norton AntiVirus\
Short name:
Size: 112248 bytes
Version: 0.9.0.5
Class name: CNavExtBho Class
CLSID database: legitimate software
Description: Norton Antivirus
Filename: NavShExt.dll
Name: NAV Helper
{c5ec67bd-1e98-4ef1-b3a0-0856d8d971f4}
Class file: ptrbrxzcksh.dll
Attributes: archive
Date: 29.07.2003 09:32:38
MD5: 346F5EABD511772D58D5B2BFB9258CD2
Path: C:\DOKUME~1\dannyyy\ANWEND~1\
Short name: PTRBRX~1.DLL
Size: 376832 bytes
Version: 255.255.255.255
Class name: fvvtdyhzapvuphhhlwpb
--- ActiveX list ---
Spybot-S&D ActiveX report, 16.08.2003 14:27:04
symsupportutil
Contains file: SymProductData.dll
Attributes: archive
Date: 22.01.2003 15:01:54
MD5: D5A1CEFCF64FCDE6C9C021B8930C2862
Path: C:\WINDOWS\Downloaded Program Files\
Short name: SYMPRO~1.DLL
Size: 208896 bytes
Version: 0.1.0.0
Download location: https://www-secure.symantec.com/region/de/techsupp/activedata/symsupportutil.CAB
Last modified: Thu, 03 Apr 2003 21:09:22 GMT
Name: symsupportutil
Version: 1,0,0,0
{166B1BCA-3F9C-11CF-8075-444553540000}
Class file: SwDir.dll
Attributes: archive
Date: 09.01.2002 02:28:02
MD5: 92FA0AE21D3A08B65D291724AA7D0E43
Path: C:\WINDOWS\System32\macromed\director\
Short name:
Size: 32768 bytes
Version: 0.8.0.5
Class name: Shockwave ActiveX Control
CLSID database: unknown class
Description: Macromedia ShockWave Flash Player 7
Filename: SWDIR.DLL
Download location: http://download.macromedia.com/pub/shockwave/cabs/director/sw-intl.cab
Last modified: Thu, 17 Jan 2002 22:10:21 GMT
Version: 8,5,1,102
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
Class file: avsniff.dll
Attributes: archive
Date: 30.01.2002 09:21:34
MD5: 2B2A39B317194DA5EA326A38FE112E1D
Path: C:\WINDOWS\Downloaded Program Files\
Short name:
Size: 143360 bytes
Version: 7.210.0.1
Class name: Symantec AntiVirus scanner
CLSID database: legitimate software
Description: Symantec online scanner
Filename: AVSNIFF.DLL
Contains file: avsniff.dll
Attributes: archive
Date: 30.01.2002 09:21:34
MD5: 2B2A39B317194DA5EA326A38FE112E1D
Path: C:\WINDOWS\Downloaded Program Files\
Short name:
Size: 143360 bytes
Version: 7.210.0.1
Contains file: navapi.vxd
Attributes: archive
Date: 12.01.2000 16:07:12
MD5: 974C94C59FD03AEF9821617F542B7713
Path: C:\WINDOWS\Downloaded Program Files\
Short name:
Size: 6854 bytes
Version: 255.255.255.255
Contains file: navapi32.dll
Attributes: archive
Date: 12.01.2000 15:53:44
MD5: 1496B3BCBF1353B945CA26D1A8BB3737
Path: C:\WINDOWS\Downloaded Program Files\
Short name:
Size: 208896 bytes
Version: 0.1.0.1
Download location: http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
Last modified: Wed, 06 Aug 2003 16:15:50 GMT
Version: 2002,1,30,52
{8AD9C840-044E-11D1-B3E9-00805F499D93}
Class file: npjpi141_01.dll
Attributes: archive
Date: 30.09.2002 08:56:06
MD5: D16C9DD99512FB642DF311FDD365F55C
Path: C:\Programme\Java\j2re1.4.1_01\bin\
Short name: NPJPI1~1.DLL
Size: 61548 bytes
Version: 0.1.0.4
Class name: Java Plug-in 1.4.1_01
CLSID database: legitimate software
Description: Sun Java
Filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
Download location: http://java.sun.com/products/plugin/1.4/jinstall-14_01-windows-i586.cab
Name: Java Runtime Environment 1.4.1_01
Version: 1,4,1,1
{94742E3F-D9A1-4780-9A87-2FFA43655DA2}
Class file: EGDial.dll
Attributes: archive
Date: 18.06.2003 19:32:48
MD5: 6F584AB4E4851FDA75208922EEB6E542
Path: C:\WINDOWS\System32\
Short name:
Size: 11264 bytes
Version: 0.1.0.0
Contains file: EGDHTML_1018.dll
Attributes: archive
Date: 29.07.2003 17:00:24
MD5: B17DEB3BB093E35FB06E020A9B5157D3
Path: C:\WINDOWS\System32\
Short name: EGDHTM~1.DLL
Size: 80896 bytes
Version: 0.1.0.0
Contains file: EGDial.dll
Attributes: archive
Date: 18.06.2003 19:32:48
MD5: 6F584AB4E4851FDA75208922EEB6E542
Path: C:\WINDOWS\System32\
Short name:
Size: 11264 bytes
Version: 0.1.0.0
Download location: http://fr4-scripts.downloadv3.com/binaries/DialHTML/EGDHTML_1018_pack_XP.cab
Last modified: Tue, 29 Jul 2003 15:08:07 GMT
Version: 1,0,0,6
{C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE}
Class file: rufsi.dll
Attributes: archive
Date: 01.07.2003 10:40:14
MD5: E93A2A598C6626EC10D6DE04238F7C3D
Path: C:\WINDOWS\Downloaded Program Files\
Short name:
Size: 115936 bytes
Version: 7.211.0.7
Class name: Symantec RuFSI Registry Information Class
CLSID database: legitimate software
Description: Symantec RuFSI Registry Information Class
Filename: RUFSI.DLL
Contains file: rufsi.dll
Attributes: archive
Date: 01.07.2003 10:40:14
MD5: E93A2A598C6626EC10D6DE04238F7C3D
Path: C:\WINDOWS\Downloaded Program Files\
Short name:
Size: 115936 bytes
Version: 7.211.0.7
Download location: http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
Last modified: Wed, 06 Aug 2003 16:15:48 GMT
Version: 2003,7,1,39
{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}
Class file: npjpi141_01.dll
Attributes: archive
Date: 30.09.2002 08:56:06
MD5: D16C9DD99512FB642DF311FDD365F55C
Path: C:\Programme\Java\j2re1.4.1_01\bin\
Short name: NPJPI1~1.DLL
Size: 61548 bytes
Version: 0.1.0.4
Class name: Java Plug-in 1.4.1_01
Download location: http://java.sun.com/products/plugin/1.4/jinstall-14_01-windows-i586.cab
Name: Java Runtime Environment 1.4.1_01
Version: 1,4,1,1
{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}
Class file: npjpi141_04.dll
Attributes: archive
Date: 28.06.2003 08:56:38
MD5: FFB7530FB579FE88D276A80084E4878F
Path: C:\Programme\Java\j2re1.4.1_04\bin\
Short name: NPJPI1~1.DLL
Size: 61553 bytes
Version: 0.1.0.4
Class name: Java Plug-in 1.4.1_04
Download location: http://java.sun.com/products/plugin/1.4/jinstall-14_04-windows-i586.cab
Name: Java Runtime Environment 1.4.1_04
Version: 1,4,1,4
{D27CDB6E-AE6D-11CF-96B8-444553540000}
Class file: Flash.ocx
Attributes: archive
Date: 24.02.2003 16:20:36
MD5: E61DB5468D6CCC46397C1A918C1A1AA4
Path: C:\WINDOWS\System32\macromed\flash\
Short name:
Size: 827392 bytes
Version: 0.6.0.0
Class name: Shockwave Flash Object
CLSID database: legitimate software
Description: Macromedia Shockwave Flash Player
Download location: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Last modified: Wed, 26 Feb 2003 19:22:35 GMT
Version: 6,0,79,0
{E77C0D62-882A-456F-AD8F-7C6C9569B8C7}
Class file: ActiveData.dll
Attributes: archive
Date: 12.06.2002 13:16:22
MD5: C0A5720A581109543B113A8BEAE7868C
Path: C:\WINDOWS\Downloaded Program Files\
Short name: ACTIVE~1.DLL
Size: 112312 bytes
Version: 0.1.0.0
Class name: ActiveDataObj Class
Contains file: ActiveData.dll
Attributes: archive
Date: 12.06.2002 13:16:22
MD5: C0A5720A581109543B113A8BEAE7868C
Path: C:\WINDOWS\Downloaded Program Files\
Short name: ACTIVE~1.DLL
Size: 112312 bytes
Version: 0.1.0.0
Download location: https://www-secure.symantec.com/region/de/techsupp/activedata/ActiveData.cab
Last modified: Thu, 03 Apr 2003 21:09:23 GMT
Version: 1,0,0,1
--- Process list ---
Spybot-S&D process list report, 16.08.2003 14:27:04
PID: 0 ( 0) [System]
PID: 4 ( 0) System
PID: 224 (1920) C:\Programme\Messenger Plus! 2\MsgPlus.exe
PID: 348 (1960) C:\windows\system32\isass.exe
PID: 568 ( 520) C:\Programme\Spybot - Search & Destroy\SpybotSD.exe
PID: 588 ( 4) \SystemRoot\System32\smss.exe
PID: 660 ( 588) \??\C:\WINDOWS\system32\csrss.exe
PID: 684 ( 588) \??\C:\WINDOWS\system32\winlogon.exe
PID: 728 ( 684) C:\WINDOWS\system32\services.exe
PID: 764 ( 684) C:\WINDOWS\system32\lsass.exe
PID: 932 ( 728) C:\WINDOWS\system32\svchost.exe
PID: 972 ( 728) C:\Programme\No-IP\DUC20.exe
PID: 980 ( 184) C:\Programme\MSN Messenger\msnmsgr.exe
PID: 984 ( 728) C:\WINDOWS\System32\svchost.exe
PID: 1004 (2020) C:\WINDOWS\System32\ctfmon.exe
PID: 1008 (2028) C:\WINDOWS\System32\RUNDLL32.EXE
PID: 1052 ( 240) C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PID: 1088 ( 728) C:\WINDOWS\System32\svchost.exe
PID: 1120 ( 728) C:\WINDOWS\System32\svchost.exe
PID: 1128 ( 148) C:\Programme\Spamihilator\spamihilator.exe
PID: 1324 (1184) C:\Programme\ICQ\ICQ.exe
PID: 1432 ( 728) C:\WINDOWS\system32\spoolsv.exe
PID: 1696 (1720) C:\WINDOWS\System32\devldr32.exe
PID: 1720 (1680) C:\WINDOWS\Explorer.EXE
PID: 2284 (2260) C:\WINDOWS\System32\notepad.exe
PID: 2344 (2320) C:\Programme\Internet Explorer\IEXPLORE.EXE
--- Browser start & search pages list ---
Spybot-S&D browser pages report, 16.08.2003 14:27:04
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://mysearchnow.com/searchbar.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://mysearchnow.com/searchbar.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.ch/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://mysearchnow.com/searchbar.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Bar
http://mysearchnow.com/searchbar.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://mysearchnow.com/searchbar.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Spybot-S&D winsock LSP report, 16.08.2003 14:27:04
NS Provider ( 1) TCP/IP ({22059D40-7E9E-11CF-AE5A-00AA00A7112B})
NS Provider ( 2) NTDS ({3B2637EE-E580-11CF-A555-00C04FD8D4AC})
NS Provider ( 3) NLA-Namespace ({6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83})
NS Provider ( 4) NWLink IPX/SPX/NetBIOS-kompatibles Transportprotokoll ({E02DAAF0-7E9F-11CF-AE5A-00AA00A7112B})
Protocol ( 1) MSAFD Tcpip [TCP/IP] ({E70F1AA0-AB8B-11CF-8CA3-00805F48A192})
Protocol ( 2) MSAFD Tcpip [UDP/IP] ({E70F1AA0-AB8B-11CF-8CA3-00805F48A192})
Protocol ( 3) MSAFD Tcpip [RAW/IP] ({E70F1AA0-AB8B-11CF-8CA3-00805F48A192})
Protocol ( 4) RSVP UDP Service Provider ({9D60A9E0-337A-11D0-BD88-0000C082E69A})
Protocol ( 5) RSVP TCP Service Provider ({9D60A9E0-337A-11D0-BD88-0000C082E69A})
Protocol ( 6) MSAFD nwlnkipx [IPX] ({11058240-BE47-11CF-95C8-00805F48A192})
Protocol ( 7) MSAFD nwlnkspx [SPX] ({11058241-BE47-11CF-95C8-00805F48A192})
Protocol ( 8) MSAFD nwlnkspx [SPX] [Pseudo Stream] ({11058241-BE47-11CF-95C8-00805F48A192})
Protocol ( 9) MSAFD nwlnkspx [SPX II] ({11058241-BE47-11CF-95C8-00805F48A192})
Protocol (10) MSAFD nwlnkspx [SPX II] [Pseudo Stream] ({11058241-BE47-11CF-95C8-00805F48A192})
Protocol (11) MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 4 ({8D5F1830-C273-11CF-95C8-00805F48A192})
Protocol (12) MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 4 ({8D5F1830-C273-11CF-95C8-00805F48A192})
Protocol (13) MSAFD NetBIOS [\Device\NetBT_Tcpip_{8B83B0AD-B508-436A-847F-4E8484B84216}] SEQPACKET 5 ({8D5F1830-C273-11CF-95C8-00805F48A192})
Protocol (14) MSAFD NetBIOS [\Device\NetBT_Tcpip_{8B83B0AD-B508-436A-847F-4E8484B84216}] DATAGRAM 5 ({8D5F1830-C273-11CF-95C8-00805F48A192})
Protocol (15) MSAFD NetBIOS [\Device\NetBT_Tcpip_{004F54D4-BA9E-4E17-9CEB-C69648701232}] SEQPACKET 0 ({8D5F1830-C273-11CF-95C8-00805F48A192})
Protocol (16) MSAFD NetBIOS [\Device\NetBT_Tcpip_{004F54D4-BA9E-4E17-9CEB-C69648701232}] DATAGRAM 0 ({8D5F1830-C273-11CF-95C8-00805F48A192})
Protocol (17) MSAFD NetBIOS [\Device\NetBT_Tcpip_{7473ECD6-3972-4B62-AB40-EC9F9D8EF841}] SEQPACKET 1 ({8D5F1830-C273-11CF-95C8-00805F48A192})
Protocol (18) MSAFD NetBIOS [\Device\NetBT_Tcpip_{7473ECD6-3972-4B62-AB40-EC9F9D8EF841}] DATAGRAM 1 ({8D5F1830-C273-11CF-95C8-00805F48A192})
Protocol (19) MSAFD NetBIOS [\Device\NetBT_Tcpip_{AEEACD21-1CDD-4DE4-8151-CCB87AA7AEB4}] SEQPACKET 2 ({8D5F1830-C273-11CF-95C8-00805F48A192})
Protocol (20) MSAFD NetBIOS [\Device\NetBT_Tcpip_{AEEACD21-1CDD-4DE4-8151-CCB87AA7AEB4}] DATAGRAM 2 ({8D5F1830-C273-11CF-95C8-00805F48A192})
Protocol (21) MSAFD NetBIOS [\Device\NetBT_Tcpip_{D85A5A7F-CC62-49BF-A122-A1AEAFA821D8}] SEQPACKET 3 ({8D5F1830-C273-11CF-95C8-00805F48A192})
Protocol (22) MSAFD NetBIOS [\Device\NetBT_Tcpip_{D85A5A7F-CC62-49BF-A122-A1AEAFA821D8}] DATAGRAM 3 ({8D5F1830-C273-11CF-95C8-00805F48A192})