|
Log-Analyse und Auswertung: You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
29.02.2008, 14:51 | #1 |
| You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2) Hallo, ich kome nicht weiter: Seit gestern komme ich über dei google startseite nicht raus: Egal wa sich aufrufen will - es kommt immer wieder die Meldung: Not Found The requested URL /DEFAULT.ASP was not found on this server. Habe mehrer Tols ausprobiert - ohne ergebnis. Einzig dr cwshreder bringt beim 2. durchlauf dieses Fehlerfgenster: You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2) Überschrift im Fenster Ejs11l(AX_4dO348U<;.d Leider war das iesbezügliche Posting hier etwas wirr und mir nicht ganz klar was wann wo wie gelöscht ergänzt und so weiter werden musste. denke mal das ist von pc zu pc verschieden. drum hier mein HijackThis Logfile. Logfile of HijackThis v1.99.1 Scan saved at 14:28:48, on 29.02.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe D:\Programme\Manfred\AVK\AVKService.exe D:\Programme\Manfred\AVK\AVKWCtl.exe C:\Programme\Bonjour\mDNSResponder.exe D:\Programme\mentalray\satellite\raysat_3dsmax9_32server.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\QuickTime\qttask.exe D:\Programme\Manfred\Media Experience\DMXLauncher.exe D:\Programme\Manfred\Firewall\GDFwSvc.exe C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe D:\Programme\Manfred\AVKTray\AVKTray.exe D:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\alg.exe D:\Programme\Manfred\Eraser\eraser.exe D:\Programme\Manfred\Spybot - Search & Destroy\TeaTimer.exe D:\Programme\Manfred\Firewall\GDFirewallTray.exe C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Programme\MSN Messenger\usnsvc.exe D:\Programme\aawservice.exe D:\Programme\Spyware Doctor\pctsAuxs.exe D:\Programme\Spyware Doctor\pctsSvc.exe D:\Programme\Spyware Doctor\pctsTray.exe G:\hijackthis_199\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h t t p://www.google.de/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.macromedia.com/go/inproductreg?v=3&product=Dreamweaver&loc=de_de&country=de&platform=2&givenName=V&familyName=V&email=V@bvb.com&optin=0&serialNumber=WPW800-50872-80176-39169 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,d:\programme\manfred\avkkid\avkcks.exe O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - D:\Programme\Manfred\Webfilter\AVKWebIE.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Programme\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\Manfred\SPYBOT~1\SDHelper.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - D:\Programme\Manfred\Webfilter\AVKWebIE.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Programme\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DMXLauncher] "D:\Programme\Manfred\Media Experience\DMXLauncher.exe" O4 - HKLM\..\Run: [ISUSPM] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [AVKTray] D:\Programme\Manfred\AVKTray\AVKTray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [ISTray] "D:\Programme\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Eraser] D:\Programme\Manfred\Eraser\eraser.exe -hide O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme\Manfred\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ? O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Programme\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O4 - Global Startup: G DATA Firewall Tray.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: An vorhandenes PDF anfügen - res://D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: SYSTRAN Suche - res://D:\Programme\\GUIres.dll/lookup.js O8 - Extra context menu item: SYSTRAN Übersetzen - res://D:\Programme\\GUIres.dll/translate.js O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\Manfred\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\Manfred\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\programme\bonjour\mdnsnsp.dll O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165399996515 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = videograph.local O17 - HKLM\Software\..\Telephony: DomainName = videograph.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = videograph.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = videograph.local O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Programme\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS3 {de_DE} (Adobe Version Cue CS3) - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing) O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVKProxy - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe O23 - Service: AVK Service (AVKService) - G DATA Software AG - D:\Programme\Manfred\AVK\AVKService.exe O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - D:\Programme\Manfred\AVK\AVKWCtl.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - D:\Programme\Manfred\Firewall\GDFwSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\Programme\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: NBService - Nero AG - D:\Programme\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - D:\Programme\Manfred\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - D:\Programme\Manfred\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Programme\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Programme\Spyware Doctor\pctsSvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe Wäre schön wen einer mir helfen könnte. Danke! |
29.02.2008, 14:58 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2) Hallo Manfred
__________________Zitat:
Das logfile sieht soweit okay aus, aber du solltest mal ein neues mit der aktuellen Version 2.0.2 von HijackThis erstellen. Folge auch zusätzlich mal den silentrunners Link in meiner Signatur. Poste die logs bitte mit Code-Tags umschlossen (Rautesymbol beim Beitrag verfassen).
__________________ |
29.02.2008, 15:06 | #3 |
| You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2) Benutze den Explorer 6.0
__________________Werde deine Tolls nutzen danke. Aber wenn die Logfiles gut aussehen was kann es dann sein. Das Problem hab ich auch mit dem Firefox. Danke |
29.02.2008, 15:09 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2)Zitat:
Den solltest Du möglichst überhaupt nicht nutzen. Der IE ist ja schon anfällig genug und dan noch die Version 6 => garnicht gut! Update auf Version 7 aber surfe zukünftig nur mit Firefox oder Opera.
__________________ Logfiles bitte immer in CODE-Tags posten |
29.02.2008, 15:14 | #5 |
| You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2) Silent Runners Logfile "Silent Runners.vbs", revision 56, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "Eraser" = "D:\Programme\Manfred\Eraser\eraser.exe -hide" ["Heidi Computers Ltd"] "SpybotSD TeaTimer" = "D:\Programme\Manfred\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "SynTPEnh" = "C:\Programme\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."] "High Definition Audio Property Page Shortcut" = "HDAShCut.exe" ["Windows (R) Server 2003 DDK provider"] "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."] "Alcmtr" = "ALCMTR.EXE" [file not found] "RemoteControl" = "C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" ["Cyberlink Corp."] "LanguageShortcut" = "C:\Programme\CyberLink\PowerDVD\Language\Language.exe" [null data] "QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Inc."] "DMXLauncher" = ""D:\Programme\Manfred\Media Experience\DMXLauncher.exe"" [null data] "ISUSPM" = ""C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler" ["Macrovision Corporation"] "AVKTray" = "D:\Programme\Manfred\AVKTray\AVKTray.exe" ["G DATA Software AG"] "NeroFilterCheck" = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" ["Nero AG"] "Acrobat Assistant 8.0" = ""D:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"" ["Adobe Systems Inc."] "Adobe_ID0EYTHM" = "C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" ["Adobe Systems Incorporated"] "ISTray" = ""D:\Programme\Spyware Doctor\pctsTray.exe"" ["PC Tools"] HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\ >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express" \StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {0124123D-61B4-456f-AF86-78C53A0790C5}\(Default) = "G DATA WebFilter Class" -> {HKLM...CLSID} = "G DATA WebFilter" \InProcServer32\(Default) = "D:\Programme\Manfred\Webfilter\AVKWebIE.dll" ["G DATA Software AG"] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {074C1DC5-9320-4A9A-947D-C042949C6216}\(Default) = (no title provided) -> {HKLM...CLSID} = "ContributeBHO Class" \InProcServer32\(Default) = "D:\Programme\Adobe\/Adobe Contribute CS3/contributeieplugin.dll" ["Adobe Systems Incorporated."] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "D:\PROGRA~1\Manfred\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Conversion Toolbar Helper" \InProcServer32\(Default) = "D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Microsoft Office11\OFFICE11\msohev.dll" [MS] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{8BE13461-936F-11D1-A87D-444553540000}" = "Eraser Shell Extension" -> {HKLM...CLSID} = "Eraser Shell Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\erasext.dll" ["-"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] "{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}" = "RXDCExtShlExt extension" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\Programme\Manfred\Virtual Drive 9\DC_ShellExt.dll" ["Sonic Solutions"] "{5E44E225-A408-11CF-B581-008029601108}" = "Roxio DragToDisc Shell Extension" -> {HKLM...CLSID} = "Roxio DragToDisc Shell Extension" \InProcServer32\(Default) = "C:\Programme\Roxio\Drag-to-Disc\Shellex.dll" ["Sonic Solutions"] "{7BEDB9F5-A8A8-48eb-BEFE-8357423A6FE6}" = "SYSTRAN" -> {HKLM...CLSID} = "Systran6.SystranShellContextMenu" \InProcServer32\(Default) = "mscoree.dll" [MS] "{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons" -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class" \InProcServer32\(Default) = "D:\Programme\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Meine freigegebenen Ordner" \InProcServer32\(Default) = "C:\Programme\MSN Messenger\fsshext.8.1.0178.00.dll" [MS] "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "D:\Programme\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] HKLM\SOFTWA RE\Microsoft\Windows NT\CurrentVersion\Winlogon\ <<!>> "Userinit" = "C:\WINDOWS\system32\userinit.exe,d:\programme\manfred\avkkid\avkcks.exe" [MS], [null data] HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\ <<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "D:\Programme\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] Autodesk.DWF.ContextMenu\(Default) = "{6C18531F-CA85-45F7-8278-FF33CF0A5964}" -> {HKLM...CLSID} = "DWFShellExt Class" \InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Autodesk Shared\dwf Common\DWFShellExtension.dll" ["Autodesk, Inc."] AVK9CM\(Default) = "{CAF4C320-32F5-11D3-A222-004095200FF2}" -> {HKLM...CLSID} = "AVK9ContextMenue" \InProcServer32\(Default) = "D:\Programme\Manfred\AVK\ShellExt.dll" ["G DATA Software AG"] Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}" -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class" \InProcServer32\(Default) = "D:\Programme\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] Erasext\(Default) = "{8BE13461-936F-11D1-A87D-444553540000}" -> {HKLM...CLSID} = "Eraser Shell Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\erasext.dll" ["-"] Reisswolf\(Default) = "{1F0F1EE7-36B9-11D2-8985-0080ADA96E9B}" -> {HKLM...CLSID} = "ReisswolfContextMenu" \InProcServer32\(Default) = "D:\Programme\Manfred\Shredder\Reisswlf.dll" ["G DATA Software AG"] RXDCExtSvr\(Default) = "{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\Programme\Manfred\Virtual Drive 9\DC_ShellExt.dll" ["Sonic Solutions"] SYSTRAN\(Default) = "{7BEDB9F5-A8A8-48eb-BEFE-8357423A6FE6}" -> {HKLM...CLSID} = "Systran6.SystranShellContextMenu" \InProcServer32\(Default) = "mscoree.dll" [MS] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "D:\Programme\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] AVK9CM\(Default) = "{CAF4C320-32F5-11D3-A222-004095200FF2}" -> {HKLM...CLSID} = "AVK9ContextMenue" \InProcServer32\(Default) = "D:\Programme\Manfred\AVK\ShellExt.dll" ["G DATA Software AG"] Erasext\(Default) = "{8BE13461-936F-11D1-A87D-444553540000}" -> {HKLM...CLSID} = "Eraser Shell Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\erasext.dll" ["-"] Reisswolf\(Default) = "{1F0F1EE7-36B9-11D2-8985-0080ADA96E9B}" -> {HKLM...CLSID} = "ReisswolfContextMenu" \InProcServer32\(Default) = "D:\Programme\Manfred\Shredder\Reisswlf.dll" ["G DATA Software AG"] RXDCExtSvr\(Default) = "{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\Programme\Manfred\Virtual Drive 9\DC_ShellExt.dll" ["Sonic Solutions"] SYSTRAN\(Default) = "{7BEDB9F5-A8A8-48eb-BEFE-8357423A6FE6}" -> {HKLM...CLSID} = "Systran6.SystranShellContextMenu" \InProcServer32\(Default) = "mscoree.dll" [MS] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "ClearRecentDocsOnExit" = (REG_DWORD) dword:0x00000001 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Startup items in "Manfred" & "All Users" startup folders: --------------------------------------------------------- C:\Dokumente und Einstellungen\Manfred\Startmenü\Programme\Autostart "Adobe Gamma" -> shortcut to: "C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Adobe Acrobat - Schnellstart" -> shortcut to: "C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe" [null data] "Adobe Reader Synchronizer" -> shortcut to: "D:\Programme\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [null data] "G DATA Firewall Tray" -> shortcut to: "D:\Programme\Manfred\Firewall\GDFirewallTray.exe" ["G DATA Software AG"] "Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office\OSA9.EXE -b -l" [MS] Enabled Scheduled Tasks: ------------------------ "AppleSoftwareUpdate" -> launches: "C:\Programme\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "C:\Programme\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{0124123D-61B4-456F-AF86-78C53A0790C5}" = "G DATA WebFilter" -> {HKLM...CLSID} = "G DATA WebFilter" \InProcServer32\(Default) = "D:\Programme\Manfred\Webfilter\AVKWebIE.dll" ["G DATA Software AG"] "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided) -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] "{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" = (no title provided) -> {HKLM...CLSID} = "Contribute Toolbar" \InProcServer32\(Default) = "D:\Programme\Adobe\/Adobe Contribute CS3/contributeieplugin.dll" ["Adobe Systems Incorporated."] Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ {182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "D:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Recherchieren" {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ "MenuText" = "Spybot - Search & Destroy Configuration" "CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}" -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "D:\PROGRA~1\Manfred\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, "C:\Programme\Bonjour\mDNSResponder.exe" ["Apple Computer, Inc."] Ad-Aware 2007 Service, aawservice, "D:\Programme\aawservice.exe" ["Lavasoft"] Autodesk Licensing Service, Autodesk Licensing Service, ""C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe"" ["Autodesk"] AVK Service, AVKService, "D:\Programme\Manfred\AVK\AVKService.exe" ["G DATA Software AG"] AVK Wächter, AVKWCtl, "D:\Programme\Manfred\AVK\AVKWCtl.exe" ["G DATA Software AG"] AVKProxy, AVKProxy, ""C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe"" ["G DATA Software AG"] Cyberlink RichVideo Service(CRVS), RichVideo, ""C:\Programme\CyberLink\Shared files\RichVideo.exe"" [empty string] FLEXnet Licensing Service, FLEXnet Licensing Service, ""C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"" ["Macrovision Europe Ltd."] G DATA Personal Firewall, GDFwSvc, "D:\Programme\Manfred\Firewall\GDFwSvc.exe" ["G DATA Software AG"] mental ray 3.5 Satellite (32-bit), mi-raysat_3dsmax9_32, "D:\Programme\mentalray\satellite\raysat_3dsmax9_32server.exe" [null data] Messenger USN Journal Reader-Service für freigegebene Ordner, usnjsvc, ""C:\Programme\MSN Messenger\usnsvc.exe"" [MS] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] PC Tools Auxiliary Service, sdAuxService, "D:\Programme\Spyware Doctor\pctsAuxs.exe" ["PC Tools"] PC Tools Security Service, sdCoreService, "D:\Programme\Spyware Doctor\pctsSvc.exe" ["PC Tools"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- (launch time: 2008-02-29 15:17:35) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 32 seconds, including 5 seconds for message boxes) |
29.02.2008, 15:37 | #6 |
| You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2) Hallo ENTWARNUNG Ein Aruf bei G-Data hat den Fehler aufgezeigt. Da - wie man mir sagte dies erst seit einiger Zeit vorkommt und nur ab und zu bei einigen kunden poste ich die erklärung mal: bei den einstellungen im g-data webfiltertool probeweise das ganze tool ausschalten. wenn es dann wieder möglich ist zu surfen - den webfilter wieder aktivieren und nachsehen ob der punkt "blocken getarnter URL`s" aktiv ist. wenn ja deaktivieren - dann gehts wieder. hoffe es hilft dem ein oder anderen. erstmal herzlichen dank bei alen für die mühe. sorry - aber da muss man ja auch erstmal drauf kommen. DANKE Ergänzung: Bitte einer der Mods den Thread als erledig kennzeichnen um unnötige Arbeit zu ersparen. Danke! Geändert von AeonFelisimo (29.02.2008 um 15:39 Uhr) Grund: Kann Thema nicht selbst editieren |
29.02.2008, 15:40 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2) Also was auffälliges hab ich da nicht gesehen. Kommt noch das neue hjt logfile? Was hast du denn gemacht am PC bevor der Fehler auftrat. Von nix kommt nix.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu You have a variant of the Coolwebsearch trojan (CWS.Smartsearch.2) |
32-bit, ad-aware, adobe, aufrufe, bho, bonjour, computer, dll, email, eraser, explorer, firewall, g data, google, google startseite, helfen, hijack, hijackthis, home, immer wieder, internet, internet explorer, kommt immer wieder, konvertieren, nvidia, pdf, pdf-datei, pop-up-blocker, rundll, security, shortcut, software, spyware, system, trojan, unknown file in winsock lsp, urlsearchhook, userinit.exe, windows, windows xp |