critical system errorsThema ist geschlossen! |
|
---|---|
Thema ist geschlossen! |
|
15.12.2006, 18:46
...neu hier
Beiträge: 9 |
|
|
|
16.12.2006, 00:42
Ehrenmitglied
Beiträge: 29434 |
#2
adi06
die internetverbindung wird auf einen Server in die Ukraine umgeleitet.... - kein Wunder - wer den UnSpyPC laedt, zerstoert sich den Rechner 1. scanne und poste dieses log http://virus-protect.org/artikel/tools/fixwareout.html 2. poste dieses log http://www.f-secure.com/blacklight/ starte die Datei, nimm die Lizenzbestimmung an und waehle scan, wenn es mit dem Scan fertig ist, druecke next und danach close. Nun befindet sich im selben Ordner von Blacklight eine FSB*.TXT Datei __________ MfG Sabina rund um die PC-Sicherheit |
|
|
16.12.2006, 11:37
...neu hier
Themenstarter Beiträge: 9 |
#3
Moin,
Fixwareout Last edited 12/06/2006 Post this report in the forums please ... Prerun check [HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="cssxs.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] @="" ... ... Reg Entries that were deleted HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\xedocne HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwoh HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23plhps HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\mgcppp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\tesvaf HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\32refaselif HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\bzvmd HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif ... Random Runs removed from HKLM "dmvzb.exe"=- ... ... PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Searching by size/names... »»»»» Search five digit cs, dm kd and jb files. This WILL/CAN also list Legit Files, Submit them at Virustotal Other suspects. »»»»» Misc files. »»»»» Checking for older varients covered by the Rem3 tool. ... Postrun check [HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "system"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] @="" ... F-Secure: 12/16/06 11:40:46 [Info]: BlackLight Engine 1.0.47 initialized 12/16/06 11:40:46 [Info]: OS: 5.1 build 2600 (Service Pack 2) 12/16/06 11:40:47 [Note]: 7019 4 12/16/06 11:40:47 [Note]: 7005 0 12/16/06 11:40:50 [Note]: 7006 0 12/16/06 11:40:50 [Note]: 7011 1732 12/16/06 11:40:51 [Note]: 7026 0 12/16/06 11:40:51 [Note]: 7026 0 12/16/06 11:41:06 [Note]: FSRAW library version 1.7.1020 12/16/06 11:51:43 [Note]: 2000 1012 12/16/06 11:51:43 [Note]: 2000 1012 12/16/06 11:52:06 [Note]: 7007 0 Dieser Beitrag wurde am 16.12.2006 um 11:58 Uhr von adi06 editiert.
|
|
|
16.12.2006, 16:32
Ehrenmitglied
Beiträge: 29434 |
#4
adi06
1. arbeite das avenger script und smitfraudfix ab - poste hier das log von smitfraudfix ...interessiert mich, ob etwas ausgeloescht wird, was ich nicht im avengerscript habe.. http://virus-protect.org/artikel/spyware/videoactivexobject.html 2. Download Registry Search by Bobbi Flekman http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) UnSpyPC in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. in: "Enter search strings" (reinschreiben oder reinkopieren) {2B4D2DD2-73E9-CBCF-6045-E5BD050744FD} in edit und klicke "Ok". Notepad wird sich öffnen -- kopiere den Text ab und poste ihn. ____________________________________________________________________________________ 3. öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat R3 - URLSearchHook: (no name) - {2B4D2DD2-73E9-CBCF-6045-E5BD050744FD} - prcmon.dll (file missing)PC neustarten »» Hoster.zip http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. »» scanne noch mal mit Fixwareout «« poste das neue log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
16.12.2006, 17:30
...neu hier
Themenstarter Beiträge: 9 |
#5
Ergebnisse von regsearch " unspypc"
REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 16.12.2006 17:27:53 for strings: ; ' unspypc unspypc unspypc' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... Die andren Ergebnisse: REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 16.12.2006 17:32:48 for strings: ; '{2b4d2dd2-73e9-cbcf-6045-e5bd050744fd} {2b4d2dd2-73e9-cbcf-6045-e5bd050744fd} {2b4d2dd2-73e9-cbcf-6045-e5bd050744fd} {2b4d2dd2-73e9-cbcf-6045-e5bd050744fd} {2b4d2dd2-73e9-cbcf-6045-e5bd050744fd} {2b4d2dd2-73e9-cbcf-6045-e5bd050744fd} {2b4d2dd2-73e9-cbcf-6045-e5bd050744fd} ' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... Dieser Beitrag wurde am 16.12.2006 um 17:34 Uhr von adi06 editiert.
|
|
|
16.12.2006, 17:46
Ehrenmitglied
Beiträge: 29434 |
#6
o.k. nun arbeite den rest ab
dann poste das neue log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
16.12.2006, 17:56
...neu hier
Themenstarter Beiträge: 9 |
#7
Ich war gerade bei Schritt 3, neustart :-)
Zu Schritt 1: Das avenger script kann ich nicht öffnen! Es erfolgt folgende Meldung: Error: could not open scriptfile. Please verify that path name is valia and file exists. smitfraudfix - ich hab da mal alles angeklickt aber es ist eigentlich nichts passiert. Schritt 2: ohne Probleme Schritt 3: folgende Dateien konnte ich kein Häckchen vormachen! O1 - Hosts: localhost 127.0.0.1 O4 - HKLM\..\Run: [dmvzb.exe] C:\WINDOWS\system32\dmvzb.exe O9 - Extra button: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Programme\UnSpyPC\UnSpyPC.exe (file missing) (HKCU) Ich werde jetzt die weiteren Schritte durchgehen! --------------------------- An dieser Stelle möchte ich mich schon mal für die eidrucksvolle Hilfe bedanken!!!!! ------------------------------ Schritt 4: Press 'Restore Original Hosts' and press 'OK' Exit Program. Diese Funktion kann ich in dem angegebenen Programm nicht betätigen! Dieser Beitrag wurde am 16.12.2006 um 18:01 Uhr von adi06 editiert.
|
|
|
16.12.2006, 18:04
Ehrenmitglied
Beiträge: 29434 |
#8
o.k.
poste das neue log vom HijackThis nach neustart __________ MfG Sabina rund um die PC-Sicherheit |
|
|
16.12.2006, 18:09
...neu hier
Themenstarter Beiträge: 9 |
#9
Die letzten beiden Schritte:
Fixwareout Last edited 12/06/2006 Post this report in the forums please ... Prerun check [HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "system"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] @="" ... ... Reg Entries that were deleted ... Random Runs removed from HKLM ... ... PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Searching by size/names... »»»»» Search five digit cs, dm kd and jb files. This WILL/CAN also list Legit Files, Submit them at Virustotal Other suspects. »»»»» Misc files. »»»»» Checking for older varients covered by the Rem3 tool. ... Logfile of HijackThis v1.99.1 Scan saved at 18:09:24, on 16.12.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\Dit.exe C:\WINDOWS\mHotkey.exe C:\Programme\Medion Home Cinema XL II\PowerCinema\PCMService.exe C:\WINDOWS\system32\PRISMSTA.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\DitExp.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Java\jre1.5.0_07\bin\jusched.exe C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\FRITZ!DSL\StCenter.exe C:\WINDOWS\CNYHKey.exe C:\Programme\deGruyter\Pschyrembel\bin\LibInst.Gui.exe C:\Programme\FRITZ!DSL\FwebProt.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\tom\LOKALE~1\Temp\Rar$EX00.390\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [PCMService] "C:\Programme\Medion Home Cinema XL II\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB001" /M "Stylus C86" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [kis] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe O4 - Global Startup: Kontrollfeld für die kabellose Tastatur.lnk = C:\WINDOWS\CNYHKey.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\powerpoint\Office10\OSA.EXE O4 - Global Startup: NXT Library Installer.lnk = C:\Programme\deGruyter\Pschyrembel\bin\LibInst.Gui.exe O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MedionShop - {84FAA847-1400-4400-BC93-D338EF03127B} - http://www.medionshop.de/ (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe |
|
|
16.12.2006, 18:14
Ehrenmitglied
Beiträge: 29434 |
#10
scanne und poste den scanreport
http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
16.12.2006, 18:57
...neu hier
Themenstarter Beiträge: 9 |
#11
So, da sind die Ergebnisse!
( Bitte gib mir weitere Anweisungen, ich bin ab Sonntag Abend ca. 23-24 Uhr wieder online. Ich wünsch dir noch ein schönes Wochenende!!!!!) Spyware Scan Details Start Date: 16.12.2006 18:24:43 End Date: 16.12.2006 18:55:37 Total Time: 30 mins 54 secs Detected spyware Trojan-Downloader.Zlob.Media-Codec Trojan Downloader more information... Details: Trojan-Downloader.Zlob.Media-Codec is a program that typically purports to be a needed upgrade to Windows Media Player in order to view adult oriented videos on certain websites. However, Trojan-Downloader.Zlob.Media-Codec actually downloads and installs Status: Ignored Infected files detected c:\programme\video activex object\iesplugin.dll c:\programme\video activex object\iesuninst.exe c:\programme\video activex object\isaddon.dll c:\programme\video activex object\isamini.exe c:\programme\video activex object\isamonitor.exe c:\programme\video activex object\isauninst.exe c:\programme\video activex object\ot.ico c:\programme\video activex object\pmmon.exe c:\programme\video activex object\pmsngr.exe c:\programme\video activex object\pmuninst.exe c:\programme\video activex object\ts.ico c:\programme\video activex object\uninst.exe c:\windows\system32\qrzsyr.dll Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 DisplayName Internet Explorer Security Plugin 2006 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 UninstallString "C:\Programme\Video ActiveX Object\iesuninst.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On DisplayName Internet Security Add-On HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On UninstallString "C:\Programme\Video ActiveX Object\isauninst.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 DisplayName Public Messenger ver 2.03 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 UninstallString "C:\Programme\Video ActiveX Object\pmuninst.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object URLInfoAbout www.mediaobjectsource.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object DisplayVersion 2.07 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object DisplayName Video ActiveX Object 2.07 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object ProductionEnvironment 1 HKEY_CLASSES_ROOT\CLSID\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2} HKEY_CLASSES_ROOT\CLSID\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2}\InprocServer32 C:\Programme\Video ActiveX Object\iesplugin.dll HKEY_CLASSES_ROOT\CLSID\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2} Protection Bar HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object ProductionEnvironment 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object DisplayName Video ActiveX Object 2.07 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object UninstallString C:\Programme\Video ActiveX Object\uninst.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object DisplayIcon C:\Programme\Video ActiveX Object\uninst.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object DisplayVersion 2.07 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object URLInfoAbout www.mediaobjectsource.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object Publisher Video ActiveX Object Software WindUpdates Browser Plug-in more information... Details: WindUpdates is an adware application that installs as a browser plug-in and displays advertising on the desktop. Status: Ignored Infected files detected c:\windows\system32\ide21201.vxd DesktopScam Trojan Downloader more information... Details: DesktopScam is a trojan that is downloaded with rogue security applicatons in order to frighten the affected user into purchasing the rogue program. Status: Ignored Infected files detected c:\dokumente und einstellungen\all users\startmenü\security troubleshooting.url c:\dokumente und einstellungen\all users\startmenü\online security guide.url C:\Programme\Video ActiveX Object\ot.ico C:\Programme\Video ActiveX Object\ts.ico WindUpdates.MediaAccess Adware (General) more information... Details: WindUpdates.MediaAccess is an adware program that spawns pop-ups on the desktop. Status: Ignored Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Media Gateway HKEY_LOCAL_MACHINE\SOFTWARE\Media Gateway zuk 0 HKEY_LOCAL_MACHINE\SOFTWARE\Media Gateway param 44a1a4a27909f8aaff7b21c72438955b4d8628c0d8d700197d9caef468e79771118a8648139344919bb65f:6435353235363637306562613837363639383437383934333034306261623961:msie:6:0:win:winxp:sp1:javascript WindUpdates.MediaGateway Adware (General) more information... Details: WindUpdates.MediaGateway is an adware application that displays advertising on the desktop, usually pop-ups. Status: Ignored Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{D676F999-4608-4dc5-A135-4F51F4212739} HKEY_CLASSES_ROOT\CLSID\{D676F999-4608-4dc5-A135-4F51F4212739} rsp 1261DF03704B669CC5A3E23076B1D38CD8141004 Trojan-Downloader.Win32.Banload.bkm Trojan Downloader more information... Status: Ignored Infected registry entries detected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations Cookie: Browseraccelerator Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Ignored Infected cookies detected c:\dokumente und einstellungen\tom\cookies\tom@atdmt[2].txt Cookie: ABetterInternet.Aurora Cookie Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Ignored Infected cookies detected c:\dokumente und einstellungen\tom\cookies\tom@a[1].txt Cookie: DoubleClick Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Ignored Infected cookies detected c:\dokumente und einstellungen\tom\cookies\tom@doubleclick[1].txt Cookie: Hitbox.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Ignored Infected cookies detected c:\dokumente und einstellungen\tom\cookies\tom@hitbox[2].txt Cookie: Mediaplex.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Ignored Infected cookies detected c:\dokumente und einstellungen\tom\cookies\tom@mediaplex[1].txt Cookie: BS.Serving-Sys Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Ignored Infected cookies detected c:\dokumente und einstellungen\tom\cookies\tom@serving-sys[1].txt Dieser Beitrag wurde am 16.12.2006 um 19:11 Uhr von adi06 editiert.
|
|
|
16.12.2006, 19:46
Ehrenmitglied
Beiträge: 29434 |
#12
««
ja nun - Status: Ignored loeschen bitte ! «« scanne mit option 2 im Normalmodus und poste den report hier http://virus-protect.org/artikel/tools/smitfrautfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
17.12.2006, 13:10
...neu hier
Themenstarter Beiträge: 9 |
#13
Moin, den spyware scan hab noch mal gemacht und diesmal gelöscht! Den anderen Scan mach ich dann heute abend!
Spyware Scan Details Start Date: 17.12.2006 11:49:58 End Date: 17.12.2006 12:43:42 Total Time: 53 mins 44 secs Detected spyware Trojan-Downloader.Zlob.Media-Codec Trojan Downloader more information... Details: Trojan-Downloader.Zlob.Media-Codec is a program that typically purports to be a needed upgrade to Windows Media Player in order to view adult oriented videos on certain websites. However, Trojan-Downloader.Zlob.Media-Codec actually downloads and installs Status: Quarantined Infected files detected c:\programme\video activex object\iesplugin.dll c:\programme\video activex object\iesuninst.exe c:\programme\video activex object\isaddon.dll c:\programme\video activex object\isamini.exe c:\programme\video activex object\isamonitor.exe c:\programme\video activex object\isauninst.exe c:\programme\video activex object\ot.ico c:\programme\video activex object\pmmon.exe c:\programme\video activex object\pmsngr.exe c:\programme\video activex object\pmuninst.exe c:\programme\video activex object\ts.ico c:\programme\video activex object\uninst.exe c:\windows\system32\qrzsyr.dll Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 DisplayName Internet Explorer Security Plugin 2006 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 UninstallString "C:\Programme\Video ActiveX Object\iesuninst.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On DisplayName Internet Security Add-On HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On UninstallString "C:\Programme\Video ActiveX Object\isauninst.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 DisplayName Public Messenger ver 2.03 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 UninstallString "C:\Programme\Video ActiveX Object\pmuninst.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object URLInfoAbout www.mediaobjectsource.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object DisplayVersion 2.07 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object DisplayName Video ActiveX Object 2.07 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object ProductionEnvironment 1 HKEY_CLASSES_ROOT\CLSID\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2} HKEY_CLASSES_ROOT\CLSID\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2}\InprocServer32 C:\Programme\Video ActiveX Object\iesplugin.dll HKEY_CLASSES_ROOT\CLSID\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2} Protection Bar HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object ProductionEnvironment 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object DisplayName Video ActiveX Object 2.07 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object UninstallString C:\Programme\Video ActiveX Object\uninst.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object DisplayIcon C:\Programme\Video ActiveX Object\uninst.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object DisplayVersion 2.07 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object URLInfoAbout www.mediaobjectsource.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object Publisher Video ActiveX Object Software WindUpdates Browser Plug-in more information... Details: WindUpdates is an adware application that installs as a browser plug-in and displays advertising on the desktop. Status: Quarantined Infected files detected c:\windows\system32\ide21201.vxd DesktopScam Trojan Downloader more information... Details: DesktopScam is a trojan that is downloaded with rogue security applicatons in order to frighten the affected user into purchasing the rogue program. Status: Quarantined Infected files detected c:\dokumente und einstellungen\all users\startmenü\security troubleshooting.url c:\dokumente und einstellungen\all users\startmenü\online security guide.url C:\Programme\Video ActiveX Object\ot.ico C:\Programme\Video ActiveX Object\ts.ico WindUpdates.MediaAccess Adware (General) more information... Details: WindUpdates.MediaAccess is an adware program that spawns pop-ups on the desktop. Status: Quarantined Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Media Gateway HKEY_LOCAL_MACHINE\SOFTWARE\Media Gateway zuk 0 HKEY_LOCAL_MACHINE\SOFTWARE\Media Gateway param 44a1a4a27909f8aaff7b21c72438955b4d8628c0d8d700197d9caef468e79771118a8648139344919bb65f:6435353235363637306562613837363639383437383934333034306261623961:msie:6:0:win:winxp:sp1:javascript WindUpdates.MediaGateway Adware (General) more information... Details: WindUpdates.MediaGateway is an adware application that displays advertising on the desktop, usually pop-ups. Status: Quarantined Infected registry entries detected HKEY_CLASSES_ROOT\CLSID\{D676F999-4608-4dc5-A135-4F51F4212739} HKEY_CLASSES_ROOT\CLSID\{D676F999-4608-4dc5-A135-4F51F4212739} rsp 1261DF03704B669CC5A3E23076B1D38CD8141004 Trojan-Downloader.Win32.Banload.bkm Trojan Downloader more information... Status: Quarantined Infected registry entries detected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations Cookie: Browseraccelerator Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tom\cookies\tom@atdmt[2].txt Cookie: ABetterInternet.Aurora Cookie Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tom\cookies\tom@a[1].txt Cookie: DoubleClick Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tom\cookies\tom@doubleclick[1].txt Cookie: Hitbox.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tom\cookies\tom@hitbox[2].txt Cookie: Mediaplex.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tom\cookies\tom@mediaplex[1].txt Cookie: BS.Serving-Sys Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tom\cookies\tom@serving-sys[2].txt |
|
|
17.12.2006, 14:11
Ehrenmitglied
Beiträge: 29434 |
|
|
|
17.12.2006, 23:24
...neu hier
Themenstarter Beiträge: 9 |
#15
Hi, irgendwie funktioniert das mit smitfrautfix bei mir nicht!
Fofgende Meldung erhalte ich: Parametre manquant ou incorrect Logfile of HijackThis v1.99.1 Scan saved at 23:20:29, on 17.12.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Sunbelt Software\CounterSpy\Consumer\Thread.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\Dit.exe C:\WINDOWS\mHotkey.exe C:\Programme\Medion Home Cinema XL II\PowerCinema\PCMService.exe C:\WINDOWS\system32\PRISMSTA.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Java\jre1.5.0_07\bin\jusched.exe C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programme\FRITZ!DSL\StCenter.exe C:\WINDOWS\CNYHKey.exe C:\WINDOWS\DitExp.exe C:\Programme\deGruyter\Pschyrembel\bin\LibInst.Gui.exe C:\Programme\FRITZ!DSL\FwebProt.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\wanmpsvc.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\tom\LOKALE~1\Temp\Rar$EX00.953\HijackThis.exe C:\Programme\Java\jre1.5.0_07\bin\jucheck.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [PCMService] "C:\Programme\Medion Home Cinema XL II\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB001" /M "Stylus C86" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [kis] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe O4 - Global Startup: Kontrollfeld für die kabellose Tastatur.lnk = C:\WINDOWS\CNYHKey.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\powerpoint\Office10\OSA.EXE O4 - Global Startup: NXT Library Installer.lnk = C:\Programme\deGruyter\Pschyrembel\bin\LibInst.Gui.exe O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: MedionShop - {84FAA847-1400-4400-BC93-D338EF03127B} - http://www.medionshop.de/ (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe |
|
|
Ich habe mich an anderen Beiträgen orientiert und schon etwas "Vorgearbeitet".
biLogfile of HijackThis v1.99.1
Scan saved at 18:30:11, on 15.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Video ActiveX Object\pmsngr.exe
C:\Programme\Video ActiveX Object\isamonitor.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\Programme\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\WINDOWS\system32\PRISMSTA.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE
C:\Programme\Video ActiveX Object\pmmon.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Video ActiveX Object\isamini.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Java\jre1.5.0_07\bin\jusched.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\WINDOWS\DitExp.exe
C:\Programme\FRITZ!DSL\StCenter.exe
C:\WINDOWS\CNYHKey.exe
C:\Programme\deGruyter\Pschyrembel\bin\LibInst.Gui.exe
C:\Programme\FRITZ!DSL\FwebProt.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Programme\Java\jre1.5.0_07\bin\jucheck.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\tom\LOKALE~1\Temp\Rar$EX00.047\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R3 - URLSearchHook: (no name) - {2B4D2DD2-73E9-CBCF-6045-E5BD050744FD} - prcmon.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - C:\Programme\Video ActiveX Object\isaddon.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Programme\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB001" /M "Stylus C86"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dmvzb.exe] C:\WINDOWS\system32\dmvzb.exe
O4 - HKLM\..\Run: [ExchangeMaster] Dest068.exe
O4 - HKLM\..\Run: [TorontoMail] prgsys0984.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [kis] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EXE32EXE] msag.exe
O4 - HKCU\..\Run: [backorif] TForm1.exe
O4 - HKCU\..\Run: [killall] utsgmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe
O4 - Global Startup: Kontrollfeld für die kabellose Tastatur.lnk = C:\WINDOWS\CNYHKey.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\powerpoint\Office10\OSA.EXE
O4 - Global Startup: NXT Library Installer.lnk = C:\Programme\deGruyter\Pschyrembel\bin\LibInst.Gui.exe
O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {84FAA847-1400-4400-BC93-D338EF03127B} - http://www.medionshop.de/ (file missing) (HKCU)
O9 - Extra button: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Programme\UnSpyPC\UnSpyPC.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Programme\UnSpyPC\UnSpyPC.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{424D0D13-EFD8-430C-9852-8B333A4E5A44}: NameServer = 85.255.116.110
O17 - HKLM\System\CCS\Services\Tcpip\..\{425C4A54-0E8B-41F5-93FF-01612312F4A7}: NameServer = 85.255.116.110
O17 - HKLM\System\CCS\Services\Tcpip\..\{49831CA8-3C1B-4189-8D39-4D4E774FA205}: NameServer = 85.255.116.110
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C0E6429-87B0-46CB-A610-04092D7CBA28}: NameServer = 85.255.116.110
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C894BE4-8446-408C-9335-96106BBEE9D8}: NameServer = 85.255.116.110
O17 - HKLM\System\CCS\Services\Tcpip\..\{A97069D5-B17F-42C2-AAFE-91BEC3A473E2}: NameServer = 85.255.116.110
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC382372-5EC4-434D-846F-51E94F7804AF}: NameServer = 85.255.116.110
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
tom - 06-12-15 19:00:21,65 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Dokumente und Einstellungen\tom\Eigene Dateien\Eigene Downloads"
((((((((((((((((((((((((((((((( Files Created from 2006-11-15 to 2006-12-15 ))))))))))))))))))))))))))))))))))
2006-12-15 18:51 <DIR> d-------- C:\Programme\CleanUp!
2006-12-15 16:25 19,456 --a------ C:\WINDOWS\system32\qrzsyr.dll
2006-12-15 16:24 <DIR> d-------- C:\Programme\Video ActiveX Object
2006-12-14 15:12 <DIR> d-------- C:\Programme\Kaspersky Lab
2006-12-14 15:12 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2006-11-15 01:35 <DIR> d-------- C:\Programme\MSXML 4.0
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-12-15 18:57 -------- d-------- C:\Dokumente und Einstellungen\tom\Anwendungsdaten\FRITZ!
2006-12-15 16:41 -------- d-------- C:\Programme\AOL 8.0
2006-12-15 13:40 18612 --a------ C:\Dokumente und Einstellungen\tom\Anwendungsdaten\wklnhst.dat
2006-12-15 11:25 -------- d-------- C:\Programme\Call of Duty
2006-12-15 01:41 -------- d-------- C:\Programme\Internet Explorer
2006-12-15 01:40 -------- d-------- C:\Programme\Outlook Express
2006-12-14 17:25 61584 --a------ C:\WINDOWS\system32\drivers\klick.sys
2006-12-14 17:25 59536 --a------ C:\WINDOWS\system32\drivers\klin.sys
2006-12-07 07:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-08 06:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-31 14:23 -------- d-------- C:\Programme\Google
2006-10-20 15:44 -------- d-------- C:\Programme\PokerStars.NET
2006-10-20 02:38 715776 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-13 13:35 146432 --a------ C:\WINDOWS\system32\nwprovau.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Programme\\MSN Messenger\\msnmsgr.exe\" /background"
"EXE32EXE"="msag.exe"
"backorif"="TForm1.exe"
"killall"="utsgmon.exe"
"swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"Dit"="Dit.exe"
"CHotkey"="mHotkey.exe"
"PCMService"="\"C:\\Programme\\Medion Home Cinema XL II\\PowerCinema\\PCMService.exe\""
"PRISMSTA.EXE"="PRISMSTA.EXE START"
"Microsoft Works Update Detection"="C:\\Programme\\Gemeinsame Dateien\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"EPSON Stylus C86 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I0R2.EXE /P23 \"EPSON Stylus C86 Series\" /O6 \"USB001\" /M \"Stylus C86\""
"PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"iTunesHelper"="C:\\Programme\\iTunes\\iTunesHelper.exe"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"dmvzb.exe"="C:\\WINDOWS\\system32\\dmvzb.exe"
"ExchangeMaster"="Dest068.exe"
"TorontoMail"="prgsys0984.exe"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"kis"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{01b55afa-f451-474b-9e91-c35b24d02641}"="boob"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoBandCustomize"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamonitor.exe"="C:\\Programme\\Video ActiveX Object\\isamonitor.exe"
"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\%s"="C:\\Programme\\Video ActiveX Object\\isamonitor.exe"
"isamini.exe"="C:\\Programme\\Video ActiveX Object\\isamonitor.exe"
"pmsngr.exe"="C:\\Programme\\Video ActiveX Object\\pmsngr.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 06-12-15 19:01:43.28
C:\ComboFix.txt ... 06-12-15 19:01