Home » Viren, Trojaner & Malware Forum » internet relevante programme lassen sich nicht öffnen (Hijack & ComboFix) » Themenansicht
internet relevante programme lassen sich nicht öffnen (Hijack & ComboFix) |
||
|---|---|---|
| #0
| ||
|
21.08.2006, 12:41
...neu hier
Beiträge: 3 |
||
 
|
|
|
|
21.08.2006, 15:10
Ehrenmitglied
 Beiträge: 29434 |
#2
ViperXXL
a) ich empfehle zu formatieren "hostserv"="ntsfxp.exe" "IExplorer8 Java Scripting"="IExplore8.exe" "MS Auto-IPSec Protection"="MSASP32.exe" "Registry Checkup System9 Monitor"="Winregs9.exe" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\Netlib b) falls du reinigen willst: 1. http://www.f-secure.com/blacklight/ starte die Datei, nimm die Lizenzbestimmung an und waehle scan, wenn es mit dem Scan fertig ist, druecke next und danach close. Nun befindet sich im selben Ordner von Blacklight eine FSB*.TXT Datei - hier posten 2. Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html 3. ServiceFilter.zip http://virus-protect.org/artikel/tools/ServiceFilter.zip - entzippen - doppelklick auf die datei ServiceFilter.vbs - versions-nummer bestätigen - scannen - öffnen von wordpad oder editor erlauben - POST_THIS.TXT abkopieren __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
21.08.2006, 18:12
...neu hier
Themenstarter Beiträge: 3 |
#3
Blacklight funktioniert irgendwie ned - hängt sich beim scannen auf
 der rest hat geklappt: 20.08.2006 20:38 2,262 wpa.dbl 18.08.2006 14:22 177,056 FNTCACHE.DAT 18.08.2006 00:16 14,848 BASSMOD.dll 20.07.2006 17:17 2,248,704 GmPkr3.dll 29.06.2006 00:53 3,534 jupdate-1.5.0_03-b07.log 28.06.2006 01:02 415,800 perfh007.dat 28.06.2006 01:02 75,194 perfc007.dat 28.06.2006 01:02 62,480 perfc009.dat 28.06.2006 01:02 401,200 perfh009.dat 28.06.2006 01:02 961,856 PerfStringBackup.INI 09.06.2006 17:59 57,384 avsda.dll 31.05.2006 17:00 258,048 GMMailer.dll 31.05.2006 16:57 73,728 GMSigMan.dll 17.05.2006 17:28 282,624 AOSMTPEX.dll 16.05.2006 22:23 28,672 vxblock.dll 16.05.2006 22:23 339,968 pxwave.dll 16.05.2006 22:23 56,832 pxinsa64.exe 16.05.2006 22:23 57,344 pxcpya64.exe 16.05.2006 22:23 450,560 pxdrv.dll 16.05.2006 22:23 61,440 pxhpinst.exe 16.05.2006 22:23 176,128 pxmas.dll 16.05.2006 22:23 1,257,472 pxsfs.dll 16.05.2006 22:23 430,080 px.dll 11.05.2006 17:22 45,056 GMPaths.dll 11.05.2006 17:13 294,912 GMAccMan.dll 11.05.2006 17:07 65,536 GMMesCom.dll 10.05.2006 11:59 353,912 sfrem01.exe 04.05.2006 17:35 65,536 QuickTimeVR.qtx 04.05.2006 17:35 49,152 QuickTime.qts 23.04.2006 19:51 299,008 miccyhook.dll 23.04.2006 01:48 282,624 AOSMTP.dll 20.04.2006 00:08 117 EPPICResdb 20.04.2006 00:08 6,291 EPPICResdb0000 13.04.2006 08:57 778,240 divx_xx0c.dll 13.04.2006 08:57 619,156 DivX.dll 13.04.2006 08:57 778,240 divx_xx07.dll 13.04.2006 08:57 761,856 divx_xx11.dll 09.04.2006 23:59 700,416 DivXdec.ax 08.04.2006 05:21 118,784 DivXCodecUpdateChecker.exe 08.04.2006 03:13 53,248 dpuGUI10.dll 08.04.2006 03:13 57,344 dpv11.dll 08.04.2006 03:13 294,912 dpu10.dll 08.04.2006 03:13 200,704 dtu100.dll 08.04.2006 03:13 593,920 dpuGUI11.dll 08.04.2006 03:13 294,912 dpu11.dll 08.04.2006 03:13 344,064 dpus11.dll 08.04.2006 03:13 90,112 dpl100.dll 06.04.2006 21:48 5,143,456 MRT.exe 06.04.2006 20:11 200,704 ssldivx.dll 06.04.2006 20:11 1,044,480 libdivx.dll 06.04.2006 20:11 3,596,288 qt-dx331.dll 06.04.2006 20:10 536,576 DivXsm.exe 06.04.2006 20:10 10,716 dsm_ja.qm 06.04.2006 20:10 4,276 divxsm.tlb 06.04.2006 20:10 15,331 dsm_de.qm 06.04.2006 20:10 352,401 DivXMedia.ax 06.04.2006 20:10 15,172 dsm_fr.qm Verzeichnis von C:\DOKUME~1\VIPER_~1\LOKALE~1\Temp 21.08.2006 18:05 240 datFind.zip 21.08.2006 16:57 122,880 ~WSE4.tmp 21.08.2006 13:46 276,357 INS5531.tmp 17.08.2006 20:13 141 BB5259D1.TMP 23.01.2006 15:36 429 datFind.bat 5 Datei(en) 400,047 Bytes 0 Verzeichnis(se), 3,474,046,976 Bytes frei 21.08.2006 18:03 159 wiadebug.log 21.08.2006 18:03 0 0.log 21.08.2006 18:03 2,048 bootstat.dat 21.08.2006 17:56 32,518 SchedLgU.Txt 21.08.2006 17:56 50 wiaservc.log 21.08.2006 17:56 1,882,469 WindowsUpdate.log 21.08.2006 16:57 132 winamp.ini 21.08.2006 14:02 284 system.ini 21.08.2006 14:02 973 win.ini 21.08.2006 14:02 59 ANS2000.INI 21.08.2006 14:02 4 a3kebook.ini 21.08.2006 14:02 20 akebook.ini 21.08.2006 13:46 9,719 IEXPLORE.LIC 21.08.2006 13:46 93 netctrl.ini 18.08.2006 00:02 116 NeroDigital.ini 17.08.2006 18:56 76,352 wmsetup.log 08.08.2006 00:08 742,705 setupapi.log 05.08.2006 16:40 656 GEARInstall.log 04.08.2006 11:33 21,187 Nations at War Uninstall Log.txt 02.08.2006 16:07 158,369 setupact.log 02.08.2006 11:30 345,060 DirectX.log 19.06.2006 11:32 73,216 cadkasdeinst01.exe 29.05.2006 13:34 0 ae_mini.INI 23.05.2006 10:10 326,886 ntbtlog.txt 10.05.2006 19:53 44,531 Point of Existence Setup Log.txt 02.05.2006 15:40 40 RSoftInfo.dat 29.04.2006 18:44 54,080 N.A.W Map Pack 1 Setup Log.txt 29.04.2006 17:05 47,982 Nations at War Setup Log.txt 16.04.2006 13:21 30,764 spupdsvc.log 16.04.2006 03:01 24,282 ocmsn.log 16.04.2006 03:01 99,358 ntdtcsetup.log 16.04.2006 03:01 1,374 imsins.log 16.04.2006 03:01 18,477 tabletoc.log 16.04.2006 03:01 27,551 medctroc.Log 16.04.2006 03:01 23,916 msgsocm.log 16.04.2006 03:01 26,366 KB908531.log 16.04.2006 03:01 154,478 msmqinst.log 16.04.2006 03:01 221,282 tsoc.log 16.04.2006 03:01 230,659 ocgen.log 16.04.2006 03:01 467,722 FaxSetup.log 16.04.2006 03:01 584,047 iis6.log 16.04.2006 03:01 165,182 comsetup.log 16.04.2006 03:01 64,205 netfxocm.log 16.04.2006 03:01 30,463 updspapi.log 16.04.2006 03:01 25,604 KB911562.log 16.04.2006 03:01 1,374 imsins.BAK 16.04.2006 03:01 27,141 KB912812.log 16.04.2006 03:01 21,069 KB911565.log 16.04.2006 03:00 19,147 KB911567.log 15.04.2006 15:25 16 wininit.ini 08.04.2006 22:19 59 cdplayer.ini 05.04.2006 18:32 142,773 EPSTPLOG.TXT 05.04.2006 18:30 31 EPSMTL32.TXT 01.04.2006 14:33 7,739 mozver.dat 01.04.2006 14:23 107,134 UninstallFirefox.exe ---> Begin Service Listing <--- Unknown Service # 1 Service Name: Adobe LM Service Display Name: Adobe LM Service Start Mode: Manual Start Name: LocalSystem Description: AdobeLM ... Service Type: Own Process Path: "c:\programme\gemeinsame dateien\adobe systems shared\service\adobelmsvc.exe" State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 2 Service Name: AntiVirScheduler Display Name: AntiVir PersonalEdition Classic Planer Start Mode: Auto Start Name: LocalSystem Description: Dienst zur Steuerung von AntiVir Prüfaufträgen und ... Service Type: Own Process Path: c:\programme\antivir personaledition classic\sched.exe State: Running Process ID: 252 Started: Wahr Exit Code: 0 Accept Pause: Wahr Accept Stop: Wahr Unknown Service # 3 Service Name: AntiVirService Display Name: AntiVir PersonalEdition Classic Guard Start Mode: Auto Start Name: LocalSystem Description: Bietet permanente Schutz vor Viren und Malware mit der AntiVir ... Service Type: Own Process Path: c:\programme\antivir personaledition classic\avguard.exe State: Running Process ID: 236 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 4 Service Name: AshampooDefragService Display Name: Ashampoo Defrag Service Start Mode: Auto Start Name: LocalSystem Description: Defragmentiert die Festplatte im ... Service Type: Own Process Path: c:\programme\ashampoo\ashampoo magic defrag\bin\adefragservice.exe State: Running Process ID: 340 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service #5 Service Name: aspnet_state Display Name: ASP.NET State Service Start Mode: Manual Start Name: NT AUTHORITY\NetworkService Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, ... Service Type: Own Process Path: c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 6 Service Name: clr_optimization_v2.0.50727_32 Display Name: .NET Runtime Optimization Service v2.0.50727_X86 Start Mode: Manual Start Name: LocalSystem Description: Microsoft .NET Framework ... Service Type: Own Process Path: c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 7 Service Name: ewido anti-spyware 4.0 guard Display Name: ewido anti-spyware 4.0 guard Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\programme\ewido anti-spyware 4.0\guard.exe State: Running Process ID: 440 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 8 Service Name: IDriverT Display Name: InstallDriver Table Manager Start Mode: Manual Start Name: LocalSystem Description: Provides support for the Running Object Table for InstallShield ... Service Type: Own Process Path: "c:\programme\gemeinsame dateien\installshield\driver\11\intel 32\idrivert.exe" State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service #9 Service Name: iPodService Display Name: iPodService Start Mode: Manual Start Name: LocalSystem Description: iPod hardware management ... Service Type: Own Process Path: c:\programme\ipod\bin\ipodservice.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 10 Service Name: mousehs Display Name: Mouse Hardware Sync Start Mode: Auto Start Name: LocalSystem Description: Enables a computer to maintain synchronization with a PS/2 pointing device. Stopping or disabling ... Service Type: Own Process Path: c:\windows\system32\mousehs.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 0 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 11 Service Name: Netlib Display Name: Net Functions Library Start Mode: Auto Start Name: LocalSystem Description: Handling all NET related functions for the local ... Service Type: Own Process Path: c:\windows\system32\netlib.exe State: Stopped Process ID: 0 Started: Falsch Exit Code: 0 Accept Pause: Falsch Accept Stop: Falsch Unknown Service #12 Service Name: ose Display Name: Office Source Engine Start Mode: Manual Start Name: LocalSystem Description: Saves installation files used for updates and repairs and is required for the downloading of Setup ... Service Type: Own Process Path: "c:\programme\gemeinsame dateien\microsoft shared\source engine\ose.exe" State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 13 Service Name: sfrem01 Display Name: SF FrontLine Drivers Auto Removal (v1) Start Mode: Auto Start Name: LocalSystem Description: This service will automatically uninstall SF FrontLine drivers when you don't need them anymore to ... Service Type: Own Process Path: c:\windows\system32\sfrem01.exe svc State: Stopped Process ID: 0 Started: Falsch Exit Code: 0 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 14 Service Name: StarWindService Display Name: StarWind iSCSI Service Start Mode: Auto Start Name: LocalSystem Description: Enables network access to local devices via iSCSI ... Service Type: Own Process Path: c:\programme\alcohol soft\alcohol 120\starwind\starwindservice.exe State: Running Process ID: 892 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service #15 Service Name: SwPrv Display Name: MS Software Shadow Copy Provider Start Mode: Manual Start Name: LocalSystem Description: Verwaltet Software-basierte Schattenkopien des Volumeschattenkopie-Dienstes. Software-basierte ... Service Type: Own Process Path: c:\windows\system32\dllhost.exe /processid:{12bfe70f-b239-4d08-9e22-3ae32f13459f} State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 16 Service Name: TUWinStylerThemeSvc Display Name: TuneUp WinStyler Theme Service Start Mode: Manual Start Name: LocalSystem Description: ... Service Type: Own Process Path: "c:\programme\tuneup utilities 2006\winstylerthemesvc.exe" State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 17 Service Name: UserAccess7 Display Name: SecuROM User Access Service (V7) Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\windows\system32\uaservice7.exe State: Running Process ID: 1452 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr ---> End Service Listing <--- |
|
|
|
|
|
|
21.08.2006, 21:32
Ehrenmitglied
Beiträge: 29434 |
#4
Formatiere, ist besser:
http://www.sophos.de/security/analyses/w32codbotp.html Typ * Spyware-Wurm Verbreitungsweise * Netzwerkfreigaben Anfällige Betriebssysteme * Windows Nebeneffekte * Schaltet Antiviren-Anwendungen aus * Löscht Dateien vom Computer * Stiehlt Daten * Speichert Tastenfolgen * Installiert sich in der Registrierung Alias * WORM_CODBOT.P ---------------------------------------------------------------------- das System ist kompromitiert, eine Reinigung, auch wenn man es versuchen koennte, macht keinen Sinn Zitat Unknown Service # 11 __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
21.08.2006, 21:46
...neu hier
Themenstarter Beiträge: 3 |
#5
kann man da wirklich gar nix machen :0
|
|
|
|
|
|
|
21.08.2006, 23:13
Ehrenmitglied
Beiträge: 29434 |
#6
Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" ( reinkopieren) Netlib in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Hier ist nun mal die Hijack File so wie ich jetzt gebootet habe - aber wahrscheinlich muss ich das nochmal mit nem normal gebooteten XP machen oder?!?
Logfile of HijackThis v1.99.1
Scan saved at 12:39:30, on 21.08.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Mozilla Thunderbird\thunderbird.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\Viper_XXL\Lokale Einstellungen\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.viperxxl.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von T-Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.btx.dtag.de:80;ftp=ftp-proxy.btx.dtag.de:80
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Add all items to the auction list - res://C:\Programme\RKD\AuctionNavigator\BidCtxtClick.dll/202
O8 - Extra context menu item: Add this item to the auction list - res://C:\Programme\RKD\AuctionNavigator\BidCtxtClick.dll/201
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://www.midasplayer.com/midasa.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.0.69.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120997242231
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
HILFFFFFFEEEEE
Hier noch der ComboFix report:
2006-08-19 00:16 22,528 C:\WINDOWS\exeshl.dll
2006-08-17 23:50 14,848 C:\WINDOWS\system32\BASSMOD.dll
2006-08-04 16:05 368,912 C:\WINDOWS\system32\vbar332.dll
2006-07-30 09:24 973,312 C:\WINDOWS\system32\Redemption.dll
2006-07-30 09:24 962,560 C:\WINDOWS\system32\MagicCtl.dll
2006-07-30 09:24 86,016 C:\WINDOWS\system32\gmnamfld.dll
2006-07-30 09:24 81,920 C:\WINDOWS\system32\ANSSLPLUS.dll
2006-07-30 09:24 73,728 C:\WINDOWS\system32\GMSigMan.dll
2006-07-30 09:24 65,536 C:\WINDOWS\system32\GMMesCom.dll
2006-07-30 09:24 487,424 C:\WINDOWS\system32\infCB.dll
2006-07-30 09:24 45,056 C:\WINDOWS\system32\GMPaths.dll
2006-07-30 09:24 385,024 C:\WINDOWS\system32\gmgrpman.dll
2006-07-30 09:24 348,160 C:\WINDOWS\system32\ANPOP.dll
2006-07-30 09:24 294,912 C:\WINDOWS\system32\GMAccMan.dll
2006-07-30 09:24 282,624 C:\WINDOWS\system32\AOSMTPEX.dll
2006-07-30 09:24 282,624 C:\WINDOWS\system32\AOSMTP.dll
2006-07-30 09:24 258,048 C:\WINDOWS\system32\GMMailer.dll
2006-07-30 09:24 167,936 C:\WINDOWS\system32\infgdbcb.dll
2006-07-30 09:24 159,744 C:\WINDOWS\system32\dwStg.dll
2006-07-30 09:24 1,011,712 C:\WINDOWS\system32\chilkatxml.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-08-21 12:50 -------- d-------- C:\Programme\CleanUp!
2006-08-20 20:23 -------- d-------- C:\Programme\Anti-Spy.Info
2006-08-18 14:54 -------- d-------- C:\Programme\HoldemInspector2
V2
2006-08-18 00:16 14848 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-08-17 23:12 -------- d-------- C:\Programme\CalculatemPro
2006-08-17 18:56 -------- d-------- C:\Programme\XviD
2006-08-11 22:39 -------- d-------- C:\Dokumente und Einstellungen\Viper_XXL\Anwendungsdaten\uTorrent
2006-08-08 20:38 -------- d-------- C:\Programme\SWiSHmax
2006-08-06 01:07 -------- d-------- C:\Programme\Team Craxtion
2006-08-05 16:39 -------- d-------- C:\Programme\iTunes
2006-08-05 16:39 -------- d-------- C:\Programme\iPod
2006-08-04 16:05 -------- d-------- C:\Programme\52DECK.COM TEXAS TRAINER
2006-08-04 15:56 -------- d-------- C:\Programme\Poker Indicator
2006-08-04 12:46 -------- d-------- C:\Programme\Download Plugin
2006-08-04 12:39 -------- d-------- C:\Programme\TexasCalculatem
2006-08-03 21:44 -------- d-------- C:\Programme\PartyGaming.Net
2006-08-02 10:53 -------- d-------- C:\Programme\ICQToolbar
2006-08-01 18:45 96256 --a------ C:\WINDOWS\system32\drivers\sptd8989.sys
2006-08-01 18:45 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-07-30 09:25 6949 --a------ C:\Dokumente und Einstellungen\Viper_XXL\Anwendungsdaten\unins000.dat
2006-07-30 09:24 673546 --a------ C:\Dokumente und Einstellungen\Viper_XXL\Anwendungsdaten\unins000.exe
2006-07-30 09:24 -------- d-------- C:\Programme\GroupMail 5
2006-07-20 17:17 2248704 --a------ C:\WINDOWS\system32\GmPkr3.dll
2006-07-12 16:18 -------- d-------- C:\Programme\CDex_170b2
2006-07-11 16:53 -------- d-------- C:\Programme\No23 Recorder
2006-06-29 00:50 -------- d-------- C:\Programme\LimeWire
2006-06-19 11:32 73216 --a------ C:\WINDOWS\cadkasdeinst01.exe
2006-06-17 17:41 9402056 --a------ C:\Programme\Install_MSN_Messenger.EXE
2006-06-09 17:59 57384 --a------ C:\WINDOWS\system32\avsda.dll
2006-05-31 17:00 258048 --a------ C:\WINDOWS\system32\GMMailer.dll
2006-05-31 16:57 73728 --a------ C:\WINDOWS\system32\GMSigMan.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices-]
"hostserv"="ntsfxp.exe"
"IExplorer8 Java Scripting"="IExplore8.exe"
"MS Auto-IPSec Protection"="MSASP32.exe"
"Registry Checkup System9 Monitor"="Winregs9.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
"UpdateManager"="C:\\Program Files\\Common Files\\Microsoft Shared\\Web Components\\vupdman32.exe"
"WsKrnl"="\"C:\\WINDOWS\\system32\\wskrnla.exe\" -at"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
"MS Auto-IPSec Protection"="MSASP32.exe"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"Steam"="\"f:\\progra~2\\valve\\steam\\steam.exe\" -silent"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,de,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Action Manager 32.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users.WINDOWS\\Startmenü\\Programme\\Autostart\\Action Manager 32.lnk"
"backup"="C:\\WINDOWS\\pss\\Action Manager 32.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\ScannerU\\AM32.exe "
"item"="Action Manager 32"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Ashampoo Magic Defrag.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users.WINDOWS\\Startmenü\\Programme\\Autostart\\Ashampoo Magic Defrag.lnk"
"backup"="C:\\WINDOWS\\pss\\Ashampoo Magic Defrag.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Ashampoo\\ASHAMP~1\\bin\\ADEFRA~1.EXE -startup"
"item"="Ashampoo Magic Defrag"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Microsoft Office.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users.WINDOWS\\Startmenü\\Programme\\Autostart\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^WinZip Quick Pick.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users.WINDOWS\\Startmenü\\Programme\\Autostart\\WinZip Quick Pick.lnk"
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Dokumente und Einstellungen^Viper_XXL^Startmenü^Programme^Autostart^Adobe Gamma.lnk]
"path"="C:\\Dokumente und Einstellungen\\Viper_XXL\\Startmenü\\Programme\\Autostart\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\GEMEIN~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
"Windows Log"=dword:00000002
"UserAccess7"=dword:00000002
"TUWinStylerThemeSvc"=dword:00000003
"StarWindService"=dword:00000002
"sfrem01"=dword:00000002
"ose"=dword:00000003
"Netlib"=dword:00000002
"mousehs"=dword:00000002
"LexBceS"=dword:00000002
"iPodService"=dword:00000003
"IDriverT"=dword:00000003
"ATI Smart"=dword:00000002
"Ati HotKey Poller"=dword:00000002
"AshampooDefragService"=dword:00000002
"AntiVirService"=dword:00000002
"AntiVirScheduler"=dword:00000002
"Adobe LM Service"=dword:00000003
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -minimize"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"SoundMan"="SOUNDMAN.EXE"
"AnyDVD"="\"C:\\Programme\\SlySoft\\AnyDVD\\AnyDVD.exe\""
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\Netlib
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job
Completion time: 21.08.2006 12:56:12.92
ComboFix.txt