nach Virus, pc sehr langsam, temp wer8

#1 Hallo, bin das erste mal hier.

Ich denke ich habe einen Virus, der aber nicht von Virenprogrammen erkannt wird. Habe hier schon einiges gelesen und ich denke der steckt irgendwo fest (system32 usw.).

Bitte um Hilfe!!!

Ach ja und ich habe bereits den clean up durchgeführt und gelesen, dass man diese Bat....??? hier angeben sollte:


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1071-F798

Verzeichnis von C:\WINDOWS\system32

04.09.2006 19:27 7.006 jupdate-1.5.0_06-b05.log
04.09.2006 09:39 2.184 wpa.dbl
27.08.2006 16:19 28 log200674.log
25.08.2006 17:52 53.084 mlfcache.dat
07.08.2006 16:02 534.208 SymNeti.dll
07.08.2006 16:02 161.472 SymRedir.dll
04.08.2006 06:15 257.456 FNTCACHE.DAT
25.07.2006 18:03 466.944 capicom.dll
03.07.2006 22:55 47.290 interceptor.sys
03.07.2006 22:55 45.056 WNASPI32.DLL
03.07.2006 22:24 0 h323log.txt
03.07.2006 22:22 16.832 amcompat.tlb
03.07.2006 22:22 23.392 nscompat.tlb
03.07.2006 22:20 2.780 qtplugin.log
03.07.2006 22:20 157.696 rmoc3260.dll
03.07.2006 22:20 25.088 prefscpl.cpl
03.07.2006 22:20 5.632 pndx5032.dll
03.07.2006 22:20 6.656 pndx5016.dll
03.07.2006 22:20 278.528 pncrt.dll
03.07.2006 22:19 311.604 perfh009.dat
03.07.2006 22:19 39.992 perfc009.dat
03.07.2006 22:19 316.594 perfh007.dat
03.07.2006 22:19 48.156 perfc007.dat
03.07.2006 22:19 723.744 PerfStringBackup.INI
03.07.2006 21:41 25.065 wmpscheme.xml
03.07.2006 21:36 261 $winnt$.inf
03.07.2006 21:32 2.951 CONFIG.NT
03.07.2006 21:30 488 WindowsLogon.manifest
03.07.2006 21:30 488 logonui.exe.manifest
03.07.2006 21:30 749 nwc.cpl.manifest
03.07.2006 21:30 749 sapi.cpl.manifest
03.07.2006 21:30 749 ncpa.cpl.manifest
03.07.2006 21:30 749 wuaucpl.cpl.manifest
03.07.2006 21:30 749 cdplayer.exe.manifest
03.07.2006 21:28 21.740 emptyregdb.dat
25.05.2006 00:47 3.596.288 qt-dx331.dll
16.05.2006 14:34 87.808 S32EVNT1.DLL


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1071-F798

Verzeichnis von C:\DOKUME~1\CarmenK\LOKALE~1\Temp

07.09.2006 16:47 408 jusched.log
07.09.2006 16:38 107 STS7.tmp
07.09.2006 16:38 1.285 MAR3.tmp
07.09.2006 16:36 3.269 hpodvd09.log
07.09.2006 16:12 107 STS5.tmp
07.09.2006 16:11 1.285 MAR2.tmp
6 Datei(en) 6.461 Bytes
0 Verzeichnis(se), 31.673.806.848 Bytes frei


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1071-F798

Verzeichnis von C:\WINDOWS

07.09.2006 16:39 12.574 Windows Update.log
07.09.2006 16:39 31.328 setupapi.log
07.09.2006 16:38 0 0.log
07.09.2006 16:38 159 wiadebug.log
07.09.2006 16:38 50 wiaservc.log
07.09.2006 16:37 2.048 bootstat.dat
07.09.2006 16:36 32.644 SchedLgU.Txt
07.09.2006 13:49 315 homeDVD-Fotos5.INI
07.09.2006 13:32 983 UPGRADE.TXT
07.09.2006 13:31 150 wsdu.log
07.09.2006 13:31 45 setupact.log
07.09.2006 13:31 0 setuperr.log
07.09.2006 13:31 178 DHCPUPG.LOG
07.09.2006 13:30 474 WINNT32.LOG
06.09.2006 15:50 515 ODBC.INI
04.09.2006 19:30 726 win.ini
04.09.2006 16:42 47 jptc.dat
04.09.2006 16:39 53 bqlecp.dat
04.09.2006 16:37 0 keyboard1.dat
04.09.2006 16:36 40 teller2.chk
01.09.2006 20:43 5.154 ModemLog_Standard 33600 bps Modem.txt
26.08.2006 16:33 2.429 GraphicsDesk.INI
09.08.2006 18:31 227 system.ini
09.08.2006 18:17 0 tosOBEX.INI
07.08.2006 17:41 1.655 cdplayer.ini
29.07.2006 18:51 113.591 hpoins07.dat
29.07.2006 18:34 0 Sti_Trace.log
21.07.2006 16:27 163 fantasy2.ini
21.07.2006 16:23 10 Fantasy2.SN
12.07.2006 20:56 643.173 unins000.exe
07.07.2006 18:44 92 CMISETUP.INI
07.07.2006 18:44 26 CMCDPLAY.INI
03.07.2006 23:02 3.428 mozver.dat
03.07.2006 22:23 725 aolback.exe.lnk
03.07.2006 22:18 335 nsreg.dat
03.07.2006 22:07 0 Wininit.ini
03.07.2006 21:59 59 vbaddin.ini
03.07.2006 21:37 8.192 REGLOCS.OLD
03.07.2006 21:32 0 control.ini
03.07.2006 21:32 299.552 WMSysPrx.prx
03.07.2006 21:31 4.161 ODBCINST.INI
03.07.2006 21:30 749 WindowsShell.Manifest
03.07.2006 21:27 36 vb.ini
27.01.2006 20:20 479 Uninst2.htm




Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1071-F798

Verzeichnis von C:\

07.09.2006 17:52 0 sys.txt
07.09.2006 17:51 4.713 system.txt
07.09.2006 17:51 528 systemtemp.txt
07.09.2006 17:49 100.651 system32.txt
07.09.2006 16:37 352.321.536 pagefile.sys
07.09.2006 16:35 3.944 files.txt
09.08.2006 18:31 194 boot.ini
03.07.2006 21:32 0 AUTOEXEC.BAT
03.07.2006 21:32 0 MSDOS.SYS
03.07.2006 21:32 0 IO.SYS
03.07.2006 21:32 0 CONFIG.SYS
18.08.2001 14:00 4.952 bootfont.bin

#2 Carmen79

Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

Files to delete:
C:\WINDOWS\system32\mlfcache.dat
C:\WINDOWS\jptc.dat
C:\WINDOWS\bqlecp.dat
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\teller2.chk
C:\Dokumente und Einstellungen\CarmenK\Lokale Einstellungen\Temp\STS7.tmp
C:\Dokumente und Einstellungen\CarmenK\Lokale Einstellungen\Temp\MAR3.tmp
C:\Dokumente und Einstellungen\CarmenK\Lokale Einstellungen\Temp\STS5.tmp
C:\Dokumente und Einstellungen\CarmenK\Lokale Einstellungen\Temp\MAR2.tmp

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

**
poste das log vom avenger, was nach neustart erscheint

**
Hijackthis
http://computercops.biz/zx/Merijn/hijackthis.zip
http://virus-protect.org/hjtkurz.html
Lade/entpacke HijackThis in einem Ordner
--> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"

**
poste dieses log
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit

#3 Hallo, erstmal vielen Dank für die schnelle Antwort :-)

Habe The Avenger durchgeführt, nur leider nach dem Neustart das Log einfach weggeklickt. Habe alles nochmal durchgeführt, dabei kam das dann bei raus :-( :


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bxvsoxtr

*******************

Script file located at: xopktnio

Could not open script file! Error

Could not open script file! Status: 0xc000003b Abort!




So hier sind dann noch die Daten vom hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 22:32:41, on 09.09.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Gemeinsame Dateien\AOL\1157655685\ee\AOLSoftware.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\CursorXP\CursorXP.exe
C:\Programme\RocketDock\RocketDock.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programme\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\CarmenK\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.de/e60/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.de/e60/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von AOL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AOLDialer] REM C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] REM "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroCheck] REM C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [DataLayer] REM C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] REM C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [CheckDiskOnce] chkdisk.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1157655685\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Programme\Gemeinsame Dateien\AOL\IPHSend\IPHSend.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] REM "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CursorXP] C:\Programme\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [AutoStart-Manager 2006] REM "C:\Programme\Tools&More\Autostart-Manager\AutoStart-Manager.exe" /AUTOSTART
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

#4 versuche es solange, bis es klappt.
dann poste die anderen zwei logs (siehe oben)
__________
MfG Sabina

rund um die PC-Sicherheit

#5 sorry, das verstehe ich jetzt nicht. Ich habe doch schon zwei logs gepostet... Ich führe gerade Combofix durch, der auch schon ein trojanisches Pferd gefunden hat. Nun aber meine Frage: Ist es normal das Combofix nach ca. 3 Stunden immer noch nicht fertig ist???

#6 loesche diese Dateien mit der Killbox
http://virus-protect.org/killbox.html

Options: "Delete on Reboot" und "Single File"--> anhaken
und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"
reinkopieren: .....

C:\WINDOWS\system32\mlfcache.dat
C:\WINDOWS\jptc.dat
C:\WINDOWS\bqlecp.dat
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\teller2.chk
C:\Dokumente und Einstellungen\CarmenK\Lokale Einstellungen\Temp\STS7.tmp
C:\Dokumente und Einstellungen\CarmenK\Lokale Einstellungen\Temp\MAR3.tmp
C:\Dokumente und Einstellungen\CarmenK\Lokale Einstellungen\Temp\STS5.tmp
C:\Dokumente und Einstellungen\CarmenK\Lokale Einstellungen\Temp\MAR2.tmp

pC neustarten

**
dann wende noch mal Combofix an und poste das log
__________
MfG Sabina

rund um die PC-Sicherheit

#7 Insgesamt 21 Viren!!! Hilfe!!!

hi, mein PC ist seit letzter Zeit sehr langsam geworden, nach einer Analyse bei Symantec, hat sich herausgestellt, dass ich 21 Viren drauf habe!!!
einige davon habe ich oben aufgeschrieben!
Was tun? bitte, helfen!

Hijack LogFile:

Logfile of HijackThis v1.99.1
Scan saved at 4:26:44 PM, on 9/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\DTV\RemoteControl.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\DeyanPC\Desktop\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef

/Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

/Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update

Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP

Wireless Assistant.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe

bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0

\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program

Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program

Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [DTVRemote] "C:\Program Files\DTV\RemoteControl.exe"
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead

Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6

\LaunchApplication.exe -onlytray
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program

Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital

Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10

\OSA.EXE
O4 - Global Startup: MSWin.exe
O8 - Extra context menu item: &Google Search - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2

\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth

Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -

C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {00000000-0000-0000-0000-100000000003} -

http://code.trasferimento.biz/l/a3ad1d8edc539b47a7e227b1feea490d_35.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -

http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) -

http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37900.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -

http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O20 - AppInit_DLLs: "", svchost.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe

Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1

\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1

\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1

\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program

Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. -

C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common

files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices,

Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program

Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32

\ZoneLabs\vsmon.exe


ComboFix Log:

DeyanPC - 06-09-10 16:43:08.10
ComboFix 06.09.07 - Running from: C:\Documents and Settings\DeyanPC\Desktop\cleanup

Microsoft Windows XP [Version 5.1.2600]

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\WINDOWS\system32\STEM32~1


((((((((((((((((((((((((((((((( Files Created from 2006-08-10 to 2006-09-10 ))))))))))))))))))))))))))))))))))


2006-09-10 16:26 106,516 --a------ C:\WINDOWS\system32\skjwytpj.dll
2006-09-10 16:25 1,132,505 ---hs---- C:\WINDOWS\system32\llnmp.bak1
2006-09-10 11:14 106,516 --a------ C:\WINDOWS\system32\dadcqcan.dll
2006-09-09 10:36 106,516 --a------ C:\WINDOWS\system32\atnwbond.dll
2006-09-07 12:27 106,516 --a------ C:\WINDOWS\system32\oiyjknwi.dll
2006-09-05 23:26 106,516 --a------ C:\WINDOWS\system32\omdwkoqo.dll
2006-09-04 20:48 106,516 --a------ C:\WINDOWS\system32\lttchjyn.dll
2006-09-03 12:26 102,420 --a------ C:\WINDOWS\system32\erwpditm.dll
2006-09-02 12:25 102,420 --a------ C:\WINDOWS\system32\ioqofpom.dll
2006-08-26 04:54 13,844 --a------ C:\WINDOWS\system32\pppyrcrm.exe
2006-08-24 22:26 13,844 --a------ C:\WINDOWS\system32\rkrthmga.exe
2006-08-22 00:18 13,844 --a------ C:\WINDOWS\system32\ywvqfkvo.exe
2006-08-16 02:50 2,580 --a------ C:\WINDOWS\system32\pyeytrqk.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-10 16:32 -------- d-------- C:\Program Files\CleanUp!
2006-09-10 15:10 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2006-09-10 13:06 -------- d-------- C:\Documents and Settings\DeyanPC\Application Data\Skype
2006-09-10 11:14 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-10 11:14 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-09-06 01:19 -------- d---s---- C:\Documents and Settings\DeyanPC\Application Data\Microsoft
2006-09-05 00:26 -------- d-------- C:\Program Files\Nokia
2006-09-05 00:26 -------- d-------- C:\Program Files\Common Files\PCSuite
2006-09-05 00:26 -------- d-------- C:\Program Files\Common Files\Nokia
2006-09-05 00:26 -------- d-------- C:\Program Files\Common Files
2006-09-05 00:21 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-25 00:00 -------- d-------- C:\Program Files\audiograbber
2006-08-24 18:26 -------- d-------- C:\Program Files\Registry Mechanic
2006-08-22 20:58 -------- d-------- C:\Documents and Settings\DeyanPC\Application Data\Sonic
2006-08-22 20:58 -------- d-------- C:\Documents and Settings\DeyanPC\Application Data\Leadertech
2006-08-21 20:00 -------- d-------- C:\Documents and Settings\DeyanPC\Application Data\Apple Computer
2006-08-16 03:02 -------- d-------- C:\Program Files\Internet Explorer
2006-07-28 01:24 -------- d-------- C:\Program Files\iTunes
2006-07-28 01:22 -------- d-------- C:\Program Files\iPod
2006-07-27 16:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-24 23:09 53624 --a------ C:\Documents and Settings\DeyanPC\Application Data\GDIPFONTCACHEV1.DAT
2006-07-21 11:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-18 00:46 -------- d-------- C:\Program Files\Winamp
2006-07-16 15:50 -------- d-------- C:\Program Files\Zone Labs
2006-07-16 13:50 -------- d-------- C:\Program Files\Grisoft
2006-07-16 13:49 -------- d-------- C:\Documents and Settings\DeyanPC\Application Data\AVG7
2006-07-16 13:48 4992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-07-16 13:48 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-07-16 13:48 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-07-14 00:46 -------- d-------- C:\Program Files\Microsoft Office
2006-07-14 00:46 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-07-14 00:10 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-07-14 00:09 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-07-14 00:08 -------- d-------- C:\Program Files\Common Files\System
2006-07-10 21:28 -------- d-------- C:\Documents and Settings\DeyanPC\Application Data\AdobeUM
2006-07-09 13:42 42920 --a------ C:\WINDOWS\system32\vsutil_loc0407.dll
2006-07-05 16:39 569396 --------- C:\WINDOWS\system32\pmnll.dll
2006-06-17 14:04 5875 --a------ C:\Documents and Settings\DeyanPC\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"SoundMAX"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe /tray"
"AGRSMMSG"="AGRSMMSG.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0\\bin\\jusched.exe"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"WatchDog"="C:\\Program Files\\InterVideo\\DVD Check\\DVDCheck.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechCameraAssistant"="C:\\Program Files\\Logitech\\Video\\CameraAssistant.exe"
"LogitechVideo[inspector]"="C:\\Program Files\\Logitech\\Video\\InstallHelper.exe /inspect"
"LogitechCameraService(E)"="C:\\WINDOWS\\system32\\ElkCtrl.exe /automation"
"DTVRemote"="\"C:\\Program Files\\DTV\\RemoteControl.exe\""
"USIUDF_Eject_Monitor"="C:\\Program Files\\Common Files\\Ulead Systems\\DVD\\USISrv.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"RegistryMechanic"=""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\K-Lite Codec Pack\\QuickTime\\qttask.exe\" -atboottime"
"DataLayer"="C:\\Program Files\\Common Files\\PCSuite\\DataLayer\\DataLayer.exe"
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -onlytray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnll


Completion time: Sun 09/10/2006 16:46:10.10
ComboFix.txt


datFind.bat Log files

system32.txt:
Volume in drive C has no label.
Volume Seri*hier nicht!* Number is FC8A-D7FF

Directory of C:\WINDOWS\system32

09/10/2006 16:58 1,136,435 llnmp.ini
09/10/2006 16:39 2,206 wpa.dbl
09/10/2006 16:26 106,516 skjwytpj.dll
09/10/2006 16:25 1,132,505 llnmp.bak1
09/10/2006 16:17 54,112 vsconfig.xml
09/10/2006 11:14 106,516 dadcqcan.dll
09/09/2006 22:25 143 mcrh.tmp
09/09/2006 10:36 106,516 atnwbond.dll
09/07/2006 12:27 106,516 oiyjknwi.dll
09/05/2006 23:26 106,516 omdwkoqo.dll
09/04/2006 20:48 106,516 lttchjyn.dll
09/03/2006 12:26 102,420 erwpditm.dll
09/02/2006 12:25 102,420 ioqofpom.dll
08/26/2006 04:54 13,844 pppyrcrm.exe
08/24/2006 22:26 13,844 rkrthmga.exe
08/22/2006 00:18 13,844 ywvqfkvo.exe
08/16/2006 02:50 2,580 pyeytrqk.exe
08/09/2006 22:03 8,325,544 MRT.exe
07/28/2006 14:28 3,054,080 mshtml.dll
07/27/2006 16:24 679,424 inetcomm.dll
07/26/2006 01:03 4,212 zllictbl.dat
07/25/2006 23:33 613,888 urlmon.dll
07/21/2006 11:24 72,704 hlink.dll
07/16/2006 20:34 382,260 perfh009.dat
07/16/2006 20:34 53,838 perfc009.dat
07/16/2006 20:34 441,802 PerfStringBackup.INI
07/14/2006 18:31 332,288 netapi32.dll
07/14/2006 18:25 546,304 hhctrl.ocx
07/14/2006 10:01 215,264 FNTCACHE.DAT
07/13/2006 16:33 8,453,632 shell32.dll
07/09/2006 15:38 25,605 ikhcore.log
07/09/2006 13:42 42,920 vsutil_loc0407.dll
07/09/2006 13:42 392,824 vsdatant.sys
07/09/2006 13:42 71,672 zlcommdb.dll
07/09/2006 13:42 83,960 zlcomm.dll
07/09/2006 13:42 59,384 vswmi.dll
07/09/2006 13:42 100,344 vsxml.dll
07/09/2006 13:42 440,312 vsutil.dll
07/09/2006 13:42 71,672 vsregexp.dll
07/09/2006 13:42 268,280 vspubapi.dll
07/09/2006 13:42 104,440 vsmonapi.dll
07/09/2006 13:42 157,688 vsinit.dll
07/09/2006 13:42 83,960 vsdata.dll
07/05/2006 16:39 569,396 pmnll.dll
07/05/2006 13:55 984,064 kernel32.dll
06/26/2006 20:37 148,480 dnsapi.dll
06/26/2006 20:37 8,192 rasadhlp.dll
06/23/2006 14:02 658,944 wininet.dll
06/23/2006 14:02 448,512 mshtmled.dll
06/23/2006 14:02 146,432 msrating.dll
06/23/2006 14:02 1,494,016 shdocvw.dll
06/23/2006 14:02 532,480 mstime.dll
06/23/2006 14:02 474,112 shlwapi.dll
06/23/2006 14:02 39,424 pngfilt.dll
06/23/2006 14:02 357,888 dxtmsft.dll
06/23/2006 14:02 251,392 iepeers.dll
06/23/2006 14:02 55,808 extmgr.dll
06/23/2006 14:02 205,312 dxtrans.dll
06/23/2006 14:02 16,384 jsproxy.dll
06/23/2006 14:02 1,054,208 danim.dll
06/23/2006 14:02 96,256 inseng.dll
06/23/2006 14:02 1,022,976 browseui.dll
06/23/2006 14:02 151,040 cdfview.dll
06/23/2006 11:34 24,576 xpsp3res.dll
06/22/2006 13:47 181,248 rasmans.dll
06/20/2006 23:32 796,584 libeay32_0.9.6l.dll
06/15/2006 21:27 9,689 lvcoinst.log
06/15/2006 15:20 45,292 OEMINFO.PNF
06/01/2006 21:47 27,648 jgpl400.dll
06/01/2006 21:47 163,840 jgdw400.dll
05/19/2006 15:59 94,720 iphlpapi.dll
05/19/2006 15:59 111,616 dhcpcsvc.dll
05/18/2006 08:24 450,560 jscript.dll
05/03/2006 21:05 535 mapisvc.inf
05/03/2006 10:43 23,392 nscompat.tlb
05/03/2006 10:43 16,832 amcompat.tlb
05/03/2006 10:43 656 InstallUtil.InstallLog
05/03/2006 10:41 127,075 javaws.exe
05/03/2006 10:41 49,262 jpicpl32.cpl
05/03/2006 10:41 49,245 java.exe
05/03/2006 10:41 49,247 javaw.exe
05/03/2006 10:40 1,093,632 pxsfs.dll
05/03/2006 10:40 108,544 pxcpyi64.exe
05/03/2006 10:40 104,960 pxinsi64.exe

windows.txt:
olume in drive C has no label.
Volume Seri*hier nicht!* Number is FC8A-D7FF

Directory of C:\WINDOWS

09/10/2006 16:37 1,107,279 WindowsUpdate.log
09/10/2006 16:28 900,668 setupapi.log
09/10/2006 16:17 3,638 ModemLog_Agere Systems AC'97 Modem.txt
09/10/2006 16:17 159 wiadebug.log
09/10/2006 16:17 49 wiaservc.log
09/10/2006 16:17 0 0.log
09/10/2006 16:17 2,048 bootstat.dat
09/10/2006 13:10 32,646 SchedLgU.Txt
09/09/2006 16:31 61,136 wmsetup.log
09/09/2006 14:32 54,156 QTFont.qfn
09/05/2006 00:22 19 SoundConverter.INI
09/01/2006 00:50 1,409 QTFont.for
08/25/2006 00:00 14,686 cdplayer.ini
08/24/2006 18:23 1,026,392 dp2_log.txt
08/16/2006 03:06 70,922 iis6.log
08/16/2006 03:06 1,374 imsins.log
08/16/2006 03:06 190,039 tsoc.log
08/16/2006 03:06 171,254 comsetup.log
08/16/2006 03:06 106,140 ntdtcsetup.log
08/16/2006 03:06 27,555 ocmsn.log
08/16/2006 03:06 17,334 KB920214.log
08/16/2006 03:05 24,823 msgsocm.log
08/16/2006 03:05 262,076 ocgen.log
08/16/2006 03:05 491,579 FaxSetup.log
08/16/2006 03:05 1,374 imsins.BAK
08/16/2006 03:05 17,148 KB921883.log
08/16/2006 03:05 21,529 updspapi.log
08/16/2006 03:05 16,874 KB922616.log
08/16/2006 03:05 17,321 KB921398.log
08/16/2006 03:03 20,295 KB918899.log
08/16/2006 03:02 12,683 KB920670.log
08/16/2006 03:01 12,843 KB917422.log
08/16/2006 03:01 13,189 KB920683.log
07/28/2006 01:24 357 GEARInstall.log
07/27/2006 13:27 271,029 LVEventLog.log
07/16/2006 12:57 472 setupact.log
07/15/2006 03:01 3,335 KB885884.log
07/14/2006 00:16 748 ODBC.INI
07/14/2006 00:13 628 win.ini
07/12/2006 01:02 12,535 KB917159.log
07/12/2006 01:02 13,086 KB914388.log
07/12/2006 01:01 11,304 KB916595.log
07/06/2006 22:05 0 pestpatrol5.INI
06/28/2006 03:01 15,700 KB911280.log
06/17/2006 17:38 1,830 spupdsvc.log
06/17/2006 16:18 11,919 KB917734.log
06/17/2006 16:17 14,404 KB918439.log
06/17/2006 16:17 14,787 KB917344.log
06/17/2006 16:17 14,551 KB917953.log
06/17/2006 16:17 18,165 KB916281.log
06/17/2006 16:17 12,437 KB914389.log
06/17/2006 14:09 100,724 cpeins04.dat
06/17/2006 14:04 206 HPGdiPlus.ini
06/15/2006 18:30 104,156 hpoins04.dat
06/13/2006 13:14 794 DirectX.log
06/12/2006 23:43 316,640 WMSysPr9.prx
05/21/2006 00:38 6,047 WgaNotify.log
05/10/2006 13:22 12,799 KB913580.log
05/05/2006 01:53 30,344 KB899587.log
05/05/2006 01:53 29,466 KB896422.log
05/05/2006 01:53 29,288 KB885835.log
05/05/2006 01:53 28,186 KB885836.log
05/05/2006 01:53 28,990 KB885250.log
05/05/2006 01:52 29,143 KB911927.log
05/05/2006 01:52 28,645 KB901017.log
05/05/2006 01:52 28,961 KB899591.log
05/05/2006 01:52 28,967 KB896424.log
05/05/2006 01:52 28,773 KB893756.log
05/05/2006 01:52 27,726 KB911562.log
05/05/2006 01:52 27,912 KB900485.log
05/05/2006 01:52 26,084 KB873339.log
05/05/2006 01:52 26,149 KB888113.log
05/05/2006 01:52 26,691 KB887742.log
05/05/2006 01:52 26,098 KB887472.log
05/05/2006 01:52 27,419 KB896358.log
05/05/2006 01:51 26,190 KB891781.log
05/05/2006 01:51 31,087 KB912812.log
05/05/2006 01:51 29,815 KB902400.log
05/05/2006 01:51 22,171 KB890046.log
05/05/2006 01:51 21,184 KB905414.log
05/05/2006 01:51 20,177 KB901214.log
05/05/2006 01:51 19,226 KB888302.log
05/05/2006 01:50 20,530 KB900725.log
05/05/2006 01:50 18,198 KB912919.log
05/05/2006 01:50 17,387 KB904706.log
05/05/2006 01:50 17,386 KB901190.log
05/05/2006 01:50 17,915 KB908531.log
05/05/2006 01:50 17,492 KB905749.log
05/05/2006 01:50 16,283 KB896428.log
05/05/2006 01:50 16,947 KB911567.log
05/05/2006 01:50 16,497 KB894391.log
05/05/2006 01:50 13,812 KB908519.log
05/04/2006 09:16 17,152 KB896423.log
05/04/2006 09:16 12,003 KB910437.log
05/04/2006 09:16 7,811 KB911564.log
05/04/2006 09:15 10,707 KB886185.log
05/04/2006 09:15 8,033 KB911565.log
05/04/2006 09:14 11,485 KB913446.log
05/04/2006 09:14 18,089 KB890859.log
05/04/2006 02:23 8,436 KB893803v2.log
05/04/2006 02:22 8,032 KB898461.log
05/03/2006 21:09 6,209 WINNT32.LOG
05/03/2006 21:09 564 UPGRADE.TXT
05/03/2006 10:54 458 wmsetup10.log
05/03/2006 10:49 1,446 COM+.log
05/03/2006 10:47 676 chipset.log
05/03/2006 10:41 138 wininit.ini
05/03/2006 10:40 381 xpsp1hfm.log
05/03/2006 10:35 4,976 KB885464.log
05/03/2006 10:35 4,866 KB892559.log
05/03/2006 10:35 4,324 KB888239.log
05/03/2006 10:34 4,755 KB885855.log
05/03/2006 10:34 4,557 KB884575.log
05/03/2006 10:34 3,944 KB883667.log
05/03/2006 10:32 225,413 SetupWLD.log
05/03/2006 10:29 840 SynInst.log
05/03/2006 10:29 0 setuperr.log
05/02/2006 22:48 225 DHCPUPG.LOG

temp.txt:
Volume in drive C has no label.
Volume Seri*hier nicht!* Number is FC8A-D7FF

Directory of C:\DOCUME~1\DeyanPC\LOCALS~1\Temp

09/10/2006 16:40 16,384 ~DFFB3.tmp
09/10/2006 16:37 458,931 hpodvd09.log
2 File(s) 475,315 bytes
0 Dir(s) 26,876,198,912 bytes free

c.txt:
Volume in drive C has no label.
Volume Seri*hier nicht!* Number is FC8A-D7FF

Directory of C:\

09/10/2006 16:59 0 sys.txt
09/10/2006 16:59 8,928 system.txt
09/10/2006 16:58 320 systemtemp.txt
09/10/2006 16:58 112,126 system32.txt
09/10/2006 16:55 320 temp.txt
09/10/2006 16:46 10,118 ComboFix.txt
09/10/2006 16:17 527,880,192 hiberfil.sys
09/10/2006 16:17 792,723,456 pagefile.sys
09/10/2006 16:16 1,600 VundoFix.txt
08/16/2006 18:25 1,341,440 01.mpg
07/27/2006 13:27 2,048 TimeShift.mpg
07/16/2006 13:52 12,286,415 AVG7QT.DAT
07/09/2006 15:32 6,990 caisslog.txt
06/15/2006 20:45 1,167 _Sid.txt
05/03/2006 10:49 3,222,896 DNSP1.LOG
05/03/2006 10:48 182 guides.log
05/03/2006 10:47 90 chpst.log
05/03/2006 10:44 163 setup.log
05/03/2006 10:42 20,932 sunjava.log
05/03/2006 10:36 171 HSC.log
05/03/2006 10:35 161 esuinst.log
05/03/2006 10:35 205 sedinst2.log
05/03/2006 10:29 191 syntp.log
05/03/2006 10:29 32 ticrdbus.log
04/15/2006 10:46 0 MSDOS.SYS
04/15/2006 10:46 0 AUTOEXEC.BAT
04/15/2006 10:46 0 IO.SYS
04/15/2006 10:46 0 CONFIG.SYS
04/15/2006 10:40 211 boot.ini
08/04/2004 15:00 250,032 ntldr
08/04/2004 15:00 47,564 NTDETECT.COM
12/08/2003 13:15 28,672 hpqimgrc.resources.dll
32 File(s) 1,337,946,622 bytes
0 Dir(s) 26,876,186,624 bytes free




Symantec Analyse:

C:\WINDOWS\Temp\sa118.exe is infected with SpywareQuake
C:\WINDOWS\Temp\winE6.tmp.exe is infected with Adware.Purityscan
C:\WINDOWS\system32\ssqpqpp.dll is infected with Downloader
C:\WINDOWS\system32\urqnmkj.dll is infected with Downloader
C:\WINDOWS\system32\xxywuur.dll is infected with Downloader
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe is infected with WinFixer
C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWA6P_0001_N91M1807NetInstaller.exe is infected with WinFixer
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UWA6P_0001_N91M1807NetInstaller.exe is infected with WinFixer
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWA6P_0001_N91M1807NetInstaller.exe is infected with WinFixer
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWA6P_0001_N91M1807NetInstaller.exe is infected with WinFixer
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWA6P_0001_N91M1807NetInstaller.exe is infected with WinFixer
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA6P_0001_N91M1807NetInstaller.exe is infected with WinFixer
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exe is infected with WinFixer
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe is infected with WinFixer
C:\WINDOWS\Downloaded Program Files\CONFLICT.13\UWA6P_0001_N91M1807NetInstaller.exe is infected with WinFixer
C:\WINDOWS\Downloaded Program Files\CONFLICT.12\UWA6P_0001_N91M1807NetInstaller.exe is infected with WinFixer
C:\WINDOWS\Downloaded Program Files\CONFLICT.11\UWA6P_0001_N91M1807NetInstaller.exe is infected with WinFixer
C:\WINDOWS\Downloaded Program Files\CONFLICT.10\UWA6P_0001_N91M1807NetInstaller.exe is infected with WinFixer
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe is infected with WinFixer
C:\Documents and Settings\DeyanPC\Local Settings\Temporary Internet Files\Content.IE5\YJSRWJ4L\WinAntiVirusPro2006FreeInstall[1].cab is infected with WinFixer
C:\Documents and Settings\DeyanPC\Local Settings\Temp\ICD2.tmp\UWA6P_0001_N91M1807NetInstaller.exe is infected with WinFixer




Symptome:
verschiedene Programme versuchen sich zu installieren, mein PC lädt sich von selbst herunter und lädt sehr langsam, meine Internet Verbindung ist extrem langsam(ich kann kaum 3 Seiten gleichzeitig öffnen). Bis sich WORD öffnet dauerts 2 Min!!! Ich habe AVG und ZONEALARM drauf, aber nichts!
Würde mich sehr auf einen Rat freuen!
Danke!

#8 Deyani

avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnll

Files to delete:
C:\WINDOWS\system32\llnmp.ini
C:\WINDOWS\system32\skjwytpj.dll
C:\WINDOWS\system32\llnmp.bak1
C:\WINDOWS\system32\dadcqcan.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\atnwbond.dll
C:\WINDOWS\system32\oiyjknwi.dll
C:\WINDOWS\system32\omdwkoqo.dll
C:\WINDOWS\system32\lttchjyn.dll
C:\WINDOWS\system32\erwpditm.dll
C:\WINDOWS\system32\ioqofpom.dll
C:\WINDOWS\system32\pppyrcrm.exe
C:\WINDOWS\system32\rkrthmga.exe
C:\WINDOWS\system32\ywvqfkvo.exe
C:\WINDOWS\system32\pyeytrqk.exe
C:\WINDOWS\Temp\sa118.exe
C:\WINDOWS\Temp\winE6.tmp.exe
C:\WINDOWS\system32\ssqpqpp.dll
C:\WINDOWS\system32\urqnmkj.dll
C:\WINDOWS\system32\xxywuur.dll
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWA6P_0001_N91M1807NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UWA6P_0001_N91M1807NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWA6P_0001_N91M1807NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWA6P_0001_N91M1807NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWA6P_0001_N91M1807NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA6P_0001_N91M1807NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.13\UWA6P_0001_N91M1807NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.12\UWA6P_0001_N91M1807NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.11\UWA6P_0001_N91M1807NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.10\UWA6P_0001_N91M1807NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe
C:\Documents and Settings\DeyanPC\Local Settings\Temporary Internet Files\Content.IE5\YJSRWJ4L\WinAntiVirusPro2006FreeInstall[1].cab
C:\Documents and Settings\DeyanPC\Local Settings\Temp\ICD2.tmp\UWA6P_0001_N91M1807NetInstaller.exe

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

**
poste das log vom avenger, was erscheint

**
Start - Programme - Zubehör - Systemprogramme - Datenträgerbereinigung
- Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k.
- Click:Temporäre Dateien, o.k

**
öffne das HijackThis -- Button "scan" -- vor Eintrag Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O20 - AppInit_DLLs: "", svchost.dll

PC neustarten

**

virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten
http://www.virustotal.com/flash/index_en.html

C:\WINDOWS\system32\Drivers\CO_Mon.sys


poste den report



«
__________
MfG Sabina

rund um die PC-Sicherheit

#9 Hallöchen!

Also ich habe heute nochmal mehrere Stunden den Combofix laufen lassen, aber es passiert einfach nix :-(

#10 Carmen79

scanne, option 1 und 2 (kannst du beides im normalmodus machen)
http://virus-protect.org/artikel/tools/smitfrautfix.html
poste hier beide scanreporte
__________
MfG Sabina

rund um die PC-Sicherheit

#11 So, das ist der 1. log:

SmitFraudFix v2.87

Scan done at 20:18:20.23, 06-09-12
Run from C:\Dokumente und Einstellungen\CarmenK\Eigene Dateien\Programme\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\CarmenK\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\CarmenK\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Programme


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End




und hier der 2.:

SmitFraudFix v2.87

Scan done at 20:19:35.78, 06-09-12
Run from C:\Dokumente und Einstellungen\CarmenK\Eigene Dateien\Programme\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



ach ja und diesen log habe ich noch gefunden unter C: von Combofix

CarmenK - 06-09-11 20:14:35.82
ComboFix 06.09.07 - Running from: C:\Dokumente und Einstellungen\CarmenK\Eigene Dateien\Programme

Microsoft Windows XP [Version 5.1.2600]

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\NetMon


((((((((((((((((((((((((((((((( Files Created from 2006-08-09 to 2006-09-09 ))))))))))))))))))))))))))))))))))


2006-09-07 20:27 57,384 --a------ C:\WINDOWS\system32\avsda.dll
2006-09-07 20:27 57,384 --a------ C:\WINDOWS\system32\avsda.dll
2006-09-07 20:27 57,384 --a------ C:\WINDOWS\system32\avsda.dll
2006-09-07 20:27 57,384 --a------ C:\WINDOWS\system32\avsda.dll
2006-09-07 20:27 57,384 --a------ C:\WINDOWS\system32\avsda.dll
2006-09-07 20:27 57,384 --a------ C:\WINDOWS\system32\avsda.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

#12 Carmen79

1.
lasse die combofix noch mal laufen und poste das komplette log, nicht nur die haelfte

2.
scanne mit Counterspy, stelle nach dem scann alles auf "remove" und poste den scanreport
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit

#13 also die Combofix läuft nicht durch, selbst nicht nach 2 Tagen... aber hier der Log vom Counterspy:

Spyware Scan Details
Start Date: 06-09-18 16:41:38
End Date: 06-09-18 17:05:07
Total Time: 23 mins 29 secs

Detected spyware

TagASaurus Adware (General) more information...
Details: TagASaurus is an adware application that creates a search engine window on the desktop and may display advertising.
Status: Deleted

Infected files detected
c:\windows\uninst2.htm
c:\windows\unist1.htm


RealVNC Commercial Remote Control Tool more information...
Details: VNC (Virtual Network Computing) software makes it possible to view and fully-interact with one computer from any other computer or mobile device anywhere on the Internet.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\ORL\VNCHooks
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\hpofxm08.exe use_GetUpdateRect 0
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\hpofxm08.exe use_Timer 1
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\hpofxm08.exe use_KeyPress 1
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\hpofxm08.exe use_LButtonUp 1
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\hpofxm08.exe use_MButtonUp 0
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\hpofxm08.exe use_RButtonUp 0
HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\hpofxm08.exe use_Deferral 1


Cookie: Advertising.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\carmenk\cookies\carmenk@advertising[1].txt


Cookie: ATDMT.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\carmenk\cookies\carmenk@atdmt[2].txt


Cookie: DoubleClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\carmenk\cookies\carmenk@doubleclick[1].txt


Cookie: Mediaplex.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\carmenk\cookies\carmenk@mediaplex[1].txt

#14 Carmen79

««
poste dieses log
http://virus-protect.org/winpfind.html

««
Hijackthis
http://computercops.biz/zx/Merijn/hijackthis.zip
http://virus-protect.org/hjtkurz.html
Lade/entpacke HijackThis in einem Ordner
--> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
__________
MfG Sabina

rund um die PC-Sicherheit

#15 WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 06-10-01 13:45:56
WinPFind v1.5.0 Folder = C:\Dokumente und Einstellungen\CarmenK\Eigene Dateien\Virus\WinPFind\WinPFind\
Microsoft Windows XP (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2800.1106)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 05-10-13 21:27:00 RHS 422400 C:\WINDOWS\x2.64.exe ()

Checking %System% folder...
UPX! 05-10-07 19:14:52 RHS 308224 C:\WINDOWS\SYSTEM32\avisynth.dll (The Public)
aspack 05-03-18 17:19:58 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
aspack 05-05-26 15:34:52 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
aspack 05-07-22 19:59:04 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
aspack 05-12-05 18:09:18 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation)
aspack 06-02-03 08:43:16 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll (Microsoft Corporation)
PEC2 01-08-18 14:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc ()
UPX! 04-01-25 RHS 70656 C:\WINDOWS\SYSTEM32\i420vfw.dll (www.helixcommunity.org)
WSUD 01-08-18 14:00:00 1164288 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
WSUD 01-08-18 14:00:00 259072 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 01-08-18 14:00:00 659456 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
UPX! 06-04-27 17:49:30 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe (S!Ri)
UPX! 06-08-29 19:43:54 135168 C:\WINDOWS\SYSTEM32\swreg.exe (SteelWerX)
UPX! 06-01-09 10:36:06 40960 C:\WINDOWS\SYSTEM32\swsc.exe ()
winsync 01-08-18 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
UPX! 05-02-28 13:16:22 RHS 240128 C:\WINDOWS\SYSTEM32\x.264.exe ()
UPX! 04-01-25 RHS 70656 C:\WINDOWS\SYSTEM32\yv12vfw.dll (www.helixcommunity.org)

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
06-10-01 13:41:22 S 2048 C:\WINDOWS\bootstat.dat ()
06-10-01 13:42:06 H 1024 C:\WINDOWS\system32\config\default.LOG ()
06-10-01 13:41:24 H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
06-10-01 13:42:08 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()
06-10-01 13:46:52 H 1024 C:\WINDOWS\system32\config\software.LOG ()
06-10-01 13:42:10 H 1024 C:\WINDOWS\system32\config\system.LOG ()
06-10-01 13:41:24 H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
01-08-18 14:00:00 68096 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
01-08-18 14:00:00 563712 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
01-08-18 14:00:00 133120 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
01-08-18 14:00:00 152064 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
02-08-29 09:32:28 293376 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
01-08-18 14:00:00 123392 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
02-08-29 03:41:00 208896 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
04-12-07 18:51:50 57344 C:\WINDOWS\SYSTEM32\LocalCOM.cpl (TOSHIBA CORPORATION)
01-08-18 14:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
01-08-18 14:00:00 566272 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
01-08-18 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
01-08-18 14:00:00 259072 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
06-04-12 04:38:46 R 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl (NVIDIA Corporation)
01-08-18 14:00:00 38400 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
01-08-18 14:00:00 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
01-08-18 14:00:00 111616 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
06-07-03 22:20:10 25088 C:\WINDOWS\SYSTEM32\prefscpl.cpl (RealNetworks, Inc.)
04-01-20 15:10:52 324608 C:\WINDOWS\SYSTEM32\QuickTime.cpl (Apple Computer, Inc.)
01-08-18 14:00:00 275456 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
01-08-18 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
01-08-18 14:00:00 90112 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
01-08-18 14:00:00 68096 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation)
01-08-18 14:00:00 563712 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation)
01-08-18 14:00:00 133120 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation)
01-08-18 14:00:00 152064 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
02-08-29 09:32:28 293376 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
01-08-18 14:00:00 123392 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation)
02-08-29 03:41:00 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)
01-08-18 14:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
01-08-18 14:00:00 566272 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation)
01-08-18 14:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
01-08-18 14:00:00 259072 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
01-08-18 14:00:00 38400 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
01-08-18 14:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)
01-08-18 14:00:00 111616 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation)
01-08-18 14:00:00 151552 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation)
01-08-18 14:00:00 275456 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)
01-08-18 14:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
01-08-18 14:00:00 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
06-07-03 22:47:14 1737 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk ()
06-07-03 21:32:18 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini ()
06-07-29 18:39:58 1788 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk ()
06-07-03 21:58:28 H 1709 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
06-07-03 22:12:20 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini ()
06-07-29 18:51:08 722 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log ()

Checking files in %USERPROFILE%\Startup folder...
06-07-03 21:32:18 HS 84 C:\Dokumente und Einstellungen\CarmenK\Startmenü\Programme\Autostart\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
06-07-03 22:12:20 HS 62 C:\Dokumente und Einstellungen\CarmenK\Anwendungsdaten\desktop.ini ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Local Page - C:\windows\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.aol.de/
\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Local Page - C:\windows\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Sucheingriff = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{30D02401-6A81-11D0-8274-00C04FD5AE38} - Search Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} - 8192 = @shdoclc.dll,-864
\\NEXTID - 8195
\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8193 =
\\{B863453A-26C3-4e1f-A54D-A2CD196348E9} - 8194 = ICQ Lite

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{B863453A-26C3-4e1f-A54D-A2CD196348E9} - ButtonText: ICQ Lite = C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.)
\{c95fe080-8f5d-11d2-a20b-00aa003c157a} - ButtonText: @shdoclc.dll,-866 = %SystemRoot%\web\related.htm
\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - ButtonText: Real.com =

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - CPL-Erweiterung für Anzeigeverschiebung = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shellerweiterungen für die Dateikomprimierung = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Kontextmenü für die Verschlüsselung = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - Erweiterung für HyperTerminal-Icons = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskleiste und Startmenü = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - Benutzerkonten = ()
\\{FFB699E0-306A-11d3-8BD1-00104B6F7516} - Play on my TV helper = C:\WINDOWS\System32\nvcpl.dll (NVIDIA Corporation)
\\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\System32\NVCPL.DLL (NVIDIA Corporation)
\\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation)
\\{73B24247-042E-4EF5-ADC2-42F62E6FD654} - ICQ Lite Shell Extension = C:\Programme\ICQLite\ICQLiteShell.dll ()
\\{40950107-FEA6-4d53-A65F-B2DCBA57DD58} - Nokia Phone Browser = C:\Programme\Nokia\Nokia PC Suite 6\PhoneBrowser.dll (Nokia)
\\{FBFE7864-D495-41f0-B7DC-4BB601CC295E} - Contact View = C:\Programme\Nokia\Nokia PC Suite 6\ContactView.dll (Nokia)
\\{C0C4375A-5B72-4efe-929D-3B848C3A1E91} - Message View = C:\Programme\Nokia\Nokia PC Suite 6\MessageView.dll (Nokia)
\\{45AC2688-0253-4ED8-97DE-B5370FA7D48A} - Shell Extension for Malware scanning = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll (H+BEDV Datentechnik GmbH)
\\{D653647D-D607-4DF6-A5B8-48D2BA195F7B} - BitDefender Antivirus v8 = ()
\\{A155339D-CCCD-4714-85EB-3754B804C9DF} - a-squared Free Context Menu Shell Extension = C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL (Emsi Software GmbH)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{BDEADF00-C265-11d0-BCED-00A0C90AB50F} - = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL ()


>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\ICQLiteMenu - {73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll ()
\IPSContMenu - {EBDF1F20-C829-11D1-8233-0020AF3E97A9} = ()
\Shell Extension for Malware scanning - {45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll (H+BEDV Datentechnik GmbH)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]
\a2FreeContMenu - {A155339D-CCCD-4714-85EB-3754B804C9DF} = C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL (Emsi Software GmbH)

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\ICQLiteMenu - {73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll ()
\IPSContMenu - {EBDF1F20-C829-11D1-8233-0020AF3E97A9} = ()

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation)
\NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\System32\NVCPL.DLL (NVIDIA Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\a2FreeContMenu - {A155339D-CCCD-4714-85EB-3754B804C9DF} = C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL (Emsi Software GmbH)
\BitDefender Antivirus v8 - {D653647D-D607-4DF6-A5B8-48D2BA195F7B} = ()
\IPSContMenu - {EBDF1F20-C829-11D1-8233-0020AF3E97A9} = ()
\Shell Extension for Malware scanning - {45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll (H+BEDV Datentechnik GmbH)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll ()
nwiz - C:\WINDOWS\SYSTEM32\nwiz.exe (NVIDIA Corporation)
NvMediaCenter - RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll ()
AOLDialer - REM C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe ()
QuickTime Task - REM "C:\Programme\QuickTime\qttask.exe ()
Cmaudio - RunDll32 cmicnfg.cpl ()
KernelFaultCheck - ()
HP Software Update - C:\Programme\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
NeroCheck - REM C:\WINDOWS\System32\NeroCheck.exe ()
DataLayer - REM C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE ()
PCSuiteTrayApplication - REM C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE ()
CheckDiskOnce - chkdisk.exe ()
avgnt - C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
HostManager - C:\Programme\Gemeinsame Dateien\AOL\1157655685\ee\AOLSoftware.exe (America Online, Inc.)
IPHSend - C:\Programme\Gemeinsame Dateien\AOL\IPHSend\IPHSend.exe (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE - C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
MSMSGS - REM "C:\Programme\Messenger\msmsgs.exe ()
CursorXP - C:\Programme\CursorXP\CursorXP.exe ( )
RocketDock - C:\Programme\RocketDock\RocketDock.exe ()
AutoStart-Manager 2006 - REM "C:\Programme\Tools&More\Autostart-Manager\AutoStart-Manager.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini ()
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Dokumente und Einstellungen\CarmenK\Startmenü\Programme\Autostart\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
TSMService 3
AVKWCtl 2
AVKService 2
AOL ACS 2
Netman 3
wuauserv 2
XCOMM 2


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AOL 9.0 Tray-Symbol.lnk
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AOL 9.0 Tray-Symbol.lnk
backup C:\WINDOWS\pss\AOL 9.0 Tray-Symbol.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\AOL9~1.0\aoltray.exe -check
item AOL 9.0 Tray-Symbol

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Bluetooth Manager.lnk
path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk
backup C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe
item Bluetooth Manager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ICQ Lite
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ICQLite
hkey HKLM
command REM "C:\Programme\ICQLite\ICQLite.exe" -minimize
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 2
startup 2


[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{5E897DD1-AB44-46A3-9FD1-8416C73D295C} - (AVM FRITZ!Box SL)
{9D7BDFC3-8F08-4CB3-B7A7-80745433A475} - (AVM FRITZ!Box SL)
{AE171A7E-4DAE-47CD-BDFA-48E17AC72B7B} - ()
{DAB94F26-E1C9-46B5-BE31-91970580B13D} - (SiS 900-PCI-Fast Ethernet-Adapter)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000019\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000020\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000021\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»





Logfile of HijackThis v1.99.1
Scan saved at 14:01, on 06-10-01
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Gemeinsame Dateien\AOL\1157655685\ee\AOLSoftware.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\CursorXP\CursorXP.exe
C:\Programme\RocketDock\RocketDock.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programme\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\CarmenK\Eigene Dateien\Virus\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von AOL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AOLDialer] REM C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] REM "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroCheck] REM C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [DataLayer] REM C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] REM C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [CheckDiskOnce] chkdisk.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1157655685\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Programme\Gemeinsame Dateien\AOL\IPHSend\IPHSend.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] REM "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CursorXP] C:\Programme\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [AutoStart-Manager 2006] REM "C:\Programme\Tools&More\Autostart-Manager\AutoStart-Manager.exe" /AUTOSTART
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe