Home » Viren, Trojaner & Malware Forum » Nsis Media Pop-ups Problem » Themenansicht

Nsis Media Pop-ups Problem
#0
13.09.2006, 10:10
again
...neu hier

Beiträge: 1
#1 Hallo,
Ich habe gesucht und habe gesehen, dass es so einen Theard schon gibt, allerdings kann ich irgendwie nicht darauf antworten, sonst hätte ich das gemacht und kein neues Thema eröffnet.

Jedenfalls habe ich das selbe Probleme wie es [url=http://board.protecus.de/t25217.htm]hier[/url] beschrieben wurde. Dauernd kommen diese Pop-Ups ;) Ich habe schon AdAware, Spysweeper und Co. versucht, aber nichts hat was gebracht. Ich habe das ganze über den Uninstaller deinstalliert, aber es hat nichts gebracht.
Ich habe jetzt wie in de anderen Theard gesagt die 4 log files gemacht:

Hijack This:

Zitat

Logfile of HijackThis v1.99.1
Scan saved at 09:54:20, on 13.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\stickies\stickies.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\TuneUp Utilities 2006\RegistryCleaner.exe
C:\Dokumente und Einstellungen\Martin\Eigene Dateien\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.real.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = eumex.ip
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programme\IDM\QUICKfind\PlugIns\IEHelp.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - Startup: Stickies.lnk = C:\Programme\stickies\stickies.exe
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.real.de/
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Webroot Spy Sweeper-Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programme\Webroot\Spy Sweeper\SpySweeper.exe
ComboFix

Zitat

Martin - 06-09-13 9:55:08,46
ComboFix 06.09.11B - Running from: C:\Dokumente und Einstellungen\Martin\Eigene Dateien

Microsoft Windows XP [Version 5.1.2600]

((((((((((((((((((((((((((((((( Files Created from 2006-08-13 to 2006-09-13 ))))))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-13 09:37 -------- d-------- C:\Programme\Mozilla Thunderbird
2006-09-13 09:28 -------- d-------- C:\Programme\Mozilla Firefox
2006-09-13 09:25 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-09-13 09:24 128 --a------ C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\iScrobbler.ini
2006-09-12 12:15 -------- d-------- C:\Programme\Windows Media Player
2006-09-12 10:42 -------- d-------- C:\Programme\Webroot
2006-09-12 10:42 -------- d-------- C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\Webroot
2006-09-12 09:28 -------- d-------- C:\Programme\Google
2006-09-12 09:08 -------- d-------- C:\Programme\FlashGet
2006-09-11 23:10 -------- d-------- C:\Programme\Lavasoft
2006-09-11 23:10 -------- d-------- C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\Lavasoft
2006-09-05 12:23 -------- d-------- C:\Programme\SlySoft
2006-09-05 11:10 -------- d-------- C:\Programme\Ares
2006-09-05 10:13 83 ---hs---- C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\.zreglib
2006-09-02 23:34 -------- d-------- C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\uTorrent
2006-09-02 12:03 -------- d-------- C:\Programme\Turbo Torrent
2006-09-01 16:58 -------- d-------- C:\Programme\ICQLite
2006-08-31 10:53 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-08-31 10:53 -------- d-------- C:\Programme\QuickTime
2006-08-29 22:13 -------- d-------- C:\Programme\Gemeinsame Dateien\XPressUpdate
2006-08-29 18:16 -------- d-------- C:\Programme\PdfGrabber 2.5
2006-08-28 11:09 -------- d-------- C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\SlySoft
2006-08-27 12:23 -------- d-------- C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\Elaborate Bytes
2006-08-27 12:22 -------- d-------- C:\Programme\Elaborate Bytes
2006-08-23 16:48 -------- d-------- C:\Programme\iTunes
2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 11:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-20 21:10 -------- d-------- C:\Programme\GK1neu
2006-08-19 17:18 -------- d-------- C:\Programme\PeerGuardian2
2006-08-18 03:58 20096 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2006-08-16 19:44 -------- d-------- C:\Programme\Internet Explorer
2006-08-16 14:27 -------- d-------- C:\Programme\uTorrent
2006-08-12 11:01 97792 --a------ C:\WINDOWS\system32\drivers\ACEDRV05.sys
2006-08-11 15:24 -------- d-------- C:\Programme\ICQToolbar
2006-08-03 19:33 15360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2006-08-03 19:33 14848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2006-08-03 19:33 13824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2006-08-03 19:33 117248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 21:16 -------- d-------- C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\Cuttermaran
2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-20 17:24 -------- d-------- C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\PixelPlanet
2006-07-16 13:09 -------- d-------- C:\Programme\Viewpoint
2006-07-13 19:04 -------- d-------- C:\Programme\eRightSoft
2006-07-13 18:49 -------- d-------- C:\Programme\VideoLAN
2006-07-13 18:33 -------- d-------- C:\Programme\TuneUp Utilities 2006
2006-07-13 10:48 202240 --a------ C:\WINDOWS\system32\drivers\rmcast.sys
2006-06-22 07:06 69120 --a------ C:\WINDOWS\system32\ciodm.dll
2006-06-22 07:06 1441792 --a------ C:\WINDOWS\system32\query.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="\"C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoDriveAutoRun"=hex:00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
"SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
"Ulead AutoDetector v2"="C:\\Programme\\Gemeinsame Dateien\\Ulead Systems\\AutoDetector\\monitor.exe"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job

Completion time: 13.09.2006 9:57:26.17
ComboFix.txt
WinPFind

Zitat

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 13.09.2006 09:58:08
WinPFind v1.5.0 Folder = C:\Dokumente und Einstellungen\Martin\Eigene Dateien\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 22.08.2004 18:04:56 69120 C:\WINDOWS\daemon.dll ()
UPX! 13.10.2005 22:27:00 RHS 422400 C:\WINDOWS\x2.64.exe ()

Checking %System% folder...
UPX! 07.10.2005 20:14:52 RHS 308224 C:\WINDOWS\SYSTEM32\avisynth.dll (The Public)
PEC2 04.11.2004 01:18:18 2974071 C:\WINDOWS\SYSTEM32\bgd.dll ()
UPX! 09.07.2004 09:47:04 RHS 167936 C:\WINDOWS\SYSTEM32\CoreAAC.ax ()
PEC2 29.08.2002 14:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc ()
UPX! 25.01.2004 01:00:00 RHS 70656 C:\WINDOWS\SYSTEM32\i420vfw.dll (www.helixcommunity.org)
PTech 19.06.2006 16:19:42 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PECompact2 11.09.2006 19:37:22 8960936 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 11.09.2006 19:37:22 8960936 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 18.08.2001 05:54:58 1164288 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
aspack 04.08.2004 01:57:10 733696 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 04.08.2004 01:58:24 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 04.08.2004 01:57:34 686592 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync 29.08.2002 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PTech 19.06.2006 16:19:26 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)
UPX! 28.02.2005 13:16:22 RHS 240128 C:\WINDOWS\SYSTEM32\x.264.exe ()
UPX! 25.01.2004 01:00:00 RHS 70656 C:\WINDOWS\SYSTEM32\yv12vfw.dll (www.helixcommunity.org)

Checking %System%\Drivers folder and sub-folders...
PTech 03.08.2004 23:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
13.09.2006 09:26:00 S 2048 C:\WINDOWS\bootstat.dat ()
29.08.2006 18:15:36 RH 19655 C:\WINDOWS\system32\XPressUpdate.vdb ()
28.07.2006 14:15:50 S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918899.cat ()
27.07.2006 16:00:50 S 10337 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920214.cat ()
21.07.2006 11:02:46 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920670.cat ()
21.08.2006 14:59:30 S 11749 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922582.cat ()
13.09.2006 09:57:34 H 1024 C:\WINDOWS\system32\config\default.LOG ()
13.09.2006 09:28:18 H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
13.09.2006 09:28:48 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()
13.09.2006 10:00:08 H 1024 C:\WINDOWS\system32\config\software.LOG ()
13.09.2006 09:57:36 H 1024 C:\WINDOWS\system32\config\system.LOG ()
13.09.2006 09:22:30 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
03.08.2006 11:14:20 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\543b261f-3421-4c2b-9ea9-83dea3b99f73 ()
03.08.2006 11:14:20 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred ()
07.08.2006 01:03:02 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\d4d1e36d-8db4-41f9-89c1-cb9211ddcc1c ()
07.08.2006 01:03:02 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
13.09.2006 09:26:04 H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
04.08.2004 01:58:24 70656 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
04.08.2004 01:58:24 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
04.08.2004 01:58:24 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
04.08.2004 01:58:24 138240 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
04.08.2004 01:58:24 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
04.08.2004 01:58:24 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
04.08.2004 01:58:24 359424 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
04.08.2004 01:58:24 133120 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
04.08.2004 01:58:24 381440 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
04.08.2004 01:58:24 69632 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
10.11.2005 13:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
29.08.2002 14:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
04.08.2004 01:58:24 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
29.08.2002 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
04.08.2004 01:58:24 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
04.08.2004 01:58:24 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
04.08.2004 01:58:24 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
04.08.2004 01:58:24 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
04.08.2004 01:58:24 303104 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
29.08.2002 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
04.08.2004 01:58:24 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
04.08.2004 01:58:24 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
12.04.2003 17:56:14 182784 C:\WINDOWS\SYSTEM32\XPressUpd.cpl ()
04.08.2004 01:58:24 70656 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation)
04.08.2004 01:58:24 555008 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation)
04.08.2004 01:58:24 110592 C:\WINDOWS\SYSTEM32\dllcache\bthprops.cpl (Microsoft Corporation)
04.08.2004 01:58:24 138240 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation)
04.08.2004 01:58:24 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl (Microsoft Corporation)
04.08.2004 01:58:24 157184 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
04.08.2004 01:58:24 359424 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
04.08.2004 01:58:24 133120 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation)
04.08.2004 01:58:24 381440 C:\WINDOWS\SYSTEM32\dllcache\irprops.cpl (Microsoft Corporation)
04.08.2004 01:58:24 69632 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)
29.08.2002 14:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
04.08.2004 01:58:24 625152 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation)
29.08.2002 14:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
04.08.2004 01:58:24 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl (Microsoft Corporation)
04.08.2004 01:58:24 260096 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
04.08.2004 01:58:24 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)
04.08.2004 01:58:24 117248 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation)
04.08.2004 01:58:24 159744 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation)
04.08.2004 01:58:24 303104 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)
29.08.2002 14:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
04.08.2004 01:58:24 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation)
04.08.2004 01:58:24 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl (Microsoft Corporation)
26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdate/content/opuc2.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - Java Plug-in 1.4.2_06 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - - CodeBase = http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
DirectAnimation Java Classes - - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
19.01.2004 14:07:30 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
07.02.2006 17:21:52 305 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html ()
19.01.2004 14:02:32 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini ()
24.08.2006 18:13:04 1759 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache ()

Checking files in %USERPROFILE%\Startup folder...
19.01.2004 14:07:30 HS 84 C:\Dokumente und Einstellungen\Martin\Startmenü\Programme\Autostart\desktop.ini ()
22.11.2005 00:04:38 672 C:\Dokumente und Einstellungen\Martin\Startmenü\Programme\Autostart\Stickies.lnk ()

Checking files in %USERPROFILE%\Application Data folder...
05.09.2006 10:13:16 HS 83 C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\.zreglib ()
19.01.2004 14:02:32 HS 62 C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\desktop.ini ()
13.09.2006 09:24:40 128 C:\Dokumente und Einstellungen\Martin\Anwendungsdaten\iScrobbler.ini ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Default_Page_URL - http://www.real.de/
\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.aol.de/
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Sucheingriff = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Programme\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
\{A5366673-E8CA-11D3-9CD9-0090271D075B} - IeCatch2 Class = C:\PROGRA~1\FlashGet\jccatch.dll (Amaze Soft)
\{C08DF07A-3E49-4E25-9AB0-D3882835F153} - QUICKfind BHO Object = C:\Programme\IDM\QUICKfind\PlugIns\IEHelp.dll ()

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{32683183-48a0-441b-a342-7c2a440a9478} - = ()
\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer-Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - = ()
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - = ()
\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - = ()
\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQ Toolbar = C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\NEXTID - 8199
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8193 =
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8194 = Sun Java Konsole
\\{B863453A-26C3-4e1f-A54D-A2CD196348E9} - 8195 = ICQ Lite
\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - 8196 = &FlashGet
\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8197 =
\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8198 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Konsole = C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Konsole = C:\Programme\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Recherchieren =
\{B863453A-26C3-4e1f-A54D-A2CD196348E9} - ButtonText: ICQ Lite = C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.)
\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - ButtonText: FlashGet = C:\PROGRA~1\FlashGet\flashget.exe (Amaze Soft)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - CPL-Erweiterung für Anzeigeverschiebung = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shellerweiterungen für die Dateikomprimierung = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Kontextmenü für die Verschlüsselung = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - Erweiterung für HyperTerminal-Icons = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskleiste und Startmenü = ()
\\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - Benutzerkonten = ()
\\{DCED20BE-3645-11D4-BC95-00C04F0E0588} - InoShell = ()
\\{F5D92341-0A64-11D0-9956-0000E8096023} - CD Copy Shell Extension = ()
\\{F5D92342-0A64-11D0-9956-0000E8096023} - CD Wizard Shell Extension = ()
\\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = ()
\\{73B24247-042E-4EF5-ADC2-42F62E6FD654} - ICQ Lite Shell Extension = C:\Programme\ICQLite\ICQLiteShell.dll ()
\\{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} - WinAce Archiver 2.61 Context Menu Shell Extension = C:\Programme\WinAce\arcext.dll (e-merge GmbH)
\\{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} - WinAce Archiver 2.61 DragDrop Shell Extension = C:\Programme\WinAce\arcext.dll (e-merge GmbH)
\\{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} - WinAce Archiver 2.61 Context Menu Shell Extension = C:\Programme\WinAce\arcext.dll (e-merge GmbH)
\\{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} - WinAce Archiver 2.61 Property Sheet Shell Extension = C:\Programme\WinAce\arcext.dll (e-merge GmbH)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = ()
\\{3c249f62-e26e-11d4-97f0-009027769c61} - Format Shell = C:\WINDOWS\system32\SMSHELL.DLL (OnSpec Electronic, Inc.)
\\{03FF3962-D823-11D4-97F0-009027769C61} - Data Caching Shell Extension = C:\WINDOWS\system32\FlashShl.dll ( )
\\{32020A01-506E-484D-A2A8-BE3CF17601C3} - AlcoholShellEx = ()
\\{FED7043D-346A-414D-ACD7-550D052499A7} - dBpowerAMP Music Converter 1 = C:\Programme\Illustrate\dBpowerAMP\dBShell.dll ()
\\{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} - dBpowerAMP Music Converter = C:\Programme\Illustrate\dBpowerAMP\dMCShell.dll ()
\\{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} - TuneUp Shredder Shell Context Menu Extension = "C:\Programme\TuneUp Utilities 2006\sdshelex.dll" (TuneUp Software GmbH)
\\{B327765E-D724-4347-8B16-78AE18552FC3} - NeroDigitalIconHandler = C:\Programme\Gemeinsame Dateien\Ahead\lib\NeroDigitalExt.dll (Nero AG)
\\{7F1CF152-04F8-453A-B34C-E609530A9DC8} - NeroDigitalPropSheetHandler = C:\Programme\Gemeinsame Dateien\Ahead\lib\NeroDigitalExt.dll (Nero AG)
\\{FCF608CF-5716-47C3-A1A8-991D873AF72B} - Delphi Context Menu Shell Extension Example = ()
\\{45AC2688-0253-4ED8-97DE-B5370FA7D48A} - Shell Extension for Malware scanning = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll (H+BEDV Datentechnik GmbH)
\\{0f0a4d40-adf0-4e8f-98d8-7208b98be01e} - ImageShack QuickLoad Image Uploader = ()
\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Programme\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)
\\{927EAB1E-B568-4E78-B8E9-36CFC439FE3B} - PdfGrabber Context Menu Shell Extension = C:\PROGRA~1\PDFGRA~1.5\PDFGRA~2.DLL ()
\\{B9CE503D-03F8-4161-A8A6-C912ADFCF2D4} - JavaExtExt Extension = C:\WINDOWS\System32\java52e.dll ()
\\{7C9D5882-CB4A-4090-96C8-430BFE8B795B} - Webroot Spy Sweeper Context Menu Integration = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll (Webroot Software, Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\ICQLiteMenu - {73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll ()
\Shell Extension for Malware scanning - {45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll (H+BEDV Datentechnik GmbH)
\TuneUp Shredder - {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "C:\Programme\TuneUp Utilities 2006\sdshelex.dll" (TuneUp Software GmbH)
\ZFAdd - {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Programme\WinAce\arcext.dll (e-merge GmbH)
\{441253c2-a0da-4e6e-924f-0024b4d06d9e} - = C:\Programme\T-Online\T-Online_Software_5\Banking\HbDokMan.dll (fun communications GmbH)
\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} - = C:\Programme\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]
\SpySweeper - {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll (Webroot Software, Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\ICQLiteMenu - {73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll ()
\TuneUp Shredder - {00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} = "C:\Programme\TuneUp Utilities 2006\sdshelex.dll" (TuneUp Software GmbH)
\ZFAdd - {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Programme\WinAce\arcext.dll (e-merge GmbH)

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = ()

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\Shell Extension for Malware scanning - {45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll (H+BEDV Datentechnik GmbH)
\SpySweeper - {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll (Webroot Software, Inc.)
\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} - = C:\Programme\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{7D4D6379-F301-4311-BEBA-E26EB0561882} - NeroDigitalExt.NeroDigitalColumnHandler = C:\Programme\Gemeinsame Dateien\Ahead\lib\NeroDigitalExt.dll (Nero AG)
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)
\{FED7043D-346A-414D-ACD7-550D052499A7} - dBpowerAMP Column Handler = C:\Programme\Illustrate\dBpowerAMP\dBShell.dll ()

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ATIPTA - C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
Cmaudio - RunDll32 cmicnfg.cpl ()
NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
avgnt - C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
iTunesHelper - C:\Programme\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
QuickTime Task - C:\Programme\QuickTime\qttask.exe (Apple Computer, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Dokumente und Einstellungen\Martin\Startmenü\Programme\Autostart\desktop.ini ()
C:\Dokumente und Einstellungen\Martin\Startmenü\Programme\Autostart\Stickies.lnk - C:\Programme\stickies\stickies.exe ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)
\WRNotifier - WRLogonNTF.dll = (Webroot Software, Inc.)

>>> DNS Name Servers <<<
{142EBFB8-243A-421A-A25E-12B6E2D6A6A3} - (VIA-kompatibler Fast Ethernet-Adapter)
{222F2161-A052-4C26-BFC7-40178606AFCC} - (1394-Netzwerkadapter)
{3B3FCD35-2D92-415E-940B-176CF4F40B8B} - (Eumex 300 IP)
{798CF3D1-6A67-45AE-8C42-65AF27EF969B} - ()
{A47DD77E-31BF-4C85-86F4-0169E05BDF7C} - (Realtek RTL8139-Familie-PCI-Fast Ethernet-NIC)
{FACCA40F-69A0-4F30-B4AD-FB5613E92CF4} - (Eumex 300 IP)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000019\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000020\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000021\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000022\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000023\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000024\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000025\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Datfindbat

Zitat

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 94D6-DAE0

Verzeichnis von C:\WINDOWS\system32

13.09.2006 09:28 2.206 wpa.dbl
11.09.2006 19:37 8.960.936 MRT.exe
29.08.2006 18:15 19.655 XPressUpdate.vdb
21.08.2006 14:26 16.896 fltlib.dll
21.08.2006 11:14 23.040 fltmc.exe
03.08.2006 20:01 208.896 WRLogonNtf.dll
03.08.2006 20:01 8.704 ssiefr.EXE
03.08.2006 20:01 20.992 wrlzma.dll
28.07.2006 13:28 3.075.072 mshtml.dll
27.07.2006 15:25 679.424 inetcomm.dll
25.07.2006 22:33 615.936 urlmon.dll
21.07.2006 10:29 72.704 hlink.dll
14.07.2006 17:38 332.288 netapi32.dll
14.07.2006 17:25 546.304 hhctrl.ocx
13.07.2006 15:34 8.494.592 shell32.dll



Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 94D6-DAE0

Verzeichnis von C:\DOKUME~1\Martin\LOKALE~1\Temp

13.09.2006 09:28 16.384 ~DF3BA6.tmp
1 Datei(en) 16.384 Bytes
0 Verzeichnis(se), 16.052.027.392 Bytes frei



Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 94D6-DAE0

Verzeichnis von C:\WINDOWS

13.09.2006 09:26 0 0.log
13.09.2006 09:26 1.752.263 WindowsUpdate.log
13.09.2006 09:26 159 wiadebug.log
13.09.2006 09:26 50 wiaservc.log
13.09.2006 09:25 2.048 bootstat.dat
13.09.2006 09:25 32.602 SchedLgU.Txt
13.09.2006 09:23 159.829 tsoc.log
13.09.2006 09:23 138.059 comsetup.log
13.09.2006 09:23 22.914 ocmsn.log
13.09.2006 09:23 67.507 iis6.log
13.09.2006 09:23 1.374 imsins.log
13.09.2006 09:23 83.692 ntdtcsetup.log
13.09.2006 09:23 13.722 KB920685.log
13.09.2006 09:23 195.372 ocgen.log
13.09.2006 09:23 20.703 msgsocm.log
13.09.2006 09:23 412.633 FaxSetup.log
13.09.2006 09:23 753.865 setupapi.log
13.09.2006 09:23 1.374 imsins.BAK
13.09.2006 09:23 15.495 KB920872.log
13.09.2006 09:23 13.885 KB919007.log
13.09.2006 09:23 9.486 KB922582.log
13.09.2006 09:23 37.365 updspapi.log
12.09.2006 13:17 30 iedit.INI
12.09.2006 11:20 546 lexstat.ini
12.09.2006 10:59 116 NeroDigital.ini
12.09.2006 09:27 892 win.ini
12.09.2006 09:16 1.513 setupact.log
12.09.2006 08:49 98.003 wmsetup.log
23.08.2006 16:48 121 GEARInstall.log
16.08.2006 19:45 17.118 KB920214.log
16.08.2006 19:45 17.418 KB922616.log
16.08.2006 19:45 17.299 KB921398.log
16.08.2006 19:44 20.342 KB918899.log
16.08.2006 19:44 12.559 KB920670.log
16.08.2006 19:44 12.754 KB917422.log
16.08.2006 19:44 13.101 KB920683.log
10.08.2006 00:45 11.873 KB921883.log
03.08.2006 20:02 253.440 WRUninstall.dll
03.08.2006 11:14 7.572 WgaNotify.log
02.08.2006 22:25 12.044 mozver.dat
14.07.2006 20:11 84 netdet.ini
14.07.2006 16:16 211 uno.ini
14.07.2006 07:10 11.833 KB917159.log
14.07.2006 07:10 12.338 KB914388.log
14.07.2006 07:10 10.557 KB916595.log



Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 94D6-DAE0

Verzeichnis von C:\

13.09.2006 10:05 0 sys.txt
13.09.2006 10:04 11.438 system.txt
13.09.2006 10:04 284 systemtemp.txt
13.09.2006 10:02 107.672 system32.txt
13.09.2006 09:57 8.282 ComboFix.txt
13.09.2006 09:25 1.073.270.784 hiberfil.sys
13.09.2006 09:25 1.610.612.736 pagefile.sys
13.09.2006 09:12 225 _audioscrobbler.log
Echo

Zitat

10)DPF????
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 94D6-DAE0

Verzeichnis von C:\WINDOWS\Downloaded Program Files

14.10.1997 19:52 697 DirectAnimation Java Classes.osd
25.07.2002 17:13 24.576 dwusplay.dll
25.07.2002 17:13 196.608 dwusplay.exe
08.09.2004 23:38 1.271 erma.inf
25.07.2002 17:05 172.032 isusweb.dll
20.01.2000 16:25 1.162 Microsoft XML Parser for Java.osd
17.01.2005 18:09 227 opuc.inf
19.12.2003 16:43 241 popcaploader.inf
27.03.2006 13:00 5.019 swflash.inf
9 Datei(en) 401.833 Bytes

Anzahl der angezeigten Dateien:
9 Datei(en) 401.833 Bytes
0 Verzeichnis(se), 16.052.056.064 Bytes frei
Ich hoffe das ist erstmal alles was gebraucht wird ;) Vielen Dank schonmal, ich freue mich über jede Hilfe ;)
Seitenanfang Seitenende
13.09.2006, 11:25
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 von Advertisement NSIS Media ist nichts zu sehen...
http://virus-protect.org/artikel/spyware/nsis.html

Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

Folders to delete:
C:\Programme\NSIS Media
C:\Programme\Gemeinsame Dateien\NSIS
Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1