critical system error |
||
|---|---|---|
| #0
| ||
|
24.09.2006, 15:53
...neu hier
Beiträge: 7 |
||
 
|
|
|
|
24.09.2006, 17:55
Ehrenmitglied
 Beiträge: 29434 |
#2
Boeschop
«« mediacodec.zip laden http://virus-protect.org/zip/mediacodec.zip entpacken auf dem Desktop -> mediacodec.reg ->doppeltklicken und der Registry mit "ja/yes" beifügen «« gehe in die Registry Start - Ausfuehren - regedit bearbeiten - suchen - zphnok [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] loeschen equestre - {70305bc2-b289-4209-a344-be21f22bc930} - C:\WINDOWS\system32\zphnok.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] loeschen {70305bc2-b289-4209-a344-be21f22bc930} Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat registry keys to delete:«« scanne mit smitfraudfix (option 1 und 2 ) - poste hier beide scanreporte http://virus-protect.org/artikel/tools/smitfrautfix.html «« poste dieses log http://virus-protect.org/artikel/tools/combofix.html «« öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) PC neustarten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
24.09.2006, 18:26
...neu hier
Themenstarter Beiträge: 7 |
#3
Sorry, aber bin nicht ganz so fit im system. Ich hab jetzt die datei gelöscht und mir avenger runtergeladen und entpackt und auch so rein kopiert wie du es vorgegeben hast. Aber laut er anleitung von avenger soll sich mein pc neustarten nachdem ich die grüne ampel gedrückt habe und das tut er nicht, da kommt eine error meldung:
////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Fatal error: could not create new script file. Error code: 0 Error logged to errorlog.txt. Aborting now! Scan 1: ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Fatal error: could not create new script file. Error code: 0 Error logged to errorlog.txt. Aborting now! bei Scan 2 stürzt mir fast der rechner ab so das ich keine taskleiste mehr habe und alles nur noch über taskmanager regele was nicht so ganz einfach ist und ich hoffe du kannst damit auch was anfangen. Tom - 06-09-24 18:24:52,15 Service Pack 2 ComboFix 06.09.23.2 - Running from: "C:\Programme\Mozilla Firefox" ((((((((((((((((((((((((((((((( Files Created from 2006-08-24 to 2006-09-24 )))))))))))))))))))))))))))))))))) 2006-09-24 18:18 53,248 --a------ C:\WINDOWS\system32\Process.exe 2006-09-24 18:18 40,960 --a------ C:\WINDOWS\system32\swsc.exe 2006-09-24 18:18 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2006-09-24 18:18 135,168 --a------ C:\WINDOWS\system32\swreg.exe 2006-09-24 12:03 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll 2006-08-27 22:14 7,680 --a------ C:\WINDOWS\system32\btinstall.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-09-24 18:24 -------- d-------- C:\Programme\Mozilla Firefox 2006-09-24 17:48 -------- d---s---- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft 2006-09-24 17:48 -------- d-------- C:\Programme\MSN Messenger 2006-09-24 17:48 -------- d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared 2006-09-24 12:04 -------- d-------- C:\Programme\Common Files 2006-09-24 12:03 -------- d-------- C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006 2006-09-24 12:03 -------- d-------- C:\Programme\Gemeinsame Dateien 2006-09-24 12:03 -------- d-------- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\WinAntiVirus Pro 2006 2006-09-23 10:58 -------- d-------- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\LimeWire 2006-09-13 09:10 -------- d-------- C:\Programme\Java 2006-09-06 22:48 -------- d-------- C:\Programme\Gemeinsame Dateien\DirectX 2006-08-27 22:14 -------- d--h----- C:\Programme\InstallShield Installation Information 2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-21 11:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys 2006-08-18 18:10 -------- d-------- C:\Programme\Windows Media Player 2006-08-18 18:10 -------- d-------- C:\Programme\Internet Explorer 2006-08-18 18:07 -------- d-------- C:\Programme\Outlook Express 2006-08-18 18:07 -------- d-------- C:\Programme\Gemeinsame Dateien\System 2006-08-18 16:49 -------- d-------- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\ICQLite 2006-08-18 10:55 -------- d-------- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Help 2006-08-05 17:29 457 --a------ C:\Programme\INSTALL.LOG 2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll 2006-07-28 22:41 -------- d-------- C:\Programme\QuickTime 2006-07-28 22:39 -------- d-------- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Apple Computer 2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" "BDMCon"="c:\\progra~1\\softwin\\bitdef~1\\bdmcon.exe" "BDOESRV"="\"C:\\Programme\\Softwin\\BitDefender9\\bdoesrv.exe\"" "BDNewsAgent"="\"c:\\progra~1\\softwin\\bitdef~1\\bdnagent.exe\"" "BDSwitchAgent"="\"c:\\progra~1\\softwin\\bitdef~1\\bdswitch.exe\"" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "eTrustPPAP"="\"C:\\Programme\\CA\\eTrust PestPatrol\\PPActiveDetection.exe\"" "ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay" "SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe" "C-Media Mixer"="Mixer.exe /startup" "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,e8,00,00,00,00,00,00,00,18,04,00,00,e2,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "equestre"="{70305bc2-b289-4209-a344-be21f22bc930}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-] "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "TotalRecorderScheduler"="\"C:\\Programme\\HighCriteria\\TotalRecorder\\TotRecSched.exe\"" "EPSON Stylus DX3800 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIACE.EXE /P26 \"EPSON Stylus DX3800 Series\" /O6 \"USB001\" /M \"Stylus DX3800\"" "RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\1-Klick-Wartung.job Completion time: 24.09.2006 18:25:22.89 ComboFix.txt lg und vielen vielen dank für deine arbeit die du hier machst, das ist wirklich unbezahlbar. |
|
|
|
|
|
|
24.09.2006, 20:08
Ehrenmitglied
Beiträge: 29434 |
#4
wer den WinAntiVirus Pro 2006 ladt, braucht sich nicht zu wundern, wenn das System zerstoert ist
 - das ist ein Faketool, was die Viren auf den Rechner schaufelt...«« gehe in die Registry Start - Ausfuehren - regedit bearbeiten - suchen - zphnok [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] loeschen equestre - {70305bc2-b289-4209-a344-be21f22bc930} - C:\WINDOWS\system32\zphnok.dll «« Avenger http://virus-protect.org/artikel/tools/avenger.html Zitat registry keys to delete:poste den report __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
24.09.2006, 21:29
...neu hier
Themenstarter Beiträge: 7 |
#5
Hat alles wunder bar geklappt.
Man sollte dir (und natürlich deinen kollegen) ein denkmal setzten für die super schnelle und proffessionelle hilfe die ihr hier auch teilweise leihen gebt (wie ich ja auch einer bin). DANKESCHÖN :-D :-D :-D Und hier der report: ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 0 Line: HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ebuhtiip ******************* Script file located at: \??\C:\WINDOWS\oeypbsaq.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FWSvc deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FWSvc deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FWSvc not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FWSvc failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FWSvc Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FWSVC deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_FWSVC deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FWSVC not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FWSVC failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FWSVC Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FOPN deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FOPN deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FOPN not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FOPN failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FOPN Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN Status: 0xc0000034 File C:\WINDOWS\system32\SpOrder.dll deleted successfully. File C:\WINDOWS\system32\zphnok.dll not found! Deletion of file C:\WINDOWS\system32\zphnok.dll failed! Could not process line: C:\WINDOWS\system32\zphnok.dll Status: 0xc0000034 File C:\WINDOWS\system32\drivers\vspf5.sys not found! Deletion of file C:\WINDOWS\system32\drivers\vspf5.sys failed! Could not process line: C:\WINDOWS\system32\drivers\vspf5.sys Status: 0xc0000034 File C:\WINDOWS\system32\drivers\vspf_hk5.sys not found! Deletion of file C:\WINDOWS\system32\drivers\vspf_hk5.sys failed! Could not process line: C:\WINDOWS\system32\drivers\vspf_hk5.sys Status: 0xc0000034 File C:\WINDOWS\system32\drivers\fopn.sys not found! Deletion of file C:\WINDOWS\system32\drivers\fopn.sys failed! Could not process line: C:\WINDOWS\system32\drivers\fopn.sys Status: 0xc0000034 File C:\WINDOWS\system32\av.cpl deleted successfully. File C:\WINDOWS\system32\stera.log not found! Deletion of file C:\WINDOWS\system32\stera.log failed! Could not process line: C:\WINDOWS\system32\stera.log Status: 0xc0000034 File C:\WINDOWS\system32\stera.exe not found! Deletion of file C:\WINDOWS\system32\stera.exe failed! Could not process line: C:\WINDOWS\system32\stera.exe Status: 0xc0000034 Folder C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006 deleted successfully. Folder C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\WinAntiVirus Pro 2006 deleted successfully. Folder C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\WinSoftware not found! Deletion of folder C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\WinSoftware failed! Could not process line: C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\WinSoftware Status: 0xc0000034 Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinSoftware not found! Deletion of folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinSoftware failed! Could not process line: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinSoftware Status: 0xc0000034 Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinAntiVirus Pro 2006 deleted successfully. Folder C:\Programme\WinAntiVirus Pro 2006 not found! Deletion of folder C:\Programme\WinAntiVirus Pro 2006 failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006 Status: 0xc0000034 Folder C:\Programme\Common Files\WinAntiVirus Pro 2006 not found! Deletion of folder C:\Programme\Common Files\WinAntiVirus Pro 2006 failed! Could not process line: C:\Programme\Common Files\WinAntiVirus Pro 2006 Status: 0xc0000034 Folder C:\Programme\Common Files\Companion Wizard deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinAntiVirusPro2006 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinAntiVirusPro2006 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\WinAV.exe not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\WinAV.exe failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiVirus Pro 2006 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiVirus Pro 2006 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\WinAntiVirus Pro 2006 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\WinAntiVirus Pro 2006 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SupportUninstall\WinAntiVirus Pro 2006 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\SupportUninstall\WinAntiVirus Pro 2006 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B646F5E2-0A48-421d-AC91-F96C92BFC17A} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B646F5E2-0A48-421d-AC91-F96C92BFC17A} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E69F0D6A-1C69-4A04-8709-5EAC2019D9BE} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E69F0D6A-1C69-4A04-8709-5EAC2019D9BE} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5141620-C2B2-4d95-9F0F-134D99C87AB0} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5141620-C2B2-4d95-9F0F-134D99C87AB0} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0903FECD-7F7A-4790-A819-A3CE08416732} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0903FECD-7F7A-4790-A819-A3CE08416732} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85C99188-BEFD-4c61-A54B-5D7CB0204C1E} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85C99188-BEFD-4c61-A54B-5D7CB0204C1E} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B32FE740-8B67-409A-BCA8-3297263C354E} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B32FE740-8B67-409A-BCA8-3297263C354E} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC0B8EB8-AE24-4FD6-B479-E2B464F32DA6} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC0B8EB8-AE24-4FD6-B479-E2B464F32DA6} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\WAVAutoPlay not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\WAVAutoPlay failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. Damit ist doch jetzt alles in ordnung, oder?? lg |
|
|
|
|
|
|
25.09.2006, 11:41
Ehrenmitglied
Beiträge: 29434 |
#6
scanne mit counterspy, stelle nach dem San alles auf remove und poste den scanreport
http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
25.09.2006, 17:25
...neu hier
Themenstarter Beiträge: 7 |
#7
Hallo Sabina!
Hier der report: Spyware Scan Details Start Date: 25.09.2006 16:44:27 End Date: 25.09.2006 17:16:10 Total Time: 31 mins 43 secs Detected spyware WinAntiVirus Pro Rogue Security Program more information... Status: Deleted Infected files detected c:\windows\system32\stera.job Infected registry entries detected HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager BootStera HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VxD\VSPF_HK StaticVxD vspf_hk.vxd SpySheriff Rogue Security Program more information... Details: SpySheriff is a purported anti-spyware application to scan for and remove spyware from users' computers. Status: Deleted Infected files detected C:\Program Files\PestTrap\found.wav C:\Program Files\PestTrap\notfound.wav C:\Program Files\PestTrap\removed.wav Trojan-Downloader.Zlob.Media-Codec Trojan Downloader more information... Details: Trojan-Downloader.Zlob.Media-Codec is a program that typically purports to be a needed upgrade to Windows Media Player in order to view adult oriented videos on certain websites. However, Trojan-Downloader.Zlob.Media-Codec actually downloads and installs Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 DisplayName Internet Explorer Security Plugin 2006 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 UninstallString "C:\Programme\MPVIDEOCODEC\iesuninst.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On DisplayName Internet Security Add-On HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On UninstallString "C:\Programme\MPVIDEOCODEC\isauninst.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 DisplayName Public Messenger ver 2.03 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 UninstallString "C:\Programme\MPVIDEOCODEC\pmuninst.exe" HKEY_CLASSES_ROOT\CLSID\{479fd0cf-5be9-4c63-8cda-b6d371c67bd5} HKEY_CLASSES_ROOT\CLSID\{479fd0cf-5be9-4c63-8cda-b6d371c67bd5}\InprocServer32 C:\Programme\MPVIDEOCODEC\iesplugin.dll HKEY_CLASSES_ROOT\CLSID\{479fd0cf-5be9-4c63-8cda-b6d371c67bd5}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{479fd0cf-5be9-4c63-8cda-b6d371c67bd5} Protection Bar Cookie: PriceBandit Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\tom\cookies\tom@apmebf[1].txt lg Tom |
|
|
|
|
|
|
25.09.2006, 17:34
Ehrenmitglied
Beiträge: 29434 |
#8
nun sollte wieder alles in Ordnung sein, ueberpruefe, ob C:\Program Files\PestTrap und C:\Programme\MPVIDEOCODEC geloescht ist.
und passe in Zukunft besser auf, was du laedst.  ----------- p.s. scanne, falls du es noch nicht gemacht hast........scanne mit smitfraudfix (option 1 und 2 ) - poste hier beide scanreporte http://virus-protect.org/artikel/tools/smitfrautfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
25.09.2006, 18:45
...neu hier
Themenstarter Beiträge: 7 |
#9
Also PestTrap musste ich selbst noch mal löschen, das andere war weg.
Hier option 1: SmitFraudFix v2.99 Scan done at 18:41:15,95, 25.09.2006 Run from C:\Dokumente und Einstellungen\Tom\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Tom\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\Tom\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Programme »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="sockspy.dll" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End und option 2: SmitFraudFix v2.99 Scan done at 18:42:19,62, 25.09.2006 Run from C:\Dokumente und Einstellungen\Tom\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Tu ich normaler weise, hab auch sehr gute Virenprogramme die gleich alles entdecken und mir bescheid geben und sogar versuchen zu blockieren soweit wie möglich, aber das war ganz schön heftig. Passe natürlich jetzt noch besser auf. Und nochmals vielen vielen dank. Ich hoffe jetzt ist alles ok?? |
|
|
|
|
|
|
26.09.2006, 00:32
Ehrenmitglied
Beiträge: 29434 |
#10
fixe noch mit dem HijhackThis:
O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Programme\MPVIDEOCODEC\iesplugin.dll neustarten dann ist alles wieder o.k. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
26.09.2006, 08:46
...neu hier
Themenstarter Beiträge: 7 |
||
|
|
|
|
|
26.09.2006, 09:03
Ehrenmitglied
Beiträge: 29434 |
#12
öffne das HijackThis -- Button "scan" -- vor Eintrag Häkchen setzen -- Button "Fix checked" -- PC neustarten
Zitat R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)PC neustarten dann mache bitte noch einen Onlinescan mit panda und mit ewido und poste beide scanreporte http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
26.09.2006, 09:04
Ehrenmitglied
 Beiträge: 6028 |
#13
Starte Hijack This klicke 'Do a system scan only'
Häckchen vor O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Programme\MPVIDEOCODEC\iesplugin.dll dann klicke 'Fix checked' __________ MfG Argus |
|
|
|
|
|
|
26.09.2006, 10:48
...neu hier
Themenstarter Beiträge: 7 |
#14
Ich hatte "nur" 021 drin, die anderen beiden waren schon entfernt.
Leider kann ich panda nicht nutzten da ich mich strickt gegen den internet explodierer wäre. :-P und bei ewido passiert nix wenn ich versuche auf jetzt scannen zu drücken... lg Tom |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Logfile of HijackThis v1.99.1
Scan saved at 15:53:06, on 24.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\Programme\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programme\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\XDCC Catcher\catcher.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Tom\Desktop\HijackThis.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Softwin\BitDefender9\vsserv.exe
c:\progra~1\softwin\bitdef~1\bdmcon.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freenet.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alice-dsl.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice-dsl.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Programme\MPVIDEOCODEC\iesplugin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Programme\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Programme\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQ\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQ\ICQLite\ICQLite.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{00F257DF-47C6-496C-8C02-3F524BD86E98}: NameServer = 213.191.92.82 213.191.74.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{00F257DF-47C6-496C-8C02-3F524BD86E98}: NameServer = 213.191.92.82 213.191.74.11
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: equestre - {70305bc2-b289-4209-a344-be21f22bc930} - C:\WINDOWS\system32\zphnok.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Programme\BTNtService.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Programme\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programme\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)