Critical System Error ~.~ |
||
|---|---|---|
| #0
| ||
|
03.10.2006, 09:12
...neu hier
Beiträge: 3 |
||
 
|
|
|
|
03.10.2006, 10:44
Ehrenmitglied
 Beiträge: 29434 |
#2
««
bitte poste noch dieses log http://virus-protect.org/artikel/tools/combofix.html «« poste das log http://www.f-secure.com/blacklight/ starte die Datei, nimm die Lizenzbestimmung an und waehle scan, wenn es mit dem Scan fertig ist, druecke next und danach close. Nun befindet sich im selben Ordner von Blacklight eine FSB*.TXT Datei «« poste das log nach dem scan http://virus-protect.org/artikel/tools/fixwareout.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
03.10.2006, 14:18
...neu hier
Themenstarter Beiträge: 3 |
||
|
|
|
|
|
03.10.2006, 16:42
Ehrenmitglied
Beiträge: 29434 |
#4
avenger
http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** poste das log vom avenger, was nach neustart erscheint ** scanne mit smitfraud fix -Option 1 und 2 http://virus-protect.org/artikel/tools/smitfrautfix.html poste beide scanreporte ** öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Programme\strCodec\isaddon.dllBei Netzwerk/Eigenschaften des Internetprotokolls steht denn auch IP und DNS automatisch beziehen - anhaken 1. Click Start > Control Panel 2. Double-click Network Connections. 85.237.87.167,217.20.114.126 -muss raus - geht auf einen Server in die Ukraine ! ** poste das neue log vom HijacktHis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
03.10.2006, 17:41
...neu hier
Themenstarter Beiträge: 3 |
#5
Der Error is weg. Vielen Dank!
Hier noch die Logs: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ixbjmhxe ******************* Script file located at: \??\C:\WINDOWS\system32\hsxbabnp.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\titiau.dll deleted successfully. File C:\Dokumente und Einstellungen\Kraihammer\Anwendungsdaten\wo.tmp not found! Deletion of file C:\Dokumente und Einstellungen\Kraihammer\Anwendungsdaten\wo.tmp failed! Could not process line: C:\Dokumente und Einstellungen\Kraihammer\Anwendungsdaten\wo.tmp Status: 0xc0000034 Folder C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\little_helper2.lnk not found! Deletion of folder C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\little_helper2.lnk failed! Could not process line: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\little_helper2.lnk Status: 0xc0000034 Folder C:\Programme\strCodec deleted successfully. Folder C:\Programme\vb deleted successfully. Folder C:\Programme\little_helper2 deleted successfully. Folder C:\Programme\MalwareWipe not found! Deletion of folder C:\Programme\MalwareWipe failed! Could not process line: C:\Programme\MalwareWipe Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6076d2b1-634c-4685-843b-f826045ea5dc} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6076d2b1-634c-4685-843b-f826045ea5dc} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{479fd0cf-5be9-4c63-8cda-b6d371c67bd5} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\strCodec not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\strCodec failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\strCodec deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{202a961f-23ae-42b1-9505-ffe3c818d717} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\little_helper2.exe deleted successfully. Completed script processing. ******************* Finished! Terminate. SmitFraudFix v2.104 Scan done at 16:58:35,35, 03.10.2006 Run from C:\Dokumente und Einstellungen\Kraihammer\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Kraihammer »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Kraihammer\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu C:\DOKUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND ! C:\DOKUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\KRAIHA~1\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Programme »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End SmitFraudFix v2.104 Scan done at 17:12:02,76, 03.10.2006 Run from C:\Dokumente und Einstellungen\Kraihammer\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Logfile of HijackThis v1.99.1 Scan saved at 17:38:00, on 03.10.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\svchost.exe C:\Dokumente und Einstellungen\Kraihammer\Desktop\Martin\Critical System Error\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Tele2Internet O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programme\Windows Desktop Search\dsWebAllow.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-at\msntabres.dll.mui/229?ebffb53949cc43a59eae6c70fec84a99 O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-at\msntabres.dll.mui/230?ebffb53949cc43a59eae6c70fec84a99 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{9A4282FD-649E-4229-BB47-3A339B967CF7}: NameServer = 195.96.0.4 195.70.224.45 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE mfg RangerM |
|
|
|
|
|
|
05.10.2006, 01:54
Ehrenmitglied
Beiträge: 29434 |
#6
scanne und poste den scanreport
http://virus-protect.org/a2.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Hier meine Logs. Danke schonmal im vorraus!
Logfile of HijackThis v1.99.1
Scan saved at 08:35:31, on 03.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\strCodec\isamonitor.exe
C:\Programme\strCodec\pmsngr.exe
C:\Programme\strCodec\pmmon.exe
C:\Programme\strCodec\isamini.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\GUILD WARS\Gw.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Dokumente und Einstellungen\Kraihammer\Desktop\Martin\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.de.ag/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Tele2Internet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Programme\strCodec\isaddon.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programme\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Programme\strCodec\iesplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-at\msntabres.dll.mui/229?ebffb53949cc43a59eae6c70fec84a99
O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-at\msntabres.dll.mui/230?ebffb53949cc43a59eae6c70fec84a99
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{10EEE68A-17E7-42AE-8A85-71B81676F028}: NameServer = 85.237.87.167,217.20.114.126
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CCAFECE-4761-4E1F-8028-1B0F0A47B15F}: NameServer = 85.237.87.167,217.20.114.126
O17 - HKLM\System\CCS\Services\Tcpip\..\{3AEFF0D4-79C8-4A36-9B4C-F5AD56BC3745}: NameServer = 85.237.87.167,217.20.114.126
O17 - HKLM\System\CCS\Services\Tcpip\..\{73680E13-D258-4612-89D1-2BC589D7F7FC}: NameServer = 85.237.87.167,217.20.114.126
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A4282FD-649E-4229-BB47-3A339B967CF7}: NameServer = 195.70.224.45 213.90.38.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC7D3352-B0F9-4536-8861-8C8439C56915}: NameServer = 85.237.87.167,217.20.114.126
O17 - HKLM\System\CCS\Services\Tcpip\..\{F732DB2F-6CA8-461A-8CA3-8C6C34787F9C}: NameServer = 85.237.87.167,217.20.114.126
O17 - HKLM\System\CS1\Services\Tcpip\..\{10EEE68A-17E7-42AE-8A85-71B81676F028}: NameServer = 85.237.87.167,217.20.114.126
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: eeler - {1559e6c1-7e5e-4461-9457-6a2dea85eb9f} - C:\WINDOWS\system32\titiau.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
CleanUp! started on 10/03/06 09:03:17.
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\6F2B252N\blue-spacer[1].gif - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\6F2B252N\main[1].css - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\6F2B252N\malwarewipe[1].htm - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\6F2B252N\top-logo[1].gif - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\8XGHUZ0D\german[1].gif - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\8XGHUZ0D\japan[1].gif - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\8XGHUZ0D\laptop10[1].gif - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\8XGHUZ0D\laptop9[1].gif - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\8XGHUZ0D\top-menu-stripe[1].gif - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OLORKN0B\check[1].gif - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OLORKN0B\english[1].gif - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OLORKN0B\france[1].gif - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OLORKN0B\index[1].htm - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OLORKN0B\laptop1[1].gif - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OLORKN0B\laptop3[1].gif - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OLORKN0B\laptop4[1].gif - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OLORKN0B\laptop6[1].gif - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OLORKN0B\left-column-stripe[1].gif - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OLORKN0B\logo2[1].gif - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OLORKN0B\logo_new[1].jpg - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OLORKN0B\spacer[1].gif - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\UDSNUHI5\blue-gray-stripe[1].gif - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\UDSNUHI5\laptop11[1].gif - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\UDSNUHI5\laptop2[1].gif - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\UDSNUHI5\laptop5[1].gif - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\UDSNUHI5\laptop8[1].gif - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\UDSNUHI5\laptopcenter[1].gif - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\UDSNUHI5\left-border-start[1].gif - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\UDSNUHI5\l[1].htm - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\UDSNUHI5\right-border-start[1].gif - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\6F2B252N\ - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\8XGHUZ0D\ - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\CPQR4TU7\ - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\FPZ9AT3V\ - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KLMNCPQ3\ - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OLORKN0B\ - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STUVWXMB\ - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Temporary Internet Files\Content.IE5\UDSNUHI5\ - deleted
http://malwarewipe.com/images/blue-gray-stripe.gif - deleted
http://83.149.75.51/count/l.php?pl=Win32&ce=true&id=rrd - deleted
http://www.surveyswages.com/img/laptop9.gif - deleted
http://www.surveyswages.com/img/laptop6.gif - deleted
http://malwarewipe.com/images/lang/france.gif - deleted
http://www.surveyswages.com/img/laptop5.gif - deleted
http://www.surveyswages.com/img/laptop2.gif - deleted
http://malwarewipe.com/images/lang/german.gif - deleted
http://malwarewipe.com/images/top-menu-stripe.gif - deleted
http://www.surveyswages.com/img/laptop10.gif - deleted
http://www.surveyswages.com/index.html?id=rrd&aid=133 - deleted
http://img.malwarewipe.com/images/spacer.gif - deleted
http://malwarewipe.com/?rid=247 - deleted
http://www.surveyswages.com/img/laptop3.gif - deleted
http://www.surveyswages.com/img/logo2.gif - deleted
http://malwarewipe.com/images/lang/english.gif - deleted
http://www.surveyswages.com/img/laptop11.gif - deleted
http://img.malwarewipe.com/images/left-border-start.gif - deleted
http://www.surveyswages.com/img/laptop8.gif - deleted
http://www.surveyswages.com/img/laptopcenter.gif - deleted
http://malwarewipe.com/main.css - deleted
http://img.malwarewipe.com/images/top-logo.gif - deleted
http://www.surveyswages.com/img/check.gif - deleted
http://malwarewipe.com/images/lang/japan.gif - deleted
http://www.surveyswages.com/img/logo_new.jpg - deleted
http://www.surveyswages.com/img/laptop4.gif - deleted
http://img.malwarewipe.com/images/blue-spacer.gif - deleted
http://img.malwarewipe.com/images/left-column-stripe.gif - deleted
http://img.malwarewipe.com/images/right-border-start.gif - deleted
http://www.surveyswages.com/img/laptop1.gif - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Verlauf\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Verlauf\History.IE5\MSHist012006100320061004\index.dat - deleted
C:\Dokumente und Einstellungen\Kraihammer\Lokale Einstellungen\Verlauf\History.IE5\MSHist012006100320061004\ - deleted
'Typed URLs' (Internet Explorer) - removed from the registry.
Visited: Kraihammer@file:///C:/Dokumente%20und%20Einstellungen/Kraihammer/Desktop/system32.txt - deleted
Visited: Kraihammer@http://www.thesecuritypages.com/gatevc.php?id=icn02 - deleted
Visited: Kraihammer@http://85.17.4.3/rr/functions.php?aid=95&lid=http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3D
dating&type=none&
default=http://www.entertaintool.net/
dating/go-dating_pa48x.html - deleted
Visited: Kraihammer@file:///C:/windows.txt - deleted
Visited: Kraihammer@file:///C:/Dokumente%20und%20Einstellungen/Kraihammer/Desktop/M%FCll/windows.txt - deleted
Visited: Kraihammer@http://malwarewipe.com/?rid=247 - deleted
Visited: Kraihammer@file:///C:/Dokumente%20und%20Einstellungen/Kraihammer/Desktop/M%FCll/ComboFix.txt - deleted
Visited: Kraihammer@http://www.surveyswages.com/index.html?id=rrd&aid=133 - deleted
Visited: Kraihammer@file:///C:/Dokumente%20und%20Einstellungen/Kraihammer/Desktop/M%FCll/hijackthis.log - deleted
Visited: Kraihammer@file:///C:/temp.txt - deleted
Visited: Kraihammer@file:///C:/Dokumente%20und%20Einstellungen/Kraihammer/Desktop/M%FCll/temp.txt - deleted
Visited: ating_pa48x.html - deleted
Visited: Kraihammer@file:///C:/c.txt - deleted
Visited: Kraihammer@file:///C:/Dokumente%20und%20Einstellungen/Kraihammer/Desktop/M%FCll/bam.txt - deleted
Visited: Kraihammer@http://givegate.com/gatevc.php?pn=srch0p4total7s2 - deleted
Visited: Kraihammer@file:///C:/Dokumente%20und%20Einstellungen/Kraihammer/Desktop/ComboFix.txt - deleted
Visited: Kraihammer@file:///C:/Dokumente%20und%20Einstellungen/Kraihammer/Desktop/M%FCll/system32.txt - deleted
Visited: Kraihammer@file:///C:/Dokumente%20und%20Einstellungen/Kraihammer/Desktop/M%FCll/c.txt - deleted
C:\Dokumente und Einstellungen\Kraihammer\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Kraihammer\Cookies\kraihammer@83.149.75[2].txt - deleted
C:\Dokumente und Einstellungen\Kraihammer\Cookies\kraihammer@85.17.4[2].txt - deleted
C:\Dokumente und Einstellungen\Kraihammer\Cookies\kraihammer@malwarewipe[1].txt - deleted
Cookie:kraihammer@85.17.4.3/ - deleted
Cookie:kraihammer@83.149.75.51/ - deleted
Cookie:kraihammer@malwarewipe.com/ - deleted
C:\Dokumente und Einstellungen\Kraihammer\Anwendungsdaten\Mozilla\Firefox\Profiles\7my305o3.default\history.dat - deleted
C:\Dokumente und Einstellungen\Kraihammer\Anwendungsdaten\Mozilla\Firefox\Profiles\7my305o3.default\cookies.txt.old - deleted
C:\Dokumente und Einstellungen\Kraihammer\Recent\bam.txt.lnk - deleted
C:\Dokumente und Einstellungen\Kraihammer\Recent\c.txt.lnk - deleted
C:\Dokumente und Einstellungen\Kraihammer\Recent\ComboFix.txt.lnk - deleted
C:\Dokumente und Einstellungen\Kraihammer\Recent\hijackthis.log.lnk - deleted
C:\Dokumente und Einstellungen\Kraihammer\Recent\Lokaler Datenträger (C).lnk - deleted
C:\Dokumente und Einstellungen\Kraihammer\Recent\Müll.lnk - deleted
C:\Dokumente und Einstellungen\Kraihammer\Recent\system32.txt.lnk - deleted
C:\Dokumente und Einstellungen\Kraihammer\Recent\temp.txt.lnk - deleted
C:\Dokumente und Einstellungen\Kraihammer\Recent\windows.txt.lnk - deleted
C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\4FL5GF67\ - deleted
C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\MPU5A9MH\ - deleted
C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\OXMFO9QD\ - deleted
C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\W9A7WV4N\ - deleted
C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\ - deleted
C:\WINDOWS\temp\Temporary Internet Files\ - deleted
C:\WINDOWS\temp\Verlauf\History.IE5\ - deleted
C:\WINDOWS\temp\Verlauf\ - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Kraihammer\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Kraihammer\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf - deleted
C:\WINDOWS\Prefetch\FIREFOX.EXE-1D57670A.pf - deleted
C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf - deleted
C:\WINDOWS\Prefetch\ISAMONITOR.EXE-140E41D4.pf - deleted
C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf - deleted
C:\WINDOWS\Prefetch\PMMON.EXE-18463871.pf - deleted
C:\WINDOWS\Prefetch\PMSNGR.EXE-191E6298.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-197CF692.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-415F88EC.pf - deleted
C:\WINDOWS\Prefetch\STDIALUP.EXE-29F83C49.pf - deleted
C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf - deleted
C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf - deleted
C:\WINDOWS\Prefetch\WGATRAY.EXE-0ED38BED.pf - deleted
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf - deleted
Emptied Recycle Bin on drive C:
'Run MRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 1010.9 KB of disk space from 111 files.
CleanUp! finished on 10/03/06 09:03:18.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 6040-D4E6
Verzeichnis von C:\WINDOWS\system32
03.10.2006 08:43 43.094 nvapps.xml
03.10.2006 08:43 12.698 wpa.dbl
[color="red"]20.09.2006 17:46 176.128 titiau.dll[/color]
16.09.2006 20:54 98.304 CmdLineExt.dll
11.09.2006 19:37 8.960.936 MRT.exe
08.09.2006 22:31 380.486 perfh009.dat
08.09.2006 22:31 63.778 perfc007.dat
08.09.2006 22:31 52.900 perfc009.dat
08.09.2006 22:31 391.330 perfh007.dat
08.09.2006 22:31 898.692 PerfStringBackup.INI
27.08.2006 11:37 7.200 wuredist.cab
21.08.2006 14:26 16.896 fltlib.dll
21.08.2006 11:14 23.040 fltmc.exe
29.07.2006 21:15 7.006 jupdate-1.5.0_06-b05.log
29.07.2006 19:32 48.936 sirenacm.dll
28.07.2006 13:30 3.079.168 mshtml.dll
27.07.2006 15:25 679.424 inetcomm.dll
25.07.2006 22:42 617.472 urlmon.dll
21.07.2006 10:29 72.704 hlink.dll
14.07.2006 17:38 332.288 netapi32.dll
14.07.2006 17:25 546.304 hhctrl.ocx
13.07.2006 15:34 8.494.592 shell32.dll
13.07.2006 10:41 246.312 FNTCACHE.DAT
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 6040-D4E6
Verzeichnis von C:\DOKUME~1\KRAIHA~1\LOKALE~1\Temp
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 6040-D4E6
Verzeichnis von C:\WINDOWS
03.10.2006 08:34 1.510.923 WindowsUpdate.log
03.10.2006 08:28 47.867 iis6.log
03.10.2006 08:28 109.529 comsetup.log
03.10.2006 08:28 64.671 ntdtcsetup.log
03.10.2006 08:28 120.012 tsoc.log
03.10.2006 08:28 1.374 imsins.log
03.10.2006 08:28 16.617 ocmsn.log
03.10.2006 08:28 23.261 KB925486.log
03.10.2006 08:28 15.085 msgsocm.log
03.10.2006 08:28 148.821 ocgen.log
03.10.2006 08:28 295.991 FaxSetup.log
03.10.2006 08:28 22.984 setupapi.log
03.10.2006 08:23 0 0.log
03.10.2006 08:23 50 wiaservc.log
03.10.2006 08:23 159 wiadebug.log
03.10.2006 08:23 2.048 bootstat.dat
03.10.2006 08:20 32.574 SchedLgU.Txt
28.09.2006 17:37 1.374 imsins.BAK
22.09.2006 12:23 573 win.ini
22.09.2006 12:23 227 system.ini
20.09.2006 07:27 468 lexstat.ini
19.09.2006 19:49 23 BlendSettings.ini
16.09.2006 20:51 319.070 DirectX.log
16.09.2006 20:51 820 DXError.log
15.09.2006 21:28 54.156 QTFont.qfn
13.09.2006 11:06 13.271 KB920685.log
13.09.2006 11:06 15.044 KB920872.log
13.09.2006 11:06 13.423 KB919007.log
13.09.2006 11:06 9.255 KB922582.log
13.09.2006 11:06 36.060 updspapi.log
09.09.2006 00:40 1.035.877 setupapi.log.0.old
01.09.2006 12:46 1.409 QTFont.for
30.08.2006 14:06 56.135 wmsetup.log
27.08.2006 11:44 13.807 KB911993-V2.log
14.08.2006 14:11 1.420 spupdsvc.log
11.08.2006 14:38 121 GEARInstall.log
06.08.2006 11:29 5.836 ModemLog_Standard 300 bps Modem.txt
02.08.2006 10:42 32 CD-Start.INI
29.07.2006 21:31 4.498 mozver.dat
19.07.2006 09:20 316.640 WMSysPr9.prx
12.07.2006 21:21 63.475 War3Unin.dat
12.07.2006 19:38 451 nsw.log
12.07.2006 18:29 217.949 setupact.log
12.07.2006 18:24 616 eReg.dat
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 6040-D4E6
Verzeichnis von C:\
03.10.2006 08:49 0 sys.txt
03.10.2006 08:49 10.321 windows.txt
03.10.2006 08:49 10.321 system.txt
03.10.2006 08:49 136 temp.txt
03.10.2006 08:49 136 systemtemp.txt
03.10.2006 08:48 95.887 system32.txt
03.10.2006 08:47 17.653 ComboFix.txt
03.10.2006 08:45 17.617 ComboFix2.txt
03.10.2006 08:45 17.602 ComboFix3.txt
03.10.2006 08:23 1.610.612.736 pagefile.sys
18.09.2006 13:00 211 boot.ini
15.09.2006 11:38 51 log.txt
22.07.2006 22:25 0 AILog.txt
Kraihammer - 06-10-03 10:49:58,78 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Dokumente und Einstellungen\Kraihammer\Desktop\Martin\Critical System Error"
((((((((((((((((((((((((((((((( Files Created from 2006-09-03 to 2006-10-03 ))))))))))))))))))))))))))))))))))
2006-09-20 17:46 176,128 --a------ C:\WINDOWS\system32\titiau.dll
2006-09-16 20:54 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-03 10:13 -------- d-------- C:\Programme\Mozilla Firefox
2006-10-03 08:36 -------- d-------- C:\Programme\CleanUp!
2006-10-03 08:20 -------- d-------- C:\Programme\strCodec
2006-09-25 22:41 -------- d-------- C:\Programme\Lexmark X1100 Series
2006-09-20 17:48 -------- d-------- C:\Programme\vb
2006-09-18 13:04 -------- d-------- C:\Programme\eMule
2006-09-15 23:38 -------- d-------- C:\Dokumente und Einstellungen\Kraihammer\Anwendungsdaten\Skype
2006-09-15 18:27 -------- d-------- C:\Programme\AntiVir PersonalEdition Classic
2006-09-15 11:40 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-09-12 13:47 -------- d-------- C:\Dokumente und Einstellungen\Kraihammer\Anwendungsdaten\Adobe
2006-09-11 18:40 -------- d-------- C:\Programme\GUILD WARS
2006-08-27 11:44 -------- d-------- C:\Dokumente und Einstellungen\Kraihammer\Anwendungsdaten\Windows Desktop Search
2006-08-27 11:39 -------- d-------- C:\Programme\Windows Desktop Search
2006-08-27 11:38 -------- d-------- C:\Programme\Windows Live Toolbar
2006-08-27 11:36 -------- d-------- C:\Programme\MSN Messenger
2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 11:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-14 14:02 -------- d-------- C:\Programme\Internet Explorer
2006-08-14 14:00 -------- d-------- C:\Programme\Windows Media Player
2006-08-14 14:00 -------- d-------- C:\Programme\Outlook Express
2006-08-13 17:56 -------- d-------- C:\Dokumente und Einstellungen\Kraihammer\Anwendungsdaten\Lavasoft
2006-08-13 17:55 -------- d-------- C:\Programme\Lavasoft
2006-08-13 17:30 -------- d-------- C:\Programme\Windows NT
2006-08-11 14:00 -------- d-------- C:\Programme\Sony
2006-08-08 10:41 -------- d---s---- C:\Dokumente und Einstellungen\Kraihammer\Anwendungsdaten\Microsoft
2006-08-06 13:00 -------- d-------- C:\Programme\ICQLite
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,68,02,00,00,1f,00,00,00,a8,00,00,00,9e,00,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
"pmsngr.exe"="C:\\Programme\\strCodec\\pmsngr.exe"
"homepage.monitor.exe"="C:\\Programme\\strCodec\\isamonitor.exe"
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"eeler"="{1559e6c1-7e5e-4461-9457-6a2dea85eb9f}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^little_helper2.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\little_helper2.lnk"
"backup"="C:\\WINDOWS\\pss\\little_helper2.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\LITTLE~1\\LITTLE~1.EXE "
"item"="little_helper2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Windows-Desktopsuche.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Windows-Desktopsuche.lnk"
"backup"="C:\\WINDOWS\\pss\\Windows-Desktopsuche.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WI459E~1\\WINDOW~3.EXE /startup"
"item"="Windows-Desktopsuche"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^Kraihammer^Startmenü^Programme^Autostart^Registration Die Siedler II - Die nächste Generation.LNK]
"path"="C:\\Dokumente und Einstellungen\\Kraihammer\\Startmenü\\Programme\\Autostart\\Registration Die Siedler II - Die nächste Generation.LNK"
"backup"="C:\\WINDOWS\\pss\\Registration Die Siedler II - Die nächste Generation.LNKStartup"
"location"="Startup"
"command"="C:\\DOKUME~1\\KRAIHA~1\\Desktop\\Martin\\DIESIE~1\\bin\\REGIST~1.EXE -d 802807 -l german -r 7 -g Die Siedler II - Die nächste Generation -c de -i 2840"
"item"="Registration Die Siedler II - Die nächste Generation"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^Kraihammer^Startmenü^Programme^Autostart^Speedtouch Connection.lnk]
"path"="C:\\Dokumente und Einstellungen\\Kraihammer\\Startmenü\\Programme\\Autostart\\Speedtouch Connection.lnk"
"backup"="C:\\WINDOWS\\pss\\Speedtouch Connection.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Alcatel\\SPEEDT~1\\stdialup.exe /Dial /Entry \"Speedtouch Connection\""
"item"="Speedtouch Connection"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^Kraihammer^Startmenü^Programme^Autostart^Xfire.lnk]
"path"="C:\\Dokumente und Einstellungen\\Kraihammer\\Startmenü\\Programme\\Autostart\\Xfire.lnk"
"backup"="C:\\WINDOWS\\pss\\Xfire.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Xfire\\Xfire.exe "
"item"="Xfire"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\avgnt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgnt"
"hkey"="HKLM"
"command"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Eval]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Eval"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Phoenix Technologies\\cME\\RPro\\Eval\\Eval.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\farstone]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Guard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Guard"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Phoenix Technologies\\cME\\Guard\\Guard.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Lexmark X1100 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxbkbmgr"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\little_helper2.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="McAgent"
"hkey"="HKLM"
"command"="c:\\PROGRA~1\\mcafee.com\\agent\\McAgent.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcupdate"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MessengerPlus3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsgPlus"
"hkey"="HKLM"
"command"="\"C:\\Programme\\MessengerPlus! 3\\MsgPlus.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Programme\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\OASClnt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="oasclnt"
"hkey"="HKLM"
"command"="C:\\Programme\\McAfee.com\\VSO\\oasclnt.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Paw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Paw"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Phoenix Technologies\\cME\\PAW\\Paw.exe\" /boot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Power2GoExpress]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Power2GoExpress"
"hkey"="HKCU"
"command"="\"C:\\Programme\\CyberLink\\Power2Go\\Power2GoExpress.exe\" /Startup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RaidTool]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="raid_tool"
"hkey"="HKLM"
"command"="C:\\Programme\\VIA\\RAID\\raid_tool.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SpeedTouch USB Diagnostics]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dragdiag"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Alcatel\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\VirusScan Online]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcvsshld"
"hkey"="HKLM"
"command"="C:\\Programme\\McAfee.com\\VSO\\mcvsshld.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\VSOCheckTask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcmnhdlr"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
"NVSvc"=dword:00000002
"NetMDSB"=dword:00000002
"SPTISRV"=dword:00000003
"PhnxVCDService"=dword:00000003
"PACSPTISVR"=dword:00000003
"MDM"=dword:00000002
"McTskshd.exe"=dword:00000002
"McShield"=dword:00000002
"McDetect.exe"=dword:00000002
"RichVideo"=dword:00000002
"ose"=dword:00000003
"mcupdmgr.exe"=dword:00000003
"IDriverT"=dword:00000003
"iPodService"=dword:00000003
"AntiVirService"=dword:00000002
"AntiVirScheduler"=dword:00000002
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
Completion time: 03.10.2006 10:50:31.90
ComboFix.txt
ComboFix2.txt
ComboFix3.txt
10/03/06 10:52:09 [Info]: BlackLight Engine 1.0.47 initialized
10/03/06 10:52:09 [Info]: OS: 5.1 build 2600 (Service Pack 2)
10/03/06 10:52:10 [Note]: 7019 4
10/03/06 10:52:10 [Note]: 7005 0
10/03/06 10:52:14 [Note]: 7006 0
10/03/06 10:52:14 [Note]: 7011 2024
10/03/06 10:52:14 [Note]: 7026 0
10/03/06 10:52:15 [Note]: 7026 0
10/03/06 10:52:21 [Note]: FSRAW library version 1.7.1020
10/03/06 10:55:09 [Note]: 2000 1012
10/03/06 10:55:09 [Note]: 2000 1012
10/03/06 10:56:21 [Note]: 7007 0
Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please
Reg Entries that were deleted
...
Random Runs removed from HKLM
...
PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»» Searching by size/names...
»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
Other suspects.
Directory of C:\WINDOWS\system32
»»»»» Misc files.
»»»»» Checking for older varients covered by the Rem3 tool.