Critical System Error |
||
|---|---|---|
| #0
| ||
|
06.10.2006, 00:34
...neu hier
Beiträge: 7 |
||
 
|
|
|
|
06.10.2006, 13:54
Ehrenmitglied
 Beiträge: 29434 |
#2
0.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Die Datei "fixme.reg" auf dem Desktop doppelklicken und der Registry mit "ja" oder "yes" beifügen Zitat REGEDIT4___________________________________________ 1. wende das an und poste das log http://virus-protect.org/artikel/tools/nolop.html 2. Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten «« loesche das Backup vom Avenger unter C:\Avenger\backup.zip «« scanne mit smitfraudfix (Option 1 und 2) http://virus-protect.org/artikel/tools/smitfrautfix.html ------- öffne das HijackThis -- Button "scan" -- vor die Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com PC neustarten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
06.10.2006, 15:20
...neu hier
Themenstarter Beiträge: 7 |
#3
SmitFraudFix v2.105
Scan done at 15:00:32,32, 06.10.2006 Run from C:\Dokumente und Einstellungen\G”khan\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End und hier nochm al ein hijack.exe scan Logfile of HijackThis v1.99.1 Scan saved at 15:20:07, on 06.10.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5450.0004) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Programme\Analog Devices\SoundMAX\SMTray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe C:\Programme\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\T-COM\T-COM WLAN Manager T-Sinus 154pcicard\Installer\WINXP\DTPCI11GMonitor.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\DOKUME~1\GKHAN~1\LOKALE~1\Temp\Rar$EX00.765\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.33.90.196:3128 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [kav] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: T-COM WLAN Manager T-Sinus 154pcicard.lnk = C:\Programme\T-COM\T-COM WLAN Manager T-Sinus 154pcicard\Installer\WINXP\DTPCI11GMonitor.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20060912/qtinstall.info.apple.com/qtactivex/qtplugin.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
|
|
|
|
|
06.10.2006, 15:22
Ehrenmitglied
Beiträge: 29434 |
#4
Safetyboy
«« wende das an und poste das log http://virus-protect.org/artikel/tools/nolop.html «« scanne mit couterspy, stelle nach dem scan alles auf remove, damit der ganze Muell rausgeloescht wird , wenn du willst, poste den report (wird lang sein) http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
06.10.2006, 16:37
...neu hier
Themenstarter Beiträge: 7 |
#5
Zitat ««NoLop! Log by Skate_Punk_21 Fix running from: C:\Programme\Mozilla Firefox [06.10.2006] [16:12:30] ---Infection Files Found/Removed--- NO INFECTION FILES FOUND - Cleaning Aborted. ---Listing AppData sub directories--- C:\Dokumente und Einstellungen\All Users\Application Data\Microsoft C:\Dokumente und Einstellungen\Gökhan\Application Data\Microsoft counterspy ist grad am scannen |
|
|
|
|
|
|
06.10.2006, 16:38
Ehrenmitglied
Beiträge: 29434 |
||
|
|
|
|
|
06.10.2006, 17:08
...neu hier
Themenstarter Beiträge: 7 |
#7
Spyware Scan Details
Start Date: 06.10.2006 16:23:05 End Date: 06.10.2006 16:58:16 Total Time: 35 mins 11 secs Detected spyware MSN Chat Monitor & Sniffer Surveillance (General) more information... Details: MSN Chat Monitor & Sniffer is a handy network-control utility for capture and observe MSN chat conversations on all computers in network. Status: Deleted Infected files detected c:\dokumente und einstellungen\all users\startmenü\programme\msn chat monitor & sniffer\msn chat monitor & sniffer.lnk c:\dokumente und einstellungen\all users\startmenü\programme\msn chat monitor & sniffer\uninstall.lnk c:\dokumente und einstellungen\all users\startmenü\programme\msn chat monitor & sniffer\visit our web site.lnk Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"Msn Chat Monitor & Sniffer"_is1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"Msn Chat Monitor & Sniffer"_is1 Inno Setup: Setup Version 5.1.1-beta HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"Msn Chat Monitor & Sniffer"_is1 Inno Setup: App Path C:\Programme\MsnMonitor HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"Msn Chat Monitor & Sniffer"_is1 InstallLocation C:\Programme\MsnMonitor\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"Msn Chat Monitor & Sniffer"_is1 Inno Setup: Icon Group Msn Chat Monitor & Sniffer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"Msn Chat Monitor & Sniffer"_is1 Inno Setup: User Gökhan HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"Msn Chat Monitor & Sniffer"_is1 Inno Setup: Selected Tasks desktopicon HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"Msn Chat Monitor & Sniffer"_is1 Inno Setup: Deselected Tasks quicklaunchicon HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"Msn Chat Monitor & Sniffer"_is1 DisplayName Msn Chat Monitor & Sniffe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"Msn Chat Monitor & Sniffer"_is1 UninstallString "C:\Programme\MsnMonitor\unins000.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"Msn Chat Monitor & Sniffer"_is1 QuietUninstallString "C:\Programme\MsnMonitor\unins000.exe" /SILENT HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"Msn Chat Monitor & Sniffer"_is1 HelpLink http://www.awinsoft.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"Msn Chat Monitor & Sniffer"_is1 URLUpdateInfo http://www.awinsoft.com HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"Msn Chat Monitor & Sniffer"_is1 NoModify 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"Msn Chat Monitor & Sniffer"_is1 NoRepair 1 NetPumper Adware Bundler more information... Details: Bundles with a number of adware components. Status: Deleted Infected files detected c:\dokumente und einstellungen\all users\startmenü\programme\netpumper\netpumper help.lnk c:\dokumente und einstellungen\all users\startmenü\programme\netpumper\netpumper.lnk c:\dokumente und einstellungen\all users\startmenü\programme\netpumper\readme.lnk c:\dokumente und einstellungen\all users\startmenü\programme\netpumper\shutdown netpumper.lnk c:\dokumente und einstellungen\all users\startmenü\programme\netpumper\uninstall netpumper.lnk c:\dokumente und einstellungen\all users\startmenü\programme\netpumper\anti-leech\install plugin for ms internet explorer.lnk c:\dokumente und einstellungen\all users\startmenü\programme\netpumper\anti-leech\install plugin for netscape, mozilla, opera.lnk c:\dokumente und einstellungen\all users\startmenü\programme\netpumper\anti-leech\license.lnk c:\dokumente und einstellungen\gökhan\anwendungsdaten\netpumper\g_f6khan.ini C:\Programme\Netscape\Netscape\plugins\NPNetPumper_Application.dll C:\Programme\Netscape\Netscape\plugins\NPNetPumper_Audio.dll C:\Programme\Netscape\Netscape\plugins\NPNetPumper_Video.dll Infected registry entries detected HKEY_CLASSES_ROOT\NetPumperNNProxy.NetscapeInterface HKEY_CLASSES_ROOT\NetPumperNNProxy.NetscapeInterface\CLSID {E19B133D-184E-4BBA-8A70-38489C9DD31B} HKEY_CLASSES_ROOT\NetPumperNNProxy.NetscapeInterface NetscapeInterface Object HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetPumper_is1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetPumper_is1 Inno Setup: Setup Version 2.0.18 with ISX 2.0.18 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetPumper_is1 Inno Setup: App Path C:\Programme\NetPumper HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetPumper_is1 Inno Setup: Icon Group NetPumper HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetPumper_is1 Inno Setup: User Gökhan HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetPumper_is1 Inno Setup: Setup Type standard HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetPumper_is1 Inno Setup: Selected Components netpumper,zone__np_0001,alnn HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetPumper_is1 Inno Setup: Deselected Components alie HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetPumper_is1 DisplayName NetPumper 1.25.1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetPumper_is1 UninstallString C:\Programme\NetPumper\unins000.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NetPumper_is1 DisplayVersion 1.25.1 HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-netpumper-detector HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-netpumper-detector Extension .xnpd HKEY_CLASSES_ROOT\NetPumper.AddUrl HKEY_CLASSES_ROOT\NetPumper.AddUrl\CLSID {1AA406AB-F581-42AB-B4D1-31D2E13819EF} HKEY_CLASSES_ROOT\NetPumper.AddUrl AddUrl Object HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free\Firstrun state 2 HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free state 2 HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free pkid NGW HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free alid HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\free iid {F4EA6777-D671-4C5F-BDE9-FB210156B845} HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Affiliated\Pro\Firstrun state 2 HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper\Installed state 2 HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper Application NetPumper HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper NEWVER http://cv.netpumper.com/ HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper VersionInfo osioXwE-1eVn73bPrajGlWTo2pb6cNbPFb-c0JYvD8mL114rRLMu6AbT1-hU3Xf-x7OJSabCU-cW3 jvrL9jR8xVRWIectqUn-NIpuJ0ZVCrFk20wOu-4ihDk2yna4ub8FK3shko6i00xtps BxCCaQeqTBd0E4tBaknq7y8IkmFkUB0q5+CTHypDO5RmY-pqvPj3lKAxi29Nv HKEY_CLASSES_ROOT\CLSID\{E19B133D-184E-4BBA-8A70-38489C9DD31B} HKEY_CLASSES_ROOT\CLSID\{E19B133D-184E-4BBA-8A70-38489C9DD31B}\InprocServer32 C:\Programme\NetPumper\NetPumperNNProxy.dll HKEY_CLASSES_ROOT\CLSID\{E19B133D-184E-4BBA-8A70-38489C9DD31B}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{E19B133D-184E-4BBA-8A70-38489C9DD31B}\ProgID NetPumperNNProxy.NetscapeInterface HKEY_CLASSES_ROOT\CLSID\{E19B133D-184E-4BBA-8A70-38489C9DD31B}\Typelib {F7258F6E-9F60-49C0-8C82-F0A0993D68E0} HKEY_CLASSES_ROOT\CLSID\{E19B133D-184E-4BBA-8A70-38489C9DD31B}\Version 1.0 HKEY_CLASSES_ROOT\CLSID\{E19B133D-184E-4BBA-8A70-38489C9DD31B} NetscapeInterface Object HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF} HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}\LocalServer32 C:\Programme\NetPumper\NetPumper.exe /Automation HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}\LocalServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}\ProgID NetPumper.AddUrl HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}\Typelib {1145A909-A836-44B8-B03A-48D858B0F43E} HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF}\Version 1.2 HKEY_CLASSES_ROOT\clsid\{1AA406AB-F581-42AB-B4D1-31D2E13819EF} AddUrl Object HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B} HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib {1145A909-A836-44B8-B03A-48D858B0F43E} HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B}\TypeLib Version 1.2 HKEY_CLASSES_ROOT\Interface\{A8B0F390-E6BF-4027-A4D4-1E4363F5E27B} IAddUrl HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000} HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib {1145A909-A836-44B8-B03A-48D858B0F43E} HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000}\TypeLib Version 1.2 HKEY_CLASSES_ROOT\Interface\{A9E33220-0B05-11D7-88D2-444553540000} IAddPackage HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA} HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\TypeLib {F7258F6E-9F60-49C0-8C82-F0A0993D68E0} HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{E0ABBF96-17DC-44CA-96D0-6217064A97BA} INetscapeInterface HKEY_CLASSES_ROOT\TypeLib\{1145A909-A836-44B8-B03A-48D858B0F43E} HKEY_CLASSES_ROOT\TypeLib\{1145A909-A836-44B8-B03A-48D858B0F43E}\1.2\0\win32 C:\Programme\NetPumper\NetPumper.exe HKEY_CLASSES_ROOT\TypeLib\{1145A909-A836-44B8-B03A-48D858B0F43E}\1.2\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{1145A909-A836-44B8-B03A-48D858B0F43E}\1.2\HELPDIR C:\Programme\NetPumper\ HKEY_CLASSES_ROOT\TypeLib\{1145A909-A836-44B8-B03A-48D858B0F43E}\1.2 NetPumper Library HKEY_CLASSES_ROOT\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0} HKEY_CLASSES_ROOT\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}\1.0\0\win32 C:\Programme\NetPumper\NetPumperNNProxy.dll HKEY_CLASSES_ROOT\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}\1.0\HELPDIR C:\Programme\NetPumper\ HKEY_CLASSES_ROOT\TypeLib\{F7258F6E-9F60-49C0-8C82-F0A0993D68E0}\1.0 NetPumperNNProxy Library HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Automation Protocols http NetPumperNNProxy.NetscapeInterface HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Automation Protocols ftp NetPumperNNProxy.NetscapeInterface HKEY_CURRENT_USER\Software\NetPumper HKEY_CURRENT_USER\Software\NetPumper\Gökhan Field1 1319406502 HKEY_CURRENT_USER\Software\NetPumper\Gökhan Field2 1965974280 HKEY_CURRENT_USER\Software\NetPumper\Gökhan Field3 547488413 HKEY_CURRENT_USER\Software\NetPumper\Gökhan Field4 206773889 eDonkey2000 P2P Program more information... Details: eDonkey2000 is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives. Status: Deleted Infected files detected c:\programme\edonkey2000\temp\black_music_top20_vom_21_08_2006_for_www.goldesel.to.rar\1.8.part c:\programme\edonkey2000\temp\black_music_top20_vom_21_08_2006_for_www.goldesel.to.rar\1.part.met c:\programme\edonkey2000\temp\black_music_top20_vom_21_08_2006_for_www.goldesel.to.rar\1.part.met.bak c:\programme\edonkey2000\temp\crank.ts.md.german.xvid-cinec0ntr0l.by.www.arknova.to.rar\1.part.met c:\programme\edonkey2000\temp\crank.ts.md.german.xvid-cinec0ntr0l.by.www.arknova.to.rar\1.part.met.bak c:\programme\edonkey2000\temp\eko fresh feat. bushido & killa hakan, ceza, yener & ayaz kapli - gheddo (remix).mp3\1.part.met c:\programme\edonkey2000\temp\eko fresh feat. bushido & killa hakan, ceza, yener & ayaz kapli - gheddo (remix).mp3\1.part.met.bak c:\programme\edonkey2000\temp\hint filmi tutku.wmv\1.part.met c:\programme\edonkey2000\temp\hint filmi tutku.wmv\1.part.met.bak MSN Monitor Surveillance (General) more information... Details: MSN Monitor is a handy network utility software designed to monitor, record and capture MSN chat conversations on all computers in a network. Status: Deleted Infected files detected c:\programme\msnmonitor\a_msn_monitor.exe c:\programme\msnmonitor\config.ini c:\programme\msnmonitor\infomation.txt c:\programme\msnmonitor\license.txt c:\programme\msnmonitor\unins000.dat c:\programme\msnmonitor\unins000.exe c:\programme\msnmonitor\winpcap.exe Trojan Horse Trojan more information... Status: Deleted Infected files detected C:\Dokumente und Einstellungen\Gökhan\Desktop\Desktop\Steamhacks\OGXPE1.10_bin\ogx.exe Backdoor.Rbot.steam Backdoor more information... Details: Rbot is the name of a family of backdoor trojans, also known as worms, used by hackers to control a machine without the owner's knowledge. Status: Deleted Infected files detected C:\Programme\Valve\platform\steam_dev.exe AntiLeech Plugin Adware (General) more information... Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin HKEY_CURRENT_USER\Software\Anti-Leech\Anti-Leech Plugin Mozilla Firefox 1.5.0.6 C:\Programme\Mozilla Firefox\plugins\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN DisplayName Anti-Leech Plugin for Mozilla, Opera, Netscape HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALNN UninstallString C:\Programme\Anti-Leech\ALNN\setup2.exe -u Messenger Plus! Adware Bundler more information... Details: Messenger Plus! is a add-on for MSN Messenger. Messenger Plus! installs an OPTIONAL adware called C2Media which is also known as LOP.com. Status: Ignored Infected registry entries detected HKEY_CURRENT_USER\Software\Patchou\MsgPlus2 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\bushidosonyblack@hotmail.de\Archive\@g[CEu|wI/osQe1mmdaniDOr31p1]fntGcpMYq Type 2 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\bushidosonyblack@hotmail.de\Archive\@g[CEu|wI/osQe1mmdaniDOr31p1]fntGcpMYq FilePath HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\bushidosonyblack@hotmail.de\Archive\@IQaOu|w]/ghG0ojepMuqlYB6:2qqjuvogkcS Type 2 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\bushidosonyblack@hotmail.de\Archive\@IQaOu|w]/ghG0ojepMuqlYB6:2qqjuvogkcS FilePath HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\bushidosonyblack@hotmail.de\Archive\@IQaOu|w]/osGe1mmdMnvsYjComgqzc1o{}bvfkcSe Type 2 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\bushidosonyblack@hotmail.de\Archive\@IQaOu|w]/osGe1mmdMnvsYjComgqzc1o{}bvfkcSe FilePath HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\bushidosonyblack@hotmail.de\Archive\@LWmgu|w[/osCe1mmdEnvsIjCsioQmkoaafbO]G Type 2 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\bushidosonyblack@hotmail.de\Archive\@LWmgu|w[/osCe1mmdEnvsIjCsioQmkoaafbO]G FilePath HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\bushidosonyblack@hotmail.de\Archive LastArchiveTime 1159736862 edit EDIT//// Spyware Scan Details Start Date: 06.10.2006 17:25:43 End Date: 06.10.2006 18:14:05 Total Time: 48 mins 22 secs Detected spyware Messenger Plus! Adware Bundler more information... Details: Messenger Plus! is a add-on for MSN Messenger. Messenger Plus! installs an OPTIONAL adware called C2Media which is also known as LOP.com. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\Patchou\MsgPlus2 HKEY_CURRENT_USER\Software\Patchou\MsgPlus2\bushidosonyblack@hotmail.de\Archive\@g[CEu|wI/osQe1mmdaniDOr31p1]fntGcpMYq T EDIT Dieser Beitrag wurde am 06.10.2006 um 18:24 Uhr von Safetyboy editiert.
|
|
|
|
|
|
|
06.10.2006, 17:23
Ehrenmitglied
Beiträge: 29434 |
#8
poste den rest, wenn der platz nicht reicht...als Anhang (siehe unten)
Messenger Plus! Status: Ignored - du musst es loeschen lassen !!!!!!!!! damit ist der LOP -Swizzor-Trojaner auf deinen Rechner gekommen __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
06.10.2006, 18:51
...neu hier
Beiträge: 1 |
#9
Halllo zusammen,
auch ich suche Hilfe wegen dem Critical System Error Virus. Ich hoffe Ihr könnt mir auch helfen, Ihr macht das ja echt toll. Hier mein Logfile: Logfile of HijackThis v1.99.1 Scan saved at 18:24:36, on 06.10.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Ahead\InCD\InCD.exe C:\Programme\QuickTime\qttask.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Programme\Logitech\Video\LogiTray.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE C:\Programme\Sprite Software\Sprite Backup\SpriteService.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Programme\Siemens\Gigaset WLAN Adapter\WLM.exe C:\Programme\Logitech\Video\FxSvr2.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Microsoft Office\Office10\WINWORD.EXE C:\Programme\Microsoft Works\MSWorks.exe C:\Dokumente und Einstellungen\gerry_lobo\Eigene Dateien\temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:4600 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Programme\iMediaCodec\isaddon.dll (file missing) O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - C:\Programme\WinAntiVirus Pro 2006\winpgi.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll O2 - BHO: IEFW Object - {B5141620-C2B2-4D95-9F0F-134D99C87AB0} - C:\Programme\WinAntiVirus Pro 2006\IEFWBHO.dll (file missing) O2 - BHO: MSN Suche Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de-de\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: MSN Suche Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de-de\msntb.dll O3 - Toolbar: Protection Bar - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - C:\Programme\iMediaCodec\iesplugin.dll (file missing) O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Programme\WinAntiVirus Pro 2006\WinAV.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [SpriteService] "C:\Programme\Sprite Software\Sprite Backup\SpriteService.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Programme\Siemens\Gigaset WLAN Adapter\WLM.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: &MSN Suche - res://C:\Programme\MSN Toolbar Suite\TB\02.05.0000.1082\de-de\msntb.dll/search.htm O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - res://C:\Programme\MSN Toolbar Suite\TAB\02.05.0001.1119\de-de\msntabres.dll/229?d0b2d1aa428f4a5f9c2c17a2d63dd4b O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - res://C:\Programme\MSN Toolbar Suite\TAB\02.05.0001.1119\de-de\msntabres.dll/230?d0b2d1aa428f4a5f9c2c17a2d63dd4b O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/190b1c3b5316bbd74305/netzip/RdxIE601_de.cab O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://cm4all02.kundenserver.de/app/static/activex/msxml4.cab O18 - Protocol: bw+0 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: offline-8876480 - {B56994B5-1657-4BA9-98C6-5E03E5B8B8AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: horologium - {7be183d2-a42d-4915-bf60-ec86fbf002cf} - C:\WINDOWS\system32\httge.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Programme\WinAntiVirus Pro 2006\FWSvc.exe (file missing) O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe |
|
|
|
|
|
|
07.10.2006, 00:20
Ehrenmitglied
Beiträge: 29434 |
#10
gerry_lobo
Poste dieses log http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
07.10.2006, 15:59
...neu hier
Themenstarter Beiträge: 7 |
#11
Ich danke dir Sabina mein Problem ist beseitig worden bist die beste. Leider hab ich noch ein Problem:
Bei fast allen videos kommt dieser fehler hier. Wen ich ein Video anklicke kommt das fenster. Ich habe mal Dr.Watson ausgeschaltet aber dan kam ein anderer fehler. 
|
|
|
|
|
|
|
07.10.2006, 16:02
Ehrenmitglied
Beiträge: 29434 |
#12
Safetyboy
wir machen es mal so, du scannst noch mal mit Counterspy und loescht den ganzen Muell der auf deinem rechner ist, dann poste, das log (als Anhang) wenn alles sauber ist, sollte auch der Fehler verschwunden sein) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
07.10.2006, 16:57
...neu hier
Themenstarter Beiträge: 7 |
#13
Der Fehler war schon da bevor ich mir das ding eingefangen habe
|
|
|
|
|
|
|
07.10.2006, 18:28
Ehrenmitglied
Beiträge: 29434 |
#14
dann solltest du mit der Windows-CD eine Reparaturinstallation versuchen , oder gleich am besten alles neu aufsetzen, dann ist garantiert alles sauber + Fehlerfrei
 __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
leider wurde ich auch ein opfer von diesem schädling habe das ganze forum durchwühlt, aber jeder hat eine adrere datei als schädling *komisch*.
Naja ich brauche auch hilfe hier mein Hijack scan
Logfile of HijackThis v1.99.1
Scan saved at 23:46:42, on 05.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Programme\SoftCodec\isamonitor.exe
C:\Programme\SoftCodec\pmsngr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programme\Analog Devices\SoundMAX\SMTray.exe
C:\Programme\SoftCodec\isamini.exe
C:\Programme\SoftCodec\pmmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Programme\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\T-COM\T-COM WLAN Manager T-Sinus 154pcicard\Installer\WINXP\DTPCI11GMonitor.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Gökhan\Eigene Dateien\Downloads\Fierfox\spybotsd14.exe
C:\DOKUME~1\GKHAN~1\LOKALE~1\Temp\is-OULFH.tmp\is-L4USC.tmp
C:\DOKUME~1\GKHAN~1\LOKALE~1\Temp\Rar$EX00.203\HijackThis.exe
C:\DOKUME~1\GKHAN~1\LOKALE~1\Temp\is-U368T.tmp\spybotsd_includes.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.33.90.196:3128
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O1 - Hosts: 127.255.255.255 trial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 support.alcohol-soft.com
O1 - Hosts: 127.255.255.255 users.alcohol-soft.com
O1 - Hosts: 127.255.255.255 shop.alcohol-soft.com
O1 - Hosts: 127.255.255.255 195.137.236.101
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Programme\SoftCodec\isaddon.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {F116993E-21EA-11A4-122E-84525883B18F} - C:\DOKUME~1\GKHAN~1\ANWEND~1\CoolCash\FILE USER.exe (file missing)
O3 - Toolbar: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [kav] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: T-COM WLAN Manager T-Sinus 154pcicard.lnk = C:\Programme\T-COM\T-COM WLAN Manager T-Sinus 154pcicard\Installer\WINXP\DTPCI11GMonitor.exe
O8 - Extra context menu item: Download with NetPumper - C:\Programme\NetPumper\AddUrl.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20060912/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157912545437
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: hydrodictyon - {b166be07-30a4-4d38-b781-44528a630706} - C:\WINDOWS\system32\gqagksr.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
G”khan - 06-10-06 0:42:16,82 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Programme\Mozilla Firefox"
((((((((((((((((((((((((((((((( Files Created from 2006-09-06 to 2006-10-06 ))))))))))))))))))))))))))))))))))
2006-10-05 00:29 147,456 --a------ C:\WINDOWS\system32\gqagksr.dll
2006-10-03 00:52 44,032 --a------ C:\WINDOWS\msxml3r.dll
2006-10-03 00:52 24,576 --a------ C:\WINDOWS\msxml3a.dll
2006-10-03 00:52 1,118,720 --a------ C:\WINDOWS\msxml3.dll
2006-09-28 12:16 86,016 --a------ C:\WINDOWS\unvise32.exe
2006-09-27 22:09 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-09-16 13:42 31,232 --a------ C:\WINDOWS\system32\drivers\maplom.sys
2006-09-10 21:10 128,232 --a------ C:\WINDOWS\system32\mucltui.dll
2006-09-10 19:45 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2006-09-10 19:45 249,856 --------- C:\WINDOWS\Setup1.exe
2006-09-10 01:10 117,760 --------- C:\WINDOWS\system32\xmllite.dll
2006-09-09 17:01 839,680 --a------ C:\WINDOWS\system32\libeay32.dll
2006-09-09 17:01 159,744 --a------ C:\WINDOWS\system32\ssleay32.dll
2006-09-09 16:37 322,560 --a------ C:\WINDOWS\RCoUn.EXE
2006-09-07 15:04 102,400 --a------ C:\WINDOWS\system32\tsccvid.dll
2006-09-06 16:42 3,082 --a------ C:\WINDOWS\system32\affv9869p2now.sys
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-06 00:42 -------- d-------- C:\Programme\Mozilla Firefox
2006-10-05 18:59 -------- d-------- C:\Programme\CleanUp!
2006-10-05 18:59 -------- d-------- C:\Programme\Ad-Aware SE Personal
2006-10-05 16:19 -------- d-------- C:\Dokumente und Einstellungen\G”khan\Anwendungsdaten\Lavasoft
2006-10-05 00:48 -------- d-------- C:\Programme\mIRC
2006-10-05 00:29 -------- d-------- C:\Programme\SoftCodec
2006-10-04 02:01 -------- d-------- C:\Programme\SFT Loader
2006-10-04 01:08 -------- d-------- C:\Programme\Firstload
2006-10-04 01:07 -------- d-------- C:\Dokumente und Einstellungen\G”khan\Anwendungsdaten\Firstload
2006-10-04 01:02 -------- d-------- C:\Programme\Alphaload
2006-10-03 18:50 -------- d-------- C:\Programme\sipgate X-Lite
2006-10-03 16:59 -------- d-------- C:\Programme\WinRAR
2006-10-03 01:29 -------- d-------- C:\Programme\RapidCheck
2006-10-03 01:16 -------- d-------- C:\Programme\Eisenbahn Professional
2006-10-03 01:14 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-10-03 01:13 -------- d-------- C:\Programme\Eisenbahn
2006-10-03 01:11 -------- d-------- C:\Dokumente und Einstellungen\G”khan\Anwendungsdaten\Azureus
2006-10-03 00:49 15360 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-10-02 18:00 -------- d-------- C:\Dokumente und Einstellungen\G”khan\Anwendungsdaten\Hamachi
2006-10-02 17:48 15440 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2006-10-02 17:47 -------- d-------- C:\Programme\Hamachi
2006-10-02 16:10 -------- d-------- C:\Programme\Steam
2006-10-02 03:59 -------- d-------- C:\Programme\TaskMate Pro
2006-10-01 15:54 -------- d-------- C:\Programme\MultiProxy
2006-09-30 20:57 -------- d-------- C:\Programme\EA SPORTS
2006-09-30 20:42 -------- d-------- C:\Programme\GameJack 5
2006-09-30 17:57 -------- d-------- C:\Programme\Google
2006-09-30 17:29 -------- d-------- C:\Programme\Google Earth Pro
2006-09-30 17:26 -------- d-------- C:\Dokumente und Einstellungen\G”khan\Anwendungsdaten\Google
2006-09-30 01:35 -------- d-------- C:\Programme\Xecutor
2006-09-29 16:32 -------- d-------- C:\Programme\Doenermafia
2006-09-28 16:36 -------- d-------- C:\Programme\flp leecher
2006-09-28 11:42 -------- d-------- C:\Programme\Valve
2006-09-28 11:04 -------- d-------- C:\Programme\MotoGP2
2006-09-28 11:04 -------- d-------- C:\Programme\Gemeinsame Dateien\DirectX
2006-09-28 11:04 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-09-28 09:51 -------- d-------- C:\Programme\EVEREST Home Edition
2006-09-28 01:45 -------- d-------- C:\Programme\FlashFXP
2006-09-27 23:04 -------- d-------- C:\Programme\RechenGeniePlus
2006-09-27 22:10 -------- d---s---- C:\Dokumente und Einstellungen\G”khan\Anwendungsdaten\Microsoft
2006-09-27 22:09 -------- d-------- C:\Programme\MSXML 4.0
2006-09-27 22:02 -------- d-------- C:\Programme\Microsoft Games
2006-09-27 22:02 -------- d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2006-09-26 15:27 -------- d-------- C:\Programme\DC++
2006-09-26 15:00 -------- d-------- C:\Programme\Filetopia3
2006-09-24 23:07 -------- d-------- C:\Programme\LexmarkX84-X85
2006-09-24 00:34 -------- d-------- C:\Dokumente und Einstellungen\G”khan\Anwendungsdaten\Ethereal
2006-09-21 23:33 -------- d-------- C:\Programme\FLVPlayer
2006-09-21 19:09 -------- d-------- C:\Programme\QuickTime
2006-09-20 23:47 -------- d-------- C:\Programme\Ping
2006-09-20 20:19 -------- d-------- C:\Programme\WinPcap
2006-09-20 20:19 -------- d-------- C:\Programme\MsnMonitor
2006-09-20 20:02 -------- d-------- C:\Programme\MsnChecker
2006-09-17 23:19 -------- d-------- C:\Programme\Emilsoft Software
2006-09-17 21:30 -------- d-------- C:\Programme\EFSUM
2006-09-17 21:30 -------- d-------- C:\Dokumente und Einstellungen\G”khan\Anwendungsdaten\EFSoftware
2006-09-17 20:09 -------- d-------- C:\Dokumente und Einstellungen\G”khan\Anwendungsdaten\Macromedia
2006-09-16 13:52 -------- d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2006-09-16 13:40 -------- d-------- C:\Programme\Volumenzaehler
2006-09-16 13:39 -------- d-------- C:\Programme\eDonkey2000
2006-09-15 21:50 -------- d-------- C:\Programme\SlySoft
2006-09-15 19:28 -------- d-------- C:\Programme\Copy scanner
2006-09-15 14:33 -------- d-------- C:\Programme\Motherboard Monitor 5
2006-09-15 14:15 -------- d-------- C:\Programme\Hard Truck Apocalypse
2006-09-15 13:57 -------- d-------- C:\Dokumente und Einstellungen\G”khan\Anwendungsdaten\SlySoft
2006-09-15 13:56 40 ---hs---- C:\Dokumente und Einstellungen\G”khan\Anwendungsdaten\.zreglib
2006-09-15 13:26 -------- d-------- C:\Programme\Gemeinsame Dateien\SWF Studio
2006-09-14 14:30 -------- d---s---- C:\Programme\Xfire
2006-09-13 19:46 -------- d-------- C:\Programme\Reservoir Dogs
2006-09-13 19:46 -------- d-------- C:\Dokumente und Einstellungen\G”khan\Anwendungsdaten\Eidos
2006-09-13 19:06 -------- d-------- C:\Programme\GameShadow
2006-09-13 18:44 -------- d-------- C:\Dokumente und Einstellungen\G”khan\Anwendungsdaten\Xfire
2006-09-13 18:11 -------- d-------- C:\Programme\ChrisTV Online
2006-09-12 22:19 -------- d-------- C:\Programme\Winamp
2006-09-12 22:19 -------- d-------- C:\Programme\SHOUTcast
2006-09-11 15:53 -------- d-------- C:\Dokumente und Einstellungen\G”khan\Anwendungsdaten\teamspeak2
2006-09-11 15:46 -------- d-------- C:\Programme\AVI Codec Pack
2006-09-10 20:14 -------- d-------- C:\Programme\Internet Explorer
2006-09-10 19:59 -------- d-------- C:\Programme\US Downloader
2006-09-10 19:46 -------- d-------- C:\Programme\FileLister
2006-09-10 14:39 -------- d-------- C:\Dokumente und Einstellungen\G”khan\Anwendungsdaten\FlashFXP
2006-09-09 19:26 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-09-09 19:23 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-09-09 19:12 -------- d-------- C:\Programme\MSN
2006-09-09 17:37 -------- d-------- C:\Programme\Ethereal
2006-09-09 16:42 -------- d-------- C:\Programme\RouterControl
2006-09-09 15:34 -------- d-------- C:\Programme\WinAVIVideoConverter
2006-09-07 21:01 -------- d-------- C:\Programme\SmartFTP Client 2.0
2006-09-07 15:04 -------- d-------- C:\Programme\TechSmith
2006-09-07 14:46 -------- d-------- C:\Programme\Camtasia Studio 3
2006-09-04 13:57 -------- d-------- C:\Programme\Philips
2006-09-03 23:02 -------- d-------- C:\Programme\No-IP
2006-09-02 19:49 -------- d-------- C:\Programme\cFosSpeed
2006-09-02 13:20 -------- d-------- C:\Programme\El Matador
2006-09-01 22:06 -------- d-------- C:\Programme\FEARCombat
2006-09-01 22:02 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-08-31 21:54 -------- d-------- C:\Programme\QuickSFV
2006-08-31 19:53 -------- d-------- C:\Programme\MessengerPlus! 3
2006-08-31 19:48 -------- d-------- C:\Programme\MSN Messenger
2006-08-30 18:31 -------- d-------- C:\Programme\PPLive
2006-08-30 18:26 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2006-08-30 18:26 -------- d-------- C:\Programme\Gemeinsame Dateien\Synacast
2006-08-30 18:26 -------- d-------- C:\Dokumente und Einstellungen\G”khan\Anwendungsdaten\PPLive
2006-08-29 15:29 -------- d-------- C:\Programme\PC Booster
2006-08-26 23:03 -------- d-------- C:\Programme\OpenVPN
2006-08-25 20:24 -------- d-------- C:\Programme\SurfMusik 3.1
2006-08-25 15:44 -------- d-------- C:\Programme\Microsoft Office
2006-08-25 15:43 -------- d-------- C:\Programme\Gemeinsame Dateien\System
2006-08-25 13:28 -------- d-------- C:\Programme\Azureus
2006-08-24 16:22 -------- d-------- C:\Programme\T-COM
2006-08-24 14:02 -------- d-------- C:\Programme\Anti-Leech
2006-08-23 19:10 -------- d-------- C:\Programme\UT2003
2006-08-21 22:52 -------- d-------- C:\Programme\Super Internet TV
2006-08-21 22:52 -------- d-------- C:\Programme\CyberLink
2006-08-21 22:49 -------- d-------- C:\Programme\Gemeinsame Dateien\Adobe
2006-08-21 22:49 -------- d-------- C:\Programme\ConvertXtoDVD
2006-08-21 22:13 -------- d-------- C:\Programme\ImTOO
2006-08-21 21:48 -------- d-------- C:\Programme\Miranda IM
2006-08-21 21:24 -------- d-------- C:\Programme\ipod-converter
2006-08-21 21:08 -------- d-------- C:\Programme\iPod
2006-08-21 20:37 -------- d-------- C:\Programme\DVD Ripper Platinum 4
2006-08-21 13:56 -------- d-------- C:\Programme\PacSteam
2006-08-21 00:38 -------- d-------- C:\Programme\Audio 180 %
2006-08-20 22:13 -------- d-------- C:\Programme\Online TV Player
2006-08-18 20:00 -------- d-------- C:\Programme\Macrogaming
2006-08-18 13:21 -------- d-------- C:\Dokumente und Einstellungen\G”khan\Anwendungsdaten\MCMPEGEnc
2006-08-18 13:20 -------- d-------- C:\Programme\MPEG Encoder
2006-08-16 16:23 -------- d-------- C:\Programme\directx
2006-08-16 16:15 223128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2006-08-16 16:15 -------- d-------- C:\Programme\DAEMON Tools
2006-08-15 22:14 -------- d-------- C:\Dokumente und Einstellungen\G”khan\Anwendungsdaten\Ahead
2006-08-15 22:12 -------- d-------- C:\Dokumente und Einstellungen\G”khan\Anwendungsdaten\Vso
2006-08-15 21:44 -------- d-------- C:\Programme\Zoom Player
2006-08-15 20:10 -------- d-------- C:\Programme\vso
2006-08-11 22:12 796672 --a------ C:\WINDOWS\GPInstall.exe
2006-08-11 13:01 -------- d-------- C:\Programme\CrackDown22
2006-08-10 18:23 -------- d-------- C:\Dokumente und Einstellungen\G”khan\Anwendungsdaten\Help
2006-08-10 17:57 -------- d-------- C:\Programme\XP RegTune
2006-08-10 17:45 -------- d-------- C:\Programme\NetPumper
2006-08-08 15:34 -------- d-------- C:\Programme\Messenger Plus! Live
2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-11 18:30 178425 --a------ C:\WINDOWS\PacSteam Uninstaller.exe
2006-07-10 04:47 62 --ahs---- C:\Dokumente und Einstellungen\G”khan\Anwendungsdaten\desktop.ini
2006-07-10 04:14 44 --a------ C:\WINDOWS\system32\msssc.dll
2006-07-10 03:59 0 -rahs---- C:\MSDOS.SYS
2006-07-10 03:59 0 -rahs---- C:\IO.SYS
2006-07-10 03:59 0 --a------ C:\CONFIG.SYS
2006-07-10 03:59 0 --a------ C:\AUTOEXEC.BAT
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"Smapp"="C:\\Programme\\Analog Devices\\SoundMAX\\SMTray.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"kav"="\"C:\\Programme\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
"Lexmark X84-X85 Button Monitor"="C:\\PROGRA~1\\LEXMAR~1\\ACMonitor_X84-X85.exe"
"Lexmark X84-X85 Button Manager"="C:\\PROGRA~1\\LEXMAR~1\\AcBtnMgr_X84-X85.exe"
"PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe"
"MessengerPlus3"="\"C:\\Programme\\MessengerPlus! 3\\MsgPlus.exe\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoLowDiskSpaceChecks"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000001
"NoRecentDocsMenu"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
"disablecad"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:000000b9
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
"isamonitor.exe"="C:\\Programme\\SoftCodec\\isamonitor.exe"
"pmsngr.exe"="C:\\Programme\\SoftCodec\\pmsngr.exe"
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
"hydrodictyon"="{b166be07-30a4-4d38-b781-44528a630706}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader - Schnellstart.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader - Schnellstart"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^sipgate X-Lite.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\sipgate X-Lite.lnk"
"backup"="C:\\WINDOWS\\pss\\sipgate X-Lite.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SIPGAT~1\\SIPGAT~1.EXE "
"item"="sipgate X-Lite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Amen Meet]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Army Bleh"
"hkey"="HKCU"
"command"="C:\\DOKUME~1\\GKHAN~1\\ANWEND~1\\TICKOO~1\\Army Bleh.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NMBgMonitor.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LanguageShortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Language"
"hkey"="HKLM"
"command"="C:\\Programme\\CyberLink\\PowerDVD\\Language\\Language.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Lexmark X84-X85 Button Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AcBtnMgr_X84-X85"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\LEXMAR~1\\AcBtnMgr_X84-X85.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Lexmark X84-X85 Button Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ACMonitor_X84-X85"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\LEXMAR~1\\ACMonitor_X84-X85.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NetPumper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NetPumperIEProxy"
"hkey"="HKLM"
"command"="\"C:\\Programme\\NetPumper\\NetPumperIEProxy.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PrinTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="printray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RapidCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RapidCheck"
"hkey"="HKCU"
"command"="C:\\Programme\\RapidCheck\\RapidCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SweetIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SweetIM"
"hkey"="HKLM"
"command"="C:\\Programme\\Macrogaming\\SweetIM\\SweetIM.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\systems.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Systems"
"hkey"="HKLM"
"command"="C:\\Programme\\KGB Spy\\Systems.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\VolumeCounter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BoVolume"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Volumenzaehler\\BoVolume.exe\""
"inimapping"="0"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Completion time: 06.10.2006 0:43:35.98
ComboFix.txt