blinkenes "!" und blinkendes "?" |
||
---|---|---|
#0
| ||
08.10.2006, 17:47
...neu hier
Beiträge: 2 |
||
|
||
09.10.2006, 09:42
Ehrenmitglied
Beiträge: 29434 |
#2
poste dieses log
http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.10.2006, 17:03
...neu hier
Themenstarter Beiträge: 2 |
#3
da is der log:
*****t ™***** - 06-10-09 16:57:36,90 Service Pack 2 ComboFix 06.09.28 - Running from: "C:\Dokumente und Einstellungen\*****™*****\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-09-09 to 2006-10-09 )))))))))))))))))))))))))))))))))) 2006-09-30 00:24 94,080 --a------ C:\WINDOWS\system32\drivers\ezplay.sys 2006-09-30 00:23 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2006-09-30 00:13 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2006-09-15 21:59 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll 2006-09-15 21:59 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll 2006-09-14 12:12 8,192 --a------ C:\WINDOWS\suecmdial.dll 2006-09-14 07:36 42,982 --a------ C:\WINDOWS\system32\PDDSLADP.DLL 2006-09-14 07:36 15,571 --a------ C:\WINDOWS\system32\drivers\PDDSLADP.SYS 2006-09-14 07:36 15,187 --a------ C:\WINDOWS\system32\drivers\PDDSLHND.SYS 2006-09-10 23:36 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2006-09-10 23:36 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-09 16:56 -------- d-------- C:\Programme\Mozilla Firefox 2006-10-08 22:30 -------- d-------- C:\Programme\Trillian 2006-10-08 18:55 -------- d-------- C:\Programme\Roguescanfix 2006-10-08 17:57 -------- d-------- C:\Programme\CleanUp! 2006-10-07 18:07 -------- d-------- C:\Programme\ICQToolbar 2006-10-07 13:04 -------- d-------- C:\Programme\SoftCodec 2006-10-07 12:13 -------- d-------- C:\Programme\TuneUp Utilities 2004 2006-10-05 22:39 -------- d-------- C:\Programme\Mozilla Thunderbird 2006-10-05 22:31 -------- d-------- C:\Programme\MD Adressbuch 2006-10-05 20:42 -------- d-------- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Canon 2006-10-01 13:51 -------- d-------- C:\Programme\SmartFTP Client 2.0 2006-10-01 13:50 -------- d-------- C:\Programme\SmartFTP Client 2.0 Setup Files 2006-09-30 19:01 -------- d-------- C:\Programme\iTunes 2006-09-30 19:01 -------- d-------- C:\Programme\iPod 2006-09-30 18:57 -------- d-------- C:\Programme\QuickTime 2006-09-30 18:52 -------- d-------- C:\Programme\Apple Software Update 2006-09-30 00:45 -------- d-------- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Vso 2006-09-30 00:24 94080 --a------ C:\Dokumente und Einstellungen\*****\Anwendungsdaten\ezplay.sys 2006-09-30 00:24 81920 --a------ C:\Dokumente und Einstellungen\*****\Anwendungsdaten\ezpinst.exe 2006-09-30 00:24 7172 --a------ C:\Dokumente und Einstellungen\*****\Anwendungsdaten\ezplay.cat 2006-09-30 00:24 34 --a------ C:\Dokumente und Einstellungen\*****\Anwendungsdaten\pcouffin.log 2006-09-30 00:24 34 --a------ C:\Dokumente und Einstellungen\*****\Anwendungsdaten\KGFGCNUI.log 2006-09-30 00:24 125 --a------ C:\Dokumente und Einstellungen\*****\Anwendungsdaten\KGFGCNUI.ini 2006-09-30 00:24 1104 --a------ C:\Dokumente und Einstellungen\*****\Anwendungsdaten\KGFGCNUI.inf 2006-09-30 00:23 7176 --a------ C:\Dokumente und Einstellungen\*****\Anwendungsdaten\pcouffin.cat 2006-09-30 00:23 47360 --a------ C:\Dokumente und Einstellungen\*****\Anwendungsdaten\pcouffin.sys 2006-09-30 00:23 1144 --a------ C:\Dokumente und Einstellungen\*****\Anwendungsdaten\pcouffin.inf 2006-09-30 00:18 -------- d-------- C:\Programme\DAEMON Tools 2006-09-15 22:01 -------- d-------- C:\Programme\Gemeinsame Dateien\AVSMedia 2006-09-15 22:00 -------- d-------- C:\Programme\AVSMedia 2006-09-15 21:59 -------- d-------- C:\Programme\Gemeinsame Dateien 2006-09-14 07:36 -------- d-------- C:\Programme\Gemeinsame Dateien\Alice 2006-09-14 07:36 -------- d-------- C:\Programme\Alice 2006-09-10 23:36 -------- d-------- C:\Programme\Winamp 2006-09-07 13:44 -------- d--h----- C:\Programme\InstallShield Installation Information 2006-09-07 13:43 -------- d-------- C:\Programme\Gemeinsame Dateien\NewSoft 2006-09-07 13:34 -------- d-------- C:\Programme\NewSoft 2006-09-06 22:47 -------- d-------- C:\Programme\AviSynth 2.5 2006-09-06 22:46 -------- d-------- C:\Programme\iDump 2006-09-06 14:01 -------- d-------- C:\Programme\TIPP-Kurs 2006-09-05 19:00 -------- d-------- C:\Programme\eMule 2006-09-05 17:59 -------- d-------- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Slowstore 2006-09-05 17:46 -------- d-------- C:\Programme\WordBiz 2006-09-05 17:39 -------- d-------- C:\Programme\Sony Ericsson 2006-09-05 17:38 -------- d-------- C:\Programme\Gemeinsame Dateien\Teleca Shared 2006-09-05 17:34 -------- d-------- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\SlimBrowser 2006-09-05 17:27 -------- d-------- C:\Programme\Logon Loader 2006-09-05 17:27 -------- d-------- C:\Programme\lineup2win 2006-09-05 17:23 -------- d-------- C:\Programme\Gemeinsame Dateien\ACD Systems 2006-09-05 17:23 -------- d-------- C:\Programme\ACD Systems 2006-09-05 17:20 -------- d-------- C:\Programme\Gemeinsame Dateien\Autodesk Shared 2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-21 11:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys 2006-08-16 21:05 -------- d-------- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\PersBackup 2006-08-16 17:28 -------- d-------- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\NetPumper 2006-08-11 00:30 -------- d-------- C:\Programme\Internet Explorer 2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll 2006-07-14 14:51 108144 --a------ C:\WINDOWS\system32\GEARAspi.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "IntelliType"="\"C:\\Programme\\Microsoft Hardware\\Keyboard\\type32.exe\"" "FRISK FP-Scheduler"="C:\\Programme\\FSI\\F-Prot\\F-Sched.exe STARTUP" "F-StopW"="C:\\Programme\\FSI\\F-Prot\\F-StopW.EXE" "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 "ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay" "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE" "Presto! PVR Monitor"="C:\\Programme\\NewSoft\\Presto! PVR\\Monitor.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,81,01,00,00,00,00,00,00,f7,03,00,00,04,04,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,aa,03,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,aa,03,\ 00,00,01,00,00,00 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="http://mugiac.com/" "SubscribedURL"="http://mugiac.com/" "FriendlyName"="" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,e1,01,00,00,6b,01,00,00,9f,00,00,00,30,01,00,00,ea,\ 03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:01,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,e1,01,00,00,6b,01,00,00,9f,00,00,00,30,01,\ 00,00,01,00,00,40 "RestoredStateInfo"=hex:19,02,02,00,00,00,00,00,00,00,00,00,a8,5c,06,00,00,e0,\ fd,7f,00,00,00,00 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2] "Source"="http://www.heute.de/ZDFheute" "SubscribedURL"="http://www.heute.de/ZDFheute" "FriendlyName"="heute.de - Titelseite" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,00,00,00,33,01,00,00,83,02,00,00,39,01,00,00,ec,\ 03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:01,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,33,01,00,00,83,02,00,00,39,01,\ 00,00,01,00,00,40 "RestoredStateInfo"=hex:00,00,0c,00,00,00,00,00,4c,5c,06,00,d1,73,a5,00,00,00,\ 00,00,2c,05,04,00 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\3] "Source"="http://www.heute.de/" "SubscribedURL"="http://www.heute.de/" "FriendlyName"="heute.de - Titelseite" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,a0,00,00,00,15,00,00,00,e0,01,00,00,92,00,00,00,ee,\ 03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:01,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,e1,01,00,00,1d,00,00,00,9f,00,00,00,30,01,\ 00,00,01,00,00,40 "RestoredStateInfo"=hex:00,00,0c,00,00,00,00,00,4c,5c,06,00,d1,73,a5,00,00,00,\ 00,00,34,05,01,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000000 "NoDriveAutoRun"=dword:00000000 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run] "isamonitor.exe"="C:\\Programme\\SoftCodec\\isamonitor.exe" "pmsngr.exe"="C:\\Programme\\SoftCodec\\pmsngr.exe" [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "CDRAutoRun"=dword:00000000 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "CDRAutoRun"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\"" "LogitechSoftwareUpdate"="C:\\Programme\\Logitech\\Video\\ManifestEngine.exe boot" "MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" "LDM"="C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-] "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "NeroFilterCheck"="C:\\WINDOWS\\System32\\NeroCheck.exe" "bxxs5"="RunDLL32.EXE C:\\WINDOWS\\bxxs5.dll,DllRun" "New.net Startup"="rundll32 C:\\PROGRA~1\\NEWDOT~2\\NEWDOT~2.DLL,ClientStartup -s" "iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\"" "ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize" "Omnipage"="C:\\Programme\\ScanSoft\\OmniPageSE\\opware32.exe" "AVMBLUEOBEX"="C:\\Programme\\avmclient\\AvmObex.exe -pushclient -ftpclient" "AVMBlueClient"="C:\\Programme\\avmclient\\bluefritz.exe" "DAEMON Tools-1033"="\"C:\\Programme\\D-Tools\\daemon.exe\" -lang 1033" "PivotSoftware"="\"C:\\Programme\\WinPortrait\\wpctrl.exe\"" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "Google Desktop Search"="\"C:\\Programme\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup" "gcasServ"="\"C:\\Programme\\Microsoft AntiSpyware\\gcasServ.exe\"" "ChangeFilterMerit"="C:\\Programme\\NewSoft\\Presto! PVR\\ChangeFilterMerit.exe" "FreePDF Assistant"="C:\\Programme\\FreePDF_XP\\fpassist.exe" "LogitechVideoRepair"="C:\\Programme\\Logitech\\Video\\ISStart.exe " "LogitechVideoTray"="C:\\Programme\\Logitech\\Video\\LogiTray.exe" "Presto! PVR Monitor"="C:\\Programme\\NewSoft\\Presto! PVR\\Monitor.exe" "URemote"="C:\\Programme\\NewSoft\\Presto! PVR\\URemote.exe" "NetPumper"="\"e:\\Programme\\NetPumper\\NetPumperIEProxy.exe\"" "Logitech Utility"="Logi_MwX.Exe" "DAEMON Tools"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033" "WinampAgent"="C:\\Programme\\Winamp\\winampa.exe" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job Completion time: 09.10.2006 16:59:40.44 ComboFix.txt |
|
|
||
09.10.2006, 17:12
Ehrenmitglied
Beiträge: 29434 |
#4
1.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Die Datei "fixme.reg" auf dem Desktop doppelklicken und der Registry mit "ja" oder "yes" beifügen Zitat REGEDIT42. Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten 3. loesche: e:\Programme\NetPumper 4. loesche das Backup vom Avenger unter C:\Avenger\backup.zip 5. scanne mit smitfraudfix (Option 1 und 2) http://virus-protect.org/artikel/tools/smitfrautfix.html 6. scanne http://virus-protect.org/artikel/tools/nolop.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
hoffe ihr könnt mir helfen!
hier mal mein log:
Logfile of HijackThis v1.99.1
Scan saved at 17:47:25, on 08.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
C:\Programme\avmclient\avmbtservice.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\avmclient\AvmObexService.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Programme\DCPFLICS\DCPFLICS.exe
C:\Programme\FSI\F-Prot\fpavupdm.exe
E:\3dsmax6\sfmgr\sfmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\SoftCodec\isamonitor.exe
C:\Programme\SoftCodec\pmsngr.exe
C:\Programme\SoftCodec\pmmon.exe
C:\Programme\Microsoft Hardware\Keyboard\type32.exe
C:\Programme\SoftCodec\isamini.exe
C:\Programme\FSI\F-Prot\F-Sched.exe
C:\Programme\FSI\F-Prot\F-StopW.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\LVCOMSX.EXE
E:\ac\Distillr\acrotray.exe
C:\Programme\UltraMon\UltraMon.exe
C:\Programme\UltraMon\UltraMonTaskbar.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Alice\Signup\AliceCnn.exe
C:\Dokumente und Einstellungen\M**** Ö***\Desktop\stng260.exe
C:\Dokumente und Einstellungen\M***Ö***\Desktop\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice-dsl.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alice-dsl.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice-dsl.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Programme\SoftCodec\isaddon.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - e:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\ac\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\ac\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: T1 - {4180A6C9-26D0-4A15-A2CD-A24E3178E386} - e:\PROGRA~1\LANGEN~1.0\Engine\mte\StdAlone\T1IE.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Programme\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programme\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Programme\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = E:\ac\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: UltraMon.lnk = C:\Programme\UltraMon\UltraMon.exe
O8 - Extra context menu item: Download with NetPumper - e:\Programme\NetPumper\AddUrl.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: c:\programme\fritz!dsl\sarah.dll
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot6_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {11F44F56-0B88-41E6-BA33-A86E5E216F1E} (bilder_vobis_de_bilduebertragung) - http://bilder.vobis.de/upload/bilder_vobis_bilduebertragung.cab
O16 - DPF: {27FA5271-12D2-43E3-9424-365A43236EE7} (PIXACO upload plugin) - http://www.pixaco.de/static/download/iedropupload.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://www.knoll.com/FSL/KnFSLInstall/setup.exe
O16 - DPF: {51EA44E6-C8C3-4E30-8F3D-D8EE71A44DCB} (Upload Control) - https://img.web.de/v/fotoalbum/activex/upload_1111.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} - http://playroom.icq.com/odyssey_web11.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{65DA643D-AB0B-4641-A9CD-3A061373842F}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B4AC722-60D4-4DA6-BEBE-E01349B5F66C}: NameServer = 213.191.92.82 213.191.74.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: hydrodictyon - {b166be07-30a4-4d38-b781-44528a630706} - C:\WINDOWS\system32\gqagksr.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVM BT Connection Service - AVM Berlin - C:\Programme\avmclient\avmbtservice.exe
O23 - Service: AVM BT PAN Service - AVM Berlin - C:\Programme\avmclient\panapp.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AVM BT OBEX Service (AvmObexService) - AVM Berlin - C:\Programme\avmclient\AvmObexService.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: DCPFLICS - Unknown owner - C:\Programme\DCPFLICS\DCPFLICS.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Programme\FSI\F-Prot\fpavupdm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Programme\Gemeinsame Dateien\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O23 - Service: CaReTaKeR-CT NetMgr 1.2.1 (sfmgr) - Unknown owner - E:\3dsmax6\sfmgr\sfmgr.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe