Critical System Error die zweite |
||
|---|---|---|
| #0
| ||
|
21.10.2006, 13:02
...neu hier
Beiträge: 1 |
||
 
|
|
|
|
21.10.2006, 16:51
Ehrenmitglied
 Beiträge: 29434 |
#2
scanne mit option 1 und 2 und poste beide scanreporte
http://virus-protect.org/artikel/tools/smitfrautfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
desweiteren habe ich noch rausgefunden, dass sich das ganze im Ordner c:\programme\videocomprehenssioncodec befindet also bei spywaredoctor gefixt und den Ordner gelöscht doch dieses Zeichen kommt immer noch (war betsimmt nich das beste dachte aber so würde das ganze weggehen).
Könnt ihr mir helfen wie ich das wieder wegbekomme habe die Analyse sachen drüberlaufen lassen!?
Greetz Simon
Logfile of HijackThis v1.99.1
Scan saved at 10:47:25, on 21.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Programme\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Programme\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Programme\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE
C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Programme\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\F-Secure Internet Security\Common\FCH32.EXE
C:\Programme\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Programme\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Programme\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Programme\F-Secure Internet Security\FSPC\fspc.exe
C:\Programme\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
C:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\F-Secure Internet Security\Common\FSM32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Programme\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Dokumente und Einstellungen\Simon\Desktop\hiyack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Programme\VideoCompressionCodec\isaddon.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: Protection Bar - {8aed5df3-6e0b-4930-b1a5-f8aa8d757497} - C:\Programme\VideoCompressionCodec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programme\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: F-Secure 2006.lnk = C:\Programme\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Dieses Popup &blockieren - C:\Programme\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Webfilter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: IE-Schutzschild - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-Schutzschild... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151388535843
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - C:\WINDOWS\system32\dpfwu.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programme\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: GhostStartService - Symantec Corporation - C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE
Simon - 06-10-21 11:14:40,84 Service Pack 2
ComboFix 06.10.19 - Running from: "N:\"
((((((((((((((((((((((((((((((( Files Created from 2006-09-21 to 2006-10-21 ))))))))))))))))))))))))))))))))))
2006-10-20 13:07 106,496 --a------ C:\WINDOWS\system32\dpfwu.dll
2006-10-14 17:35 683,765 --a------ C:\WINDOWS\bond40_ssv.exe
2006-10-14 17:35 409,512 --a------ C:\WINDOWS\bond40_ssv.scr
2006-10-14 17:35 40,960 --a------ C:\WINDOWS\bond40_ssv.dll
2006-10-12 16:31 34,297 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys
2006-10-08 13:00 737,280 --a------ C:\WINDOWS\iun6002.exe
2006-09-26 19:20 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-09-26 19:20 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-21 10:48 -------- d-------- C:\Programme\CleanUp!
2006-10-20 22:01 -------- d-------- C:\Programme\Mozilla Firefox
2006-10-20 18:19 -------- d-------- C:\Programme\Mozilla Thunderbird
2006-10-13 20:59 -------- d-------- C:\Programme\ICQLite
2006-10-12 16:31 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-10-12 16:31 -------- d-------- C:\Programme\SigmaTel
2006-10-08 14:49 12464 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-10-08 12:41 -------- d-------- C:\Programme\EA Games
2006-09-30 18:52 -------- d-------- C:\Programme\GUILD WARS
2006-09-26 19:42 -------- d-------- C:\Programme\Spyware Doctor
2006-09-26 19:19 -------- d-------- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\PC Tools
2006-09-13 07:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-01 14:44 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-09-01 14:44 -------- d-------- C:\Programme\Alcohol Soft
2006-09-01 14:41 96256 --a------ C:\WINDOWS\system32\drivers\sptd0141.sys
2006-09-01 14:41 643072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-09-01 14:28 -------- d-------- C:\Programme\EA SPORTS
2006-08-29 16:20 -------- d-------- C:\Programme\Teamspeak2_RC2
2006-08-29 16:20 -------- d-------- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\teamspeak2
2006-08-27 22:19 -------- d-------- C:\Programme\Google
2006-08-25 17:46 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-24 11:18 -------- d---s---- C:\Dokumente und Einstellungen\Simon\Anwendungsdaten\Microsoft
2006-08-24 11:18 -------- d-------- C:\Programme\Valve
2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 11:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-16 13:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-11 11:58 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-22 09:06 53248 --a------ C:\WINDOWS\system32\unrar.dll
2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"F-Secure Manager"="\"C:\\Programme\\F-Secure Internet Security\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Programme\\F-Secure Internet Security\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Programme\\F-Secure Internet Security\\FSGUI\\FSSW.EXE\" /reboot"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,00,04,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,c3,00,00,00,7c,00,00,00,7c,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Spyware Doctor"="\"C:\\Programme\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Spyware Doctor"="\"C:\\Programme\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoCDBurning"=dword:00000000
"FoFileAssociate"=dword:00000000
"StartMenuLogoff"=dword:00000000
"NoShellSearchButton"=dword:00000000
"NoLowDiskSpaceChecks"=dword:00000000
"HideClock"=dword:00000000
"NoRecentDocsMenu"=dword:00000000
"NoFolderOptions"=dword:00000000
"NoUserNameInStartMenu"=dword:00000000
"NoRecentDocsNetHood"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamonitor.exe"="C:\\Programme\\VideoCompressionCodec\\isamonitor.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"contrabandists"="{dfa61db1-388e-4c87-8d56-540fa229bcb4}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Office-Bibliothek-Direktsuche.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Office-Bibliothek-Direktsuche.lnk"
"backup"="C:\\WINDOWS\\pss\\Office-Bibliothek-Direktsuche.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\OFFICE~1\\PCLib.exe "
"item"="Office-Bibliothek-Direktsuche"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Beate^Startmenü^Programme^Autostart^OpenOffice.org 2.0.lnk]
"path"="C:\\Dokumente und Einstellungen\\Beate\\Startmenü\\Programme\\Autostart\\OpenOffice.org 2.0.lnk"
"backup"="C:\\WINDOWS\\pss\\OpenOffice.org 2.0.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\OPENOF~1.0\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 2.0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Benedikt^Startmenü^Programme^Autostart^OpenOffice.org 2.0.lnk]
"path"="C:\\Dokumente und Einstellungen\\Benedikt\\Startmenü\\Programme\\Autostart\\OpenOffice.org 2.0.lnk"
"backup"="C:\\WINDOWS\\pss\\OpenOffice.org 2.0.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\OPENOF~1.0\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 2.0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Benedikt^Startmenü^Programme^Autostart^Xfire.lnk]
"path"="C:\\Dokumente und Einstellungen\\Benedikt\\Startmenü\\Programme\\Autostart\\Xfire.lnk"
"backup"="C:\\WINDOWS\\pss\\Xfire.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Xfire\\Xfire.exe "
"item"="Xfire"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Matthias^Startmenü^Programme^Autostart^OpenOffice.org 2.0.lnk]
"path"="C:\\Dokumente und Einstellungen\\Matthias\\Startmenü\\Programme\\Autostart\\OpenOffice.org 2.0.lnk"
"backup"="C:\\WINDOWS\\pss\\OpenOffice.org 2.0.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\OPENOF~1.0\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 2.0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Simon^Startmenü^Programme^Autostart^OpenOffice.org 2.0.lnk]
"path"="C:\\Dokumente und Einstellungen\\Simon\\Startmenü\\Programme\\Autostart\\OpenOffice.org 2.0.lnk"
"backup"="C:\\WINDOWS\\pss\\OpenOffice.org 2.0.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\OPENOF~1.0\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 2.0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cli"
"hkey"="HKLM"
"command"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostStartTrayApp"
"hkey"="HKLM"
"command"="C:\\Programme\\Symantec\\Norton Ghost 2003\\GhostStartTrayApp.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSTA.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PRISMSTA"
"hkey"="HKLM"
"command"="PRISMSTA.EXE START"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Dokumente und Einstellungen\\Matthias\\Eigene Dateien\\Quick Time\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swdoctor"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Spyware Doctor\\swdoctor.exe\" /Q"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=dword:00000002
"SDhelper"=dword:00000002
"xmlprov"=dword:00000003
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Scheduled scanning task.job
Completion time: 06-10-21 11:15:25.53
C:\ComboFix.txt ... 06-10-21 11:15
Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: A043-3ABF
Verzeichnis von C:\WINDOWS\system32
06-10-21 11:18 13,646 wpa.dbl
06-10-21 11:18 241,946 ikhcore.log
06-10-20 13:07 106,496 dpfwu.dll
06-10-04 22:03 9,639,336 MRT.exe
06-09-13 07:02 1,084,416 msxml3.dll
06-09-04 08:12 1,494,016 shdocvw.dll
06-08-31 17:15 380,350 perfh009.dat
06-08-31 17:15 52,764 perfc009.dat
06-08-31 17:15 63,580 perfc007.dat
06-08-31 17:15 391,000 perfh007.dat
06-08-31 17:15 897,954 PerfStringBackup.INI
06-08-29 16:20 34,064 lhacm.acm
06-08-25 17:46 617,472 comctl32.dll
06-08-21 14:26 16,896 fltlib.dll
06-08-21 11:14 23,040 fltmc.exe
06-08-16 13:58 100,352 6to4svc.dll
06-08-11 11:58 98,304 CmdLineExt.dll
06-07-28 13:28 3,075,072 mshtml.dll
06-07-27 15:25 679,424 inetcomm.dll
06-07-25 22:33 615,936 urlmon.dll
06-07-22 09:06 53,248 unrar.dll
06-07-21 10:29 72,704 hlink.dll
06-07-14 17:41 336,896 netapi32.dll
06-07-14 17:25 546,304 hhctrl.ocx
06-07-13 15:34 8,494,592 shell32.dll
06-07-05 12:55 1,057,792 kernel32.dll
Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: A043-3ABF
Verzeichnis von C:\DOKUME~1\Simon\LOKALE~1\Temp
Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: A043-3ABF
Verzeichnis von C:\WINDOWS\Temp
06-10-21 11:19 409 WGANotify.settings
06-10-21 11:18 255 WGAErrLog.txt
2 Datei(en) 664 Bytes
0 Verzeichnis(se), 22,342,475,776 Bytes frei
Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: A043-3ABF
Verzeichnis von C:\WINDOWS
06-10-21 11:18 0 0.log
06-10-21 11:18 2,059,872 WindowsUpdate.log
06-10-21 11:18 2,048 bootstat.dat
06-10-21 11:17 32,634 SchedLgU.Txt
06-10-20 22:10 486 win.ini
06-10-20 22:10 274 system.ini
06-10-20 21:03 174,368 ntbtlog.txt
06-10-20 16:38 74,560 wmsetup.log
06-10-20 14:41 642,413 setupapi.log
06-10-20 12:57 116 NeroDigital.ini
06-10-20 12:41 54,156 QTFont.qfn
06-10-19 17:09 6,950 mozver.dat
06-10-17 22:59 1,409 QTFont.for
06-10-14 17:35 683,765 bond40_ssv.exe
06-10-14 17:35 409,512 bond40_ssv.scr
06-10-14 17:35 18,192 bond40_ssv.dat
06-10-14 17:35 40,960 bond40_ssv.dll
06-10-12 08:33 1,393 imsins.log
06-10-12 08:33 132,984 ntdtcsetup.log
06-10-12 08:33 99,822 iis6.log
06-10-12 08:33 221,987 comsetup.log
06-10-12 08:33 246,585 tsoc.log
06-10-12 08:33 35,427 ocmsn.log
06-10-12 08:33 14,469 KB924191.log
06-10-12 08:33 309,201 ocgen.log
06-10-12 08:33 32,080 msgsocm.log
06-10-12 08:33 635,980 FaxSetup.log
06-10-12 08:33 28,690 updspapi.log
06-10-12 08:33 1,393 imsins.BAK
06-10-12 08:33 14,060 KB922819.log
06-10-12 08:32 12,249 KB923414.log
06-10-12 08:32 12,282 KB924496.log
06-10-12 08:30 9,632 KB923191.log
06-10-11 20:08 50 wiaservc.log
06-10-11 20:08 416 wiadebug.log
06-10-11 19:28 4,387 ODBC.INI
06-10-10 11:07 20,588 fsiuupd.log
06-10-08 17:25 313 nsw.log
06-10-08 13:02 825 eReg.dat
06-10-08 12:59 737,280 iun6002.exe
06-10-06 20:28 200,510 setupact.log
06-09-26 19:20 11,394 KB925486.log
06-09-23 10:11 630 KLETT.INI
06-09-20 18:35 4,429 ODBCINST.INI
06-09-20 16:56 0 odbcddp.ini
06-09-16 10:02 4,790 WgaNotify.log
06-09-13 13:56 13,935 KB920685.log
06-09-13 13:56 15,684 KB920872.log
06-09-13 13:55 14,085 KB919007.log
06-09-13 13:55 9,521 KB922582.log
06-08-10 14:46 16,216 KB920214.log
06-08-10 14:46 16,210 KB922616.log
06-08-10 14:46 16,910 KB921398.log
06-08-10 14:46 20,025 KB918899.log
06-08-10 14:46 12,694 KB920670.log
06-08-10 14:46 12,858 KB917422.log
06-08-10 14:45 13,125 KB920683.log
06-08-09 09:08 13,519 KB921883.log
06-07-25 20:09 51,835 DirectX.log
06-07-25 16:06 4,096 d3dx.dat
06-07-14 17:38 151 PhotoSnapViewer.INI
06-07-12 20:50 12,429 KB917159.log
06-07-12 20:50 12,942 KB914388.log
06-07-12 20:50 11,096 KB916595.log
Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: A043-3ABF
Verzeichnis von C:\
06-10-21 11:30 0 sys.txt
06-10-21 11:29 380 down.txt
06-10-21 11:28 324 tmp.txt
06-10-21 11:27 12,401 system.txt
06-10-21 11:25 127 systemtemp.txt
06-10-21 11:23 97,474 system32.txt
06-10-21 11:18 536,399,872 hiberfil.sys
06-10-21 11:18 805,306,368 pagefile.sys
06-10-21 11:16 91 ComboFix.txt
06-10-21 11:15 13,915 ComboFix2.txt
06-10-20 22:10 211 boot.ini
06-04-19 09:49 27,262,976 VIRTPART.DAT
06-04-18 19:54 0 MSDOS.SYS
06-04-18 19:54 0 IO.SYS
06-04-18 19:54 0 AUTOEXEC.BAT
06-04-18 19:54 0 CONFIG.SYS
04-08-04 14:00 4,952 bootfont.bin
04-08-04 14:00 47,564 NTDETECT.COM
04-08-04 14:00 251,184 ntldr
19 Datei(en) 1,369,397,839 Bytes
0 Verzeichnis(se), 22,342,459,392 Bytes frei
Datentr„ger in Laufwerk C: ist Windows
Volumeseriennummer: A043-3ABF
Verzeichnis von C:\WINDOWS\Downloaded Program Files
06-06-22 11:41 5,032 swflash.inf
06-04-18 19:53 65 desktop.ini
05-05-26 04:19 293 muweb.inf
3 Datei(en) 5,390 Bytes
0 Verzeichnis(se), 22,342,475,776 Bytes frei