"safeiepage.com" seit Sonntag - IE ist völlig außer Gefecht

Thema ist geschlossen!
Thema ist geschlossen!
#0
24.10.2006, 23:15
...neu hier

Beiträge: 9
#1 Hallo ich bin ein Neuer im Forum!
Mein IE streikt mit obiger Meldung.
Habe bereits:

Logfile of HijackThis v1.99.1
Scan saved at 17:41:50, on 24.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\GEARSec.exe
D:\PROGRAMME\KERIO\Personal Firewall 4\kpf4ss.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
D:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
D:\PROGRAMME\KERIO\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\MsPMSPSv.exe
D:\PROGRAMME\KERIO\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\VideoCompressionCodec\isamonitor.exe
C:\Programme\VideoCompressionCodec\pmsngr.exe
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Programme\VideoCompressionCodec\isamini.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\VideoCompressionCodec\pmmon.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
D:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\Dit.exe
C:\Programme\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
D:\Programme\FRITZ!\IWatch.exe
D:\Programme\Nikon\PictureProject\NkbMonitor.exe
D:\Programme\WEBDE\SmartSurfer3.1\SmartSurfer.exe
F:\1 Setups - Updates\craagle.exe !!!!!!!!!!\higthjackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.4mbo.de
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PreispiratenSearchURL - {0B660087-931C-4056-A04F-0423890E40B6} - d:\Programme\Preispiraten\Preispiraten2\PPSearchURL.dll
O2 - BHO: (no name) - {5EFD170F-AA84-49D2-A87E-28D6B007AAC2} - C:\WINDOWS\system32\kbdfi132.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Programme\VideoCompressionCodec\isaddon.dll
O2 - BHO: metaspinner media GmbH - {84B94901-3645-4D80-A6B7-4D0050B19455} - d:\Programme\Preispiraten\Preispiraten2\IEButtonAmazonInterface.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - (no file)
O2 - BHO: metaspinner media GmbH - {D3AA56A9-8137-4950-A6F9-D0190A82AF2A} - d:\Programme\Preispiraten\Preispiraten2\IEButtonPPInterface.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ISDN SpeedManager] "C:\Programme\T-Online\ISDN SpeedManager\Tomcat.exe"
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [PINNACLEDRIVERCHECK] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "D:\PROGRAMME\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\kav.exe" /minimize
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [hp imaging helper] C:\WINDOWS\system32\hpusbscr.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "D:\PROGRAMME\ELABORATE BYTES\CLONECD\ELBYCHECK.EXE" /L ELBYCDFL
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [UVS10 Preload] d:\Programme\Ulead Systems\Ulead VideoStudio 10.0\uvPL.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [QuickTime Task] "D:\PROGRAMME\QUICKTIME\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SmartSurfer.lnk = D:\Programme\WEBDE\SmartSurfer3.1\SmartSurfer.exe
O4 - Global Startup: ISDNWatch.lnk = D:\Programme\FRITZ!\IWatch.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = D:\Programme\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - d:\\Programme\\Preispiraten\\Preispiraten2\\preispiraten.html
O8 - Extra context menu item: amazon Suche - d:\Programme\Preispiraten\Preispiraten2\Searchamazon.htm
O8 - Extra context menu item: amazon Suche starten - d:\Programme\Preispiraten\Preispiraten2\Searchamazon.htm
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: eBay - Mein eBay - d:\Programme\Preispiraten\Preispiraten2\SearchEbaymein.htm
O8 - Extra context menu item: eBay - Powersuche - d:\Programme\Preispiraten\Preispiraten2\SearchEbaypower.htm
O8 - Extra context menu item: eBay - Startseite - d:\Programme\Preispiraten\Preispiraten2\SearchEbay.htm
O8 - Extra context menu item: eBay Suche starten - d:\Programme\Preispiraten\Preispiraten2\SearchEbay.htm
O8 - Extra context menu item: Google Suche - d:\Programme\Preispiraten\Preispiraten2\SearchGoogle.htm
O8 - Extra context menu item: Google Suche starten - d:\Programme\Preispiraten\Preispiraten2\SearchGoogle.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Preispiraten 2.5 - {2638A03E-1669-43BE-8119-B47087629A7F} - d:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe
O9 - Extra button: (no name) - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - (no file)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.4mbo.de
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120061423441
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139682237151
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/de/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{7767466E-11F8-4311-95CA-8853A59F3C37}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CS1\Services\Tcpip\..\{F861D9CF-1C61-4A0F-A836-67C3385D48E1}: NameServer = 141.48.3.3
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Programme\iPod\bin\iPodService.exe (file missing)
O23 - Service: kavsvc - Kaspersky Lab - D:\PROGRAMME\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAVSVC.EXE
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - D:\PROGRAMME\KERIO\Personal Firewall 4\kpf4ss.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: V2i Protector - PowerQuest Corporation - D:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe


durchgeführt und den "The Avenger" geladen, komme aber nicht weiter !
Bitte helft mir.
Sabrina ich habe versucht in der Registry die Begriffe zu löschen, die ich vom "Search und Destroy" gemeldet bekam, aber ohne Erfolg!

UNter "VIdeocompressionscodeec" finde ich pmmon.exe; isamonitor.eceisamini.exeisadon.dll; und pmsngr.exe !

Löschen blieb erfolglos.
Noch nen schöen Abend!
Seitenanfang Seitenende
25.10.2006, 11:57
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 aries-b

1.
scanne mit smitfraudfix - option 1 und 2 - poste hier die scanreporte
http://virus-protect.org/artikel/tools/smitfrautfix.html

2.
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O2 - BHO: (no name) - {5EFD170F-AA84-49D2-A87E-28D6B007AAC2} - C:\WINDOWS\system32\kbdfi132.dll
O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Programme\VideoCompressionCodec\isaddon.dll

O2 - BHO: (no name) - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - (no file)

O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

3.
poste dieses log
http://virus-protect.org/artikel/tools/combofix.html

4.
stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

5.
Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
25.10.2006, 21:09
...neu hier

Themenstarter

Beiträge: 9
#3 Hallo Sabrina, bevor ich deine Mail bekam, habe ich im abgesicherten Modus aus der Reg. 2 Einträge gelöscht und den Ordner"VIDEOCOMPRESSIONCODECS" mit folgenden Exen:
1. pmmon.exe
2. isamonitor.exe
3. isamini.exe
4. isadon.dll und
5. pmsngr.exe .

Ich hoffe, dass der I.E.. wieder fehlerfrei arbeitet. Ich werde morgen berichten.
Großen Dank und mehr-----

Noch nen schönen Abend!

edit
Seitenanfang Seitenende
25.10.2006, 23:02
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 du musst alles abarbeiten, worum ich gebeten habe ;)
beginnend bei smitfraudfix ...usw...
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
26.10.2006, 22:10
...neu hier

Themenstarter

Beiträge: 9
#5 Hallo sabina, das ist das erste file:

SmitFraudFix v2.113
Scan done at 20:16:10,10, 26.10.2006
Run from F:\1 Setups - Updates\craagle.exe !!!!!!!!!!\Smitfraudfix.zip\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process
Nr2:
Logfile of HijackThis v1.99.1
Scan saved at 20:41:01, on 26.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\GEARSec.exe
D:\PROGRAMME\KERIO\Personal Firewall 4\kpf4ss.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\PROGRAMME\KERIO\Personal Firewall 4\kpf4gui.exe
C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
D:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
D:\PROGRAMME\KERIO\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\T-Online\ISDN SpeedManager\Tomcat.exe
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
D:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\Dit.exe
C:\Programme\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
D:\Programme\FRITZ!\IWatch.exe
D:\Programme\Nikon\PictureProject\NkbMonitor.exe
D:\Programme\WEBDE\SmartSurfer3.1\SmartSurfer.exe
D:\Programme\Mozilla\Firefox 1.5\firefox.exe
D:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
F:\1 Setups - Updates\craagle.exe !!!!!!!!!!\higthjackthis\HijackThis.exe

F1 - win.ini: load=c:\01comm32\bin\01comm32.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PreispiratenSearchURL - {0B660087-931C-4056-A04F-0423890E40B6} - d:\Programme\Preispiraten\Preispiraten2\PPSearchURL.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: metaspinner media GmbH - {84B94901-3645-4D80-A6B7-4D0050B19455} - d:\Programme\Preispiraten\Preispiraten2\IEButtonAmazonInterface.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: metaspinner media GmbH - {D3AA56A9-8137-4950-A6F9-D0190A82AF2A} - d:\Programme\Preispiraten\Preispiraten2\IEButtonPPInterface.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ISDN SpeedManager] "C:\Programme\T-Online\ISDN SpeedManager\Tomcat.exe"
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [PINNACLEDRIVERCHECK] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "D:\PROGRAMME\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\kav.exe" /minimize
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [hp imaging helper] C:\WINDOWS\system32\hpusbscr.exe
O4 - HKLM\..\Run: [ElbyCheckElbyCDFL] "D:\PROGRAMME\ELABORATE BYTES\CLONECD\ELBYCHECK.EXE" /L ELBYCDFL
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [UVS10 Preload] d:\Programme\Ulead Systems\Ulead VideoStudio 10.0\uvPL.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\PROGRAMME\QUICKTIME\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SmartSurfer.lnk = D:\Programme\WEBDE\SmartSurfer3.1\SmartSurfer.exe
O4 - Global Startup: ISDNWatch.lnk = D:\Programme\FRITZ!\IWatch.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = D:\Programme\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - d:\\Programme\\Preispiraten\\Preispiraten2\\preispiraten.html
O8 - Extra context menu item: amazon Suche - d:\Programme\Preispiraten\Preispiraten2\Searchamazon.htm
O8 - Extra context menu item: amazon Suche starten - d:\Programme\Preispiraten\Preispiraten2\Searchamazon.htm
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: eBay - Mein eBay - d:\Programme\Preispiraten\Preispiraten2\SearchEbaymein.htm
O8 - Extra context menu item: eBay - Powersuche - d:\Programme\Preispiraten\Preispiraten2\SearchEbaypower.htm
O8 - Extra context menu item: eBay - Startseite - d:\Programme\Preispiraten\Preispiraten2\SearchEbay.htm
O8 - Extra context menu item: eBay Suche starten - d:\Programme\Preispiraten\Preispiraten2\SearchEbay.htm
O8 - Extra context menu item: Google Suche - d:\Programme\Preispiraten\Preispiraten2\SearchGoogle.htm
O8 - Extra context menu item: Google Suche starten - d:\Programme\Preispiraten\Preispiraten2\SearchGoogle.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Preispiraten 2.5 - {2638A03E-1669-43BE-8119-B47087629A7F} - d:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe
O9 - Extra button: (no name) - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - (no file)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.4mbo.de
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120061423441
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139682237151
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/de/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{7767466E-11F8-4311-95CA-8853A59F3C37}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CCS\Services\Tcpip\..\{7AE18BC8-C8EE-480A-8ABF-BD8262A18194}: NameServer = 217.237.149.225 217.237.151.115
O17 - HKLM\System\CS1\Services\Tcpip\..\{F861D9CF-1C61-4A0F-A836-67C3385D48E1}: NameServer = 141.48.3.3
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Programme\iPod\bin\iPodService.exe (file missing)
O23 - Service: kavsvc - Kaspersky Lab - D:\PROGRAMME\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAVSVC.EXE
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - D:\PROGRAMME\KERIO\Personal Firewall 4\kpf4ss.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: V2i Protector - PowerQuest Corporation - D:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe

Nr3 :

Dr. Bernd Mller - 06-10-26 21:03:19,69 Service Pack 2
ComboFix 06.10.19 - Running from: "F:\1 Setups - Updates\craagle.exe !!!!!!!!!!\combofix"

((((((((((((((((((((((((((((((( Files Created from 2006-09-26 to 2006-10-26 ))))))))))))))))))))))))))))))))))


2006-10-11 21:57 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-26 20:48 17408 --a------ C:\WINDOWS\system32\drivers\USBCRFT.SYS
2006-10-25 20:59 -------- d-------- C:\Programme\CleanUp!
2006-10-22 19:34 -------- d-------- C:\Programme\Apple Software Update
2006-10-22 00:02 2828 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-10-15 17:24 -------- d-------- C:\Programme\MSXML 4.0
2006-10-12 20:55 -------- d-------- C:\Programme\Java
2006-10-12 20:12 61072 --a------ C:\WINDOWS\system32\drivers\klick.sys
2006-10-12 20:12 59536 --a------ C:\WINDOWS\system32\drivers\klin.sys
2006-09-25 21:04 1880 --a------ C:\WINDOWS\AUTOLNCH.REG
2006-09-23 23:14 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-09-23 22:50 -------- d-------- C:\Programme\Gemeinsame Dateien\ACD Systems
2006-09-23 08:39 -------- d-------- C:\Dokumente und Einstellungen\Dr. Bernd Mller\Anwendungsdaten\Google
2006-09-20 21:10 -------- d-------- C:\Programme\Google
2006-09-16 14:11 -------- d-------- C:\Dokumente und Einstellungen\Dr. Bernd Mller\Anwendungsdaten\Ulead Systems
2006-09-16 12:55 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-09-13 07:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 17:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
2006-09-05 20:19 -------- d-------- C:\Dokumente und Einstellungen\Dr. Bernd Mller\Anwendungsdaten\Adobe
2006-09-04 22:39 -------- d-------- C:\Programme\Gemeinsame Dateien\Real
2006-09-04 22:38 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-09-04 22:38 -------- d-------- C:\Dokumente und Einstellungen\Dr. Bernd Mller\Anwendungsdaten\Real
2006-08-25 17:46 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 13:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-26 13:27 3997696 --a------ C:\WINDOWS\system32\NkNEFPlugin.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NCLaunch"="C:\\WINDOWS\\NCLAUNCH.EXe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\""
"swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ISDN SpeedManager"="\"C:\\Programme\\T-Online\\ISDN SpeedManager\\Tomcat.exe\""
"type32"="\"C:\\Programme\\Microsoft IntelliType Pro\\type32.exe\""
"PINNACLEDRIVERCHECK"="C:\\WINDOWS\\System32\\PSDrvCheck.exe"
"NVMixerTray"="\"C:\\Programme\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"KAVPersonal50"="\"D:\\PROGRAMME\\KASPERSKY LAB\\KASPERSKY ANTI-VIRUS PERSONAL\\kav.exe\" /minimize"
"ISUSScheduler"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\issch.exe\" -start"
"ISUSPM Startup"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"IntelliPoint"="\"C:\\Programme\\Microsoft IntelliPoint\\point32.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"hp imaging helper"="C:\\WINDOWS\\system32\\hpusbscr.exe"
"ElbyCheckElbyCDFL"="\"D:\\PROGRAMME\\ELABORATE BYTES\\CLONECD\\ELBYCHECK.EXE\" /L ELBYCDFL"
"Acrobat Assistant 7.0"="\"D:\\Programme\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"Dit"="Dit.exe"
"NeroFilterCheck"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"UVS10 Preload"="d:\\Programme\\Ulead Systems\\Ulead VideoStudio 10.0\\uvPL.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"nForce Tray Options"="sstray.exe /r"
"iTunesHelper"="\"D:\\Programme\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"D:\\PROGRAMME\\QUICKTIME\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:000ff255

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-10-26 21:06:18.70
C:\ComboFix.txt ... 06-10-26 21:06
C:\ComboFix2.txt ... 06-10-25 20:47

edit \Sabina

Nr:5 hier kam ich nicht weiter! irgend etwas funktionierte nicht!
MvG

Aries
Seitenanfang Seitenende
27.10.2006, 00:19
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 wenn du smitfraudfix angewendet hast...muesste alles wieder o.k. sein;)
oder ???

««
virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten
http://www.virustotal.com/flash/index_en.html


C:\WINDOWS\system32\kbdfi132.dll
c:\01comm32\bin\01comm32.exe


poste den report
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
31.10.2006, 19:17
...neu hier

Themenstarter

Beiträge: 9
#7 Hallo Sabina, ich 3 Tage unterwegs,

ich glaube auch, dass der Rechner wieder frei von "Ungeziefer" ist .

Vielen und großen Dank

B.M. - aries-b








VirusTotal
VirusTotal is a free file analisys service that works using several antivirus engines.


Select file :

Distribute
SSL


Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.
Menu:

* News Hot news in the virus/antivirus sector.
* Estadisticas Statistics of VirusTotal procesing.
* Virustotal More info about Virustotal.

STATUS: FINISHED
Complete scanning result of "kbdfi132.dll", received in VirusTotal at 10.31.2006, 19:06:27 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.34 10.31.2006 no virus found
Authentium 4.93.8 10.31.2006 no virus found
Avast 4.7.892.0 10.31.2006 no virus found
AVG 386 10.31.2006 no virus found
BitDefender 7.2 10.31.2006 no virus found
CAT-QuickHeal 8.00 10.31.2006 no virus found
ClamAV devel-20060426 10.31.2006 no virus found
DrWeb 4.33 10.31.2006 no virus found
eTrust-InoculateIT 23.73.41 10.31.2006 no virus found
eTrust-Vet 30.3.3170 10.31.2006 no virus found
Ewido 4.0 10.31.2006 no virus found
Fortinet 2.82.0.0 10.31.2006 no virus found
F-Prot 3.16f 10.31.2006 no virus found
F-Prot4 4.2.1.29 10.31.2006 no virus found
Ikarus 0.2.65.0 10.31.2006 no virus found
Kaspersky 4.0.2.24 10.31.2006 no virus found
McAfee 4884 10.30.2006 no virus found
Microsoft 1.1609 10.31.2006 no virus found
NOD32v2 1.1845 10.31.2006 no virus found
Norman 5.80.02 10.31.2006 no virus found
Panda 9.0.0.4 10.31.2006 no virus found
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.109 10.30.2006 no virus found
UNA 1.83 10.31.2006 no virus found
VBA32 3.11.1 10.31.2006 no virus found
VirusBuster 4.3.15:9 10.31.2006 no virus found

Aditional Information
File size: 0 bytes
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Go to: Home Contactar En Español
www.virustotal.com :: ©Hispasec Sistemas 2004-06:: e-mail info@virustotal.com





VirusTotal
VirusTotal is a free file analisys service that works using several antivirus engines.


Select file :

Distribute
SSL


Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.
Menu:

* News Hot news in the virus/antivirus sector.
* Estadisticas Statistics of VirusTotal procesing.
* Virustotal More info about Virustotal.

STATUS: FINISHED
Complete scanning result of "01comm32.exe", received in VirusTotal at 10.31.2006, 19:12:20 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.34 10.31.2006 no virus found
Authentium 4.93.8 10.31.2006 no virus found
Avast 4.7.892.0 10.31.2006 no virus found
AVG 386 10.31.2006 no virus found
BitDefender 7.2 10.31.2006 no virus found
CAT-QuickHeal 8.00 10.31.2006 no virus found
ClamAV devel-20060426 10.31.2006 no virus found
DrWeb 4.33 10.31.2006 no virus found
eTrust-InoculateIT 23.73.41 10.31.2006 no virus found
eTrust-Vet 30.3.3170 10.31.2006 no virus found
Ewido 4.0 10.31.2006 no virus found
Fortinet 2.82.0.0 10.31.2006 no virus found
F-Prot 3.16f 10.31.2006 no virus found
F-Prot4 4.2.1.29 10.31.2006 no virus found
Ikarus 0.2.65.0 10.31.2006 no virus found
Kaspersky 4.0.2.24 10.31.2006 no virus found
McAfee 4884 10.30.2006 no virus found
Microsoft 1.1609 10.31.2006 no virus found
NOD32v2 1.1845 10.31.2006 no virus found
Norman 5.80.02 10.31.2006 no virus found
Panda 9.0.0.4 10.31.2006 no virus found
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.109 10.30.2006 no virus found
UNA 1.83 10.31.2006 no virus found
VBA32 3.11.1 10.31.2006 no virus found
VirusBuster 4.3.15:9 10.31.2006 no virus found

Aditional Information
File size: 0 bytes
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Go to: Home Contactar En Español
www.virustotal.com :: ©Hispasec Sistemas 2004-06:: e-mail info@virustotal.com
Seitenanfang Seitenende
01.11.2006, 00:07
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 das gefaellt mir nicht - und googeln erbringt auch nichts ;)
dazu ist es eine 0-Datei, will mal wissen, wieso das geladen wird... es sieht sehr nach einem Startseiten Trojaner aus ;)
F1 - win.ini: load=c:\01comm32\bin\01comm32.exe
O2 - BHO: (no name) - {5EFD170F-AA84-49D2-A87E-28D6B007AAC2} - C:\WINDOWS\system32\kbdfi132.dll


ich schaue mit mal das ladedatum an:

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "c:\01comm32\bin" >>files.txt
dir "C:\WINDOWS\system32\kbdfi132.dll" >>files.txt
notepad files.txt

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
01.11.2006, 22:09
...neu hier

Themenstarter

Beiträge: 9
#9 Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Dokumente und Einstellungen\Bernd Müller>cd\

C:\>dir "c:\01comm32\bin">>files.txt
Datei nicht gefunden

C:\>dir "C:\WINDOWS\system32\kbdfi132.dll">>files.txt
Datei nicht gefunden

C:\>
Ich bin über Start ,Ausführen in den Editor gegangen mit cmd, dateien hatte er nicht gefunden.
mvG
B.Müller
Seitenanfang Seitenende
01.11.2006, 22:19
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 1.
HijackThis starten, "Open the misc tools section" klicken, die beiden Kästchen "List also minor sections" und "List empty sections" markieren und dann "Generate StartupList log" klicken. - poste den report

2.
fixe falls vorhanden:
öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

F1 - win.ini: load=c:\01comm32\bin\01comm32.exe

O2 - BHO: (no name) - {5EFD170F-AA84-49D2-A87E-28D6B007AAC2} - C:\WINDOWS\system32\kbdfi132.dll
PC neustarten
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
02.11.2006, 20:29
...neu hier

Themenstarter

Beiträge: 9
#11 Hallo Sabina!
Hier der Report :

StartupList report, 02.11.2006, 20:09:48
StartupList version: 1.52.2
Started from : F:\1 Setups - Updates\craagle.exe !!!!!!!!!!\higthjackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\GEARSec.exe
D:\PROGRAMME\KERIO\Personal Firewall 4\kpf4ss.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\PROGRAMME\KERIO\Personal Firewall 4\kpf4gui.exe
C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
D:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
D:\PROGRAMME\KERIO\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\T-Online\ISDN SpeedManager\Tomcat.exe
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
D:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\Dit.exe
C:\Programme\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
D:\Programme\FRITZ!\IWatch.exe
D:\Programme\Nikon\PictureProject\NkbMonitor.exe
D:\Programme\WEBDE\SmartSurfer3.1\SmartSurfer.exe
D:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\PROGRAMME\MICROSOFT OFFICE\OFFICE11\WINWORD.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
D:\Programme\Mozilla\Firefox 1.5\firefox.exe
F:\1 Setups - Updates\craagle.exe !!!!!!!!!!\higthjackthis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Dokumente und Einstellungen\Dr. Bernd Müller\Startmenü\Programme\Autostart]
Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
SmartSurfer.lnk = D:\Programme\WEBDE\SmartSurfer3.1\SmartSurfer.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart]
ISDNWatch.lnk = D:\Programme\FRITZ!\IWatch.exe
Microsoft Office.lnk = D:\Programme\Microsoft Office\Office10\OSA.EXE
NkbMonitor.exe.lnk = D:\Programme\Nikon\PictureProject\NkbMonitor.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ISDN SpeedManager = "C:\Programme\T-Online\ISDN SpeedManager\Tomcat.exe"
type32 = "C:\Programme\Microsoft IntelliType Pro\type32.exe"
PINNACLEDRIVERCHECK = C:\WINDOWS\System32\PSDrvCheck.exe
NVMixerTray = "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
KAVPersonal50 = "D:\PROGRAMME\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\kav.exe" /minimize
ISUSScheduler = "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
ISUSPM Startup = "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup
IntelliPoint = "C:\Programme\Microsoft IntelliPoint\point32.exe"
HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
hp imaging helper = C:\WINDOWS\system32\hpusbscr.exe
ElbyCheckElbyCDFL = "D:\PROGRAMME\ELABORATE BYTES\CLONECD\ELBYCHECK.EXE" /L ELBYCDFL
Acrobat Assistant 7.0 = "D:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
Dit = Dit.exe
NeroFilterCheck = C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
SunJavaUpdateSched = "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe"
UVS10 Preload = d:\Programme\Ulead Systems\Ulead VideoStudio 10.0\uvPL.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
iTunesHelper = "D:\Programme\iTunes\iTunesHelper.exe"
QuickTime Task = "D:\PROGRAMME\QUICKTIME\qttask.exe" -atboottime

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

NCLaunch = C:\WINDOWS\NCLAUNCH.EXe
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
swg = C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=c:\01comm32\bin\01comm32.exe
run=

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registrierungs-Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - d:\Programme\Preispiraten\Preispiraten2\PPSearchURL.dll - {0B660087-931C-4056-A04F-0423890E40B6}
(no name) - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - d:\Programme\Preispiraten\Preispiraten2\IEButtonAmazonInterface.dll - {84B94901-3645-4D80-A6B7-4D0050B19455}
(no name) - c:\programme\google\googletoolbar3.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}
(no name) - d:\Programme\Preispiraten\Preispiraten2\IEButtonPPInterface.dll - {D3AA56A9-8137-4950-A6F9-D0190A82AF2A}

--------------------------------------------------

Enumerating Task Scheduler jobs:

1-Klick-Wartung.job
AppleSoftwareUpdate.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120061423441

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139682237151

[Java Plug-in 1.5.0_09]
InProcServer32 = C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

[TLIEFlashObj Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\TLFlsCtl.dll
CODEBASE = https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB

[Java Plug-in 1.5.0_07]
InProcServer32 = C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab

[Java Plug-in 1.5.0_09]
InProcServer32 = C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

[Java Plug-in 1.5.0_09]
InProcServer32 = C:\Programme\Java\jre1.5.0_09\bin\npjpi150_09.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx
CODEBASE = http://active.macromedia.com/flash4/cabs/swflash.cab

[QDiagHUpdateObj Class]
InProcServer32 = C:\WINDOWS\System32\qdiagh.ocx
CODEBASE = http://h30043.www3.hp.com/hpdj/de/check/qdiagh.cab?326

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\WINDOWS\system32\pnrpnsp.dll
NameSpace #5: C:\WINDOWS\system32\pnrpnsp.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll
Protocol #24: C:\WINDOWS\system32\mswsock.dll
Protocol #25: C:\WINDOWS\system32\mswsock.dll
Protocol #26: C:\WINDOWS\system32\mswsock.dll
Protocol #27: C:\WINDOWS\system32\mswsock.dll
Protocol #28: C:\WINDOWS\system32\mswsock.dll
Protocol #29: C:\WINDOWS\system32\mswsock.dll
Protocol #30: C:\WINDOWS\system32\mswsock.dll
Protocol #31: C:\WINDOWS\system32\mswsock.dll
Protocol #32: C:\WINDOWS\system32\mswsock.dll
Protocol #33: C:\WINDOWS\system32\mswsock.dll
Protocol #34: C:\WINDOWS\system32\mswsock.dll
Protocol #35: C:\WINDOWS\system32\mswsock.dll
Protocol #36: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

IPv6-Hilfsdienst: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microsoft ACPI-Treiber: System32\DRIVERS\ACPI.sys (system)
Adobe LM Service: "C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
Microsoft Kernel-Echounterdrückung: system32\drivers\aec.sys (manual start)
Umgebung für die AFD-Netzwerkunterstützung: \SystemRoot\System32\drivers\afd.sys (system)
Warndienst: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Gatewaydienst auf Anwendungsebene: %SystemRoot%\System32\alg.exe (manual start)
ALi PCI to USB Enhanced Host Controller: System32\Drivers\ALIEHCI.sys (autostart)
USB 2.0 Root Hub: System32\DRIVERS\AliRtHub.sys (manual start)
AMD K7-Prozessortreiber: System32\DRIVERS\amdk7.sys (system)
Anwendungsverwaltung: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394-ARP-Clientprotokoll: System32\DRIVERS\arp1394.sys (manual start)
ASP.NET-Statusdienst: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
Asynchroner RAS -Medientreiber: System32\DRIVERS\asyncmac.sys (manual start)
Standard-IDE/ESDI-Festplattencontroller: System32\DRIVERS\atapi.sys (system)
Protokoll für ATM ARP-Client: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audiostubtreiber: System32\DRIVERS\audstub.sys (manual start)
AVMCOWAN: System32\DRIVERS\AVMCOWAN.sys (manual start)
AVM NDIS WAN CAPI Treiber: System32\DRIVERS\avmwan.sys (manual start)
basic2: System32\DRIVERS\HSF_BSC2.sys (manual start)
Intelligenter Hintergrundübertragungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computerbrowser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
C-DillaCdaC11BA: C:\WINDOWS\system32\drivers\CDAC11BA.EXE (autostart)
Card Reader Filter: \??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS (manual start)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
CdaC15BA: \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS (autostart)
CD-ROM-Laufwerktreiber: System32\DRIVERS\cdrom.sys (system)
Cherry Universal Treiber: System32\DRIVERS\ChyWDMKb.sys (manual start)
Indexdienst: C:\WINDOWS\System32\cisvc.exe (manual start)
Ablagemappe: %SystemRoot%\system32\clipsrv.exe (disabled)
COM+-Systemanwendung: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Kryptografiedienste: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM-Server-Prozessstart: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
AVM FRITZ!web Routing Service: C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (manual start)
DHCP-Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Laufwerktreiber: System32\DRIVERS\disk.sys (system)
Verwaltungsdienst für die Verwaltung logischer Datenträger: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Verwaltung logischer Datenträger: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel-DLS-Synthesizer: system32\drivers\DMusic.sys (manual start)
DNS-Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel-DRM-Audioentschlüsselung: system32\drivers\drmkaud.sys (manual start)
ElbyCDFL: System32\Drivers\ElbyCDFL.sys (manual start)
ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (autostart)
Fehlerberichterstattungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Ereignisprotokoll: %SystemRoot%\system32\services.exe (autostart)
COM+-Ereignissystem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fallback: System32\DRIVERS\HSF_FALL.sys (autostart)
Kompatibilität für schnelle Benutzerumschaltung: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Diskettencontrollertreiber: System32\DRIVERS\fdc.sys (manual start)
Diskettenlaufwerktreiber: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
FRITZ!Card PCI: System32\DRIVERS\fpcibase.sys (manual start)
Fsks: System32\DRIVERS\HSF_FSKS.sys (autostart)
Treiber für Volume-Manager: System32\DRIVERS\ftdisk.sys (system)
Firewall Driver: \SystemRoot\system32\drivers\fwdrv.sys (system)
Teledat USB 2 a/b (WinXP/2000): System32\DRIVERS\fxusbase.sys (manual start)
Gameport-Enumerator: System32\DRIVERS\gameenum.sys (manual start)
GearAspiWDM: SYSTEM32\DRIVERS\GEARAspiWDM.sys (system)
GEARSecurity: %SystemRoot%\System32\GEARSec.exe (autostart)
Standardpaketklassifizierung: System32\DRIVERS\msgpc.sys (manual start)
Hauppauge WinTV PVR PCI II (Encoder/Decoder): system32\DRIVERS\hcwPVRP2.sys (manual start)
Hilfe und Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class-Treiber: System32\DRIVERS\hidusb.sys (manual start)
Hewlett-Packard USB Filter Class: System32\DRIVERS\hpusbfd.sys (manual start)
HSFHWBS2: System32\DRIVERS\HSFBS2S2.sys (manual start)
HSF_DP: System32\DRIVERS\HSFDPSP2.sys (manual start)
hsf_msft: System32\DRIVERS\HSF_MSFT.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP-SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042-Tastatur- und PS/2-Mausanschluss-Treiber: System32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
ids0004C: \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Anti-Virus Personal\5.0\bases\ids0004C.sys (manual start)
Filtertreiber für CD-Brennen: System32\DRIVERS\imapi.sys (system)
IMAPI-CD-Brenn-COM-Dienste: C:\WINDOWS\System32\imapi.exe (manual start)
IPv6-Windows-Firewalltreiber: system32\drivers\ip6fw.sys (manual start)
Microsoft IntelliPoint Features driver: System32\DRIVERS\IPFilter.sys (manual start)
Filtertreiber für IP-Verkehr: System32\DRIVERS\ipfltdrv.sys (manual start)
IP/IP-Tunneltreiber: System32\DRIVERS\ipinip.sys (manual start)
Übersetzer für IP-Netzwerkadressen: System32\DRIVERS\ipnat.sys (manual start)
iPod Service: "C:\Programme\iPod\bin\iPodService.exe" (manual start)
RIP-Überwachung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
IPSEC-Treiber: System32\DRIVERS\ipsec.sys (system)
IR-Enumeratordienst: System32\DRIVERS\irenum.sys (manual start)
PnP-ISA/EISA-Bus-Treiber: System32\DRIVERS\isapnp.sys (system)
K56: System32\DRIVERS\HSF_K56K.sys (autostart)
kavsvc: "D:\PROGRAMME\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAVSVC.EXE" (autostart)
Tastaturklassentreiber: System32\DRIVERS\kbdclass.sys (system)
Tastatur-HID-Treiber: System32\DRIVERS\kbdhid.sys (system)
Kerio HIPS Driver: \SystemRoot\system32\drivers\khips.sys (system)
Kl1: System32\drivers\kl1.sys (system)
Klif: System32\drivers\klif.sys (system)
Klmc: System32\drivers\klmc.sys (system)
Microsoft Kernel-Waveaudiomixer: system32\drivers\kmixer.sys (manual start)
Kerio Personal Firewall 4: "D:\PROGRAMME\KERIO\Personal Firewall 4\kpf4ss.exe" (autostart)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Arbeitsstationsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP-NetBIOS-Hilfsprogramm: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Machine Debug Manager: "C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
mdmxsdk: System32\DRIVERS\mdmxsdk.sys (autostart)
Nachrichtendienst: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting-Remotedesktop-Freigabe: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Unimodem-Datenstromfiltergerät: system32\drivers\MODEMCSA.sys (manual start)
Mausklassentreiber: System32\DRIVERS\mouclass.sys (system)
Redirector für WebDav-Client: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Proxy für Streaming Clock: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Proxy für Streaming Quality Manager: system32\drivers\MSPQM.sys (manual start)
Microsoft-Systemverwaltungs-BIOS-Treiber: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink-Konvertierung: system32\drivers\MSTEE.sys (manual start)
Microsoft MPU-401 MIDI UART-Treiber: system32\drivers\msmpu401.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)
RAS-NDIS-TAPI-Treiber: System32\DRIVERS\ndistapi.sys (manual start)
NDIS-Benutzermodus-E/A-Protokoll: System32\DRIVERS\ndisuio.sys (manual start)
RAS-NDIS-WAN-Treiber: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS-Schnittstelle: System32\DRIVERS\netbios.sys (system)
NetBios über TCP/IP: System32\DRIVERS\netbt.sys (system)
Netzwerk-DDE-Dienst: %SystemRoot%\system32\netdde.exe (disabled)
Netzwerk-DDE-Serverdienst: %SystemRoot%\system32\netdde.exe (disabled)
AVM FRITZ!web PPP over ISDN: System32\DRIVERS\NETFRITZ.SYS (manual start)
Anmeldedienst: %SystemRoot%\System32\lsass.exe (manual start)
Netzwerkverbindungen: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
PPP over ISDN: System32\DRIVERS\NETPPPOI.SYS (manual start)
1394-Netzwerktreiber: System32\DRIVERS\nic1394.sys (manual start)
NLA (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Norton Unerase Protection Driver: \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS (manual start)
Norton Unerase Protection: C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (autostart)
NT-LM-Sicherheitsdienst: %SystemRoot%\System32\lsass.exe (manual start)
Wechselmedien: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
Service for NVIDIA(R) nForce(TM) Audio Enumerator: system32\drivers\nvax.sys (manual start)
NVIDIA nForce MCP Networking Controller Driver: system32\DRIVERS\NVENET.sys (manual start)
Service for NVIDIA(R) nForce(TM) MIDI UART: system32\drivers\nvmpu401.sys (manual start)
Service for NVIDIA(R) nForce(TM) Audio: system32\drivers\nvapu.sys (manual start)
NVIDIA Driver Helper Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
NVIDIA nForce AGP Bus Filter: System32\DRIVERS\nv_agp.sys (system)
Filtertreiber für IPX-Verkehr: System32\DRIVERS\nwlnkflt.sys (manual start)
Treiber für IPX-Verkehrsweiterleitung: System32\DRIVERS\nwlnkfwd.sys (manual start)
VIA OHCI-konformer IEEE 1394-Hostcontroller: System32\DRIVERS\ohci1394.sys (system)
Office Source Engine: "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Peernetzwerk-Gruppenauthentifizierung: %SystemRoot%\System32\svchost.exe -k p2psvc (manual start)
Peernetzwerkidentitäts-Manager: %SystemRoot%\System32\svchost.exe -k p2psvc (manual start)
Peernetzwerk: %SystemRoot%\System32\svchost.exe -k p2psvc (manual start)
Treiber für parallelen Anschluss: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
Plug & Play: %SystemRoot%\system32\services.exe (autostart)
Peer Name Resolution-Protokoll: %SystemRoot%\System32\svchost.exe -k p2psvc (manual start)
Microsoft IntelliPoint Filter Driver: System32\DRIVERS\point32.sys (manual start)
IPSEC-Dienste: %SystemRoot%\System32\lsass.exe (autostart)
WAN-Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Prozessortreiber: System32\DRIVERS\processr.sys (system)
Geschützter Speicher: %SystemRoot%\system32\lsass.exe (autostart)
QoS-Paketplaner: System32\DRIVERS\psched.sys (manual start)
Treiber für direkte Parallelverbindung: System32\DRIVERS\ptilink.sys (manual start)
Treiber für automatische RAS-Verbindung: System32\DRIVERS\rasacd.sys (system)
Verwaltung für automatische RAS-Verbindung: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN-Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
RAS-Verbindungsverwaltung: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remotezugriff-PPPOE-Treiber: System32\DRIVERS\raspppoe.sys (manual start)
Parallelanschluss (direkt): System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Sitzungs-Manager für Remotedesktophilfe: C:\WINDOWS\system32\sessmgr.exe (manual start)
Filtertreiber für digitale CD-Audiowiedergabe: System32\DRIVERS\redbook.sys (system)
Routing und RAS: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Rksample: System32\DRIVERS\HSF_SAMP.sys (manual start)
Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (autostart)
RPC-Locator: %SystemRoot%\System32\locator.exe (manual start)
Remoteprozeduraufruf (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS-RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernetadapter: System32\DRIVERS\RTL8139.SYS (manual start)
Sicherheitskontenverwaltung: %SystemRoot%\system32\lsass.exe (autostart)
Bustreiber für SBP2-Transport/Protokoll: system32\DRIVERS\sbp2port.sys (system)
Smartcard: %SystemRoot%\System32\SCardSvr.exe (manual start)
Taskplaner: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Sekundäre Anmeldung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Systemereignisbenachrichtigung: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum-Filtertreiber: System32\DRIVERS\serenum.sys (manual start)
Treiber für seriellen Anschluss: System32\DRIVERS\serial.sys (system)
Windows-Firewall/Gemeinsame Nutzung der Internetverbindung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shellhardwareerkennung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Einfache TCP/IP-Dienste: %SystemRoot%\System32\tcpsvcs.exe (autostart)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
SNMP-Dienst: %SystemRoot%\System32\snmp.exe (autostart)
SNMP-Trap-Dienst: %SystemRoot%\System32\snmptrap.exe (manual start)
SoftFax: System32\DRIVERS\HSF_FAXX.sys (autostart)
Speed Disk service: C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe (autostart)
Microsoft Kernel-Audiosplitter: system32\drivers\splitter.sys (manual start)
Druckwarteschlange: %SystemRoot%\system32\spoolsv.exe (autostart)
Filtertreiber für Systemwiederherstellung: System32\DRIVERS\sr.sys (system)
Systemwiederherstellungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP-Suchdienst: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows-Bilderfassung (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
Software-Bus-Treiber: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetablesynthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{C393E3EA-0280-4FFD-AAAE-944FF29CC4A4} (manual start)
SymEvent: \??\C:\Programme\Symantec\SYMEVENT.SYS (manual start)
Microsoft Kernel-Systemaudiogerät: system32\drivers\sysaudio.sys (manual start)
Leistungsdatenprotokolle und Warnungen: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telefonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP-Protokolltreiber: System32\DRIVERS\tcpip.sys (system)
Microsoft IPv6-Protokolltreiber: system32\DRIVERS\tcpip6.sys (system)
Terminal-Gerätetreiber: System32\DRIVERS\termdd.sys (system)
Terminaldienste: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Designs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
T-Online DynamicISDN (WDM): system32\DRIVERS\WTOMCAT.SYS (manual start)
Tones: System32\DRIVERS\HSF_TONE.sys (autostart)
Überwachung verteilter Verknüpfungen (Client): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microsoft Tun-Miniportadaptertreiber: system32\DRIVERS\tunmp.sys (manual start)
Ulead Burning Helper: C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Updatetreiber: System32\DRIVERS\update.sys (manual start)
Universeller Plug & Play-Gerätehost: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Unterbrechungsfreie Stromversorgung: %SystemRoot%\System32\ups.exe (manual start)
Microsoft Standard-USB-Haupttreiber: System32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB Root Hub (usbport): System32\DRIVERS\usbhub.sys (manual start)
Miniporttreiber für Microsoft USB Open Host-Controller: System32\DRIVERS\usbohci.sys (manual start)
Microsoft USB-Druckerklasse: System32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
USB-Massenspeichertreiber: system32\DRIVERS\USBSTOR.SYS (manual start)
Miniporttreiber für universellen Microsoft USB-Hostcontroller: system32\DRIVERS\usbuhci.sys (manual start)
TuneUp Designerweiterung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
V124: System32\DRIVERS\HSF_V124.sys (autostart)
V2i Protector: D:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe (autostart)
VGA-Anzeigecontroller.: \SystemRoot\System32\drivers\vga.sys (system)
vsdatant: System32\vsdatant.sys (manual start)
Volumeschattenkopie: %SystemRoot%\System32\vssvc.exe (manual start)
Windows-Zeitgeber: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
RAS-IP-ARP-Treiber: System32\DRIVERS\wanarp.sys (manual start)
WAN Network Driver: System32\DRIVERS\wandrv.sys (manual start)
Treiber für Microsoft WINMM-WDM-Audiokompatibilität: system32\drivers\wdmaud.sys (manual start)
Webclient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
winachsf: System32\DRIVERS\HSFCXTS2.sys (manual start)
Windows-Verwaltungsinstrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Media Connect (WMC): c:\programme\windows media connect\mswmccds.exe (manual start)
Windows Media Connect-Hilfsprogramm: C:\Programme\Windows Media Connect\mswmcls.exe (manual start)
WMDM PMSP Service: C:\WINDOWS\System32\MsPMSPSv.exe (autostart)
Dienst für Seriennummern der tragbaren Medien: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI-Leistungsadapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung: \SystemRoot\System32\drivers\ws2ifsl.sys (system)
Sicherheitscenter: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Automatische Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Konfigurationsfreie drahtlose Verbindung: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Netzwerkversorgungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk /p \??\I:

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 42.917 bytes
Report generated in 0,550 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only



StartupList report, 02.11.2006, 20:09:48
StartupList version: 1.52.2
Started from : F:\1 Setups - Updates\craagle.exe !!!!!!!!!!\higthjackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\GEARSec.exe
D:\PROGRAMME\KERIO\Personal Firewall 4\kpf4ss.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\PROGRAMME\KERIO\Personal Firewall 4\kpf4gui.exe
C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe
D:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
D:\PROGRAMME\KERIO\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\T-Online\ISDN SpeedManager\Tomcat.exe
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
D:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\Dit.exe
C:\Programme\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
D:\Programme\FRITZ!\IWatch.exe
D:\Programme\Nikon\PictureProject\NkbMonitor.exe
D:\Programme\WEBDE\SmartSurfer3.1\SmartSurfer.exe
D:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\PROGRAMME\MICROSOFT OFFICE\OFFICE11\WINWORD.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
D:\Programme\Mozilla\Firefox 1.5\firefox.exe
F:\1 Setups - Updates\craagle.exe !!!!!!!!!!\higthjackthis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Dokumente und Einstellungen\Dr. Bernd Müller\Startmenü\Programme\Autostart]
Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
SmartSurfer.lnk = D:\Programme\WEBDE\SmartSurfer3.1\SmartSurfer.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart]
ISDNWatch.lnk = D:\Programme\FRITZ!\IWatch.exe
Microsoft Office.lnk = D:\Programme\Microsoft Office\Office10\OSA.EXE
NkbMonitor.exe.lnk = D:\Programme\Nikon\PictureProject\NkbMonitor.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ISDN SpeedManager = "C:\Programme\T-Online\ISDN SpeedManager\Tomcat.exe"
type32 = "C:\Programme\Microsoft IntelliType Pro\type32.exe"
PINNACLEDRIVERCHECK = C:\WINDOWS\System32\PSDrvCheck.exe
NVMixerTray = "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
KAVPersonal50 = "D:\PROGRAMME\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\kav.exe" /minimize
ISUSScheduler = "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
ISUSPM Startup = "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup
IntelliPoint = "C:\Programme\Microsoft IntelliPoint\point32.exe"
HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
hp imaging helper = C:\WINDOWS\system32\hpusbscr.exe
ElbyCheckElbyCDFL = "D:\PROGRAMME\ELABORATE BYTES\CLONECD\ELBYCHECK.EXE" /L ELBYCDFL
Acrobat Assistant 7.0 = "D:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
Dit = Dit.exe
NeroFilterCheck = C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
SunJavaUpdateSched = "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe"
UVS10 Preload = d:\Programme\Ulead Systems\Ulead VideoStudio 10.0\uvPL.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
iTunesHelper = "D:\Programme\iTunes\iTunesHelper.exe"
QuickTime Task = "D:\PROGRAMME\QUICKTIME\qttask.exe" -atboottime

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

NCLaunch = C:\WINDOWS\NCLAUNCH.EXe
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
swg = C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=c:\01comm32\bin\01comm32.exe
run=

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registrierungs-Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - d:\Programme\Preispiraten\Preispiraten2\PPSearchURL.dll - {0B660087-931C-4056-A04F-0423890E40B6}
(no name) - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - d:\Programme\Preispiraten\Preispiraten2\IEButtonAmazonInterface.dll - {84B94901-3645-4D80-A6B7-4D0050B19455}
(no name) - c:\programme\google\googletoolbar3.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}
(no name) - d:\Programme\Preispiraten\Preispiraten2\IEButtonPPInterface.dll - {D3AA56A9-8137-4950-A6F9-D0190A82AF2A}

--------------------------------------------------

Enumerating Task Scheduler jobs:

1-Klick-Wartung.job
AppleSoftwareUpdate.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120061423441

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139682237151

[Java Plug-in 1.5.0_09]
InProcServer32 = C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

[TLIEFlashObj Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\TLFlsCtl.dll
CODEBASE = https://rtc1.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB

[Java Plug-in 1.5.0_07]
InProcServer32 = C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab

[Java Plug-in 1.5.0_09]
InProcServer32 = C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

[Java Plug-in 1.5.0_09]
InProcServer32 = C:\Programme\Java\jre1.5.0_09\bin\npjpi150_09.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx
CODEBASE = http://active.macromedia.com/flash4/cabs/swflash.cab

[QDiagHUpdateObj Class]
InProcServer32 = C:\WINDOWS\System32\qdiagh.ocx
CODEBASE = http://h30043.www3.hp.com/hpdj/de/check/qdiagh.cab?326

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\WINDOWS\system32\pnrpnsp.dll
NameSpace #5: C:\WINDOWS\system32\pnrpnsp.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll
Protocol #24: C:\WINDOWS\system32\mswsock.dll
Protocol #25: C:\WINDOWS\system32\mswsock.dll
Protocol #26: C:\WINDOWS\system32\mswsock.dll
Protocol #27: C:\WINDOWS\system32\mswsock.dll
Protocol #28: C:\WINDOWS\system32\mswsock.dll
Protocol #29: C:\WINDOWS\system32\mswsock.dll
Protocol #30: C:\WINDOWS\system32\mswsock.dll
Protocol #31: C:\WINDOWS\system32\mswsock.dll
Protocol #32: C:\WINDOWS\system32\mswsock.dll
Protocol #33: C:\WINDOWS\system32\mswsock.dll
Protocol #34: C:\WINDOWS\system32\mswsock.dll
Protocol #35: C:\WINDOWS\system32\mswsock.dll
Protocol #36: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

IPv6-Hilfsdienst: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microsoft ACPI-Treiber: System32\DRIVERS\ACPI.sys (system)
Adobe LM Service: "C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
Microsoft Kernel-Echounterdrückung: system32\drivers\aec.sys (manual start)
Umgebung für die AFD-Netzwerkunterstützung: \SystemRoot\System32\drivers\afd.sys (system)
Warndienst: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Gatewaydienst auf Anwendungsebene: %SystemRoot%\System32\alg.exe (manual start)
ALi PCI to USB Enhanced Host Controller: System32\Drivers\ALIEHCI.sys (autostart)
USB 2.0 Root Hub: System32\DRIVERS\AliRtHub.sys (manual start)
AMD K7-Prozessortreiber: System32\DRIVERS\amdk7.sys (system)
Anwendungsverwaltung: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394-ARP-Clientprotokoll: System32\DRIVERS\arp1394.sys (manual start)
ASP.NET-Statusdienst: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
Asynchroner RAS -Medientreiber: System32\DRIVERS\asyncmac.sys (manual start)
Standard-IDE/ESDI-Festplattencontroller: System32\DRIVERS\atapi.sys (system)
Protokoll für ATM ARP-Client: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audiostubtreiber: System32\DRIVERS\audstub.sys (manual start)
AVMCOWAN: System32\DRIVERS\AVMCOWAN.sys (manual start)
AVM NDIS WAN CAPI Treiber: System32\DRIVERS\avmwan.sys (manual start)
basic2: System32\DRIVERS\HSF_BSC2.sys (manual start)
Intelligenter Hintergrundübertragungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computerbrowser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
C-DillaCdaC11BA: C:\WINDOWS\system32\drivers\CDAC11BA.EXE (autostart)
Card Reader Filter: \??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS (manual start)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
CdaC15BA: \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS (autostart)
CD-ROM-Laufwerktreiber: System32\DRIVERS\cdrom.sys (system)
Cherry Universal Treiber: System32\DRIVERS\ChyWDMKb.sys (manual start)
Indexdienst: C:\WINDOWS\System32\cisvc.exe (manual start)
Ablagemappe: %SystemRoot%\system32\clipsrv.exe (disabled)
COM+-Systemanwendung: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Kryptografiedienste: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM-Server-Prozessstart: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
AVM FRITZ!web Routing Service: C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe (manual start)
DHCP-Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Laufwerktreiber: System32\DRIVERS\disk.sys (system)
Verwaltungsdienst für die Verwaltung logischer Datenträger: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Verwaltung logischer Datenträger: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel-DLS-Synthesizer: system32\drivers\DMusic.sys (manual start)
DNS-Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel-DRM-Audioentschlüsselung: system32\drivers\drmkaud.sys (manual start)
ElbyCDFL: System32\Drivers\ElbyCDFL.sys (manual start)
ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (autostart)
Fehlerberichterstattungsdienst: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Ereignisprotokoll: %SystemRoot%\system32\services.exe (autostart)
COM+-Ereignissystem: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fallback: System32\DRIVERS\HSF_FALL.sy
Seitenanfang Seitenende
03.11.2006, 00:25
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 es scheint alles wieder o.k. zu sein, falls du die kbdfi132.dll noch findest, loesche die dll, es sieht /sah nach Startseitentrojaner aus.

««
Registry Search Tool
http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip
eventuelle Meldung vom Virenscanner --- > warnmeldung:bösartiges skript entdeckt --> ignorieren

Doppelklick:regsrch.vbs
reinkopieren:

{5EFD170F-AA84-49D2-A87E-28D6B007AAC2}


Press 'OK'

warten, bis die Suche beendet ist. (Ergebnis bitte posten)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
05.11.2006, 21:07
...neu hier

Themenstarter

Beiträge: 9
#13 Hallo Sabina, nochmals Danke für die ausdauernde Hilfe deinerseits

B.Müller


REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "{5EFD170F-AA84-49D2-A87E-28D6B007AAC2}" 05.11.2006 20:57:08

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_USERS\S-1-5-21-905303659-784950871-2387590086-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EFD170F-AA84-49D2-A87E-28D6B007AAC2}]

[HKEY_USERS\S-1-5-21-905303659-784950871-2387590086-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5EFD170F-AA84-49D2-A87E-28D6B007AAC2}\iexplore]
Seitenanfang Seitenende
05.11.2006, 21:52
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#14 gehe in die registry
Start - Ausfuehren - regedit

[HKEY_USERS\S-1-5-21-905303659-784950871-2387590086-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
{5EFD170F-AA84-49D2-A87E-28D6B007AAC2} - loeschen

PC neustarten
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
08.11.2006, 21:49
...neu hier

Themenstarter

Beiträge: 9
#15 Hallo Sabina, habe den Eintrag gelöscht.

MvG

und danke ! aries
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: