Prozess pmsngr.exe wird von spybot beendet + critical system errorThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
26.10.2006, 10:57
...neu hier
Beiträge: 3 |
||
|
||
26.10.2006, 12:35
Ehrenmitglied
Beiträge: 29434 |
#2
1.
gehe in die Registry Start - Ausführen - regedit [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists" - loeschen [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "contrabandists"="{dfa61db1-388e-4c87-8d56-540fa229bcb4}" -> loeschen 2. Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat Registry values to delete:poste das log vom avenger, was nach neustart erscheint «« scanne mit smitfraudfix - option 1 und 2 http://virus-protect.org/artikel/tools/smitfrautfix.html ----------- http://virus-protect.org/artikel/spyware/videocompressioncodec.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.10.2006, 14:36
...neu hier
Themenstarter Beiträge: 3 |
#3
So habe jetzt die 2 genannten Dateiein gelöscht.Avenger auch ausgeführt und die Befehle reinkopiert.Dann smitfraudfix option 1 und 2 ausgeführt.
Hier nun die logs: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\wjccrbkf ******************* Script file located at: \??\C:\WINDOWS\system32\bgplbpfh.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\dpfwu.dll not found! Deletion of file C:\WINDOWS\system32\dpfwu.dll failed! Could not process line: C:\WINDOWS\system32\dpfwu.dll Status: 0xc0000034 Folder C:\Programme\VideoCompressionCodec deleted successfully. Folder C:\Programme\VirusBurster not found! Deletion of folder C:\Programme\VirusBurster failed! Could not process line: C:\Programme\VirusBurster Status: 0xc0000034 Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|VirusBurster deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} not found! Deletion of registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d869742a-e5d2-4624-96c7-aae26170665e} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8aed5df3-6e0b-4930-b1a5-f8aa8d757497} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8aed5df3-6e0b-4930-b1a5-f8aa8d757497} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44d22a64-2399-4edf-8b32-f2c729c1e8a7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d869742a-e5d2-4624-96c7-aae26170665e} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VideoCompressionCodec deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 deleted successfully. Completed script processing. ******************* Finished! Terminate. SmitFraudFix v2.113 Scan done at 14:04:29,30, 26.10.2006 Run from C:\Dokumente und Einstellungen\Tom\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Tom »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Tom\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu C:\DOKUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND ! C:\DOKUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\Tom\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop C:\DOKUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND ! C:\DOKUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Programme »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End SmitFraudFix v2.113 Scan done at 14:28:04,19, 26.10.2006 Run from C:\Dokumente und Einstellungen\Tom\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\DOKUME~1\ALLUSE~1\Desktop\Online Security Guide.url Deleted C:\DOKUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url Deleted C:\DOKUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted C:\DOKUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End |
|
|
||
26.10.2006, 14:42
Ehrenmitglied
Beiträge: 29434 |
#4
loesche das backup vom avenger unter C:\Avenger\backup.zip
dann solltest du die systemwiederherstellung deaktivieren (dann wieder aktivieren) und ich denke, dass dann wieder alles o.k. sein sollte __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
26.10.2006, 14:54
...neu hier
Themenstarter Beiträge: 3 |
#5
Ok vielen Dank für die schnelle Hilfe!!!!
|
|
|
||
Logfile of HijackThis v1.99.1
Scan saved at 10:15:14, on 26.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0007)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programme\Lexmark X6100 Series\lxbfbmgr.exe
C:\WINDOWS\Dit.exe
C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE\Monitor.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Lexmark X6100 Series\lxbfbmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\VideoCompressionCodec\pmmon.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\ArcorOnline\Arcor.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\macromed\flash\GetFlash.exe
C:\DOKUME~1\Tom\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe
C:\Programme\VideoCompressionCodec\pmsngr.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Programme\VideoCompressionCodec\isaddon.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Protection Bar - {44d22a64-2399-4edf-8b32-f2c729c1e8a7} - C:\Programme\VideoCompressionCodec\iesplugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Programme\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Programme\Ulead Systems\Ulead Photo Explorer 8.0 SE\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [VirusBurster] C:\Programme\VirusBurster\virusburster.exe /h
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.freenet.de
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CC14A02-9F5E-4BF0-8AC6-BF79DEA5D25B}: NameServer = 192.168.121.252,192.168.121.253
O17 - HKLM\System\CCS\Services\Tcpip\..\{46AB6F40-68D3-4EE4-A452-A011F5B16B31}: NameServer = 195.50.140.114 195.50.140.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CC14A02-9F5E-4BF0-8AC6-BF79DEA5D25B}: NameServer = 192.168.121.252,192.168.121.253
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CC14A02-9F5E-4BF0-8AC6-BF79DEA5D25B}: NameServer = 192.168.121.252,192.168.121.253
O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - C:\WINDOWS\system32\dpfwu.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Tom - 06-10-26 10:37:49,78 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Dokumente und Einstellungen\Tom\Desktop"
((((((((((((((((((((((((((((((( Files Created from 2006-09-26 to 2006-10-26 ))))))))))))))))))))))))))))))))))
2006-10-17 22:34 57,384 --a------ C:\WINDOWS\system32\avsda.dll
2006-10-17 22:34 32,768 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2006-10-17 22:34 14,848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-26 10:33 17408 --a------ C:\WINDOWS\system32\drivers\USBCRFT.SYS
2006-10-26 10:24 -------- d-------- C:\Programme\CleanUp!
2006-10-18 20:37 -------- d-------- C:\Programme\VideoCompressionCodec
2006-10-18 01:03 -------- d-------- C:\Programme\Lavasoft
2006-10-18 01:03 -------- d-------- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Lavasoft
2006-10-17 22:34 -------- d-------- C:\Programme\AntiVir PersonalEdition Classic
2006-10-17 20:16 -------- d-------- C:\Programme\Windows Media Player
2006-10-12 16:41 -------- d-------- C:\Programme\ElsterFormular2005
2006-10-12 15:35 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-10-09 03:27 -------- d-------- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Apple Computer
2006-09-29 21:59 -------- d-------- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Teledat
2006-09-24 14:58 -------- d-------- C:\Programme\Internet Explorer
2006-09-24 14:53 -------- d-------- C:\Programme\Messenger
2006-09-24 14:52 -------- d-------- C:\Programme\Outlook Express
2006-09-24 14:43 -------- d-------- C:\Programme\iTunes
2006-09-24 14:42 -------- d-------- C:\Programme\iPod
2006-09-24 14:37 -------- d-------- C:\Programme\QuickTime
2006-09-24 14:27 -------- d-------- C:\Programme\Apple Software Update
2006-09-24 14:26 -------- d---s---- C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\Microsoft
2006-09-24 12:52 -------- d-------- C:\Programme\Movie Maker
2006-09-24 12:49 -------- d-------- C:\Programme\NetMeeting
2006-09-24 12:48 -------- d-------- C:\Programme\Windows NT
2006-09-24 12:21 -------- d-------- C:\Programme\Symantec
2006-09-24 12:11 -------- d-------- C:\Programme\Norton AntiVirus
2006-09-19 21:53 -------- d-------- C:\Programme\ArcorOnline
2006-09-13 07:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-31 22:56 88162 --a------ C:\Dokumente und Einstellungen\Tom\Anwendungsdaten\iwatch.txt
2006-08-31 21:08 -------- d-------- C:\Programme\Lexmark X6100 Series
2006-08-28 10:23 5906432 --------- C:\WINDOWS\system32\ieframe.dll
2006-08-28 10:23 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-08-28 10:23 457728 --------- C:\WINDOWS\system32\msfeeds.dll
2006-08-28 10:23 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-08-28 10:23 225792 --a------ C:\WINDOWS\system32\webcheck.dll
2006-08-28 10:23 175616 --------- C:\WINDOWS\system32\ieui.dll
2006-08-28 10:23 152064 --a------ C:\WINDOWS\system32\msls31.dll
2006-08-28 10:09 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-08-28 10:09 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-08-28 10:08 40448 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-08-28 10:08 105472 --a------ C:\WINDOWS\system32\url.dll
2006-08-28 10:08 100352 --a------ C:\WINDOWS\system32\occache.dll
2006-08-28 10:05 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-08-28 10:05 378368 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-08-28 10:05 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-08-28 10:05 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-08-28 10:04 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-08-28 10:04 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-08-28 10:04 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-08-28 10:04 122880 --a------ C:\WINDOWS\system32\advpack.dll
2006-08-28 10:04 11776 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-08-28 10:02 61440 --------- C:\WINDOWS\system32\icardie.dll
2006-08-28 10:02 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-08-28 10:01 35328 --a------ C:\WINDOWS\system32\imgutil.dll
2006-08-28 10:01 262656 --------- C:\WINDOWS\system32\iertutil.dll
2006-08-28 09:59 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-08-28 09:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-08-28 09:25 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-08-28 09:22 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-08-25 17:46 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 13:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"BluetoothAuthenticationAgent"="rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent"
"LXSUPMON"="C:\\WINDOWS\\System32\\LXSUPMON.EXE RUN"
"AdaptecDirectCD"="\"C:\\Programme\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"Lexmark X6100 Series"="\"C:\\Programme\\Lexmark X6100 Series\\lxbfbmgr.exe\""
"Dit"="Dit.exe"
"Ulead AutoDetector"="C:\\Programme\\Ulead Systems\\Ulead Photo Explorer 8.0 SE\\Monitor.exe"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"VirusBurster"="C:\\Programme\\VirusBurster\\virusburster.exe /h"
"Zone Labs Client"="\"C:\\Programme\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"
"{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamonitor.exe"="C:\\Programme\\VideoCompressionCodec\\isamonitor.exe"
"pmsngr.exe"="C:\\Programme\\VideoCompressionCodec\\pmsngr.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
"contrabandists"="{dfa61db1-388e-4c87-8d56-540fa229bcb4}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Completion time: 06-10-26 10:39:20.44
C:\ComboFix.txt ... 06-10-26 10:39
Verzeichnis von C:\WINDOWS\system32
26.10.2006 10:33 1.158 wpa.dbl
17.10.2006 20:17 16.832 amcompat.tlb
17.10.2006 20:17 23.392 nscompat.tlb
04.10.2006 22:03 9.639.336 MRT.exe
24.09.2006 15:01 311.740 perfh009.dat
24.09.2006 15:01 40.128 perfc009.dat
24.09.2006 15:01 48.354 perfc007.dat
24.09.2006 15:01 316.924 perfh007.dat
24.09.2006 15:01 723.568 PerfStringBackup.INI
24.09.2006 14:15 251 spupdwxp.log
24.09.2006 14:13 175.464 FNTCACHE.DAT
24.09.2006 11:48 4.212 zllictbl.dat
13.09.2006 07:02 1.084.416 msxml3.dll
07.09.2006 12:54 57.384 avsda.dll
04.09.2006 08:12 1.494.016 shdocvw.dll
Systemtemp
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2481-EFEE
Verzeichnis von C:\DOKUME~1\Tom\LOKALE~1\Temp
26.10.2006 10:33 16.384 ~DF6CE8.tmp
1 Datei(en) 16.384 Bytes
0 Verzeichnis(se), 23.957.151.744 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2481-EFEE
Verzeichnis von C:\WINDOWS
26.10.2006 09:41 1.174.529 WindowsUpdate.log
26.10.2006 09:38 0 0.log
26.10.2006 09:38 157 wiadebug.log
26.10.2006 09:38 50 wiaservc.log
26.10.2006 09:37 2.048 bootstat.dat
26.10.2006 09:36 32.612 SchedLgU.Txt
17.10.2006 21:26 54.156 QTFont.qfn
17.10.2006 21:05 36.740 spupdsvc.log
17.10.2006 20:20 41.598 wmsetup.log
17.10.2006 20:18 144.709 iis6.log
17.10.2006 20:18 219.085 comsetup.log
17.10.2006 20:18 132.501 ntdtcsetup.log
17.10.2006 20:18 26.063 ocmsn.log
17.10.2006 20:18 1.393 imsins.log
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2481-EFEE
Verzeichnis von C:\WINDOWS\Temp
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2481-EFEE
Verzeichnis von C:\WINDOWS\Downloaded Program Files
27.07.2006 13:52 367 LegitCheckControl.inf
08.12.2003 13:58 3.759 swflash.inf
29.08.2003 16:55 2.136 WMAVAX.inf
30.06.2003 22:41 1.689 WMV9VCM.inf
07.11.2002 08:42 65 desktop.ini
27.10.2002 19:32 3.036 wmv9dmo.inf
25.09.2002 15:41 901 iuctl.inf
20.01.2000 15:25 1.162 Microsoft XML Parser for Java.osd
14.10.1997 19:52 697 DirectAnimation Java Classes.osd
9 Datei(en) 13.812 Bytes
0 Verzeichnis(se), 23.957.123.072 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2481-EFEE
Verzeichnis von C:\
26.10.2006 11:02 0 sys.txt
26.10.2006 11:01 738 down.txt
26.10.2006 11:00 117 tmp.txt
26.10.2006 10:59 11.179 system.txt
26.10.2006 10:56 290 systemtemp.txt
26.10.2006 10:44 99.030 system32.txt
26.10.2006 10:39 9.964 ComboFix.txt
26.10.2006 09:37 234.409.984 hiberfil.sys
26.10.2006 09:37 352.321.536 pagefile.sys
29.09.2006 22:16 46.234 devicetable.log
24.09.2006 12:56 211 boot.ini
24.09.2006 12:45 47.564 NTDETECT.COM
24.09.2006 12:45 251.184 ntldr
31.08.2006 21:06 195 jetscan.log
08.12.2005 02:42 25 log.txt
18.01.2004 20:23 1.119 INSTALL.LOG
02.01.2003 11:28 6.089 REPORT.LOG
02.01.2003 11:28 33.647 report.txt
07.11.2002 11:58 184 Setup.log
07.11.2002 08:44 0 IO.SYS
07.11.2002 08:44 0 CONFIG.SYS
07.11.2002 08:44 0 AUTOEXEC.BAT
07.11.2002 08:44 0 MSDOS.SYS
29.08.2002 14:00 4.952 bootfont.bin
10.01.2001 13:23 162.304 UNWISE.EXE
25 Datei(en) 587.406.546 Bytes
0 Verzeichnis(se), 23.957.110.784 Bytes frei