BattyRun2.dll Unerwünschter PoP-Up MistThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
08.11.2006, 21:38
Ehrenmitglied
Beiträge: 29434 |
||
|
||
08.11.2006, 21:50
Member
Themenstarter Beiträge: 12 |
#17
mhmhmhm ... langsam kriege ich graue haare ...
Error on downloading ActiveScanAn error has occurred downloading Panda ActiveScan. Please repeat the process. If the error occurs again, restart your system and try againPossible causes of this error are: Not allowing the application's ActiveX control to be downloaded. Problems with the Internet connection. The error could be due to a download error or an installation error due to lack of hard disk space, privileges etc.,... __________ THX for help ^^ |
|
|
||
08.11.2006, 21:58
Ehrenmitglied
Beiträge: 29434 |
#18
dann scanne mit ewido
http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.11.2006, 16:03
Member
Themenstarter Beiträge: 12 |
#19
hola, habe ich gemacht ----> hier dann ma das damokleszeug
Name: Adware.BookedSpace Path: C:\System Volume Information\_restore{49E2419C-B47E-42B7-B202-DB3F0F3543DA}\RP18\A0001946.dll Risk: Medium Name: Adware.Agent Path: C:\System Volume Information\_restore{49E2419C-B47E-42B7-B202-DB3F0F3543DA}\RP18\A0001947.dll Risk: Medium was soll ich mit den beiden einträgen anstellen? sind die schlimmer natur? __________ THX for help ^^ |
|
|
||
09.11.2006, 16:20
Ehrenmitglied
Beiträge: 29434 |
#20
Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
(dann wieder aktivieren) - so sind diese Eintraege verschwunden. poste das neue log von combofix und vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.11.2006, 16:32
Member
Themenstarter Beiträge: 12 |
#21
Logfile of HijackThis v1.99.1
Scan saved at 16:28:07, on 09.11.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\Thread.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE C:\Programme\Internet Explorer\iexplore.exe C:\Programme\ICQLite\ICQLite.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\MICHAE~1\LOKALE~1\Temp\Rar$EX00.907\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbu1\toolbaru.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\tbu1\toolbaru.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbu1\toolbaru.dll O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {128988D7-0075-4D92-9557-9A2BFCFAE319} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {128988D7-0075-4D92-9557-9A2BFCFAE319} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/145f0da8859fd1a16716/netzip/RdxIE601_de.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125250401093 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/DeskUpdate/isapi/activex.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/de/check/qdiagh.cab?326 O17 - HKLM\System\CCS\Services\Tcpip\..\{D8FD63F1-2A6E-426B-B17F-D9FE14388E84}: NameServer = 217.237.151.225,217.237.150.225 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - F:\Programme\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing) O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe Michael Gromer - 06-11-09 16:30:59,80 Service Pack 2 ComboFix 06.10.19 - Running from: "F:\" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\QooBox\Purity\WINDOWS\RACLE~1 C:\QooBox\Purity\WINDOWS\RACLE~1\?racle ((((((((((((((((((((((((((((((( Files Created from 2006-10-09 to 2006-11-09 )))))))))))))))))))))))))))))))))) 2006-10-26 17:40 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll 2006-10-22 11:32 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-08 20:19 -------- d-------- C:\Programme\Sunbelt Software 2006-11-08 17:13 -------- d-------- C:\Programme\Gemeinsame Dateien 2006-11-07 10:41 -------- d-------- C:\Programme\CleanUp! 2006-11-07 09:49 -------- d-------- C:\Programme\WinACE 2006-11-02 17:10 -------- d-------- C:\Programme\ICQToolbar 2006-11-02 17:10 -------- d-------- C:\Dokumente und Einstellungen\Michael Gromer\Anwendungsdaten\ICQ Toolbar 2006-11-01 00:11 -------- d-------- C:\Programme\WinRAR 2006-10-31 09:30 -------- d---s---- C:\Dokumente und Einstellungen\Michael Gromer\Anwendungsdaten\Microsoft 2006-10-29 19:49 -------- d-------- C:\Dokumente und Einstellungen\Michael Gromer\Anwendungsdaten\Adobe 2006-10-29 19:46 -------- d-------- C:\Programme\Gemeinsame Dateien\Vbox 2006-10-29 19:45 -------- d-------- C:\Programme\Gemeinsame Dateien\Adobe 2006-10-29 19:45 -------- d-------- C:\Programme\Adobe 2006-10-26 17:44 -------- d-------- C:\Programme\Gemeinsame Dateien\MAGIX Shared 2006-10-25 08:57 -------- d-------- C:\Programme\ABBYY FineReader 5.0 Sprint 2006-10-25 08:31 -------- d-------- C:\Programme\Lexmark X74-X75 2006-10-03 10:43 -------- d-------- C:\Programme\Internet Explorer 2006-09-13 06:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll 2006-09-12 16:51 1245184 --------- C:\WINDOWS\system32\msxml4.dll 2006-08-25 16:46 617472 --------- C:\WINDOWS\system32\comctl32.dll 2006-08-21 13:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-16 12:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE\"" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "SunServer"="C:\\Programme\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\not active] "DB_AFD"="C:\\Programme\\DATA BECKER\\XP optimal einstellen 3.0\\DBAFD.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,36,02,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,36,02,\ 00,00,01,00,00,00 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1] "Source"="7db39a0d-580f-4be9-9195-8bfcd226f6c2" "SubscribedURL"="C:\\WINDOWS\\System32\\AquaReal.ocx" "FriendlyName"="PC-Aquarium Deluxe" "Flags"=dword:00004003 "Position"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,20,03,00,00,35,02,00,00,ea,\ 03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:01,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,01,00,00,00,20,03,00,00,35,02,\ 00,00,01,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,20,03,00,00,58,02,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{076394AD-7FDD-44EF-A075-32C68DBAB99B}"="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoWindowsUpdate"=hex:01,00,00,00 "NoInstrumentation"=dword:00000001 "NoDrives"=dword:00000000 "NoDriveAutorun"=dword:00000000 "NoSharedDocuments"=dword:00000000 "NoFavoritesMenu"=dword:00000001 "SpecifyDefaultButtons"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Microsoft Office Outlook"="C:\\PROGRA~1\\MICROS~4\\OFFICE11\\OUTLOOK.EXE /recycle" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\"" "NCLaunch"="C:\\WINDOWS\\NCLAUNCH.EXe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe" "Microsoft Works Update Detection"="c:\\Programme\\Gemeinsame Dateien\\Microsoft Shared\\Works Shared\\WkUFind.exe" "WorksFUD"="c:\\Programme\\Microsoft Works\\wkfud.exe" "PinnacleDriverCheck"="C:\\WINDOWS\\system32\\\\PSDrvCheck.exe" "SoundMan"="SOUNDMAN.EXE" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "Microsoft Works Portfolio"="c:\\Programme\\Microsoft Works\\WksSb.exe /AllUsers" "ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -minimize" "Lexmark X74-X75"="\"C:\\Programme\\Lexmark X74-X75\\lxbbbmgr.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader - Schnellstart.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~3.0\\Reader\\READER~1.EXE " "item"="Adobe Reader - Schnellstart" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech Desktop Messenger.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Logitech Desktop Messenger.lnk" "backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start" "item"="Logitech Desktop Messenger" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Michael Gromer^Startmenü^Programme^Autostart^Registration-InstantCopy.lnk] "path"="C:\\Dokumente und Einstellungen\\Michael Gromer\\Startmenü\\Programme\\Autostart\\Registration-InstantCopy.lnk" "backup"="C:\\WINDOWS\\pss\\Registration-InstantCopy.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\Pinnacle\\SHARED~1\\INSTAN~1\\Pixie\\RegTool.exe InstantCopy,INSCPY,register,DE,0,serial=AARTO-AAWNO-EMMGX-ZEAMA-MPWGA" "item"="Registration-InstantCopy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0190 Alarm] "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="0190Alarm" "hkey"="HKCU" "command"="C:\\Programme\\0190 Alarm\\0190Alarm.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AnyDVD" "hkey"="HKLM" "command"="C:\\Programme\\SlySoft\\AnyDVD\\AnyDVD.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CloneCDTray" "hkey"="HKLM" "command"="\"C:\\Programme\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="lxbbbmgr" "hkey"="HKLM" "command"="\"C:\\Programme\\Lexmark X74-X75\\lxbbbmgr.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ManifestEngine" "hkey"="HKCU" "command"="C:\\Programme\\Logitech\\Video\\ManifestEngine.exe boot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ISStart" "hkey"="HKLM" "command"="C:\\Programme\\Logitech\\Video\\ISStart.exe " "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LogiTray" "hkey"="HKLM" "command"="C:\\Programme\\Logitech\\Video\\LogiTray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Guardian] "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CMGrdian" "hkey"="HKLM" "command"="\"C:\\Programme\\McAfee\\McAfee Shared Components\\Guardian\\CMGrdian.exe\" /SU" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee.InstantUpdate.Monitor] "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RuLaunch" "hkey"="HKCU" "command"="\"C:\\Programme\\McAfee\\McAfee Shared Components\\Instant Updater\\RuLaunch.exe\" /STARTMONITOR" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDVDServ" "hkey"="HKLM" "command"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\routcnf] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="routcnf" "hkey"="HKLM" "command"="C:\\Programme\\Telekom\\Eumex 404PC\\routcnf.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="C:\\Programme\\Java\\jre1.5.0_05\\bin\\jusched.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeUpdateManager" "hkey"="HKCU" "command"="C:\\Programme\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="winampa" "hkey"="HKLM" "command"="C:\\Programme\\Winamp\\winampa.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XPoe-Runtime] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="xpoerunt" "hkey"="HKCU" "command"="C:\\Programme\\DATA BECKER\\XP optimal einstellen 3.0\\xpoerunt.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\{379569C4-655F-42E3-9AB9-4BED466EDD61}_MICHAEL_Michael Gromer.job C:\WINDOWS\tasks\{396BDFDF-4361-48CE-8FCC-A2B025735F23}_MICHAEL_Michael Gromer.job C:\WINDOWS\tasks\{4B4067C7-56A6-404E-8A6B-B9FDDA94C807}_MICHAEL_Michael Gromer.job C:\WINDOWS\tasks\{4E0ABFA3-8428-470E-8F76-34F48A6A0D13}_MICHAEL_Michael Gromer.job C:\WINDOWS\tasks\{7F78950F-0B9F-408F-969C-48BC808629D9}_MICHAEL_Michael Gromer.job C:\WINDOWS\tasks\{8B123A06-B7B3-4768-BAF1-9A9610EA8C91}_MICHAEL_Michael Gromer.job Completion time: 06-11-09 16:31:33.21 C:\ComboFix.txt ... 06-11-09 16:31 C:\ComboFix2.txt ... 06-11-09 16:25 C:\ComboFix3.txt ... 06-11-08 18:17 __________ THX for help ^^ |
|
|
||
09.11.2006, 16:35
Ehrenmitglied
Beiträge: 29434 |
#22
soweit, so gut.
falls du mal die Windowsupdates machen willst - und funktioniert nicht: [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoWindowsUpdate"=hex:01,00,00,00 - loeschen ansonsten ist der Rechner wieder einigermassen clean falls es noch Probleme gibt - melde dich __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.11.2006, 16:36
Member
Themenstarter Beiträge: 12 |
||
|
||
http://virus-protect.org/onlinescan.html
__________
MfG Sabina
rund um die PC-Sicherheit