BattyRun2.dll Unerwünschter PoP-Up MistThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
07.11.2006, 12:17
Member
Beiträge: 12 |
||
|
||
07.11.2006, 14:50
Ehrenmitglied
Beiträge: 29434 |
#2
auf dem Rechner sind noch mehr viren - ich brauche noch dieses log
«« Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 07.11.2006 um 14:53 Uhr von Sabina editiert.
|
|
|
||
07.11.2006, 18:52
Member
Themenstarter Beiträge: 12 |
#3
Schön das man noch mehr Fehler hat auf die man aufmerksam gemacht wird ^^ jubel jubel freu freu ;-)
Datentr„ger in Laufwerk C: ist Programme Volumeseriennummer: CC65-D52F Verzeichnis von C:\WINDOWS\system32 07.11.2006 18:36 402.426 perfh009.dat 07.11.2006 18:36 413.842 perfh007.dat 07.11.2006 18:36 61.896 perfc009.dat 07.11.2006 18:36 73.086 perfc007.dat 07.11.2006 18:36 963.278 PerfStringBackup.INI 07.11.2006 18:32 1.158 wpa.dbl 07.11.2006 18:32 49.871 nvapps.xml 07.11.2006 10:28 19.456 Thumbs.db 04.10.2006 21:03 9.639.336 MRT.exe 13.09.2006 06:02 1.084.416 msxml3.dll 12.09.2006 16:51 1.245.184 msxml4.dll 05.09.2006 21:30 356.952 FNTCACHE.DAT 04.09.2006 07:12 1.494.016 shdocvw.dll 25.08.2006 16:46 617.472 comctl32.dll 21.08.2006 13:26 16.896 fltlib.dll 21.08.2006 10:14 23.040 fltmc.exe 16.08.2006 12:58 100.352 6to4svc.dll 07.08.2006 16:17 61.440 BattyRun2.dll Datentr„ger in Laufwerk C: ist Programme Volumeseriennummer: CC65-D52F Verzeichnis von C:\DOKUME~1\MICHAE~1\LOKALE~1\TEMP 07.11.2006 18:32 463 WCESCOMM.LOG 07.11.2006 13:26 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}8164.html 07.11.2006 12:35 16.384 ~DFBD33.tmp 07.11.2006 12:35 16.384 ~DFB7BC.tmp 4 Datei(en) 34.214 Bytes 0 Verzeichnis(se), 101.888.475.136 Bytes frei Datentr„ger in Laufwerk C: ist Programme Volumeseriennummer: CC65-D52F Verzeichnis von C:\WINDOWS 07.11.2006 18:40 149 lznjvsza.ini 07.11.2006 18:32 159 wiadebug.log 07.11.2006 18:32 50 wiaservc.log 07.11.2006 18:32 1.777.307 WindowsUpdate.log 07.11.2006 18:32 0 0.log 07.11.2006 18:32 2.048 bootstat.dat 07.11.2006 13:26 32.626 SchedLgU.Txt 07.11.2006 13:19 229 NeroDigital.ini 07.11.2006 11:06 112.363 windows.txt 07.11.2006 10:31 308.968 ntbtlog.txt 06.11.2006 23:52 1.266 IE4 Error Log.txt 06.11.2006 16:52 1.222 LEXSTAT.INI 06.11.2006 16:02 272.565 setupapi.log 29.10.2006 19:45 109.738 wmsetup.log 29.10.2006 19:45 316.640 WMSysPr9.prx 26.10.2006 17:51 0 homeDVD-Fotos5_5.INI 12.10.2006 00:06 301.364 comsetup.log 12.10.2006 00:06 43.666 ocmsn.log 12.10.2006 00:06 183.615 ntdtcsetup.log 12.10.2006 00:06 1.393 imsins.log 12.10.2006 00:06 137.012 iis6.log 12.10.2006 00:06 346.497 tsoc.log 12.10.2006 00:06 13.069 KB924191.log 12.10.2006 00:06 447.839 ocgen.log 12.10.2006 00:06 44.501 msgsocm.log 12.10.2006 00:06 890.433 FaxSetup.log 12.10.2006 00:06 37.633 updspapi.log 12.10.2006 00:06 1.393 imsins.BAK 12.10.2006 00:06 12.883 KB922819.log 12.10.2006 00:06 12.059 KB923414.log 12.10.2006 00:05 12.053 KB924496.log 12.10.2006 00:04 9.505 KB923191.log 12.10.2006 00:03 1.880 win.ini 10.10.2006 20:33 136.897 Directx.log 03.10.2006 12:57 211 RomeTW.ini 03.10.2006 11:41 691 bsx32.ini 03.10.2006 08:28 11.539 KB925486.log 03.10.2006 08:27 15.531 KB920872.log 03.10.2006 08:27 11.623 KB920685.log 03.10.2006 08:27 11.670 KB919007.log 03.10.2006 08:26 7.969 KB922582.log 24.09.2006 15:54 65.983 offlog.txt 19.09.2006 18:40 108.336 mswinsck.ocx 25.08.2006 08:16 16.138 KB920214.log 25.08.2006 08:16 15.871 KB921883.log 25.08.2006 08:16 15.711 KB922616.log 25.08.2006 08:15 16.108 KB921398.log 25.08.2006 08:15 19.416 KB918899.log 25.08.2006 08:14 12.098 KB920670.log 25.08.2006 08:14 12.257 KB917422.log 25.08.2006 08:14 12.510 KB920683.log 24.07.2006 19:58 32.193 spupdsvc.log 24.07.2006 11:25 13.345 WgaNotify.log 23.07.2006 11:50 816 eReg.dat 12.07.2006 19:34 13.261 KB917159.log 12.07.2006 19:34 13.829 KB914388.log 12.07.2006 19:34 11.539 KB916595.log Datentr„ger in Laufwerk C: ist Programme Volumeseriennummer: CC65-D52F Verzeichnis von C:\WINDOWS\Temp 07.11.2006 18:32 409 WGANotify.settings 07.11.2006 18:32 40.960 rtdrvmon.exe 07.11.2006 18:32 0 T30DebugLogFile.txt 07.11.2006 18:32 0 Perflib_Perfdata_e4.dat 07.11.2006 18:32 255 WGAErrLog.txt 5 Datei(en) 41.624 Bytes 0 Verzeichnis(se), 101.888.569.344 Bytes frei Datentr„ger in Laufwerk C: ist Programme Volumeseriennummer: CC65-D52F Verzeichnis von C:\WINDOWS\Downloaded Program Files 02.08.2005 15:48 495 LegitCheckControl.inf 26.05.2005 03:19 293 muweb.inf 07.04.2005 07:28 143 activex.inf 04.04.2005 15:53 753.664 activex.ocx 04.03.2005 03:52 752 jinstall-1_5_0_02.inf 17.01.2005 16:09 227 opuc.inf 30.11.2004 13:17 728 qdiagh.inf 28.01.2004 11:14 524.445 RdxIE.dll 08.12.2003 13:58 3.759 swflash.inf 25.07.2002 16:13 24.576 dwusplay.dll 25.07.2002 16:13 196.608 dwusplay.exe 25.07.2002 16:05 172.032 isusweb.dll 30.01.2002 12:11 65 desktop.ini 13 Datei(en) 1.677.787 Bytes 0 Verzeichnis(se), 101.888.565.248 Bytes frei Datentr„ger in Laufwerk C: ist Programme Volumeseriennummer: CC65-D52F Verzeichnis von C:\ 07.11.2006 18:50 0 sys.txt 07.11.2006 18:49 895 down.txt 07.11.2006 18:49 499 tmp.txt 07.11.2006 18:48 18.864 system.txt 07.11.2006 18:47 488 systemtemp.txt 07.11.2006 18:47 112.363 system32.txt 07.11.2006 18:32 2.147.012.608 hiberfil.sys 07.11.2006 18:32 805.306.368 pagefile.sys 02.04.2006 18:14 88 AUTOEXEC.BAT 14.03.2006 18:46 222 boot.ini 30.08.2004 20:23 47.564 NTDETECT.COM 30.08.2004 20:23 251.184 ntldr 30.01.2002 12:13 0 MSDOS.SYS 30.01.2002 12:13 0 CONFIG.SYS 30.01.2002 12:13 0 IO.SYS 18.08.2001 13:00 4.952 bootfont.bin 23.08.1995 09:20 232.720 OLEAUT32.DLL 13.06.1995 23:30 329.216 MSVCRT30.DLL 13.06.1995 23:30 707.856 VB40032.DLL 13.06.1995 23:30 74.240 OLEPRO32.DLL 20 Datei(en) 2.954.100.127 Bytes 0 Verzeichnis(se), 101.888.561.152 Bytes frei __________ THX for help ^^ Dieser Beitrag wurde am 07.11.2006 um 18:55 Uhr von TopperHarley editiert.
|
|
|
||
07.11.2006, 23:58
Ehrenmitglied
Beiträge: 29434 |
#4
1.
Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat Registry values to replace with dummy:Klicke die grüne Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten «« öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat R3 - URLSearchHook: (no name) - _{2B2AB34D-ED35-B337-6B55-C658C14504A6} - (no file)PC neustarten »» scanne und poste den scanreport http://virus-protect.org/ewido.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.11.2006, 15:42
Member
Themenstarter Beiträge: 12 |
#5
Hola, habe alles gemacht wie du meintest .. brachte nach dem neustart aber diese meldung..
Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ehlyufbb ******************* Script file located at: fkktksie Could not open script file! Error Could not open script file! Status: 0xc000003b Abort! habe danach aber fortgefahren mit hijack Logfile of HijackThis v1.99.1 Scan saved at 15:45:08, on 08.11.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\MICHAE~1\LOKALE~1\Temp\Rar$EX02.141\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.ysearch.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw= R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbu1\toolbaru.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\tbu1\toolbaru.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbu1\toolbaru.dll O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Programme\Microsoft Works\WkDetect.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {128988D7-0075-4D92-9557-9A2BFCFAE319} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {128988D7-0075-4D92-9557-9A2BFCFAE319} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/145f0da8859fd1a16716/netzip/RdxIE601_de.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125250401093 O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/DeskUpdate/isapi/activex.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/de/check/qdiagh.cab?326 O17 - HKLM\System\CCS\Services\Tcpip\..\{D8FD63F1-2A6E-426B-B17F-D9FE14388E84}: NameServer = 217.237.151.225,217.237.150.225 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - F:\Programme\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing) O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe (file missing) __________ THX for help ^^ Dieser Beitrag wurde am 08.11.2006 um 15:45 Uhr von TopperHarley editiert.
|
|
|
||
08.11.2006, 16:15
Ehrenmitglied
Beiträge: 29434 |
#6
««
Avenger Zitat registry keys to delete:«« poste noch mal das log von combofix + die 6 Logs von datfndbat + poste dieses log http://virus-protect.org/registry_stuff.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.11.2006, 16:45
Member
Themenstarter Beiträge: 12 |
#7
ComboFix
Michael Gromer - 06-11-08 16:35:08,59 Service Pack 2 ComboFix 06.10.19 - Running from: "F:\" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\QooBox\Purity\WINDOWS\RACLE~1 C:\QooBox\Purity\WINDOWS\RACLE~1\?racle ((((((((((((((((((((((((((((((( Files Created from 2006-10-08 to 2006-11-08 )))))))))))))))))))))))))))))))))) 2006-10-26 17:40 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll 2006-10-22 11:32 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-11-07 10:41 -------- d-------- C:\Programme\CleanUp! 2006-11-07 09:49 -------- d-------- C:\Programme\WinACE 2006-11-02 17:10 -------- d-------- C:\Programme\ICQToolbar 2006-11-02 17:10 -------- d-------- C:\Dokumente und Einstellungen\Michael Gromer\Anwendungsdaten\ICQ Toolbar 2006-11-01 00:11 -------- d-------- C:\Programme\WinRAR 2006-10-31 09:30 -------- d---s---- C:\Dokumente und Einstellungen\Michael Gromer\Anwendungsdaten\Microsoft 2006-10-29 19:49 -------- d-------- C:\Dokumente und Einstellungen\Michael Gromer\Anwendungsdaten\Adobe 2006-10-29 19:46 -------- d-------- C:\Programme\Gemeinsame Dateien\Vbox 2006-10-29 19:46 -------- d-------- C:\Programme\Gemeinsame Dateien 2006-10-29 19:45 -------- d-------- C:\Programme\Gemeinsame Dateien\Adobe 2006-10-29 19:45 -------- d-------- C:\Programme\Adobe 2006-10-26 17:44 -------- d-------- C:\Programme\Gemeinsame Dateien\MAGIX Shared 2006-10-25 08:57 -------- d-------- C:\Programme\ABBYY FineReader 5.0 Sprint 2006-10-25 08:31 -------- d-------- C:\Programme\Lexmark X74-X75 2006-10-24 07:45 -------- d-------- C:\Programme\PSDream 2006-10-24 07:45 -------- d-------- C:\Programme\PSCastor 2006-10-19 15:56 32208 ---hs---- C:\Programme\Gemeinsame Dateien\Y1324OU.exe 2006-10-03 10:43 -------- d-------- C:\Programme\Internet Explorer 2006-09-13 06:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll 2006-09-12 16:51 1245184 --------- C:\WINDOWS\system32\msxml4.dll 2006-08-25 16:46 617472 --------- C:\WINDOWS\system32\comctl32.dll 2006-08-21 13:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-16 12:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE\"" "Microsoft Works Update Detection"="c:\\Programme\\Microsoft Works\\WkDetect.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\not active] "DB_AFD"="C:\\Programme\\DATA BECKER\\XP optimal einstellen 3.0\\DBAFD.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,36,02,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,36,02,\ 00,00,01,00,00,00 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1] "Source"="7db39a0d-580f-4be9-9195-8bfcd226f6c2" "SubscribedURL"="C:\\WINDOWS\\System32\\AquaReal.ocx" "FriendlyName"="PC-Aquarium Deluxe" "Flags"=dword:00004003 "Position"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,20,03,00,00,35,02,00,00,ea,\ 03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:01,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,01,00,00,00,20,03,00,00,35,02,\ 00,00,01,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,20,03,00,00,58,02,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoWindowsUpdate"=hex:01,00,00,00 "NoInstrumentation"=dword:00000001 "NoDrives"=dword:00000000 "NoDriveAutorun"=dword:00000000 "NoSharedDocuments"=dword:00000000 "NoFavoritesMenu"=dword:00000001 "SpecifyDefaultButtons"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Microsoft Office Outlook"="C:\\PROGRA~1\\MICROS~4\\OFFICE11\\OUTLOOK.EXE /recycle" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\"" "NCLaunch"="C:\\WINDOWS\\NCLAUNCH.EXe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe" "Microsoft Works Update Detection"="c:\\Programme\\Gemeinsame Dateien\\Microsoft Shared\\Works Shared\\WkUFind.exe" "WorksFUD"="c:\\Programme\\Microsoft Works\\wkfud.exe" "PinnacleDriverCheck"="C:\\WINDOWS\\system32\\\\PSDrvCheck.exe" "SoundMan"="SOUNDMAN.EXE" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "Microsoft Works Portfolio"="c:\\Programme\\Microsoft Works\\WksSb.exe /AllUsers" "ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -minimize" "Lexmark X74-X75"="\"C:\\Programme\\Lexmark X74-X75\\lxbbbmgr.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader - Schnellstart.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~3.0\\Reader\\READER~1.EXE " "item"="Adobe Reader - Schnellstart" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech Desktop Messenger.lnk] "path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Logitech Desktop Messenger.lnk" "backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start" "item"="Logitech Desktop Messenger" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Michael Gromer^Startmenü^Programme^Autostart^Registration-InstantCopy.lnk] "path"="C:\\Dokumente und Einstellungen\\Michael Gromer\\Startmenü\\Programme\\Autostart\\Registration-InstantCopy.lnk" "backup"="C:\\WINDOWS\\pss\\Registration-InstantCopy.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\Pinnacle\\SHARED~1\\INSTAN~1\\Pixie\\RegTool.exe InstantCopy,INSCPY,register,DE,0,serial=AARTO-AAWNO-EMMGX-ZEAMA-MPWGA" "item"="Registration-InstantCopy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0190 Alarm] "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="0190Alarm" "hkey"="HKCU" "command"="C:\\Programme\\0190 Alarm\\0190Alarm.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AnyDVD" "hkey"="HKLM" "command"="C:\\Programme\\SlySoft\\AnyDVD\\AnyDVD.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CloneCDTray" "hkey"="HKLM" "command"="\"C:\\Programme\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="lxbbbmgr" "hkey"="HKLM" "command"="\"C:\\Programme\\Lexmark X74-X75\\lxbbbmgr.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ManifestEngine" "hkey"="HKCU" "command"="C:\\Programme\\Logitech\\Video\\ManifestEngine.exe boot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ISStart" "hkey"="HKLM" "command"="C:\\Programme\\Logitech\\Video\\ISStart.exe " "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="LogiTray" "hkey"="HKLM" "command"="C:\\Programme\\Logitech\\Video\\LogiTray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Guardian] "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CMGrdian" "hkey"="HKLM" "command"="\"C:\\Programme\\McAfee\\McAfee Shared Components\\Guardian\\CMGrdian.exe\" /SU" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee.InstantUpdate.Monitor] "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RuLaunch" "hkey"="HKCU" "command"="\"C:\\Programme\\McAfee\\McAfee Shared Components\\Instant Updater\\RuLaunch.exe\" /STARTMONITOR" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaLoads Installer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dw" "hkey"="HKLM" "command"="\"C:\\Programme\\DownloadWare\\dw.exe\" /H" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDVDServ" "hkey"="HKLM" "command"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\routcnf] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="routcnf" "hkey"="HKLM" "command"="C:\\Programme\\Telekom\\Eumex 404PC\\routcnf.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="C:\\Programme\\Java\\jre1.5.0_05\\bin\\jusched.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeUpdateManager" "hkey"="HKCU" "command"="C:\\Programme\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="winampa" "hkey"="HKLM" "command"="C:\\Programme\\Winamp\\winampa.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XPoe-Runtime] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="xpoerunt" "hkey"="HKCU" "command"="C:\\Programme\\DATA BECKER\\XP optimal einstellen 3.0\\xpoerunt.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\1-Click Maintenance.job C:\WINDOWS\tasks\1-Klick-Wartung.job C:\WINDOWS\tasks\{379569C4-655F-42E3-9AB9-4BED466EDD61}_MICHAEL_Michael Gromer.job C:\WINDOWS\tasks\{396BDFDF-4361-48CE-8FCC-A2B025735F23}_MICHAEL_Michael Gromer.job C:\WINDOWS\tasks\{4B4067C7-56A6-404E-8A6B-B9FDDA94C807}_MICHAEL_Michael Gromer.job C:\WINDOWS\tasks\{4E0ABFA3-8428-470E-8F76-34F48A6A0D13}_MICHAEL_Michael Gromer.job C:\WINDOWS\tasks\{7F78950F-0B9F-408F-969C-48BC808629D9}_MICHAEL_Michael Gromer.job C:\WINDOWS\tasks\{8B123A06-B7B3-4768-BAF1-9A9610EA8C91}_MICHAEL_Michael Gromer.job Completion time: 06-11-08 16:35:55.01 C:\ComboFix.txt ... 06-11-08 16:35 Datfindbat Datentr„ger in Laufwerk C: ist Programme Volumeseriennummer: CC65-D52F Verzeichnis von C:\WINDOWS\system32 08.11.2006 16:36 402.426 perfh009.dat 08.11.2006 16:36 61.896 perfc009.dat 08.11.2006 16:36 413.842 perfh007.dat 08.11.2006 16:36 73.086 perfc007.dat 08.11.2006 16:36 963.278 PerfStringBackup.INI 08.11.2006 16:32 1.158 wpa.dbl 08.11.2006 16:31 49.871 nvapps.xml 07.11.2006 10:28 19.456 Thumbs.db 04.10.2006 21:03 9.639.336 MRT.exe 13.09.2006 06:02 1.084.416 msxml3.dll 12.09.2006 16:51 1.245.184 msxml4.dll 05.09.2006 21:30 356.952 FNTCACHE.DAT 04.09.2006 07:12 1.494.016 shdocvw.dll 25.08.2006 16:46 617.472 comctl32.dll 21.08.2006 13:26 16.896 fltlib.dll 21.08.2006 10:14 23.040 fltmc.exe 16.08.2006 12:58 100.352 6to4svc.dll 07.08.2006 16:17 61.440 BattyRun2.dll Datentr„ger in Laufwerk C: ist Programme Volumeseriennummer: CC65-D52F Verzeichnis von C:\DOKUME~1\MICHAE~1\LOKALE~1\TEMP Datentr„ger in Laufwerk C: ist Programme Volumeseriennummer: CC65-D52F Verzeichnis von C:\WINDOWS 08.11.2006 16:37 229 NeroDigital.ini 08.11.2006 16:31 159 wiadebug.log 08.11.2006 16:31 1.793.070 WindowsUpdate.log 08.11.2006 16:31 50 wiaservc.log 08.11.2006 16:31 0 0.log 08.11.2006 16:31 2.048 bootstat.dat 08.11.2006 16:30 32.626 SchedLgU.Txt 08.11.2006 15:37 149 lznjvsza.ini 08.11.2006 15:35 1.244 vbliqdep.txt 07.11.2006 18:48 18.864 windows.txt 07.11.2006 10:31 308.968 ntbtlog.txt 06.11.2006 23:52 1.266 IE4 Error Log.txt 06.11.2006 16:52 1.222 LEXSTAT.INI 06.11.2006 16:02 272.565 setupapi.log 29.10.2006 19:45 109.738 wmsetup.log 29.10.2006 19:45 316.640 WMSysPr9.prx 26.10.2006 17:51 0 homeDVD-Fotos5_5.INI 12.10.2006 00:06 301.364 comsetup.log 12.10.2006 00:06 137.012 iis6.log 12.10.2006 00:06 43.666 ocmsn.log 12.10.2006 00:06 183.615 ntdtcsetup.log 12.10.2006 00:06 346.497 tsoc.log 12.10.2006 00:06 1.393 imsins.log 12.10.2006 00:06 13.069 KB924191.log 12.10.2006 00:06 447.839 ocgen.log 12.10.2006 00:06 44.501 msgsocm.log 12.10.2006 00:06 890.433 FaxSetup.log 12.10.2006 00:06 37.633 updspapi.log 12.10.2006 00:06 1.393 imsins.BAK 12.10.2006 00:06 12.883 KB922819.log 12.10.2006 00:06 12.059 KB923414.log 12.10.2006 00:05 12.053 KB924496.log 12.10.2006 00:04 9.505 KB923191.log 12.10.2006 00:03 1.880 win.ini 10.10.2006 20:33 136.897 Directx.log 03.10.2006 12:57 211 RomeTW.ini 03.10.2006 11:41 691 bsx32.ini 03.10.2006 08:28 11.539 KB925486.log 03.10.2006 08:27 15.531 KB920872.log 03.10.2006 08:27 11.623 KB920685.log 03.10.2006 08:27 11.670 KB919007.log 03.10.2006 08:26 7.969 KB922582.log 24.09.2006 15:54 65.983 offlog.txt 19.09.2006 18:40 108.336 mswinsck.ocx 25.08.2006 08:16 16.138 KB920214.log 25.08.2006 08:16 15.871 KB921883.log 25.08.2006 08:16 15.711 KB922616.log 25.08.2006 08:15 16.108 KB921398.log 25.08.2006 08:15 19.416 KB918899.log 25.08.2006 08:14 12.098 KB920670.log 25.08.2006 08:14 12.257 KB917422.log 25.08.2006 08:14 12.510 KB920683.log Datentr„ger in Laufwerk C: ist Programme Volumeseriennummer: CC65-D52F Verzeichnis von C:\WINDOWS\Temp 08.11.2006 16:31 16.384 Perflib_Perfdata_b8.dat 1 Datei(en) 16.384 Bytes 0 Verzeichnis(se), 101.836.009.472 Bytes frei Datentr„ger in Laufwerk C: ist Programme Volumeseriennummer: CC65-D52F Verzeichnis von C:\WINDOWS\Downloaded Program Files 02.08.2005 15:48 495 LegitCheckControl.inf 26.05.2005 03:19 293 muweb.inf 07.04.2005 07:28 143 activex.inf 04.04.2005 15:53 753.664 activex.ocx 04.03.2005 03:52 752 jinstall-1_5_0_02.inf 17.01.2005 16:09 227 opuc.inf 30.11.2004 13:17 728 qdiagh.inf 28.01.2004 11:14 524.445 RdxIE.dll 08.12.2003 13:58 3.759 swflash.inf 25.07.2002 16:13 24.576 dwusplay.dll 25.07.2002 16:13 196.608 dwusplay.exe 25.07.2002 16:05 172.032 isusweb.dll 30.01.2002 12:11 65 desktop.ini 13 Datei(en) 1.677.787 Bytes 0 Verzeichnis(se), 101.836.009.472 Bytes frei Datentr„ger in Laufwerk C: ist Programme Volumeseriennummer: CC65-D52F Verzeichnis von C:\ 08.11.2006 16:41 0 sys.txt 08.11.2006 16:40 895 down.txt 08.11.2006 16:40 285 tmp.txt 08.11.2006 16:40 18.914 system.txt 08.11.2006 16:40 132 systemtemp.txt 08.11.2006 16:37 112.363 system32.txt 08.11.2006 16:35 15.707 ComboFix.txt 08.11.2006 16:31 2.147.012.608 hiberfil.sys 08.11.2006 16:31 805.306.368 pagefile.sys 08.11.2006 16:31 588 avenger.txt 02.04.2006 18:14 88 AUTOEXEC.BAT 14.03.2006 18:46 222 boot.ini findStuff doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile doesn't exist HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System doesn't exist HKEY_LOCAL_MACHINE\SSYSTEM\CurrentControlSet\Services\windowsnetwork doesn't exist HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile doesn't exist HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System doesn't exist HKEY_LOCAL_MACHINE\SSYSTEM\CurrentControlSet\Services\windowsnetwork doesn't exist HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile ----------------------- ----------------------- REGEDIT4 ----------------------- ----------------------- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess] "Type"=dword:00000020 "Start"=dword:00000002 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\ 32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00 "DisplayName"="Windows-Firewall/Gemeinsame Nutzung der Internetverbindung" "DependOnService"=hex(7):4e,65,74,6d,61,6e,00,57,69,6e,4d,67,6d,74,00,00 "DependOnGroup"=hex(7):00 "ObjectName"="LocalSystem" "Description"="Bietet allen Computern in Privat- und Kleinunternehmensnetzwerken Dienste für die Netzwerkadressübersetzung, Adressierung, Namensauflösung und Eindringsschutz." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch] "Epoch"=dword:0001f476 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters] "ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\ 33,32,5c,69,70,6e,61,74,68,6c,70,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=dword:00000001 "DoNotAllowExceptions"=dword:00000000 "DisableNotifications"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*isabled:@xpsp2res.dll,-22019" "C:\\Programme\\eMule.de\\emule.exe"="C:\\Programme\\eMule.de\\emule.exe:*isabled:eMule" "C:\\Programme\\Gemeinsame Dateien\\Ahead\\Nero Web\\SetupX.exe"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:MSI starter" "C:\\Programme\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Programme\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager" "C:\\Programme\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Programme\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:EnabledMSRegisterFile" "C:\\Programme\\ICQLite\\ICQLite.exe"="C:\\Programme\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite" "K:\\Stronghold2\\Stronghold2.exe"="K:\\Stronghold2\\Stronghold2.exe:*isabled:Stronghold 2" "C:\\Programme\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Programme\\Pinnacle\\Studio 10\\programs\\Studio.exe:*isabled:Studio" "C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update" "C:\\WINDOWS\\scvhost.exe"="C:\\WINDOWS\\scvhost.exe:*:Enabled:Microsoft Windows" "F:\\LimeWire\\LimeWire.exe"="F:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*isabled:backWeb-8876480" "F:\\Bittorent\\bittorrent.exe"="F:\\Bittorent\\bittorrent.exe:*isabled:BitTorrent" "C:\\Programme\\BitTorrent\\bittorrent.exe"="C:\\Programme\\BitTorrent\\bittorrent.exe:*isabled:BitTorrent" "C:\\Programme\\BitTornado\\btdownloadgui.exe"="C:\\Programme\\BitTornado\\btdownloadgui.exe:*isabled:btdownloadgui" "C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE"="C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE:*isabled:Connection Manager" "C:\\Programme\\eDonkey2000\\edonkey2000.exe"="C:\\Programme\\eDonkey2000\\edonkey2000.exe:*isabled:edonkey2000" "C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*isabled:LEXPPS.EXE" "F:\\StubInstaller.exe"="F:\\StubInstaller.exe:*isabled:LimeWire swarmed installer" "C:\\Programme\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Programme\\Pinnacle\\Studio 10\\programs\\umi.exe:*isabled:umi" "C:\\Programme\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Programme\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*isabled:Windows Media(TM) Audio (wma)" "C:\\Programme\\DINO_EDITIONS\\WinDVD\\DVD6\\WinDVD.exe"="C:\\Programme\\ DINO_EDITIONS\\WinDVD\\DVD6\\WinDVD.exe:*isabled:WinDVD" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007" "2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008" "139:TCP"="139:TCP:LocalSubNetisabled:@xpsp2res.dll,-22004" "445:TCP"="445:TCP:LocalSubNetisabled:@xpsp2res.dll,-22005" "137:UDP"="137:UDP:LocalSubNetisabled:@xpsp2res.dll,-22001" "138:UDP"="138:UDP:LocalSubNetisabled:@xpsp2res.dll,-22002" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\ 00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup] "ServiceUpgrade"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate] "{A3C21644-7BA7-47F3-B690-18B207D2262D}"=dword:00000001 "{D8FD63F1-2A6E-426B-B17F-D9FE14388E84}"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum] "0"="Root\\LEGACY_SHAREDACCESS\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc] "Type"=dword:00000020 "Start"=dword:00000002 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\ 32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00 "DisplayName"="Sicherheitscenter" "DependOnService"=hex(7):52,70,63,53,73,00,77,69,6e,6d,67,6d,74,00,00 "ObjectName"="LocalSystem" "Description"="Überwacht Systemsicherheitseinstellungen und -konfigurationen." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters] "ServiceDll"=hex(2):25,53,59,53,54,45,4d,52,4f,4f,54,25,5c,73,79,73,74,65,6d,\ 33,32,5c,77,73,63,73,76,63,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\ 00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Enum] "0"="Root\\LEGACY_WSCSVC\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters] "autodisconnect"=dword:0000000f "enableforcedlogoff"=dword:00000001 "enablesecuritysignature"=dword:00000000 "requiresecuritysignature"=dword:00000000 "NullSessionPipes"=hex(7):43,4f,4d,4e,41,50,00,43,4f,4d,4e,4f,44,45,00,53,51,\ 4c,5c,51,55,45,52,59,00,53,50,4f,4f,4c,53,53,00,4c,4c,53,52,50,43,00,62,72,\ 6f,77,73,65,72,00,00 "NullSessionShares"=hex(7):43,4f,4d,43,46,47,00,44,46,53,24,00,00 "ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\ 33,32,5c,73,72,76,73,76,63,2e,64,6c,6c,00 "Lmannounce"=dword:00000000 "Size"=dword:00000001 "Guid"=hex:bf,88,da,98,c1,1c,73,4c,90,14,de,07,de,9d,0d,6c "srvcomment"="Computer" "AdjustedNullSessionPipes"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters] "enableplaintextpassword"=dword:00000000 "enablesecuritysignature"=dword:00000001 "requiresecuritysignature"=dword:00000000 "ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\ 33,32,5c,77,6b,73,73,76,63,2e,64,6c,6c,00 "OtherDomains"=hex(7):00 [HKEY_CURRENT_USER\Software\Microsoft\OLE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger] "Type"=dword:00000020 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\ 32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00 "DisplayName"="Nachrichtendienst" "DependOnService"=hex(7):4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,\ 4e,65,74,42,49,4f,53,00,50,6c,75,67,50,6c,61,79,00,52,70,63,53,53,00,00 "DependOnGroup"=hex(7):00 "ObjectName"="LocalSystem" "Description"="Überträgt NET SEND- und Warndienstnachrichten zwischen Clients und Servern. Dieser Dienst ist nicht mit Windows Messenger verwandt. Der Warndienst überträgt keine Nachrichten, falls dieser Dienst beendet wird. Falls dieser Dienst deaktiviert wird, können die Dienste, die von diesem Dienst ausschließlich abhängig sind, nicht mehr gestartet werden." "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Parameters] "ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\ 33,32,5c,6d,73,67,73,76,63,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Security] "Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,48,00,03,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\ 05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\ 01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Enum] "0"="Root\\LEGACY_MESSENGER\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole] "DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\ 14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\ 00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\ 00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\ 05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\ 5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\ 5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00 "EnableDCOM"="Y" "MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\ 14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\ 00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\ 00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\ 00,00,00,00,05,20,00,00,00,20,02,00,00 "MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\ 14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\ 00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\ 05,20,00,00,00,20,02,00,00 "EnableRemoteConnect"="N" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList] "{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1" "{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1" "{0040D221-54A1-11D1-9DE0-006097042D69}"="1" "{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST] "System.EnterpriseServices.Thunk.dll"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 "Bounds"=hex:00,30,00,00,00,20,00,00 "Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\ 63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00 "LsaPid"=dword:00000360 "SecureBoot"=dword:00000001 "auditbaseobjects"=dword:00000000 "crashonauditfail"=dword:00000000 "disabledomaincreds"=dword:00000000 "everyoneincludesanonymous"=dword:00000000 "fipsalgorithmpolicy"=dword:00000000 "forceguest"=dword:00000001 "fullprivilegeauditing"=hex:00 "limitblankpassworduse"=dword:00000001 "lmcompatibilitylevel"=dword:00000000 "nodefaultadminowner"=dword:00000001 "nolmhash"=dword:00000000 "restrictanonymous"=dword:00000000 "restrictanonymoussam"=dword:00000001 "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00 "ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001 "enabledcom"="y" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders] "ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\ 50,72,6f,76,69,64,65,72,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider] "ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\ 33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data] "Pattern"=hex:55,31,47,90,70,8c,57,5a,bd,f7,66,a4,da,12,5a,aa,64,64,35,33,66,\ 34,37,39,00,00,00,00,01,00,00,00,bc,01,00,00,c0,01,00,00,40,ca,06,00,5b,a5,\ b7,71,04,00,00,00,10,00,00,00,00,00,00,00,6f,4d,57,26 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG] "GrafBlumGroup"=hex:a6,8c,4a,17,83,e3,37,29,36 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD] "Lookup"=hex:2d,33,a4,6b,ee,fe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0] "ntlmminclientsec"=dword:00000000 "ntlmminserversec"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1] "SkewMatrix"=hex:b5,a0,e3,6c,44,96,e8,04,83,bc,85,30,ab,3e,b3,ba [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4] "SSOURL"="http://www.passport.com" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache] "Time"=hex:a6,63,46,53,cb,8e,c4,01 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll] "Name"="Digest" "Comment"="Digest SSPI Authentication Package" "Capabilities"=dword:00004050 "RpcId"=dword:0000ffff "Version"=dword:00000001 "TokenSize"=dword:0000ffff "Time"=hex:00,5b,d8,39,ad,79,c4,01 "Type"=dword:00000031 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll] "Name"="DPA" "Comment"="DPA Security Package" "Capabilities"=dword:00000037 "RpcId"=dword:00000011 "Version"=dword:00000001 "TokenSize"=dword:00000300 "Time"=hex:00,0f,9d,3e,ad,79,c4,01 "Type"=dword:00000031 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll] "Name"="MSN" "Comment"="MSN Security Package" "Capabilities"=dword:00000037 "RpcId"=dword:00000012 "Version"=dword:00000001 "TokenSize"=dword:00000300 "Time"=hex:00,3c,ce,3f,ad,79,c4,01 "Type"=dword:00000031 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify"=dword:00000000 "FirewallDisableNotify"=dword:00000000 "UpdatesDisableNotify"=dword:00000000 "AntiVirusOverride"=dword:00000000 "FirewallOverride"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess] "Type"=dword:00000020 "Start"=dword:00000002 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\ 32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00 "DisplayName"="Windows-Firewall/Gemeinsame Nutzung der Internetverbindung" "DependOnService"=hex(7):4e,65,74,6d,61,6e,00,57,69,6e,4d,67,6d,74,00,00 "DependOnGroup"=hex(7):00 "ObjectName"="LocalSystem" "Description"="Bietet allen Computern in Privat- und Kleinunternehmensnetzwerken Dienste für die Netzwerkadressübersetzung, Adressierung, Namensauflösung und Eindringsschutz." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch] "Epoch"=dword:0001f476 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters] "ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\ 33,32,5c,69,70,6e,61,74,68,6c,70,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=dword:00000001 "DoNotAllowExceptions"=dword:00000000 "DisableNotifications"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*isabled:@xpsp2res.dll,-22019" "C:\\Programme\\eMule.de\\emule.exe"="C:\\Programme\\eMule.de\\emule.exe:*isabled:eMule" "C:\\Programme\\Gemeinsame Dateien\\Ahead\\Nero Web\\SetupX.exe"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:MSI starter" "C:\\Programme\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Programme\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager" "C:\\Programme\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Programme\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:EnabledMSRegisterFile" "C:\\Programme\\ICQLite\\ICQLite.exe"="C:\\Programme\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite" "K:\\Stronghold2\\Stronghold2.exe"="K:\\Stronghold2\\Stronghold2.exe:*isabled:Stronghold 2" "C:\\Programme\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Programme\\Pinnacle\\Studio 10\\programs\\Studio.exe:*isabled:Studio" "C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update" "C:\\WINDOWS\\scvhost.exe"="C:\\WINDOWS\\scvhost.exe:*:Enabled:Microsoft Windows" "F:\\LimeWire\\LimeWire.exe"="F:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*isabled:backWeb-8876480" "F:\\Bittorent\\bittorrent.exe"="F:\\Bittorent\\bittorrent.exe:*isabled:BitTorrent" "C:\\Programme\\BitTorrent\\bittorrent.exe"="C:\\Programme\\BitTorrent\\bittorrent.exe:*isabled:BitTorrent" "C:\\Programme\\BitTornado\\btdownloadgui.exe"="C:\\Programme\\BitTornado\\btdownloadgui.exe:*isabled:btdownloadgui" "C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE"="C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE:*isabled:Connection Manager" "C:\\Programme\\eDonkey2000\\edonkey2000.exe"="C:\\Programme\\eDonkey2000\\edonkey2000.exe:*isabled:edonkey2000" "C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*isabled:LEXPPS.EXE" "F:\\StubInstaller.exe"="F:\\StubInstaller.exe:*isabled:LimeWire swarmed installer" "C:\\Programme\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Programme\\Pinnacle\\Studio 10\\programs\\umi.exe:*isabled:umi" "C:\\Programme\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Programme\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*isabled:Windows Media(TM) Audio (wma)" "C:\\Programme\\DINO_EDITIONS\\WinDVD\\DVD6\\WinDVD.exe"="C:\\Programme\\DINO_EDITIONS\\ WinDVD\\DVD6\\WinDVD.exe:*isabled:WinDVD" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007" "2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008" "139:TCP"="139:TCP:LocalSubNetisabled:@xpsp2res.dll,-22004" "445:TCP"="445:TCP:LocalSubNetisabled:@xpsp2res.dll,-22005" "137:UDP"="137:UDP:LocalSubNetisabled:@xpsp2res.dll,-22001" "138:UDP"="138:UDP:LocalSubNetisabled:@xpsp2res.dll,-22002" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\ 00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup] "ServiceUpgrade"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate] "{A3C21644-7BA7-47F3-B690-18B207D2262D}"=dword:00000001 "{D8FD63F1-2A6E-426B-B17F-D9FE14388E84}"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum] "0"="Root\\LEGACY_SHAREDACCESS\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc] "Type"=dword:00000020 "Start"=dword:00000002 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\ 32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00 "DisplayName"="Sicherheitscenter" "DependOnService"=hex(7):52,70,63,53,73,00,77,69,6e,6d,67,6d,74,00,00 "ObjectName"="LocalSystem" "Description"="Überwacht Systemsicherheitseinstellungen und -konfigurationen." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters] "ServiceDll"=hex(2):25,53,59,53,54,45,4d,52,4f,4f,54,25,5c,73,79,73,74,65,6d,\ 33,32,5c,77,73,63,73,76,63,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\ 00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Enum] "0"="Root\\LEGACY_WSCSVC\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters] "autodisconnect"=dword:0000000f "enableforcedlogoff"=dword:00000001 "enablesecuritysignature"=dword:00000000 "requiresecuritysignature"=dword:00000000 "NullSessionPipes"=hex(7):43,4f,4d,4e,41,50,00,43,4f,4d,4e,4f,44,45,00,53,51,\ 4c,5c,51,55,45,52,59,00,53,50,4f,4f,4c,53,53,00,4c,4c,53,52,50,43,00,62,72,\ 6f,77,73,65,72,00,00 "NullSessionShares"=hex(7):43,4f,4d,43,46,47,00,44,46,53,24,00,00 "ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\ 33,32,5c,73,72,76,73,76,63,2e,64,6c,6c,00 "Lmannounce"=dword:00000000 "Size"=dword:00000001 "Guid"=hex:bf,88,da,98,c1,1c,73,4c,90,14,de,07,de,9d,0d,6c "srvcomment"="Computer" "AdjustedNullSessionPipes"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters] "enableplaintextpassword"=dword:00000000 "enablesecuritysignature"=dword:00000001 "requiresecuritysignature"=dword:00000000 "ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\ 33,32,5c,77,6b,73,73,76,63,2e,64,6c,6c,00 "OtherDomains"=hex(7):00 [HKEY_CURRENT_USER\Software\Microsoft\OLE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger] "Type"=dword:00000020 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\ 32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00 "DisplayName"="Nachrichtendienst" "DependOnService"=hex(7):4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,\ 4e,65,74,42,49,4f,53,00,50,6c,75,67,50,6c,61,79,00,52,70,63,53,53,00,00 "DependOnGroup"=hex(7):00 "ObjectName"="LocalSystem" "Description"="Überträgt NET SEND- und Warndienstnachrichten zwischen Clients und Servern. Dieser Dienst ist nicht mit Windows Messenger verwandt. Der Warndienst überträgt keine Nachrichten, falls dieser Dienst beendet wird. Falls dieser Dienst deaktiviert wird, können die Dienste, die von diesem Dienst ausschließlich abhängig sind, nicht mehr gestartet werden." "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Parameters] "ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\ 33,32,5c,6d,73,67,73,76,63,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Security] "Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,48,00,03,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\ 05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,\ 01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Enum] "0"="Root\\LEGACY_MESSENGER\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole] "DefaultLaunchPermission"=hex:01,00,04,80,64,00,00,00,80,00,00,00,00,00,00,00,\ 14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,\ 00,00,05,12,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,01,00,00,00,00,\ 00,05,04,00,00,00,00,00,00,00,00,00,18,00,01,00,00,00,01,02,00,00,00,00,00,\ 05,20,00,00,00,20,02,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,5f,84,1f,\ 5e,2e,6b,49,ce,12,03,03,f4,01,00,00,01,05,00,00,00,00,00,05,15,00,00,00,a0,\ 5f,84,1f,5e,2e,6b,49,ce,12,03,03,f4,01,00,00 "EnableDCOM"="Y" "MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\ 14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\ 00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\ 00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\ 00,00,00,00,05,20,00,00,00,20,02,00,00 "MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\ 14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\ 00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\ 05,20,00,00,00,20,02,00,00 "EnableRemoteConnect"="N" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList] "{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1" "{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1" "{0040D221-54A1-11D1-9DE0-006097042D69}"="1" "{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST] "System.EnterpriseServices.Thunk.dll"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00 "Bounds"=hex:00,30,00,00,00,20,00,00 "Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\ 63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00 "LsaPid"=dword:00000360 "SecureBoot"=dword:00000001 "auditbaseobjects"=dword:00000000 "crashonauditfail"=dword:00000000 "disabledomaincreds"=dword:00000000 "everyoneincludesanonymous"=dword:00000000 "fipsalgorithmpolicy"=dword:00000000 "forceguest"=dword:00000001 "fullprivilegeauditing"=hex:00 "limitblankpassworduse"=dword:00000001 "lmcompatibilitylevel"=dword:00000000 "nodefaultadminowner"=dword:00000001 "nolmhash"=dword:00000000 "restrictanonymous"=dword:00000000 "restrictanonymoussam"=dword:00000001 "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00 "ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001 "enabledcom"="y" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders] "ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\ 50,72,6f,76,69,64,65,72,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider] "ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\ 33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data] "Pattern"=hex:55,31,47,90,70,8c,57,5a,bd,f7,66,a4,da,12,5a,aa,64,64,35,33,66,\ 34,37,39,00,00,00,00,01,00,00,00,bc,01,00,00,c0,01,00,00,40,ca,06,00,5b,a5,\ b7,71,04,00,00,00,10,00,00,00,00,00,00,00,6f,4d,57,26 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG] "GrafBlumGroup"=hex:a6,8c,4a,17,83,e3,37,29,36 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD] "Lookup"=hex:2d,33,a4,6b,ee,fe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0] "ntlmminclientsec"=dword:00000000 "ntlmminserversec"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1] "SkewMatrix"=hex:b5,a0,e3,6c,44,96,e8,04,83,bc,85,30,ab,3e,b3,ba [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4] "SSOURL"="http://www.passport.com" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache] "Time"=hex:a6,63,46,53,cb,8e,c4,01 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll] "Name"="Digest" "Comment"="Digest SSPI Authentication Package" "Capabilities"=dword:00004050 "RpcId"=dword:0000ffff "Version"=dword:00000001 "TokenSize"=dword:0000ffff "Time"=hex:00,5b,d8,39,ad,79,c4,01 "Type"=dword:00000031 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll] "Name"="DPA" "Comment"="DPA Security Package" "Capabilities"=dword:00000037 "RpcId"=dword:00000011 "Version"=dword:00000001 "TokenSize"=dword:00000300 "Time"=hex:00,0f,9d,3e,ad,79,c4,01 "Type"=dword:00000031 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll] "Name"="MSN" "Comment"="MSN Security Package" "Capabilities"=dword:00000037 "RpcId"=dword:00000012 "Version"=dword:00000001 "TokenSize"=dword:00000300 "Time"=hex:00,3c,ce,3f,ad,79,c4,01 "Type"=dword:00000031 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify"=dword:00000000 "FirewallDisableNotify"=dword:00000000 "UpdatesDisableNotify"=dword:00000000 "AntiVirusOverride"=dword:00000000 "FirewallOverride"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] Außer das ich DOOF jetzt aufhören werde mit diesem Tauschbörsen-mist .. ne frage zwischendurch .. ich weiß das ist der falsche Thread .. gibt es ein sinnvolles Programm um sowas in naher Zukunft zu vermeiden.. __________ THX for help ^^ Dieser Beitrag wurde am 08.11.2006 um 17:10 Uhr von Sabina editiert.
|
|
|
||
08.11.2006, 17:07
Ehrenmitglied
Beiträge: 29434 |
#8
TopperHarley
du musst den Avenger noch mal anwenden, es ist alles noch drauf.... versuche es genau nach Anleitung durchzufuehren, und alles richtig anzuhaken und reinzu kopieren. - dann nach dem Neustart wende das andere script vom Avenger an (ich habe dir noch ein zweites erstellt...), um den Virendienst auszuloeschen _______________________________________________________ wenn das erledigt ist, gehe in die Registry start - Ausfuehren - regedit klicke dich durch zum Schluessel: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] loeschen (mit rechtsklick) "C:\\WINDOWS\\system32\\svchost.exe "C:\\WINDOWS\\scvhost.exe PC neustarten _______________ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.11.2006, 17:21
Member
Themenstarter Beiträge: 12 |
||
|
||
08.11.2006, 17:37
Ehrenmitglied
Beiträge: 29434 |
#10
na als wichtigstes will ich die zwei Logs vom Avenger nach neustart sehen,
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.11.2006, 17:50
Member
Themenstarter Beiträge: 12 |
#11
Logfile of The Avenger version 1, by Swandog46
Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\kwon^ipc ******************* Script file located at: \??\C:\Program Files\edagduoj.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS_LOG\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS_LOG\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS_LOG\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Log not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Log failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Log Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_LOG\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_LOG\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_LOG\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows Log not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows Log failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows Log Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINDOWS_LOG\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINDOWS_LOG\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINDOWS_LOG\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Windows Log not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Windows Log failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Windows Log Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_LOG\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_LOG\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_LOG\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Log not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Log failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Log Status: 0xc0000034 File C:\WINDOWS\system\smss.exe not found! Deletion of file C:\WINDOWS\system\smss.exe failed! Could not process line: C:\WINDOWS\system\smss.exe Status: 0xc0000034 File C:\WINDOWS\system32\nvsvcd.exe not found! Deletion of file C:\WINDOWS\system32\nvsvcd.exe failed! Could not process line: C:\WINDOWS\system32\nvsvcd.exe Status: 0xc0000034 File C:\Programme\Gemeinsame Dateien\Y1324OU.exe not found! Deletion of file C:\Programme\Gemeinsame Dateien\Y1324OU.exe failed! Could not process line: C:\Programme\Gemeinsame Dateien\Y1324OU.exe Status: 0xc0000034 File C:\WINDOWS\lznjvsza.ini not found! Deletion of file C:\WINDOWS\lznjvsza.ini failed! Could not process line: C:\WINDOWS\lznjvsza.ini Status: 0xc0000034 File C:\WINDOWS\bsx32.ini not found! Deletion of file C:\WINDOWS\bsx32.ini failed! Could not process line: C:\WINDOWS\bsx32.ini Status: 0xc0000034 File C:\WINDOWS\lznjvsza.dll not found! Deletion of file C:\WINDOWS\lznjvsza.dll failed! Could not process line: C:\WINDOWS\lznjvsza.dll Status: 0xc0000034 File C:\WINDOWS\system32\BattyRun2.dll not found! Deletion of file C:\WINDOWS\system32\BattyRun2.dll failed! Could not process line: C:\WINDOWS\system32\BattyRun2.dll Status: 0xc0000034 Folder C:\Programme\Batty2 not found! Deletion of folder C:\Programme\Batty2 failed! Could not process line: C:\Programme\Batty2 Status: 0xc0000034 Folder C:\Programme\Batty not found! Deletion of folder C:\Programme\Batty failed! Could not process line: C:\Programme\Batty Status: 0xc0000034 Folder C:\Programme\PSDream not found! Deletion of folder C:\Programme\PSDream failed! Could not process line: C:\Programme\PSDream Status: 0xc0000034 Folder C:\Programme\PSCastor not found! Deletion of folder C:\Programme\PSCastor failed! Could not process line: C:\Programme\PSCastor Status: 0xc0000034 Folder C:\Programme\DownloadWare not found! Deletion of folder C:\Programme\DownloadWare failed! Could not process line: C:\Programme\DownloadWare Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaLoads Installer not found! Deletion of registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaLoads Installer failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C35F268C-6B1C-9A9B-976F-3E0A5D8DF8A6} not found! Deletion of registry key HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C35F268C-6B1C-9A9B-976F-3E0A5D8DF8A6} failed! Status: 0xc0000034 Registry value HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully. Completed script processing. ******************* Finished! Terminate. sooooo ..... __________ THX for help ^^ |
|
|
||
08.11.2006, 18:45
Ehrenmitglied
Beiträge: 29434 |
#12
nun sieh, dass du die zwei exe aus der registry bekommst (siehe meine Anleitung)
dann scanne und poste den report (vorher alles auf remove stellen) http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
08.11.2006, 21:01
Member
Themenstarter Beiträge: 12 |
#13
Infected files detected
c:\dokumente und einstellungen\michael gromer\favoriten\-business directory-\accounting.url c:\dokumente und einstellungen\michael gromer\favoriten\-business directory-\business consulting.url c:\dokumente und einstellungen\michael gromer\favoriten\-business directory-\business services.url c:\dokumente und einstellungen\michael gromer\favoriten\-business directory-\business travel.url c:\dokumente und einstellungen\michael gromer\favoriten\-business directory-\computer services.url c:\dokumente und einstellungen\michael gromer\favoriten\-business directory-\human resources.url c:\dokumente und einstellungen\michael gromer\favoriten\-business directory-\marketing.url c:\dokumente und einstellungen\michael gromer\favoriten\-business directory-\office equipment.url c:\dokumente und einstellungen\michael gromer\favoriten\-business directory-\office products.url c:\dokumente und einstellungen\michael gromer\favoriten\-communications-\cell phones.url c:\dokumente und einstellungen\michael gromer\favoriten\-communications-\fax machines.url c:\dokumente und einstellungen\michael gromer\favoriten\-communications-\free internet.url c:\dokumente und einstellungen\michael gromer\favoriten\-communications-\pda.url c:\dokumente und einstellungen\michael gromer\favoriten\-communications-\streaming.url c:\dokumente und einstellungen\michael gromer\favoriten\-communications-\telephones.url c:\dokumente und einstellungen\michael gromer\favoriten\-computers and internet-\cd burners.url c:\dokumente und einstellungen\michael gromer\favoriten\-computers and internet-\cd roms.url c:\dokumente und einstellungen\michael gromer\favoriten\-computers and internet-\computers.url c:\dokumente und einstellungen\michael gromer\favoriten\-computers and internet-\dvd drives.url c:\dokumente und einstellungen\michael gromer\favoriten\-computers and internet-\free web hosting.url c:\dokumente und einstellungen\michael gromer\favoriten\-computers and internet-\hosting.url c:\dokumente und einstellungen\michael gromer\favoriten\-computers and internet-\internet radio.url c:\dokumente und einstellungen\michael gromer\favoriten\-computers and internet-\laptops.url c:\dokumente und einstellungen\michael gromer\favoriten\-computers and internet-\memory.url c:\dokumente und einstellungen\michael gromer\favoriten\-computers and internet-\streaming.url c:\dokumente und einstellungen\michael gromer\favoriten\-entertainment-\action movies.url c:\dokumente und einstellungen\michael gromer\favoriten\-entertainment-\actors.url c:\dokumente und einstellungen\michael gromer\favoriten\-entertainment-\actresses.url c:\dokumente und einstellungen\michael gromer\favoriten\-entertainment-\backstreet boys.url c:\dokumente und einstellungen\michael gromer\favoriten\-entertainment-\celebrity photos.url c:\dokumente und einstellungen\michael gromer\favoriten\-entertainment-\comedies.url c:\dokumente und einstellungen\michael gromer\favoriten\-entertainment-\entertainment.url c:\dokumente und einstellungen\michael gromer\favoriten\-entertainment-\movie reviews.url c:\dokumente und einstellungen\michael gromer\favoriten\-entertainment-\mp3.url c:\dokumente und einstellungen\michael gromer\favoriten\-entertainment-\radio.url c:\dokumente und einstellungen\michael gromer\favoriten\-games-\computer games.url c:\dokumente und einstellungen\michael gromer\favoriten\-games-\free online games.url c:\dokumente und einstellungen\michael gromer\favoriten\-games-\internet games.url c:\dokumente und einstellungen\michael gromer\favoriten\-games-\playstation.url c:\dokumente und einstellungen\michael gromer\favoriten\-games-\trivia.url c:\dokumente und einstellungen\michael gromer\favoriten\-games-\web games.url c:\dokumente und einstellungen\michael gromer\favoriten\-health and fitness-\baldness.url c:\dokumente und einstellungen\michael gromer\favoriten\-health and fitness-\cancer.url c:\dokumente und einstellungen\michael gromer\favoriten\-health and fitness-\contact lenses.url c:\dokumente und einstellungen\michael gromer\favoriten\-health and fitness-\diet.url c:\dokumente und einstellungen\michael gromer\favoriten\-health and fitness-\health.url c:\dokumente und einstellungen\michael gromer\favoriten\-health and fitness-\nutrition.url c:\dokumente und einstellungen\michael gromer\favoriten\-health and fitness-\stress.url c:\dokumente und einstellungen\michael gromer\favoriten\-health and fitness-\vitamins.url c:\dokumente und einstellungen\michael gromer\favoriten\-music-\backstreet boys.url c:\dokumente und einstellungen\michael gromer\favoriten\-music-\internet radio.url c:\dokumente und einstellungen\michael gromer\favoriten\-music-\mp3 players.url c:\dokumente und einstellungen\michael gromer\favoriten\-music-\mp3.url c:\dokumente und einstellungen\michael gromer\favoriten\-music-\nsync.url c:\dokumente und einstellungen\michael gromer\favoriten\-music-\opera.url c:\dokumente und einstellungen\michael gromer\favoriten\-music-\rock.url c:\dokumente und einstellungen\michael gromer\favoriten\-music-\web radio.url c:\dokumente und einstellungen\michael gromer\favoriten\-autos-\auto finance.url c:\dokumente und einstellungen\michael gromer\favoriten\-autos-\auto leasing.url c:\dokumente und einstellungen\michael gromer\favoriten\-autos-\car dealers.url c:\dokumente und einstellungen\michael gromer\favoriten\-autos-\car insurance.url c:\dokumente und einstellungen\michael gromer\favoriten\-autos-\cars.url Network Essentials Browser Hijacker more information... Details: Network Essentials adds hundreds of Internet Explorer favorite site links to the users favorate folder as well as desktop. Status: Deleted Infected files detected c:\dokumente und einstellungen\michael gromer\favoriten\-shopping-\clothing.url c:\dokumente und einstellungen\michael gromer\favoriten\-shopping-\coupons.url c:\dokumente und einstellungen\michael gromer\favoriten\-shopping-\electronics.url c:\dokumente und einstellungen\michael gromer\favoriten\-shopping-\gifts.url c:\dokumente und einstellungen\michael gromer\favoriten\-shopping-\home.url c:\dokumente und einstellungen\michael gromer\favoriten\-shopping-\pet supplies.url c:\dokumente und einstellungen\michael gromer\favoriten\-shopping-\shoes.url c:\dokumente und einstellungen\michael gromer\favoriten\-sports-\auto racing.url c:\dokumente und einstellungen\michael gromer\favoriten\-sports-\bodybuilding.url c:\dokumente und einstellungen\michael gromer\favoriten\-sports-\boxing.url c:\dokumente und einstellungen\michael gromer\favoriten\-sports-\college basketball.url c:\dokumente und einstellungen\michael gromer\favoriten\-sports-\fishing.url c:\dokumente und einstellungen\michael gromer\favoriten\-sports-\nba.url c:\dokumente und einstellungen\michael gromer\favoriten\-sports-\nfl.url c:\dokumente und einstellungen\michael gromer\favoriten\-sports-\sports tickets.url c:\dokumente und einstellungen\michael gromer\favoriten\-travel-\airlines.url c:\dokumente und einstellungen\michael gromer\favoriten\-travel-\car rentals.url c:\dokumente und einstellungen\michael gromer\favoriten\-travel-\spas.url c:\dokumente und einstellungen\michael gromer\favoriten\-travel-\travel agents.url c:\dokumente und einstellungen\michael gromer\favoriten\-travel-\travel.url c:\dokumente und einstellungen\michael gromer\favoriten\-autos-\car dealers.url ICanNews Adware more information... Details: ICanNews is an adware program that logs keywords typed in web searches and creates shortcuts and displays advertisements. Status: Deleted Infected files detected c:\windows\downloaded program files\activex.ocx Unclassified.Spyware.Loader Spyware more information... Details: Spyware.Loader is spyware that is set to automatically start when Windows loads up by hiding itself in a number of different startup locations. Status: Deleted Infected files detected C:\WINDOWS\system32\grwinsthlp.exe DownloadWare Adware more information... Details: DownloadWare is a process that runs on Windows startup. If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers. It may be installed through an ActiveX control. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\kfh HKEY_LOCAL_MACHINE\software\kfh\cl Guid A15954B2AACE4C18A0888820F0DFABA6 HKEY_LOCAL_MACHINE\software\kfh\cl Version 8 HKEY_LOCAL_MACHINE\software\kfh\cl InstallTime 1040930071 HKEY_LOCAL_MACHINE\software\kfh\cl PrevTime 1043099607 HKEY_LOCAL_MACHINE\software\mlh HKEY_LOCAL_MACHINE\software\mlh Guid 26E0D54433A4ED18DCB787ECDC788C1 HKEY_LOCAL_MACHINE\software\mlh Version 9 HKEY_LOCAL_MACHINE\software\mlh InstallTime 1093682584 HKEY_LOCAL_MACHINE\software\mlh Country DE HKEY_LOCAL_MACHINE\software\mlh PrevTime 1093682783 HKEY_CURRENT_USER\software\medialoads HKEY_CURRENT_USER\software\medialoads\Enhanced\Params paramversion 1 HKEY_CURRENT_USER\software\medialoads\Enhanced\Params poprate 7200 HKEY_CURRENT_USER\software\medialoads\Enhanced\Params popdelay 30 HKEY_CURRENT_USER\software\medialoads\Enhanced\Params updateinterval 345600 HKEY_CURRENT_USER\software\medialoads\Enhanced\Params retryrate 86400 HKEY_CURRENT_USER\software\medialoads\Enhanced Guid EBFF7E42F58748A688B4B0EB682F39AF HKEY_CURRENT_USER\software\medialoads\Enhanced Version 2 HKEY_CURRENT_USER\software\medialoads\Enhanced Register 0 HKEY_CURRENT_USER\software\medialoads\Enhanced PrevTime 1096284715 HKEY_CURRENT_USER\software\medialoads\Enhanced Cookie RF*TR_RF_SPMEDIAPOP|SU*#145:1096194569:1096194569:1095580059|PU*#145-1 :1096194569:1096194569:1095580059|LU*#145-1-46:1096194569:1096194569:1095580059| AT*A:18742:3:1080839846_A:17697:4:1081026019_A:156 HKEY_CURRENT_USER\software\medialoads\Prefs Filename C:\Programme\MediaLoads\v1\ml.exe HKEY_CURRENT_USER\software\medialoads\Prefs Guid 2816707BE5EB44EF92DB122072C1B1BA HKEY_CURRENT_USER\software\medialoads\Prefs UninstallString "C:\Programme\DownloadWare\dw.exe" /R HKEY_CURRENT_USER\software\medialoads\Prefs DisplayName MediaLoads Installer AvenueMedia.DyFuCA Browser Plug-in more information... Details: DyFuCA Internet Optimizer is an adware which also hijacks your browser error page. It opens pop-up windows to display ads from its network sites periodically, also is known to update itself. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Internet Optimizer Changed 0 VLoading Trojan Downloader more information... Details: Allows automatic download and running of software from the internet. After the control is installed, any web page has the ability to run any executable file on the local machine. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/econnect.dll eDonkey2000 P2P more information... Details: eDonkey2000 is a P2P file sharing program that bundles adware/spyware such as Webhancer, Web Search Toolbar and New.Net. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\ProgID eD2KDownloadManager.object.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620}\ VersionIndependentProgID eD2KDownloadManager.object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{320154BB-D666-48F6-990E-172B32954620} eD2K downloadManager object iSearch.DesktopSearch Spyware more information... Details: Removes the users access to use Windows Search and replaces it with C:\WINDOWS\isrvs\desktop.exe. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID {17492023-C23A-453E-A040-C7C580BBF700} 1 Delfin Media Viewer 2.11 Adware more information... Details: DelFin Media Viewer 2.11 is a program which creates advertisement on user's PC. Status: Deleted Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DelFin Media Viewer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DelFin Media Viewer SlowInfoCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DelFin Media Viewer Changed 0 Cok.ad.yieldmanager Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\michael gromer\cookies\michael gromer@ad.yieldmanager[2].txt Adviva Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\michael gromer\cookies\michael gromer@adviva[2].txt Cok.PriceBandit Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\michael gromer\cookies\michael gromer@apmebf[2].txt ATDMT.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\michael gromer\cookies\michael gromer@atdmt[1].txt ABetterInternet.Aurora Cookie Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\michael gromer\cookies\michael gromer@a[2].txt CGI-Bin Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\michael gromer\cookies\michael gromer@cgi-bin[2].txt cookie.monster Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\michael gromer\cookies\michael gromer@cookie.monster[2].txt DoubleClick Cookie more information... Details: DoubleClick is a popular ad serving network that uses spyware cookies, to target advertising. Status: Deleted Infected cookies detected c:\dokumente und einstellungen\michael gromer\cookies\michael gromer@doubleclick[1].txt as-us.falkag Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\michael gromer\cookies\michael gromer@falkag[1].txt FastClick.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\michael gromer\cookies\michael gromer@fastclick[2].txt HotLog.ru Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\michael gromer\cookies\michael gromer@hotlog[1].txt IndexTools.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\michael gromer\cookies\michael gromer@indextools[2].txt Mediaplex.com Cookie more information... Details: Cookie used to track cross site advertising with the Mediaplex and value Click advertising companies. Status: Deleted Infected cookies detected c:\dokumente und einstellungen\michael gromer\cookies\michael gromer@mediaplex[1].txt PacificPoker Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\michael gromer\cookies\michael gromer@pacificpoker[1].txt Revenue.net Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\michael gromer\cookies\michael gromer@revenue[2].txt Radar Spy 1.0 Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\michael gromer\cookies\michael gromer@tradedoubler[2].txt Ajan 1.0 Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\michael gromer\cookies\michael gromer@xiti[1].txt XXXCounter.com Cookie more information... Status: Deleted Infected cookies detected c:\dokumente und einstellungen\michael gromer\cookies\michael gromer@xxxcounter[1].txt __________ THX for help ^^ Dieser Beitrag wurde am 08.11.2006 um 21:08 Uhr von Sabina editiert.
|
|
|
||
08.11.2006, 21:06
Ehrenmitglied
Beiträge: 29434 |
#14
ich weiss nicht, ob du wirklich ALLES removed hast............., scanne noch mal und poste den report
__________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 08.11.2006 um 21:10 Uhr von Sabina editiert.
|
|
|
||
08.11.2006, 21:32
Member
Themenstarter Beiträge: 12 |
#15
habe einen 2. suchlauf gemacht und dieser hatte keinen weiteren eintrag gefunden .. habe in meinem eifer leider den report weg gedrückt weil ich .. naja ich konnte den finger nich stillhalten .. soll ich morgen mittag noch einen weiteren suchlauf mit nem programm machen?
__________ THX for help ^^ |
|
|
||
Jetzt habe ich ein Problem das ich komischerweise nach Aufarbeitung des gleichen Problems vom 23.10 (Beitrag barbzz) nicht los werde! Oder aber ich habe die vorangegangenen Probleme doch nicht soooo richtig gelöst :-(
Logfile of HijackThis v1.99.1
Scan saved at 12:15:55, on 07.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\PSCastor\PSCastor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\MICHAE~1\LOKALE~1\Temp\Rar$EX00.281\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.ysearch.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{2B2AB34D-ED35-B337-6B55-C658C14504A6} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbu1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\tbu1\toolbaru.dll
O2 - BHO: (no name) - {C35F268C-6B1C-9A9B-976F-3E0A5D8DF8A6} - C:\WINDOWS\lznjvsza.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\tbu1\toolbaru.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [PSCastor] "C:\Programme\PSCastor\PSCastor.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Programme\Microsoft Works\WkDetect.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {128988D7-0075-4D92-9557-9A2BFCFAE319} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {128988D7-0075-4D92-9557-9A2BFCFAE319} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/145f0da8859fd1a16716/netzip/RdxIE601_de.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125250401093
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/DeskUpdate/isapi/activex.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/de/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{D8FD63F1-2A6E-426B-B17F-D9FE14388E84}: NameServer = 217.237.151.225,217.237.150.225
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - (no file)
O20 - AppInit_DLLs: BattyRun2.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - F:\Programme\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe (file missing)
Soooo .. hier dann mit ComboFix ein Log erstellt ..
Michael Gromer - 06-11-07 13:11:34,96 Service Pack 2
ComboFix 06.10.19 - Running from: "F:\"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\WINDOWS\RACLE~1
C:\QooBox\Purity\WINDOWS\RACLE~1\?racle
((((((((((((((((((((((((((((((( Files Created from 2006-10-07 to 2006-11-07 ))))))))))))))))))))))))))))))))))
2006-10-26 17:40 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
2006-10-22 11:32 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-07 10:41 -------- d-------- C:\Programme\CleanUp!
2006-11-07 09:49 -------- d-------- C:\Programme\WinACE
2006-11-02 17:10 -------- d-------- C:\Programme\ICQToolbar
2006-11-02 17:10 -------- d-------- C:\Dokumente und Einstellungen\Michael Gromer\Anwendungsdaten\ICQ Toolbar
2006-11-01 00:11 -------- d-------- C:\Programme\WinRAR
2006-10-31 09:30 -------- d---s---- C:\Dokumente und Einstellungen\Michael Gromer\Anwendungsdaten\Microsoft
2006-10-29 19:49 -------- d-------- C:\Dokumente und Einstellungen\Michael Gromer\Anwendungsdaten\Adobe
2006-10-29 19:46 -------- d-------- C:\Programme\Gemeinsame Dateien\Vbox
2006-10-29 19:46 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-10-29 19:45 -------- d-------- C:\Programme\Gemeinsame Dateien\Adobe
2006-10-29 19:45 -------- d-------- C:\Programme\Adobe
2006-10-26 17:44 -------- d-------- C:\Programme\Gemeinsame Dateien\MAGIX Shared
2006-10-25 08:57 -------- d-------- C:\Programme\ABBYY FineReader 5.0 Sprint
2006-10-25 08:31 -------- d-------- C:\Programme\Lexmark X74-X75
2006-10-24 07:45 -------- d-------- C:\Programme\PSDream
2006-10-24 07:45 -------- d-------- C:\Programme\PSCastor
2006-10-19 15:56 32208 ---hs---- C:\Programme\Gemeinsame Dateien\Y1324OU.exe
2006-10-03 10:43 -------- d-------- C:\Programme\Internet Explorer
2006-09-13 06:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 16:51 1245184 --------- C:\WINDOWS\system32\msxml4.dll
2006-08-25 16:46 617472 --------- C:\WINDOWS\system32\comctl32.dll
2006-08-21 13:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 12:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-07 16:17 61440 --------- C:\WINDOWS\system32\BattyRun2.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\Programme\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"PSCastor"="\"C:\\Programme\\PSCastor\\PSCastor.exe\""
"Microsoft Works Update Detection"="c:\\Programme\\Microsoft Works\\WkDetect.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\not active]
"DB_AFD"="C:\\Programme\\DATA BECKER\\XP optimal einstellen 3.0\\DBAFD.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,36,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,36,02,\
00,00,01,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="7db39a0d-580f-4be9-9195-8bfcd226f6c2"
"SubscribedURL"="C:\\WINDOWS\\System32\\AquaReal.ocx"
"FriendlyName"="PC-Aquarium Deluxe"
"Flags"=dword:00004003
"Position"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,20,03,00,00,35,02,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,01,00,00,00,20,03,00,00,35,02,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,20,03,00,00,58,02,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=hex:01,00,00,00
"NoInstrumentation"=dword:00000001
"NoDrives"=dword:00000000
"NoDriveAutorun"=dword:00000000
"NoSharedDocuments"=dword:00000000
"NoFavoritesMenu"=dword:00000001
"SpecifyDefaultButtons"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Microsoft Office Outlook"="C:\\PROGRA~1\\MICROS~4\\OFFICE11\\OUTLOOK.EXE /recycle"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\""
"NCLaunch"="C:\\WINDOWS\\NCLAUNCH.EXe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"Microsoft Works Update Detection"="c:\\Programme\\Gemeinsame Dateien\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"WorksFUD"="c:\\Programme\\Microsoft Works\\wkfud.exe"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\\\PSDrvCheck.exe"
"SoundMan"="SOUNDMAN.EXE"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"Microsoft Works Portfolio"="c:\\Programme\\Microsoft Works\\WksSb.exe /AllUsers"
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -minimize"
"Lexmark X74-X75"="\"C:\\Programme\\Lexmark X74-X75\\lxbbbmgr.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader - Schnellstart.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~3.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader - Schnellstart"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech Desktop Messenger.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Logitech Desktop Messenger.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Michael Gromer^Startmenü^Programme^Autostart^Registration-InstantCopy.lnk]
"path"="C:\\Dokumente und Einstellungen\\Michael Gromer\\Startmenü\\Programme\\Autostart\\Registration-InstantCopy.lnk"
"backup"="C:\\WINDOWS\\pss\\Registration-InstantCopy.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Pinnacle\\SHARED~1\\INSTAN~1\\Pixie\\RegTool.exe InstantCopy,INSCPY,register,DE,0,serial=AARTO-AAWNO-EMMGX-ZEAMA-MPWGA"
"item"="Registration-InstantCopy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0190 Alarm]
"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="0190Alarm"
"hkey"="HKCU"
"command"="C:\\Programme\\0190 Alarm\\0190Alarm.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AnyDVD"
"hkey"="HKLM"
"command"="C:\\Programme\\SlySoft\\AnyDVD\\AnyDVD.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CloneCDTray"
"hkey"="HKLM"
"command"="\"C:\\Programme\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxbbbmgr"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Lexmark X74-X75\\lxbbbmgr.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ManifestEngine"
"hkey"="HKCU"
"command"="C:\\Programme\\Logitech\\Video\\ManifestEngine.exe boot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISStart"
"hkey"="HKLM"
"command"="C:\\Programme\\Logitech\\Video\\ISStart.exe "
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"command"="C:\\Programme\\Logitech\\Video\\LogiTray.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Guardian]
"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CMGrdian"
"hkey"="HKLM"
"command"="\"C:\\Programme\\McAfee\\McAfee Shared Components\\Guardian\\CMGrdian.exe\" /SU"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee.InstantUpdate.Monitor]
"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RuLaunch"
"hkey"="HKCU"
"command"="\"C:\\Programme\\McAfee\\McAfee Shared Components\\Instant Updater\\RuLaunch.exe\" /STARTMONITOR"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaLoads Installer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dw"
"hkey"="HKLM"
"command"="\"C:\\Programme\\DownloadWare\\dw.exe\" /H"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\routcnf]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="routcnf"
"hkey"="HKLM"
"command"="C:\\Programme\\Telekom\\Eumex 404PC\\routcnf.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Programme\\Java\\jre1.5.0_05\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="C:\\Programme\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Programme\\Winamp\\winampa.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XPoe-Runtime]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="xpoerunt"
"hkey"="HKCU"
"command"="C:\\Programme\\DATA BECKER\\XP optimal einstellen 3.0\\xpoerunt.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\{379569C4-655F-42E3-9AB9-4BED466EDD61}_MICHAEL_Michael Gromer.job
C:\WINDOWS\tasks\{396BDFDF-4361-48CE-8FCC-A2B025735F23}_MICHAEL_Michael Gromer.job
C:\WINDOWS\tasks\{4B4067C7-56A6-404E-8A6B-B9FDDA94C807}_MICHAEL_Michael Gromer.job
C:\WINDOWS\tasks\{4E0ABFA3-8428-470E-8F76-34F48A6A0D13}_MICHAEL_Michael Gromer.job
C:\WINDOWS\tasks\{7F78950F-0B9F-408F-969C-48BC808629D9}_MICHAEL_Michael Gromer.job
C:\WINDOWS\tasks\{8B123A06-B7B3-4768-BAF1-9A9610EA8C91}_MICHAEL_Michael Gromer.job
Completion time: 06-11-07 13:12:08.43
C:\ComboFix.txt ... 06-11-07 13:12
C:\ComboFix2.txt ... 06-11-07 12:08
C:\ComboFix3.txt ... 06-11-07 10:48
__________
THX for help ^^