Virus burster / Perfect Codec / Critical System Errors

#1 hab auch das virus burster problem. der adaware hat vieles schon gelöscht verbleibend ist das blinkende symbol in der taskleiste

Logfile of HijackThis v1.99.1
Scan saved at 10:49:27, on 15.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Network Associates\Common Framework\FrameworkService.exe
C:\Programme\Network Associates\VirusScan\Mcshield.exe
C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
c:\Uniform3_1_1s\usr\local\mysql\bin\mysqld-opt.exe
C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Programme\Apoint\Apoint.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Dell\QuickSet\quickset.exe
C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programme\Network Associates\VirusScan\SHSTAT.EXE
C:\Programme\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Programme\Apoint\Apntex.exe
C:\Programme\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Duden\Duden Korrektor\DK3Tray.exe
C:\Programme\I8kfanGUI\I8kfanGUI.exe
C:\Programme\FolderShare\FolderShare.exe
C:\Programme\Azureus\Azureus.exe
C:\Programme\Office-Bibliothek\officebib.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktopMail.exe
C:\WINDOWS\system32\rundll32.exe
E:\MozillaThunderbird\thunderbird.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Filzip\Filzip.exe
C:\DOKUME~1\SILVAN~1\LOKALE~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.unizh.ch:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - C:\Programme\Perfect Codec\isaddon.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Suchspur - {5D945E9A-DC10-4670-83EB-99DAA616628A} - C:\WINDOWS\system32\Suchspur.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Groove Networks\Groove\Bin\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Protection Bar - {bf1ced2c-4b3f-4079-a330-864eda5a4cff} - C:\Programme\Perfect Codec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programme\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programme\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Duden Korrektor 3.5] C:\Programme\Duden\Duden Korrektor\DK3Tray.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Programme\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [FolderShare] "C:\Programme\FolderShare\FolderShare.exe" /background
O4 - Startup: Azureus.lnk = C:\Programme\Azureus\Azureus.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Suchen - res://C:\WINDOWS\system32\Suchspur.dll/Suchspur.HTM
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: IntelWireless - C:\Programme\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: featherweed - {ab340860-fd81-4a65-b345-82eb77a66b5e} - C:\WINDOWS\system32\jbtazy.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Groove Audit Service (GrooveAuditService) - Groove Networks, Inc. - C:\Programme\Groove Networks\Groove\Bin\GrooveAuditService.exe
O23 - Service: Groove Installer Service (GrooveInstallerService) - Groove Networks, Inc. - C:\Programme\Groove Networks\Groove\Bin\GrooveInstallerService.exe
O23 - Service: GrooveRunOnceInstaller - Groove Networks, Inc. - C:\Programme\Groove Networks\Groove\Bin\GrooveRunOnceInstaller.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework-Dienst (McAfeeFramework) - Network Associates, Inc. - C:\Programme\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programme\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MySQL - Unknown owner - c:\Uniform3_1_1s\usr\local\mysql\bin\mysqld-opt.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\apache\Apache.exe" --ntservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe

----------------

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: ACB5-5CA8

Verzeichnis von C:\WINDOWS\system32

15.11.2006 10:04 2'206 wpa.dbl
15.11.2006 00:29 14'848 BASSMOD.dll
15.11.2006 00:04 77'824 jbtazy.dll
14.11.2006 06:52 48'640 Suchspur.dll
11.11.2006 02:42 664 d3d9caps.dat
07.11.2006 17:38 10'342'824 MRT.exe
06.11.2006 21:10 41 Filzip.ini
02.11.2006 23:50 382'026 perfh009.dat
02.11.2006 23:50 53'770 perfc009.dat
02.11.2006 23:50 393'086 perfh007.dat
02.11.2006 23:50 64'848 perfc007.dat
02.11.2006 23:50 902'476 PerfStringBackup.INI
09.10.2006 20:05 16'832 amcompat.tlb
09.10.2006 20:05 23'392 nscompat.tlb
09.10.2006 20:05 2'272 w95inf16.dll
09.10.2006 20:05 4'608 w95inf32.dll
30.09.2006 10:36 183'424 FNTCACHE.DAT
13.09.2006 06:02 1'084'416 msxml3.dll
05.09.2006 10:25 167'936 infgdbcb.dll
04.09.2006 07:13 1'497'088 shdocvw.dll
01.09.2006 15:14 65'536 QuickTimeVR.qtx
01.09.2006 15:14 49'152 QuickTime.qts
31.08.2006 16:38 299'008 GMAccMan.dll
31.08.2006 16:35 90'112 GMSigMan.dll
31.08.2006 16:27 65'536 GMMesCom.dll
31.08.2006 16:17 258'048 GMMailer.dll
25.08.2006 16:46 617'472 comctl32.dll
21.08.2006 13:26 16'896 fltlib.dll
21.08.2006 10:14 23'040 fltmc.exe
16.08.2006 12:58 100'352 6to4svc.dll
14.08.2006 10:45 30 brss01a.ini

---------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: ACB5-5CA8

Verzeichnis von C:\DOKUME~1\SILVAN~1\LOKALE~1\Temp

15.11.2006 10:57 289 datFind.zip
15.11.2006 10:56 108'214 bt8537.bat
15.11.2006 10:49 10'016 hijackthis.log
15.11.2006 10:48 212'849 hijackthis.zip
15.11.2006 10:14 122'095 jusched.log
15.11.2006 10:04 32'768 ~DF8A25.tmp
15.11.2006 01:59 32'768 ~DF1E90.tmp
15.11.2006 00:09 32'768 ~DF1EDE.tmp
15.11.2006 00:05 2'814'364 vb10A.exe
15.11.2006 00:04 33'824 laf109.tmp
14.11.2006 23:10 23'625 Blatt2.pdf
14.11.2006 22:18 32'768 ~DFF26B.tmp
14.11.2006 22:12 3 Twain001.Mtx
14.11.2006 18:53 54'311 start.exe
14.11.2006 06:52 877 ~AA.htm
13.11.2006 22:22 0 i1b66.tmp
13.11.2006 21:20 304'128 06-11-09_Protokoll Parliap‚ro.doc
13.11.2006 19:45 32'768 ~DFCDCD.tmp
13.11.2006 19:14 32'768 ~DF5D8.tmp
13.11.2006 15:55 32'768 ~DFC032.tmp
13.11.2006 12:07 26'624 Adressliste Tipkurs 06.xls
13.11.2006 00:16 0 fcx90.tmp
13.11.2006 00:12 0 l1z8F.tmp
13.11.2006 00:03 0 kr389.tmp
13.11.2006 00:02 0 ib288.tmp
12.11.2006 23:55 717 control.xml
12.11.2006 23:46 0 3ef79.tmp
12.11.2006 21:00 45'056 06-10-31_Datenkalender PKS 07.xls
12.11.2006 18:49 32'768 ~DFC868.tmp
12.11.2006 16:30 16'384 ~DF969F.tmp
11.11.2006 21:19 161'136 mso3D739.jpg
11.11.2006 20:10 32'768 ~DF771.tmp
11.11.2006 08:28 32'768 ~DFB45.tmp
11.11.2006 02:58 0 fifE1.tmp
11.11.2006 02:58 0 gobE0.tmp
10.11.2006 07:13 100 2F49CE31.TMP
09.11.2006 18:13 32'768 ~DFC563.tmp
09.11.2006 08:26 32'768 ~DF4CBF.tmp
08.11.2006 10:05 32'768 ~DF7D97.tmp
08.11.2006 04:27 115 4241C0F8.TMP
08.11.2006 00:12 27'648 politischer Inhalt.doc
06.11.2006 17:14 32'768 ~DF5AD.tmp
06.11.2006 07:50 52'092 fe0f_appcompat.txt
05.11.2006 19:37 32'768 ~DFF25A.tmp
05.11.2006 13:55 32'768 ~DF6C04.tmp
04.11.2006 18:27 32'768 ~DFA937.tmp

----------------


Silvan Munz - 06-11-15 10:55:39.89 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Programme\Mozilla Firefox"

((((((((((((((((((((((((((((((( Files Created from 2006-10-15 to 2006-11-15 ))))))))))))))))))))))))))))))))))


2006-11-15 02:05 31,369,925 --a------ C:\Dokumente und Einstellungen\Silvan Munz\DLE35Setup.exe
2006-11-15 02:05 10,343,985 C:\Dokumente und Einstellungen\Silvan MunzDuden Korrektor PLUS 3.5 SP1.exe
2006-11-15 00:04 77,824 --a------ C:\WINDOWS\system32\jbtazy.dll
2006-11-14 11:02 322,560 --a------ C:\WINDOWS\SMUn1.exe
2006-11-13 22:44 14,848 --a------ C:\WINDOWS\system32\BASSMOD.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-15 10:56 -------- d-------- C:\Dokumente und Einstellungen\Silvan Munz\Anwendungsdaten\Azureus
2006-11-15 10:54 -------- d-------- C:\Programme\Mozilla Firefox
2006-11-15 10:52 -------- d-------- C:\Dokumente und Einstellungen\Silvan Munz\Anwendungsdaten\Skype
2006-11-15 02:07 -------- d-------- C:\Programme\Microsoft Works
2006-11-15 02:06 -------- d-------- C:\Programme\Gemeinsame Dateien\DLE
2006-11-15 02:06 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-11-15 00:25 -------- d-------- C:\Programme\Lavasoft
2006-11-15 00:25 -------- d-------- C:\Dokumente und Einstellungen\Silvan Munz\Anwendungsdaten\Lavasoft
2006-11-15 00:24 -------- d-------- C:\Programme\Windows Defender
2006-11-14 20:22 -------- d-------- C:\Programme\easetech
2006-11-14 20:21 -------- d-------- C:\Programme\eMule
2006-11-14 12:08 -------- d-------- C:\Programme\SuperMailer
2006-11-14 06:52 48640 --a------ C:\WINDOWS\system32\Suchspur.dll
2006-11-13 22:45 -------- d-------- C:\Programme\1st Mass Mailer
2006-11-13 20:22 -------- d-------- C:\Programme\HyCam2
2006-11-07 00:35 -------- d-------- C:\Dokumente und Einstellungen\Silvan Munz\Anwendungsdaten\Macromedia
2006-11-04 18:33 -------- d-------- C:\Dokumente und Einstellungen\Silvan Munz\Anwendungsdaten\dvdcss
2006-11-01 01:29 -------- d-------- C:\Programme\Microsoft Windows Vista Upgrade Advisor
2006-10-27 16:53 -------- d-------- C:\Dokumente und Einstellungen\Silvan Munz\Anwendungsdaten\AdobeUM
2006-10-25 14:19 869 --a------ C:\Dokumente und Einstellungen\Silvan Munz\Anwendungsdaten\AdobeDLM.log
2006-10-25 14:19 0 --a------ C:\Dokumente und Einstellungen\Silvan Munz\Anwendungsdaten\dm.ini
2006-10-25 14:19 -------- d-------- C:\Programme\Adobe
2006-10-25 14:15 -------- d-------- C:\Programme\Gemeinsame Dateien\Adobe
2006-10-25 14:15 -------- d-------- C:\Dokumente und Einstellungen\Silvan Munz\Anwendungsdaten\Adobe
2006-10-21 11:56 -------- d-------- C:\Programme\iDump
2006-10-12 17:36 -------- d-------- C:\Programme\Azureus
2006-10-12 10:30 -------- d-------- C:\Dokumente und Einstellungen\Silvan Munz\Anwendungsdaten\Swiss Map
2006-10-12 09:59 -------- d-------- C:\Programme\Swiss Map 25
2006-10-09 20:05 4608 --a------ C:\WINDOWS\system32\w95inf32.dll
2006-10-09 20:05 2272 --a------ C:\WINDOWS\system32\w95inf16.dll
2006-10-09 20:05 -------- d-------- C:\Programme\Windows Media Player
2006-10-09 20:05 -------- d-------- C:\Programme\Auralog
2006-10-03 14:30 47416 --a------ C:\Dokumente und Einstellungen\Silvan Munz\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2006-09-27 17:34 -------- d-------- C:\Programme\Gemeinsame Dateien\System-G
2006-09-27 16:37 -------- d-------- C:\Dokumente und Einstellungen\Silvan Munz\Anwendungsdaten\SuperMailer
2006-09-26 22:53 7396 --a------ C:\Dokumente und Einstellungen\Silvan Munz\Anwendungsdaten\unins000.dat
2006-09-26 22:53 673546 --a------ C:\Dokumente und Einstellungen\Silvan Munz\Anwendungsdaten\unins000.exe
2006-09-26 22:53 -------- d-------- C:\Programme\GroupMail 5
2006-09-25 19:10 -------- d---s---- C:\Dokumente und Einstellungen\Silvan Munz\Anwendungsdaten\Microsoft
2006-09-21 14:04 -------- d-------- C:\Programme\FolderShare
2006-09-21 13:48 -------- d-------- C:\Programme\SmartFTP
2006-09-21 13:47 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-09-21 13:46 -------- d-------- C:\Programme\Patrimonium
2006-09-20 21:45 -------- d-------- C:\Programme\VViewer
2006-09-20 21:45 -------- d-------- C:\Programme\Microsoft Office
2006-09-20 10:25 -------- d-------- C:\Programme\Mozilla Sunbird
2006-09-19 15:17 -------- d-------- C:\Programme\Microsoft
2006-09-18 20:33 -------- d-------- C:\Programme\Groove Networks
2006-09-13 06:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-05 13:00 322560 --a------ C:\WINDOWS\SMUn.EXE
2006-09-05 10:25 167936 --a------ C:\WINDOWS\system32\infgdbcb.dll
2006-08-31 16:38 299008 --a------ C:\WINDOWS\system32\GMAccMan.dll
2006-08-31 16:35 90112 --a------ C:\WINDOWS\system32\GMSigMan.dll
2006-08-31 16:27 65536 --a------ C:\WINDOWS\system32\GMMesCom.dll
2006-08-31 16:17 258048 --a------ C:\WINDOWS\system32\GMMailer.dll
2006-08-25 16:46 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 13:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 12:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"Duden Korrektor 3.5"="C:\\Programme\\Duden\\Duden Korrektor\\DK3Tray.exe"
"i8kfangui"="C:\\Programme\\I8kfanGUI\\I8kfanGUI.exe /startup"
"FolderShare"="\"C:\\Programme\\FolderShare\\FolderShare.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Apoint"="C:\\Programme\\Apoint\\Apoint.exe"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"IntelWireless"="C:\\Programme\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
"Dell QuickSet"="C:\\Programme\\Dell\\QuickSet\\quickset.exe"
"DVDLauncher"="\"C:\\Programme\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"ShStatEXE"="\"C:\\Programme\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Programme\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"FinePrint Dispatcher v5"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\fpdisp5a.exe\" /source=HKLM"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"Google Desktop Search"="\"C:\\Programme\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"Realtime Audio Engine"="mmrtkrnl.exe"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"Windows Defender"="\"C:\\Programme\\Windows Defender\\MSASCui.exe\" -hide"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,50,01,00,00,00,00,00,00,40,05,00,00,fc,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"DWQueuedReporting"="\"C:\\PROGRA~1\\GEMEIN~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"DWQueuedReporting"="\"C:\\PROGRA~1\\GEMEIN~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{ab340860-fd81-4a65-b345-82eb77a66b5e}"="featherweed"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"featherweed"="{ab340860-fd81-4a65-b345-82eb77a66b5e}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Acrobat Assistant.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Acrobat Assistant.lnk"
"backup"="C:\\WINDOWS\\pss\\Acrobat Assistant.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Distillr\\AcroTray.exe "
"item"="Acrobat Assistant"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\GEMEIN~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Cisco Systems VPN Client.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Cisco Systems VPN Client.lnk"
"backup"="C:\\WINDOWS\\pss\\Cisco Systems VPN Client.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\CISCOS~1\\VPNCLI~1\\vpngui.exe \"-user_logon\""
"item"="Cisco Systems VPN Client"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~3\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Office-Bibliothek-Direktsuche.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Office-Bibliothek-Direktsuche.lnk"
"backup"="C:\\WINDOWS\\pss\\Office-Bibliothek-Direktsuche.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\OFFICE~1\\PCLib.exe "
"item"="Office-Bibliothek-Direktsuche"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Silvan Munz^Startmenü^Programme^Autostart^Yahoo! Widget Engine.lnk]
"path"="C:\\Dokumente und Einstellungen\\Silvan Munz\\Startmenü\\Programme\\Autostart\\Yahoo! Widget Engine.lnk"
"backup"="C:\\WINDOWS\\pss\\Yahoo! Widget Engine.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Yahoo!\\WIDGET~1\\YAHOOW~1.EXE "
"item"="Yahoo! Widget Engine"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BootSkin"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Stardock\\WinCustomize\\BootSkin\\BootSkin.exe\" /StartupJobs"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DMXLauncher"
"hkey"="HKLM"
"command"="C:\\Programme\\Dell\\Media Experience\\DMXLauncher.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fpassist"
"hkey"="HKLM"
"command"="C:\\Programme\\FreePDF_XP\\fpassist.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="googletalk"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Google\\Google Talk\\googletalk.exe\" /autostart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISUSPM"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\GEMEIN~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="issch"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\issch.exe\" -start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MMAgent"
"hkey"="HKCU"
"command"="C:\\Programme\\Mobile Master\\MMAgent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Programme\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OLPSYNCH]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OlpSynch"
"hkey"="HKLM"
"command"="C:\\Programme\\Offline Course Player\\OlpSynch.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Pando"
"hkey"="HKLM"
"command"="C:\\Programme\\Pando Networks\\Pando\\Pando.exe /Automation"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Search"
"hkey"="HKLM"
"command"="\"C:\\Programme\\WhenUSearch\\Search.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearchWHSE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="whse"
"hkey"="HKLM"
"command"="\"C:\\Programme\\WhenUSearch\\whse.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinColorReminder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinColorReminder"
"hkey"="HKCU"
"command"="C:\\Programme\\Pro Imaging Powertoys\\Microsoft Color Control Panel Applet for Windows XP\\WinColorReminder.exe"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-11-15 10:56:55.29
C:\ComboFix.txt ... 06-11-15 10:56
----------------------

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: ACB5-5CA8

Verzeichnis von C:\WINDOWS

15.11.2006 10:19 41 Filzip.ini
15.11.2006 10:08 1'212'630 WindowsUpdate.log
15.11.2006 10:03 0 0.log
15.11.2006 10:02 157 wiadebug.log
15.11.2006 10:02 4'148 ModemLog_Conexant D110 MDC V.9x Modem.txt
15.11.2006 10:02 50 wiaservc.log
15.11.2006 10:02 2'048 bootstat.dat
15.11.2006 02:12 227 system.ini
15.11.2006 02:12 669 win.ini
15.11.2006 02:07 663'040 isRS-000.tmp
15.11.2006 01:58 32'642 SchedLgU.Txt
15.11.2006 00:31 195 mailer.INI
15.11.2006 00:16 512 randseed.rnd
14.11.2006 22:42 2'388 EaseAudioConverter.ini
14.11.2006 11:02 2'133 SuperMailer0_Uninstall.in
14.11.2006 07:29 1'409 QTFont.for
14.11.2006 07:29 54'156 QTFont.qfn
14.11.2006 07:28 49 NeroDigital.ini
13.11.2006 17:48 967'817 setupapi.log
12.11.2006 23:55 34'616 wmsetup.log
25.10.2006 09:35 12'041 mozver.dat
23.10.2006 23:00 441 brqikmon.ini
11.10.2006 08:08 112'877 ntdtcsetup.log
11.10.2006 08:08 78'105 iis6.log
11.10.2006 08:08 182'687 comsetup.log
11.10.2006 08:08 29'720 ocmsn.log
11.10.2006 08:08 207'553 tsoc.log
11.10.2006 08:08 1'393 imsins.log
11.10.2006 08:08 13'920 KB924191.log
11.10.2006 08:08 285'545 ocgen.log
11.10.2006 08:08 26'887 msgsocm.log
11.10.2006 08:08 529'925 FaxSetup.log
11.10.2006 08:08 36'103 updspapi.log
11.10.2006 08:08 1'393 imsins.BAK
11.10.2006 08:08 13'627 KB922819.log
11.10.2006 08:08 12'314 KB923414.log
11.10.2006 08:08 14'561 KB924496.log
11.10.2006 08:07 9'557 KB923191.log
10.10.2006 21:21 1'485 setupact.log
09.10.2006 20:05 504 err.txt
29.09.2006 13:54 0 Graphing Calculator Viewer.INI
28.09.2006 10:14 14'912 KB891781.log
27.09.2006 18:13 1'978 SuperMailer_Uninstall.ins
27.09.2006 16:37 2'459 SuperMailer_Uninstall.in
27.09.2006 09:08 11'352 KB925486.log
26.09.2006 15:23 447 brwmark.ini
19.09.2006 12:13 12'055 KB920685.log
19.09.2006 12:13 17'639 KB920872.log
14.09.2006 11:51 121 GEARInstall.log
14.09.2006 08:47 13'850 KB919007.log
14.09.2006 08:46 9'179 KB922582.log
05.09.2006 13:00 322'560 SMUn.EXE
23.08.2006 13:41 675 nsw.log
12.08.2006 11:01 16'801 KB920214.log
12.08.2006 11:01 16'797 KB922616.log
12.08.2006 11:00 17'114 KB921398.log
12.08.2006 11:00 34'216 KB918899.log
12.08.2006 10:59 12'486 KB920670.log
12.08.2006 10:59 12'648 KB917422.log
12.08.2006 10:59 12'975 KB920683.log
09.08.2006 23:02 11'703 KB921883.log
08.08.2006 19:26 43 gswin32.ini

-------------

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: ACB5-5CA8

Verzeichnis von C:\WINDOWS\Temp

----------------

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: ACB5-5CA8

Verzeichnis von C:\WINDOWS\Downloaded Program Files

02.12.2005 11:55 5'101 swflash.inf
18.08.2004 13:17 65 desktop.ini
27.07.2004 16:48 323'584 isusweb.dll
25.07.2002 18:13 24'576 dwusplay.dll
25.07.2002 18:13 196'608 dwusplay.exe
20.01.2000 14:25 1'162 Microsoft XML Parser for Java.osd
6 Datei(en) 551'096 Bytes
0 Verzeichnis(se), 13'507'833'856 Bytes frei
----------------

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: ACB5-5CA8

Verzeichnis von C:\

15.11.2006 10:59 0 sys.txt
15.11.2006 10:59 565 down.txt
15.11.2006 10:59 117 tmp.txt
15.11.2006 10:59 12'019 system.txt
15.11.2006 10:58 32'634 systemtemp.txt
15.11.2006 10:57 105'003 system32.txt
15.11.2006 10:56 18'589 ComboFix.txt
15.11.2006 10:02 0 tsk.1
15.11.2006 10:02 0 tsk
15.11.2006 10:02 1'073'152'000 hiberfil.sys
15.11.2006 10:02 1'610'612'736 pagefile.sys
15.11.2006 02:12 466 boot.ini
06.11.2006 21:25 3'122 EyeCandyLog.txt
28.10.2006 14:18 0 tuo.1
28.10.2006 14:18 0 tuo
09.10.2006 20:05 11 trace.ini
11.07.2006 13:13 0 t1e8.5
11.07.2006 13:12 0 t1e8.4
01.07.2006 21:25 466 Boot.BAK
01.07.2006 21:08 8'192 BOOTSECT.BAK
01.07.2006 17:40 0 t1e4.3
01.07.2006 17:40 0 t1e4.2
01.07.2006 09:49 0 t1fo.1
01.07.2006 09:49 0 t1fo
08.06.2006 16:21 0 th0.1
08.06.2006 16:21 0 th0
05.06.2006 13:46 0 t1e4.1
05.06.2006 13:46 0 t1e4
05.06.2006 13:45 0 t1ec.1
05.06.2006 13:45 0 t1ec
03.06.2006 15:57 0 t1g4.1
03.06.2006 15:57 0 t1g4
02.06.2006 16:13 0 t1e8.3
02.06.2006 16:13 0 t1e8.2


Besten Dank für die Hilfe

#2 Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

Registry values to delete:
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{ab340860-fd81-4a65-b345-82eb77a66b5e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload|featherweed
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe

registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearch
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab340860-fd81-4a65-b345-82eb77a66b5e}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf1ced2c-4b3f-4079-a330-864eda5a4cff}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{192c5b4a-3efd-40c7-9f99-c472deb8efc0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab340860-fd81-4a65-b345-82eb77a66b5e}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D945E9A-DC10-4670-83EB-99DAA616628A}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{192c5b4a-3efd-40c7-9f99-c472deb8efc0}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D945E9A-DC10-4670-83EB-99DAA616628A}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03

Files to delete:
C:\WINDOWS\system32\jbtazy.dll
C:\WINDOWS\system32\Suchspur.dll

Folders to delete:
C:\Programme\Perfect Codec

Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

»»
lösche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb

««
scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen)
http://virus-protect.org/artikel/tools/smitfrautfix.html
__________
MfG Sabina

rund um die PC-Sicherheit

#3 Hallo Sabina!!
Wie du dier denken kannst habe ich LEIDER auch Virus-Burst eingefangen.
Ich habe bis jetzt das Logfile von Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 13:18:28, on 03.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\GEMEIN~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\vsnpstd2.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
C:\Programme\AVPersonal\AVWIN.EXE
C:\Programme\Video ActiveX Object\isamini.exe
C:\Programme\Video ActiveX Object\pmmon.exe
C:\Programme\Video ActiveX Object\pmsngr.exe
C:\Programme\Video ActiveX Object\isamonitor.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Downloads\Setups\Schei... Problem mit VIRUS Bursters\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - C:\Programme\Video ActiveX Object\isaddon.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll
O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Programme\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Programme\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://www.giga.de/giga-stream-test/Rawflow.cab
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\GEMEIN~1\Stardock\mcpstub.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - C:\WINDOWS\system32\xxfgmy.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Ich warte auf weitere Anweisungen^^

Und entschuldige dass ich dir wieder Arbeit mache
Viele Grüße Markazeh

#4 Markazeh

combofix anwenden, auch die Datentraegerbereinigung durchfuehren lassen + den Scanreport abkopieren und im Beitrag posten
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit

#5 Mark - 06-12-03 13:34:01,37 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Programme\Mozilla Firefox"

((((((((((((((((((((((((((((((( Files Created from 2006-11-03 to 2006-12-03 ))))))))))))))))))))))))))))))))))


2006-12-03 13:24 <DIR> d-------- C:\Programme\CleanUp!
2006-12-02 20:39 77,824 --a------ C:\WINDOWS\system32\xxfgmy.dll
2006-12-02 20:39 <DIR> d-------- C:\Programme\Video ActiveX Object
2006-12-02 20:24 <DIR> d-------- C:\Programme\ElcomSoft
2006-12-02 20:19 268,048 --a------ C:\WINDOWS\system32\dxtmeta2.dll
2006-12-02 17:36 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-12-02 17:35 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-11-30 16:03 15,440 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2006-11-30 16:03 <DIR> d-------- C:\Programme\Hamachi
2006-11-30 16:03 <DIR> d-------- C:\Dokumente und Einstellungen\Mark\Anwendungsdaten\Hamachi
2006-11-30 15:51 <DIR> d-------- C:\Programme\TrackMania Nations ESWC
2006-11-30 15:10 <DIR> d-------- C:\Temp
2006-11-28 17:16 <DIR> d---s---- C:\Programme\Xfire
2006-11-28 17:16 <DIR> d-------- C:\Dokumente und Einstellungen\Mark\Anwendungsdaten\Xfire
2006-11-24 17:24 <DIR> d-------- C:\Programme\pspvideo9
2006-11-24 17:14 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2006-11-21 18:50 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2006-11-21 18:50 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2006-11-18 12:04 <DIR> d-------- C:\72185c54478373464c9374
2006-11-16 11:23 <DIR> d--hs---- C:\found.000
2006-11-15 17:33 <DIR> d-------- C:\Dokumente und Einstellungen\Mark\Anwendungsdaten\Google
2006-11-15 17:32 <DIR> d-------- C:\Programme\Google
2006-11-10 09:51 <DIR> d-------- C:\Programme\Electronic Arts
2006-11-08 08:21 48,640 --a------ C:\WINDOWS\system32\stream.sys
2006-11-08 08:17 90,174 --a------ C:\WINDOWS\system32\bt848wst.dll
2006-11-08 08:17 86,072 --a------ C:\WINDOWS\system32\hcwi2c32.dll
2006-11-08 08:17 524,353 --a------ C:\WINDOWS\system32\HCWTVWND.dll
2006-11-08 08:17 465,988 --a------ C:\WINDOWS\system32\drivers\HCWBT8xx.sys
2006-11-08 08:17 36,921 --a------ C:\WINDOWS\system32\Hcwutl32.dll
2006-11-08 08:17 192,568 --a------ C:\WINDOWS\system32\hcwpnp32.dll
2006-11-08 08:17 12,288 --a------ C:\WINDOWS\system32\btgpio32.dll
2006-11-08 08:17 11,264 --a------ C:\WINDOWS\system32\hcwhook.dll
2006-11-08 08:17 106,559 --a------ C:\WINDOWS\system32\Hcwtvdlg.dll
2006-11-08 08:17 <DIR> d-------- C:\MyVideos
2006-11-07 16:27 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-11-07 16:25 <DIR> d-------- C:\Programme\NFSC
2006-11-07 15:48 <DIR> d-------- C:\Programme\ChouProd
2006-11-06 19:53 53,248 --a------ C:\WINDOWS\system32\AUDIO_PREVIEW.DLL
2006-11-06 19:53 40,960 --a------ C:\WINDOWS\system32\MMVM2D.DLL
2006-11-06 19:53 40,960 --a------ C:\WINDOWS\system32\MMACVT.DLL
2006-11-06 19:53 4,184,960 --a------ C:\WINDOWS\system32\LIBAVCODEC.DLL
2006-11-06 19:53 143,360 --a------ C:\WINDOWS\system32\MPEG2VIDEODMO.DLL
2006-11-06 19:53 139,264 --a------ C:\WINDOWS\system32\MPEG2MUXFILTER.DLL
2006-11-06 19:53 114,688 -r------- C:\WINDOWS\system32\JAPI.DLL
2006-11-06 19:53 <DIR> d-------- C:\Programme\Meta Media Inc
2006-11-06 17:59 393,216 --a------ C:\WINDOWS\system32\hcwsnbd9.dll
2006-11-06 17:59 213,050 --a------ C:\WINDOWS\system32\Hcwchan.dll
2006-11-06 17:59 <DIR> d-------- C:\Programme\WinTV
2006-11-06 17:47 9,739 --a------ C:\WINDOWS\system32\emUSD.dll
2006-11-06 17:47 5,245 --a------ C:\WINDOWS\system32\drivers\emFilter.sys
2006-11-06 17:47 45,056 --a------ C:\WINDOWS\system32\emVFW.dll
2006-11-06 17:47 4,493 --a------ C:\WINDOWS\system32\drivers\emScan.sys
2006-11-06 17:47 24,269 --a------ C:\WINDOWS\system32\drivers\emStream.sys
2006-11-06 17:47 20,736 --a------ C:\WINDOWS\system32\drivers\emAudio.sys
2006-11-06 17:47 17,808 --a------ C:\WINDOWS\system32\emYUV.dll
2006-11-06 17:47 104,189 --a------ C:\WINDOWS\system32\drivers\emDevice.sys
2006-11-06 17:30 15,360 --a------ C:\WINDOWS\system32\drivers\MPE.sys
2006-11-06 17:29 363,520 --a------ C:\WINDOWS\system32\PsisDecd.dll
2006-11-06 17:29 11,776 --a------ C:\WINDOWS\system32\drivers\BdaSup.sys
2006-11-05 17:42 2,829 --a------ C:\WINDOWS\War3Unin.pif
2006-11-05 17:42 139,264 --a------ C:\WINDOWS\War3Unin.exe
2006-11-05 17:36 <DIR> d-------- C:\Programme\Warcraft III
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-03 13:33 -------- d-------- C:\Programme\Mozilla Firefox
2006-12-03 13:33 -------- d-------- C:\Dokumente und Einstellungen\Mark\Anwendungsdaten\Skype
2006-12-03 13:32 -------- d-------- C:\Programme\Steam
2006-12-03 13:04 -------- d-------- C:\Programme\AVPersonal
2006-12-02 20:30 -------- d-------- C:\Programme\BearShare
2006-12-02 18:25 -------- d-------- C:\Dokumente und Einstellungen\Mark\Anwendungsdaten\teamspeak2
2006-11-30 12:01 -------- d-------- C:\Programme\Zango
2006-11-30 10:29 -------- d-------- C:\Programme\ICQLite
2006-11-18 12:03 -------- d-------- C:\Programme\Internet Explorer
2006-11-15 17:32 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-11-09 13:14 -------- d-------- C:\Programme\Gemeinsame Dateien\snpstd2
2006-11-07 18:30 -------- d-------- C:\Dokumente und Einstellungen\Mark\Anwendungsdaten\Apple Computer
2006-11-07 13:59 -------- d-------- C:\Programme\Gemeinsame Dateien\System
2006-11-07 13:33 -------- d-------- C:\Programme\Windows Media Player
2006-11-07 13:27 -------- d-------- C:\Programme\Outlook Express
2006-10-29 14:02 -------- d-------- C:\Programme\GUILD WARS
2006-10-24 12:22 -------- d-------- C:\Programme\Gemeinsame Dateien\Stardock
2006-10-24 12:21 -------- d-------- C:\Programme\Stardock
2006-10-24 12:20 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-10-21 18:21 -------- d-------- C:\Programme\CamAlert
2006-10-19 15:19 -------- d---s---- C:\Dokumente und Einstellungen\Mark\Anwendungsdaten\Microsoft
2006-10-15 16:46 -------- d-------- C:\Programme\TuneUp Utilities 2006
2006-10-13 13:35 146432 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-11 16:55 -------- d-------- C:\Programme\EphPod
2006-10-11 16:54 -------- d-------- C:\Programme\Gemeinsame Dateien\Adobe
2006-10-11 14:50 -------- dr------- C:\Programme\Downloads
2006-10-11 14:48 -------- d-------- C:\Programme\DAEMON Tools
2006-10-11 14:37 611064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-10-11 13:27 -------- d-------- C:\Programme\Microsoft Games
2006-10-11 13:08 -------- d-------- C:\Programme\MSXML 4.0
2006-10-09 19:30 -------- d-------- C:\Dokumente und Einstellungen\Mark\Anwendungsdaten\Ahead
2006-10-09 19:28 -------- d-------- C:\Programme\MediaFACE II
2006-10-09 18:56 -------- d-------- C:\Programme\Ahead
2006-10-09 18:55 -------- d-------- C:\Programme\Gemeinsame Dateien\Ahead
2006-10-09 18:54 -------- d-------- C:\Programme\CyberLink DVD Solution
2006-10-09 18:53 -------- d-------- C:\Programme\CyberLink
2006-10-04 17:05 -------- d-------- C:\Programme\go1984
2006-10-04 14:49 -------- d-------- C:\Dokumente und Einstellungen\Mark\Anwendungsdaten\Adobe
2006-10-04 07:34 -------- d-------- C:\Programme\Adobe
2006-10-03 21:29 82380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2006-10-03 21:29 -------- d-------- C:\Programme\Hewlett-Packard
2006-10-03 21:26 -------- d-------- C:\Dokumente und Einstellungen\Mark\Anwendungsdaten\Hewlett-Packard
2006-10-03 21:23 -------- d-------- C:\Programme\Gemeinsame Dateien\Hewlett-Packard
2006-09-13 06:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-10 14:39 1292092 --a------ C:\astra32setup141.exe
2006-09-05 14:47 24072 --a------ C:\WINDOWS\system32\uxtuneup.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"Steam"="\"c:\\programme\\steam\\steam.exe\" -silent"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"SNPSTD2"="C:\\WINDOWS\\vsnpstd2.exe"
"ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{588599f4-de26-4c28-ba14-f4eb17e33481}"="emptins"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamonitor.exe"="C:\\Programme\\Video ActiveX Object\\isamonitor.exe"
"pmsngr.exe"="C:\\Programme\\Video ActiveX Object\\pmsngr.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
"emptins"="{588599f4-de26-4c28-ba14-f4eb17e33481}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^hp psc 1000 series.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\hp psc 1000 series.lnk"
"backup"="C:\\WINDOWS\\pss\\hp psc 1000 series.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\DIGITA~1\\bin\\hpohmr08.exe "
"item"="hp psc 1000 series"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^hpoddt01.exe.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\hpoddt01.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\hpoddt01.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\DIGITA~1\\bin\\hpotdd01.exe "
"item"="hpoddt01.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Mark^Startmenü^Programme^Autostart^Stardock ObjectDock.lnk]
"path"="C:\\Dokumente und Einstellungen\\Mark\\Startmenü\\Programme\\Autostart\\Stardock ObjectDock.lnk"
"backup"="C:\\WINDOWS\\pss\\Stardock ObjectDock.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Stardock\\OBJECT~1\\OBJECT~1.EXE "
"item"="Stardock ObjectDock"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cli"
"hkey"="HKLM"
"command"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emMON]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="emMON"
"hkey"="HKLM"
"command"="emMON.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="C:\\Programme\\Ahead\\InCD\\InCD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NBJ"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Ahead\\Nero BackItUp\\NBJ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Programme\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zango"
"hkey"="HKLM"
"command"="\"c:\\programme\\zango\\zango.exe\""
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1159907355.job
C:\WINDOWS\tasks\WebReg 20061015003228.job

Completion time: 06-12-03 13:34:59.10
C:\ComboFix.txt ... 06-12-03 13:34


Viele Grüße Markazeh

#6 Markazeh

arbeite das avengerscript + den smitfraudfix ab und berichte
http://virus-protect.org/artikel/spyware/videoactivexobject.html
__________
MfG Sabina

rund um die PC-Sicherheit

#7 Entschuldige dass ich jetzt frage aber soll ich jetzt berichten einen LOG oder dass es funktioniert hat?? Naja es hat funktioniert die meldung ist jetzt weg und falls du noch einen LOG brauchst schreib es. Und:
DANKE DANKE DANKE DANKE DANKE DANKE DANKE DANKE DANKE DANKE DANKE DANKE

Und woher weißt du das eigentlich alles?