logfile und co. |
||
|---|---|---|
| #0
| ||
|
21.11.2006, 19:17
...neu hier
Beiträge: 1 |
||
 
|
|
|
|
22.11.2006, 01:39
Ehrenmitglied
 Beiträge: 29434 |
#2
Avenger
http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat Registry values to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten »» loesche das Backup vom Avenger unter F:\Avenger\backup.zip + leere den Papierkorb «« scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen) http://virus-protect.org/artikel/tools/smitfrautfix.html «« öffne das HijackThis -- Button "scan" -- vor diese Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankPC neustarten ** scanne, stelle dann alles auf remove (so wird alles geloescht) http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
symptome sind das übliche, browser spielt verrückt und komische fake virus meldungen
hier nun die logs: schon mal vielen dank im voraus!
Logfile of HijackThis v1.99.1
Scan saved at 19:06:14, on 21.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\LEXBCES.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\wscntfy.exe
F:\Programme\iVideoCodec\isamonitor.exe
F:\Programme\iVideoCodec\pmsngr.exe
F:\Programme2\Elaborate Bytes\CloneCD\CloneCDTray.exe
F:\WINDOWS\Mixer.exe
F:\WINDOWS\system32\RunDll32.exe
F:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
F:\Programme\Lexmark X5100 Series\lxbabmgr.exe
F:\Programme\Browser MOUSE\mouse32a.exe
F:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
F:\Programme\iVideoCodec\pmmon.exe
F:\Programme\Lexmark X5100 Series\lxbabmon.exe
F:\Programme\iTunes\iTunesHelper.exe
F:\Programme\QuickTime\qttask.exe
F:\Programme\FreePDF_XP\fpassist.exe
F:\Programme\iVideoCodec\isamini.exe
F:\Programme\Muiltmedia keyboard utility\1.3\KbdAp32A.exe
F:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
F:\Programme\iPod\bin\iPodService.exe
F:\WINDOWS\system32\lexpps.exe
F:\Programme\Save\Save.exe
F:\Programme\ICQLite\ICQLite.exe
F:\PROGRA~1\MOZILL~1\FIREFOX.EXE
F:\Dokumente und Einstellungen\Oliver\Desktop\jack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - F:\PROGRA~1\PERFEC~1\BHO\PERFEC~2.DLL
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - F:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - F:\PROGRA~1\PERFEC~1\BHO\PERFEC~2.DLL
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - F:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - F:\Programme\iVideoCodec\isaddon.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - F:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - F:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - F:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - F:\Programme\iVideoCodec\iesplugin.dll
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "F:\Programme2\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "F:\Programme2\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "F:\Programme\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [FLMK08KB] F:\Programme\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] F:\Programme\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [WLAN Quick-Starter] "F:\Programme\WLAN Quick-Starter\WLAN Quick-Starter.exe" -update
O4 - HKLM\..\Run: [TkBellExe] "F:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ICQ Lite] "F:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [iTunesHelper] "F:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FreePDF Assistant] F:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "F:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [System Files Updater] F:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKCU\..\Run: [MsnMsgr] "F:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WhenUSave] "F:\Programme\Save\Save.exe"
O4 - HKCU\..\Run: [AIM] F:\Programme\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Skype] "F:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] F:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://F:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Alles mit FlashGet laden - F:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://F:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Mit FlashGet laden - F:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\PROGRA~3\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~3\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Programme\AIM95\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - F:\Programme\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - F:\Programme\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programme\Messenger\msmsgs.exe
O16 - DPF: {11111111-1111-1111-1111-111111111111} - mhtml:file://C:NXSFT.MHT!http://66.117.38.54:80/iex/ofile.exe?url=http://66.117.38.54:80/dexDE627.exe
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/winfixer.com/www/pages/scanner_de/WinFixer2005ScannerInstallDE.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{30ACADAB-6475-485F-9E7C-F2218EE58EA0}: NameServer = 195.50.140.178 195.50.140.114
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABB6E029-55CC-45C6-8ADD-E720DA1C1198}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - F:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - F:\Programme\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - F:\WINDOWS\system32\LEXBCES.EXE
Oliver - 06-11-21 19:02:00,90 Service Pack 2
ComboFix 06.11.19 - Running from: "F:\PROGRA~1\MOZILL~1"
((((((((((((((((((((((((((((((( Files Created from 2006-10-21 to 2006-11-21 ))))))))))))))))))))))))))))))))))
2006-11-21 18:56 <DIR> d-------- F:\Programme\CleanUp!
2006-11-21 13:02 <DIR> d-------- F:\Programme\Virus-Bursters
2006-11-21 13:01 77,824 --a------ F:\WINDOWS\system32\dcvwaah.dll
2006-11-21 13:01 <DIR> d-------- F:\Programme\iVideoCodec
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-17 23:49 -------- d-------- F:\Programme\MSN Messenger
2006-10-17 23:31 -------- d-------- F:\Programme\Trillian
2006-10-08 16:57 253952 --------- F:\WINDOWS\Setup1.exe
2006-10-06 20:46 219648 --a------ F:\WINDOWS\system32\uxtheme.dll
2006-09-13 07:02 1084416 --a------ F:\WINDOWS\system32\msxml3.dll
2006-08-29 21:48 74752 --------- F:\WINDOWS\ST6UNST.EXE
2006-08-25 17:46 617472 --a------ F:\WINDOWS\system32\comctl32.dll
2006-08-21 14:26 16896 --a------ F:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ F:\WINDOWS\system32\fltmc.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"F:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"
"WhenUSave"="\"F:\\Programme\\Save\\Save.exe\""
"AIM"="F:\\Programme\\AIM95\\aim.exe -cnetwait.odl"
"Skype"="\"F:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="F:\\Programme\\ICQLite\\ICQLite.exe -trayboot"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CloneCDElbyCDFL"="\"F:\\Programme2\\Elaborate Bytes\\CloneCD\\ElbyCheck.exe\" /L ElbyCDFL"
"CloneCDTray"="\"F:\\Programme2\\Elaborate Bytes\\CloneCD\\CloneCDTray.exe\""
"C-Media Mixer"="Mixer.exe /startup"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"SunJavaUpdateSched"="F:\\Programme\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"Lexmark X5100 Series"="\"F:\\Programme\\Lexmark X5100 Series\\lxbabmgr.exe\""
"FLMK08KB"="F:\\Programme\\Muiltmedia keyboard utility\\1.3\\MMKEYBD.EXE"
"FLMOFFICE4DMOUSE"="F:\\Programme\\Browser MOUSE\\mouse32a.exe"
"WLAN Quick-Starter"="\"F:\\Programme\\WLAN Quick-Starter\\WLAN Quick-Starter.exe\" -update"
"TkBellExe"="\"F:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroFilterCheck"="F:\\WINDOWS\\system32\\NeroCheck.exe"
"ICQ Lite"="\"F:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"iTunesHelper"="\"F:\\Programme\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"F:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"FreePDF Assistant"="F:\\Programme\\FreePDF_XP\\fpassist.exe"
"Acrobat Assistant 7.0"="\"F:\\Programme\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"System Files Updater"="F:\\WINDOWS\\FlyakiteOSX\\Tools\\System Files Updater.exe /S"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="F:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="F:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamonitor.exe"="F:\\Programme\\iVideoCodec\\isamonitor.exe"
"pmsngr.exe"="F:\\Programme\\iVideoCodec\\pmsngr.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^Pinnacle Scheduler.lnk]
"path"="F:\\Dokumente und Einstellungen\\All Users.WINDOWS\\Startmenü\\Programme\\Autostart\\Pinnacle Scheduler.lnk"
"backup"="F:\\WINDOWS\\pss\\Pinnacle Scheduler.lnkCommon Startup"
"location"="Common Startup"
"command"="F:\\PROGRA~1\\Pinnacle\\SHARED~1\\Programs\\SCHEDU~1\\PCLESC~1.EXE "
"item"="Pinnacle Scheduler"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="F:\\Programme\\AIM95\\aim.exe -cnetwait.odl"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="points manager"
"hkey"="HKLM"
"command"="c:\\program files\\altnet\\points manager\\points manager.exe -s"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BearShare"
"hkey"="HKLM"
"command"="\"F:\\Programme\\BearShare\\BearShare.exe\" /pause"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="F:\\Programme\\ICQLite\\ICQLite.exe -minimize"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kazaa"
"hkey"="HKLM"
"command"="F:\\Programme2\\Kazaa\\kazaa.exe /SYSTRAY"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 06-11-21 19:02:35.56
F:\ComboFix.txt ... 06-11-21 19:02
Datentr„ger in Laufwerk F: ist IMAGES 2
Volumeseriennummer: D848-FF8C
Verzeichnis von F:\WINDOWS\system32
21.11.2006 13:01 77.824 dcvwaah.dll
20.11.2006 13:55 2.262 wpa.dbl
29.10.2006 11:28 199.344 FNTCACHE.DAT
06.10.2006 20:46 219.648 uxtheme.dll
04.10.2006 22:03 9.639.336 MRT.exe
13.09.2006 07:02 1.084.416 msxml3.dll
04.09.2006 08:12 1.494.016 shdocvw.dll
25.08.2006 17:46 617.472 comctl32.dll
21.08.2006 14:26 16.896 fltlib.dll
21.08.2006 11:14 23.040 fltmc.exe