Home » Spyware & Browser Hijacker Support Forum » Brauche mal unterstützung bei der auswertung meines HijackThis Logs » Themenansicht
Brauche mal unterstützung bei der auswertung meines HijackThis Logs |
||
|---|---|---|
| #0
| ||
|
11.12.2006, 20:31
...neu hier
Beiträge: 1 |
||
 
|
|
|
|
12.12.2006, 00:21
Ehrenmitglied
 Beiträge: 29434 |
#2
Emuler
«« stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html «« Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Hab mir mal wieder was eingefangen hab meinen Pc mit Kapersky , SpyBot und
a-squared Free gescannt außerdem öffnen sich permanent massig seiten von dubiosen Antiviren bzw. Antispyware proggs
Das Log ist auch noch im Anhang und mit winrar gepackt
Logfile of HijackThis v1.99.1
Scan saved at 20:20:26, on 11.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\cFosSpeed\cFosSpeed.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\?racle\??anregw.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programme\cFosSpeed\spd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\FlashGet\flashget.exe
C:\Programme\a-squared Free\a2free.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Programme\Opera\Opera.exe
C:\Dokumente und Einstellungen\SEEEEEEEEEEEEEEEEEED\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (file missing)
R3 - URLSearchHook: (no name) - {BECFF512-34D3-665C-D627-1A73634802C1} - C:\WINDOWS\system32\gzqwl.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\GEMEIN~1\{38B7D~1\Bar888.dll (file missing)
O4 - HKLM\..\Run: [cFosSpeed] C:\Programme\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [kis] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [DCPPaid] C:\WINDOWS\system32\DCPPaid.exe /P
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ehtt] "C:\WINDOWS\FNTS~1\dvdplay.exe" -vt yazb
O4 - HKCU\..\Run: [Qvqchgei] C:\WINDOWS\?racle\??anregw.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [eMuleAutoStart] E:\emule.exe -AutoStart
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Programme\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: SecurStar DCPPv2 Service (DCPP2Svc) - Unknown owner - C:\Programme\DriveCrypt Plus Pack\DCPP2Svc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Programme\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe
SEEEEEEEEEEEEEEEEEED - 06-12-11 21:07:23,53 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Dokumente und Einstellungen\SEEEEEEEEEEEEEEEEEED\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Programme\Gemeinsame Dateien\{38B7D455-09E0-1031-0726-051028040031}
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\WINDOWS\FNTS~1
C:\QooBox\Purity\WINDOWS\RACLE~1
C:\QooBox\Purity\WINDOWS\FNTS~1\F?nts
C:\QooBox\Purity\WINDOWS\RACLE~1\??anregw.exe
((((((((((((((((((((((((((((((( Files Created from 2006-11-11 to 2006-12-11 ))))))))))))))))))))))))))))))))))
2006-12-11 21:02 <DIR> d--hs---- C:\Config.Msi
2006-12-11 20:58 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-11 20:54 <DIR> d-------- C:\WINDOWS\LastGood
2006-12-11 20:54 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2006-12-11 20:27 598,349 ---hs---- C:\WINDOWS\system32\ybeeg.ini2
2006-12-11 17:19 <DIR> d-------- C:\Programme\Counter-Strike Source
2006-12-11 16:00 <DIR> d-------- C:\Programme\USDownloader
2006-12-11 15:07 <DIR> d-------- C:\Programme\USD
2006-12-11 15:05 <DIR> d-------- C:\Dokumente und Einstellungen\SEEEEEEEEEEEEEEEEEED\Anwendungsdaten\ABBYY
2006-12-11 15:04 <DIR> d-------- C:\temp
2006-12-11 15:04 <DIR> d-------- C:\Programme\ABBYY FineReader 8.0 Professional Edition
2006-12-11 14:39 <DIR> d-------- C:\Dokumente und Einstellungen\SEEEEEEEEEEEEEEEEEED\Anwendungsdaten\Sun
2006-12-11 14:03 <DIR> d-------- C:\Programme\a-squared Free
2006-12-11 13:46 <DIR> d-------- C:\Programme\Spybot - Search & Destroy
2006-12-11 13:46 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2006-12-10 21:28 <DIR> d-------- C:\Universal Share Downloader
2006-12-10 21:23 <DIR> d-------- C:\Dokumente und Einstellungen\SEEEEEEEEEEEEEEEEEED\Anwendungsdaten\Macromedia
2006-12-10 20:27 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-12-10 20:12 <DIR> d-------- C:\Programme\VSAdd-in
2006-12-10 20:11 594,678 ---hs---- C:\WINDOWS\system32\ybeeg.bak1
2006-12-10 20:11 276,532 ---hs---- C:\WINDOWS\system32\geeby.dll
2006-12-10 20:07 2 --a------ C:\WINDOWS\system32\wintsvtr.exe
2006-12-10 20:05 72,704 --a------ C:\WINDOWS\system32\drvkad.dll
2006-12-10 19:55 <DIR> d-------- C:\WINDOWS\pss
2006-12-10 19:52 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2006-12-10 19:09 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2006-12-10 19:08 <DIR> d-------- C:\Programme\Microsoft.NET
2006-12-10 19:08 <DIR> d-------- C:\Programme\Gemeinsame Dateien\DESIGNER
2006-12-10 19:07 <DIR> d-------- C:\WINDOWS\SHELLNEW
2006-12-10 19:07 <DIR> d-------- C:\Programme\Microsoft Office
2006-12-10 15:48 708,608 --a------ C:\WINDOWS\system32\DCPPaid.exe
2006-12-10 14:32 16,224 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2006-12-10 14:32 <DIR> d-------- C:\Programme\Hamachi
2006-12-10 12:31 356,864 --a------ C:\WINDOWS\TrueCrypt Setup.exe
2006-12-10 12:31 193,632 --a------ C:\WINDOWS\system32\drivers\truecrypt.sys
2006-12-10 12:31 <DIR> d-------- C:\Programme\TrueCrypt
2006-12-10 12:31 <DIR> d-------- C:\Dokumente und Einstellungen\SEEEEEEEEEEEEEEEEEED\Anwendungsdaten\TrueCrypt
2006-12-10 12:30 757,760 --a------ C:\WINDOWS\system32\drivers\dcpp2k.sys
2006-12-10 12:30 <DIR> d-------- C:\Programme\DriveCrypt Plus Pack
2006-12-09 23:15 <DIR> d-------- C:\Programme\Real
2006-12-09 23:15 <DIR> d-------- C:\Programme\Gemeinsame Dateien\xing shared
2006-12-09 23:15 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Real
2006-12-09 21:04 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage
2006-12-09 20:22 <DIR> d-------- C:\Programme\Mozilla Firefox
2006-12-09 20:22 <DIR> d-------- C:\Dokumente und Einstellungen\SEEEEEEEEEEEEEEEEEED\Anwendungsdaten\Mozilla
2006-12-09 20:17 <DIR> d-------- C:\Programme\Yahoo!
2006-12-09 20:03 <DIR> d-------- C:\Programme\XPcleanv5
2006-12-08 22:27 <DIR> d-------- C:\Programme\FlashGet
2006-12-08 21:40 <DIR> d-------- C:\Programme\PeerGuardian2
2006-12-08 21:35 <DIR> d-------- C:\Programme\Java
2006-12-08 21:35 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Java
2006-12-08 20:57 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2006-12-08 20:57 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared
2006-12-08 20:57 <DIR> d-------- C:\Programme\DAMN NFO Viewer
2006-12-08 20:57 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec
2006-12-08 15:06 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2006-12-08 15:04 633,344 -ra------ C:\WINDOWS\system32\drivers\cfosspeed.sys
2006-12-08 15:03 270,336 --a------ C:\WINDOWS\system32\cfosspeed.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Ehtt"="\"C:\\WINDOWS\\FNTS~1\\dvdplay.exe\" -vt yazb"
"Qvqchgei"="C:\\WINDOWS\\?racle\\??anregw.exe"
"SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"
"eMuleAutoStart"="E:\\emule.exe -AutoStart"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"cFosSpeed"="C:\\Programme\\cFosSpeed\\cFosSpeed.exe"
"DCPPaid"="C:\\WINDOWS\\system32\\DCPPaid.exe /P"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"avp6_post_uninstall"=""
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^GetRight - Tray Icon.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\GetRight - Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\GetRight - Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\GetRight\\getright.exe "
"item"="GetRight - Tray Icon"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AnyDVD"
"hkey"="HKCU"
"command"="C:\\Programme\\SlySoft\\AnyDVD\\AnyDVD.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CloneCDTray"
"hkey"="HKLM"
"command"="\"C:\\Programme\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DCPPaid]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DCPPaid"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\DCPPaid.exe /P"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="emule"
"hkey"="HKCU"
"command"="E:\\emule.exe -AutoStart"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Language"
"hkey"="HKLM"
"command"="C:\\Programme\\CyberLink\\PowerDVD\\Language\\Language.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OverClk"
"hkey"="HKLM"
"command"="\"C:\\Programme\\ASUS\\AI Booster\\OverClk.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRTCLK]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NVRTClk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NVRTCLK\\NVRTClk.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RouterControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ROUTERCONTROL"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\ROUTER~1\\ROUTERCONTROL.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VCDDaemon"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s"
"inimapping"="0"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geeby
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjvd32
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 06-12-11 21:07:55.07
C:\ComboFix.txt ... 06-12-11 21:07