Brauche mal unterstützung bei der auswertung meines HijackThis Logs

#0
11.12.2006, 20:31
...neu hier

Beiträge: 1
#1 Hi@all

Hab mir mal wieder was eingefangen hab meinen Pc mit Kapersky , SpyBot und
a-squared Free gescannt außerdem öffnen sich permanent massig seiten von dubiosen Antiviren bzw. Antispyware proggs


Das Log ist auch noch im Anhang und mit winrar gepackt

Logfile of HijackThis v1.99.1
Scan saved at 20:20:26, on 11.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\cFosSpeed\cFosSpeed.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\?racle\??anregw.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Programme\cFosSpeed\spd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\FlashGet\flashget.exe
C:\Programme\a-squared Free\a2free.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Programme\Opera\Opera.exe
C:\Dokumente und Einstellungen\SEEEEEEEEEEEEEEEEEED\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (file missing)
R3 - URLSearchHook: (no name) - {BECFF512-34D3-665C-D627-1A73634802C1} - C:\WINDOWS\system32\gzqwl.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\GEMEIN~1\{38B7D~1\Bar888.dll (file missing)
O4 - HKLM\..\Run: [cFosSpeed] C:\Programme\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [kis] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [DCPPaid] C:\WINDOWS\system32\DCPPaid.exe /P
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ehtt] "C:\WINDOWS\FNTS~1\dvdplay.exe" -vt yazb
O4 - HKCU\..\Run: [Qvqchgei] C:\WINDOWS\?racle\??anregw.exe

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [eMuleAutoStart] E:\emule.exe -AutoStart
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Programme\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: SecurStar DCPPv2 Service (DCPP2Svc) - Unknown owner - C:\Programme\DriveCrypt Plus Pack\DCPP2Svc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Programme\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe


SEEEEEEEEEEEEEEEEEED - 06-12-11 21:07:23,53 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Dokumente und Einstellungen\SEEEEEEEEEEEEEEEEEED\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Programme\Gemeinsame Dateien\{38B7D455-09E0-1031-0726-051028040031}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\WINDOWS\FNTS~1
C:\QooBox\Purity\WINDOWS\RACLE~1
C:\QooBox\Purity\WINDOWS\FNTS~1\F?nts
C:\QooBox\Purity\WINDOWS\RACLE~1\??anregw.exe


((((((((((((((((((((((((((((((( Files Created from 2006-11-11 to 2006-12-11 ))))))))))))))))))))))))))))))))))


2006-12-11 21:02 <DIR> d--hs---- C:\Config.Msi
2006-12-11 20:58 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-11 20:54 <DIR> d-------- C:\WINDOWS\LastGood
2006-12-11 20:54 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2006-12-11 20:27 598,349 ---hs---- C:\WINDOWS\system32\ybeeg.ini2
2006-12-11 17:19 <DIR> d-------- C:\Programme\Counter-Strike Source
2006-12-11 16:00 <DIR> d-------- C:\Programme\USDownloader
2006-12-11 15:07 <DIR> d-------- C:\Programme\USD
2006-12-11 15:05 <DIR> d-------- C:\Dokumente und Einstellungen\SEEEEEEEEEEEEEEEEEED\Anwendungsdaten\ABBYY
2006-12-11 15:04 <DIR> d-------- C:\temp
2006-12-11 15:04 <DIR> d-------- C:\Programme\ABBYY FineReader 8.0 Professional Edition
2006-12-11 14:39 <DIR> d-------- C:\Dokumente und Einstellungen\SEEEEEEEEEEEEEEEEEED\Anwendungsdaten\Sun
2006-12-11 14:03 <DIR> d-------- C:\Programme\a-squared Free
2006-12-11 13:46 <DIR> d-------- C:\Programme\Spybot - Search & Destroy
2006-12-11 13:46 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2006-12-10 21:28 <DIR> d-------- C:\Universal Share Downloader
2006-12-10 21:23 <DIR> d-------- C:\Dokumente und Einstellungen\SEEEEEEEEEEEEEEEEEED\Anwendungsdaten\Macromedia
2006-12-10 20:27 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-12-10 20:12 <DIR> d-------- C:\Programme\VSAdd-in
2006-12-10 20:11 594,678 ---hs---- C:\WINDOWS\system32\ybeeg.bak1
2006-12-10 20:11 276,532 ---hs---- C:\WINDOWS\system32\geeby.dll
2006-12-10 20:07 2 --a------ C:\WINDOWS\system32\wintsvtr.exe
2006-12-10 20:05 72,704 --a------ C:\WINDOWS\system32\drvkad.dll

2006-12-10 19:55 <DIR> d-------- C:\WINDOWS\pss
2006-12-10 19:52 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2006-12-10 19:09 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2006-12-10 19:08 <DIR> d-------- C:\Programme\Microsoft.NET
2006-12-10 19:08 <DIR> d-------- C:\Programme\Gemeinsame Dateien\DESIGNER
2006-12-10 19:07 <DIR> d-------- C:\WINDOWS\SHELLNEW
2006-12-10 19:07 <DIR> d-------- C:\Programme\Microsoft Office
2006-12-10 15:48 708,608 --a------ C:\WINDOWS\system32\DCPPaid.exe
2006-12-10 14:32 16,224 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2006-12-10 14:32 <DIR> d-------- C:\Programme\Hamachi
2006-12-10 12:31 356,864 --a------ C:\WINDOWS\TrueCrypt Setup.exe
2006-12-10 12:31 193,632 --a------ C:\WINDOWS\system32\drivers\truecrypt.sys
2006-12-10 12:31 <DIR> d-------- C:\Programme\TrueCrypt
2006-12-10 12:31 <DIR> d-------- C:\Dokumente und Einstellungen\SEEEEEEEEEEEEEEEEEED\Anwendungsdaten\TrueCrypt
2006-12-10 12:30 757,760 --a------ C:\WINDOWS\system32\drivers\dcpp2k.sys
2006-12-10 12:30 <DIR> d-------- C:\Programme\DriveCrypt Plus Pack
2006-12-09 23:15 <DIR> d-------- C:\Programme\Real
2006-12-09 23:15 <DIR> d-------- C:\Programme\Gemeinsame Dateien\xing shared
2006-12-09 23:15 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Real
2006-12-09 21:04 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage
2006-12-09 20:22 <DIR> d-------- C:\Programme\Mozilla Firefox
2006-12-09 20:22 <DIR> d-------- C:\Dokumente und Einstellungen\SEEEEEEEEEEEEEEEEEED\Anwendungsdaten\Mozilla
2006-12-09 20:17 <DIR> d-------- C:\Programme\Yahoo!
2006-12-09 20:03 <DIR> d-------- C:\Programme\XPcleanv5
2006-12-08 22:27 <DIR> d-------- C:\Programme\FlashGet
2006-12-08 21:40 <DIR> d-------- C:\Programme\PeerGuardian2
2006-12-08 21:35 <DIR> d-------- C:\Programme\Java
2006-12-08 21:35 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Java
2006-12-08 20:57 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2006-12-08 20:57 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared
2006-12-08 20:57 <DIR> d-------- C:\Programme\DAMN NFO Viewer
2006-12-08 20:57 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec
2006-12-08 15:06 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2006-12-08 15:04 633,344 -ra------ C:\WINDOWS\system32\drivers\cfosspeed.sys
2006-12-08 15:03 270,336 --a------ C:\WINDOWS\system32\cfosspeed.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Ehtt"="\"C:\\WINDOWS\\FNTS~1\\dvdplay.exe\" -vt yazb"
"Qvqchgei"="C:\\WINDOWS\\?racle\\??anregw.exe"
"SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"
"eMuleAutoStart"="E:\\emule.exe -AutoStart"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"cFosSpeed"="C:\\Programme\\cFosSpeed\\cFosSpeed.exe"
"DCPPaid"="C:\\WINDOWS\\system32\\DCPPaid.exe /P"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"avp6_post_uninstall"=""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^GetRight - Tray Icon.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\GetRight - Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\GetRight - Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\GetRight\\getright.exe "
"item"="GetRight - Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AnyDVD"
"hkey"="HKCU"
"command"="C:\\Programme\\SlySoft\\AnyDVD\\AnyDVD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CloneCDTray"
"hkey"="HKLM"
"command"="\"C:\\Programme\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DCPPaid]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DCPPaid"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\DCPPaid.exe /P"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="emule"
"hkey"="HKCU"
"command"="E:\\emule.exe -AutoStart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Language"
"hkey"="HKLM"
"command"="C:\\Programme\\CyberLink\\PowerDVD\\Language\\Language.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OverClk"
"hkey"="HKLM"
"command"="\"C:\\Programme\\ASUS\\AI Booster\\OverClk.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRTCLK]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NVRTClk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NVRTCLK\\NVRTClk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RouterControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ROUTERCONTROL"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\ROUTER~1\\ROUTERCONTROL.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VCDDaemon"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geeby
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjvd32


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-12-11 21:07:55.07
C:\ComboFix.txt ... 06-12-11 21:07

Dieser Beitrag wurde am 11.12.2006 um 21:08 Uhr von Emuler editiert.
Seitenanfang Seitenende
12.12.2006, 00:21
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Emuler

««
stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

««
Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: