antivermins / system alertThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
19.12.2006, 13:23
...neu hier
Beiträge: 2 |
||
|
||
19.12.2006, 16:42
Ehrenmitglied
Beiträge: 29434 |
#2
schidl
Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat Registry values to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten smitfraud.fix abarbeiten (Option 1 und 2 - lasse auch die Registry mitreinigen) http://virus-protect.org/artikel/tools/smitfrautfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
19.12.2006, 17:30
...neu hier
Themenstarter Beiträge: 2 |
||
|
Ich poste mal die einzelnen Sachen:
Logfile of HijackThis v1.99.1
Scan saved at 12:48:25, on 19.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\DOKUME~1\Michael\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis[1].zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de/content/index.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - K:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SkypeIEHelper - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - K:\PROGRA~1\Skype\toolbars\SKYPEF~1\SKYPE_~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - K:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Skype Toolbar for Internet Explorer - {B13721C7-F507-4982-B2E5-502A71474FED} - K:\Programme\Skype\toolbars\Skype for Internet Explorer\skype_toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - K:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [EM_EXEC] K:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "K:\Programme\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TerraTec Remote Control] "C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTVRC.exe"
O4 - HKLM\..\Run: [TerraTec Scheduler] "C:\Programme\Gemeinsame Dateien\TerraTec\Scheduler\TTTimer.exe"
O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\SlimU2\HotKey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1151445197\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Automatisch EPSON Stylus Photo R220 Series auf DUBEL2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P53 "Automatisch EPSON Stylus Photo R220 Series auf DUBEL2" /O17 "\\DUBEL2\Drucker3" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [SpyHunter] C:\Programme\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [THGuard] "C:\Programme\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = K:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = K:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Skype Toolbar for Internet Explorer - {77BF5300-1474-4EC7-9980-D32B190E9B07} - K:\PROGRA~1\Skype\toolbars\SKYPEF~1\SKYPE_~1.DLL
O9 - Extra 'Tools' menuitem: Skype Toolbar for Internet Explorer - {77BF5300-1474-4EC7-9980-D32B190E9B07} - K:\PROGRA~1\Skype\toolbars\SKYPEF~1\SKYPE_~1.DLL
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155160471875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157900645125
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - K:\Programme\Skype\toolbars\Shared\Skype4ComAPI.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Programme\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programme\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Programme\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
------
Michael - 06-12-19 13:04:47,71 Service Pack 2
ComboFix 06.11.27 - Running from: "K:\"
((((((((((((((((((((((((((((((( Files Created from 2006-11-19 to 2006-12-19 ))))))))))))))))))))))))))))))))))
2006-12-19 12:49 <DIR> d-------- C:\Programme\CleanUp!
2006-12-19 12:17 <DIR> d-------- C:\Programme\a-squared Free
2006-12-19 11:49 <DIR> d--hs---- C:\WINDOWS\CSC
2006-12-17 23:29 <DIR> d-------- C:\Programme\Enigma Software Group
2006-12-17 23:28 <DIR> d-------- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\TrojanHunter
2006-12-17 23:25 <DIR> d-------- C:\Programme\TrojanHunter 4.6
2006-12-17 23:04 <DIR> d-------- C:\Programme\SUPERAntiSpyware
2006-12-17 23:04 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2006-12-17 23:04 <DIR> d-------- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\SUPERAntiSpyware.com
2006-12-17 20:53 <DIR> dr-h----- C:\Dokumente und Einstellungen\Michael\Recent
2006-12-17 19:54 20,992 --a------ C:\WINDOWS\system32\kuhmk.dll
2006-12-17 12:22 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Elaborate Bytes
2006-12-15 15:13 26,824 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2006-12-15 15:13 11,984 --a------ C:\WINDOWS\system32\drivers\RegKill.sys
2006-12-14 00:41 15,440 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2006-12-14 00:41 11,984 --a------ C:\WINDOWS\system32\drivers\ElbyDelay.sys
2006-12-13 21:24 89,296 --a------ C:\WINDOWS\system32\ElbyCDIO.dll
2006-12-13 15:39 <DIR> d-------- C:\Programme\Abacus
2006-12-12 19:50 299,520 --a------ C:\WINDOWS\uninst.exe
2006-12-12 19:46 304,128 --a------ C:\WINDOWS\unin0407.exe
2006-12-07 05:55 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2006-11-21 23:21 745,984 -ra------ C:\WINDOWS\ir50_32.dll
2006-11-21 23:21 458,752 -ra------ C:\WINDOWS\system32\GeoCodec.dll
2006-11-21 23:21 458,752 -ra------ C:\WINDOWS\GeoCodec.dll
2006-11-21 23:21 413,760 -ra------ C:\WINDOWS\mpg4c32.dll
2006-11-21 23:21 255,488 -ra------ C:\WINDOWS\m3jpeg32.dll
2006-11-21 23:20 <DIR> d-------- C:\WINDOWS\MyTempDll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-12-17 23:04 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-12-16 21:26 -------- d-------- C:\Programme\Gemeinsame Dateien\aol
2006-12-15 18:11 -------- d-------- C:\Programme\Norton SystemWorks
2006-12-14 12:11 -------- d-------- C:\Programme\Internet Explorer
2006-12-14 12:09 -------- d-------- C:\Programme\Outlook Express
2006-12-14 12:09 -------- d-------- C:\Programme\Gemeinsame Dateien\System
2006-12-07 10:27 -------- d-------- C:\Programme\Windows Media Player
2006-12-07 10:12 -------- d-------- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\DivX
2006-12-07 07:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-05 23:33 -------- d-------- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Skype
2006-12-05 18:57 -------- d-------- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Adobe
2006-11-17 12:05 103984 --a------ C:\WINDOWS\system32\AOLDial.dll
2006-11-16 17:44 33592 --a------ C:\WINDOWS\system32\drivers\atwpkt264.sys
2006-11-16 17:44 25136 --a------ C:\WINDOWS\system32\drivers\atwpkt2.sys
2006-11-08 06:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-02 13:46 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-10-30 16:40 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2006-10-30 16:40 339968 --------- C:\WINDOWS\Setup1.exe
2006-10-28 16:57 -------- d-------- C:\Programme\Google
2006-10-24 16:26 -------- d-------- C:\Programme\Gemeinsame Dateien\Adobe
2006-10-23 10:18 -------- d-------- C:\Programme\USB VCOMM
2006-10-22 15:03 -------- d---s---- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Microsoft
2006-10-22 15:00 -------- d-------- C:\Programme\Microsoft Office
2006-10-22 15:00 -------- d-------- C:\Programme\Debugging Tools for Windows
2006-10-22 12:12 -------- d-------- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\tunebite
2006-10-20 02:38 715776 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-13 13:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 13:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 13:35 146432 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-02 20:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 20:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 20:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 20:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
2006-10-02 15:28 312128 --------- C:\WINDOWS\system32\msdelta.dll
2006-09-28 20:13 95344 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-09-28 18:56 55808 --------- C:\WINDOWS\system32\WudfSvc.dll
2006-09-28 18:56 316416 --------- C:\WINDOWS\system32\WUDFx.dll
2006-09-28 18:56 165376 --------- C:\WINDOWS\system32\WudfPlatform.dll
2006-09-28 18:56 146432 --------- C:\WINDOWS\system32\WudfHost.exe
2006-09-25 17:58 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\""
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"SUPERAntiSpyware"="C:\\Programme\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
"LDM"="C:\\Programme\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"EPSON Stylus Photo R220 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAIE.EXE /P30 \"EPSON Stylus Photo R220 Series\" /O6 \"USB001\" /M \"Stylus Photo R220\""
"EM_EXEC"="K:\\PROGRA~1\\Logitech\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RemoteControl"="\"K:\\Programme\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"TerraTec Remote Control"="\"C:\\Programme\\Gemeinsame Dateien\\TerraTec\\Remote\\TTTVRC.exe\""
"TerraTec Scheduler"="\"C:\\Programme\\Gemeinsame Dateien\\TerraTec\\Scheduler\\TTTimer.exe\""
"HotKey"="C:\\WINDOWS\\Twain_32\\SlimU2\\HotKey.exe"
"ccApp"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\""
"AOLDialer"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe"
"HostManager"="C:\\Programme\\Gemeinsame Dateien\\AOL\\1151445197\\ee\\AOLSoftware.exe"
"ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"Automatisch EPSON Stylus Photo R220 Series auf DUBEL2"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAIE.EXE /P53 \"Automatisch EPSON Stylus Photo R220 Series auf DUBEL2\" /O17 \"\\\\DUBEL2\\Drucker3\" /M \"Stylus Photo R220\""
"SpyHunter"="C:\\Programme\\Enigma Software Group\\SpyHunter\\SpyHunter.exe"
"THGuard"="\"C:\\Programme\\TrojanHunter 4.6\\THGuard.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{4fbbdfd6-2ca9-4bba-93e4-aadf75321bca}"="discriminable"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Vollst„ndige Systemprfung ausfhren - Michael.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
Completion time: 06-12-19 13:05:23.37
C:\ComboFix.txt ... 06-12-19 13:05
--------
Datentr„ger in Laufwerk C: ist System
Volumeseriennummer: 24D2-9D8E
Verzeichnis von C:\WINDOWS\Downloaded Program Files
13.11.2006 19:48 946.296 asquared.ocx
22.06.2006 10:41 5.032 swflash.inf
17.06.2006 14:11 65 desktop.ini
15.06.2006 17:33 1.132.192 EPUWALcontrol.dll
23.05.2006 16:19 361 OGAControl.inf
03.05.2006 02:57 876 jinstall-1_5_0_07.inf
29.06.2005 16:17 227 opuc.inf
26.05.2005 03:19 293 muweb.inf
26.05.2005 03:19 291 wuweb.inf
25.07.2002 16:13 196.608 dwusplay.exe
10 Datei(en) 2.282.241 Bytes
0 Verzeichnis(se), 34.860.486.656 Bytes frei
-----
Datentr„ger in Laufwerk C: ist System
Volumeseriennummer: 24D2-9D8E
Datentr„ger in Laufwerk C: ist System
Volumeseriennummer: 24D2-9D8E
Verzeichnis von C:\WINDOWS\system32
19.12.2006 11:20 2.206 wpa.dbl
17.12.2006 23:25 59.392 streamhlp.dll
17.12.2006 19:54 20.992 kuhmk.dll
13.12.2006 21:24 89.296 ElbyCDIO.dll
07.12.2006 15:13 10.716.584 MRT.exe
07.12.2006 10:28 16.832 amcompat.tlb
07.12.2006 10:28 23.392 nscompat.tlb
«
EDIT