System Alert! Blinkendes Fragezeichen- Hilfe beim entfernen

Thema ist geschlossen!
Thema ist geschlossen!
#0
19.12.2006, 17:49
Member

Beiträge: 79
#1 Hjt:

Logfile of HijackThis v1.99.1
Scan saved at 17:40:23, on 19.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\WINDOWS\System32\svchost.exe
d:\NOD eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\Explorer.EXE
D:\oo CleverCache\ooccag.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
d:\Virtual CD v8\System\VC8SecS.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Programme\ASUS\Power4 Gear\BatteryLife.exe
C:\Programme\Wireless Console 2\wcourier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
D:\OFFICE~1\Office10\OUTLOOK.EXE
D:\Office XP\Office10\WINWORD.EXE
D:\ICQLite\ICQLite.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Dokumente und Einstellungen\duAffentier\Desktop\hijackthis\HjT1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://de.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Asus A6JM GEIIIIIL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Programme\Video ActiveX Object\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Programme\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Wireless Console 2] C:\Programme\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ccApp] "c:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\ICQLite\ICQLite.exe -trayboot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Clean Traces - d:\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\DAP\dapextie.htm
O8 - Extra context menu item: &NeoTrace It! - D:\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Download &all with DAP - D:\DAP\dapextie2.htm
O8 - Extra context menu item: Download with NetPumper - d:\NetPumper\AddUrl.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\OFFICE~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\AIM95\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - D:\NEOTRA~1\NTXtoolbar.htm (HKCU)
O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab50997.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153426503875
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab50997.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab50997.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: mljjkij - mljjkij.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - d:\NOD eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - D:\oo CleverCache\ooccag.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Virtual CD v8 Management Service (VC8SecS) - H+H Software GmbH - d:\Virtual CD v8\System\VC8SecS.exe



Combofix:

duAffentier - 06-12-19 17:46:23,28 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Dokumente und Einstellungen\duAffentier\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-11-19 to 2006-12-19 ))))))))))))))))))))))))))))))))))


2006-12-19 17:43 <DIR> d-------- C:\Programme\CleanUp!
2006-12-18 23:12 20,992 --a------ C:\WINDOWS\system32\kuhmk.dll
2006-12-18 23:12 <DIR> d-------- C:\Programme\AntiVermins
2006-12-16 16:11 <DIR> d-------- C:\Dokumente und Einstellungen\duAffentier\Anwendungsdaten\Corel
2006-12-16 16:08 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Corel
2006-12-05 23:49 <DIR> d-------- C:\Dokumente und Einstellungen\duAffentier\Anwendungsdaten\Vodafone Mobile Connect
2006-12-05 23:48 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys
2006-12-05 18:02 <DIR> d-------- C:\Dokumente und Einstellungen\duAffentier\Anwendungsdaten\Bytemobile
2006-12-05 18:01 99,968 --a------ C:\WINDOWS\system32\drivers\GTn50Irp.sys
2006-12-05 18:01 92,416 --a------ C:\WINDOWS\system32\drivers\cfvn4c51.sys
2006-12-05 18:01 9,600 --a------ C:\WINDOWS\system32\drivers\WCMLibXP.sys
2006-12-05 18:01 8,064 --a------ C:\WINDOWS\system32\drivers\gtptser.sys
2006-12-05 18:01 77,952 --a------ C:\WINDOWS\system32\drivers\nwusbmdm.sys
2006-12-05 18:01 77,952 --a------ C:\WINDOWS\system32\drivers\nwdelmdm.sys
2006-12-05 18:01 71,552 --a------ C:\WINDOWS\system32\drivers\WCMBusXP.sys
2006-12-05 18:01 65,152 --a------ C:\WINDOWS\system32\drivers\ewusbser.sys
2006-12-05 18:01 65,152 --a------ C:\WINDOWS\system32\drivers\ewusbmdm.sys
2006-12-05 18:01 65,152 --a------ C:\WINDOWS\system32\drivers\ewusbapp.sys
2006-12-05 18:01 55,808 --a------ C:\WINDOWS\system32\drivers\WCMVmdXP.sys
2006-12-05 18:01 53,248 --a------ C:\WINDOWS\system32\drivers\GCXXnet.sys
2006-12-05 18:01 52,864 --a------ C:\WINDOWS\system32\drivers\GTEDGNet.sys
2006-12-05 18:01 51,328 --a------ C:\WINDOWS\system32\drivers\uart0.sys
2006-12-05 18:01 4,480 --a------ C:\WINDOWS\system32\drivers\g3grpm.sys
2006-12-05 18:01 4,352 --a------ C:\WINDOWS\system32\drivers\g3gcpm.sys
2006-12-05 18:01 371,584 --a------ C:\WINDOWS\system32\drivers\SEMWL5.sys
2006-12-05 18:01 32,640 --a------ C:\WINDOWS\system32\drivers\gtf32bus.sys
2006-12-05 18:01 311,936 --a------ C:\WINDOWS\system32\drivers\mrv8k51.sys
2006-12-05 18:01 311,936 --a------ C:\WINDOWS\system32\drivers\mrv8k50.sys
2006-12-05 18:01 282,624 --a------ C:\WINDOWS\system32\drivers\Mrvw123.sys
2006-12-05 18:01 282,496 --a------ C:\WINDOWS\system32\drivers\Mrvw125.sys
2006-12-05 18:01 28,416 --a------ C:\WINDOWS\system32\drivers\g3grumdm.sys
2006-12-05 18:01 266,496 --a------ C:\WINDOWS\system32\drivers\gtwl5.sys
2006-12-05 18:01 25,856 --a------ C:\WINDOWS\system32\drivers\g3gcumdm.sys
2006-12-05 18:01 241,664 --a------ C:\WINDOWS\NwtGatewayDLL.dll
2006-12-05 18:01 24,576 --a------ C:\WINDOWS\system32\drivers\g3gruser.sys
2006-12-05 18:01 22,656 --a------ C:\WINDOWS\system32\drivers\g3gcuser.sys
2006-12-05 18:01 21,888 --a------ C:\WINDOWS\system32\drivers\GTEDGSC.sys
2006-12-05 18:01 21,888 --a------ C:\WINDOWS\system32\drivers\GCXXSC.sys
2006-12-05 18:01 21,120 --a------ C:\WINDOWS\system32\drivers\WCMscXP.sys
2006-12-05 18:01 200,704 --a------ C:\WINDOWS\loader.dll
2006-12-05 18:01 19,328 --a------ C:\WINDOWS\system32\drivers\gtscser.sys
2006-12-05 18:01 19,328 --a------ C:\WINDOWS\system32\drivers\g3grsc.sys
2006-12-05 18:01 16,000 --a------ C:\WINDOWS\system32\drivers\gtffbus.sys
2006-12-05 18:01 114,944 --a------ C:\WINDOWS\system32\drivers\GCXX.sys
2006-12-05 18:01 107,904 --a------ C:\WINDOWS\system32\drivers\GTEDG.sys
2006-12-05 18:01 100,992 --a------ C:\WINDOWS\system32\drivers\GTn51Irp.sys
2006-12-05 18:01 <DIR> d-------- C:\Dokumente und Einstellungen\duAffentier\Anwendungsdaten\ICS
2006-12-05 18:00 8,464 --a------ C:\WINDOWS\system32\SpOrder.dll
2006-12-05 18:00 <DIR> d-------- C:\Programme\Vodafone
2006-12-03 02:34 <DIR> d-------- C:\Dokumente und Einstellungen\duAffentier\G-Force
2006-12-03 02:31 <DIR> d-------- C:\Programme\SoundSpectrum
2006-12-02 19:30 561,152 --a------ C:\WINDOWS\system32\NETw3c32.dll
2006-12-02 19:30 21,419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2006-12-02 19:30 2,732,032 --a------ C:\WINDOWS\system32\NETw3r32.dll
2006-12-02 19:30 1,707,776 --a------ C:\WINDOWS\system32\drivers\NETw3x32.sys
2006-12-02 19:29 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Intel
2006-12-02 19:28 <DIR> d-------- C:\Dokumente und Einstellungen\duAffentier\Anwendungsdaten\Intel
2006-12-02 15:45 <DIR> d--h----- C:\Fake Program
2006-12-02 02:44 <DIR> d-------- C:\Programme\Fake Webcam
2006-12-02 02:22 1,645,320 --a------ C:\WINDOWS\system32\gdiplus.dll
2006-11-25 16:01 <DIR> d-------- C:\Tmp
2006-11-24 19:06 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2006-11-24 15:26 20,480 --a------ C:\WINDOWS\system32\wbload.dll
2006-11-24 15:23 163,456 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2006-11-24 15:22 45,056 --a------ C:\WINDOWS\system32\sstunst3.exe
2006-11-24 15:20 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll
2006-11-24 15:17 36,864 --------- C:\WINDOWS\system32\wbsys.dll
2006-11-24 15:17 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Stardock
2006-11-23 19:26 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2006-11-22 17:53 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2006-11-22 17:30 <DIR> d-------- C:\Programme\Electronic Arts
2006-11-22 16:11 <DIR> d-------- C:\Programme\BF2142 Utility
2006-11-22 13:57 <DIR> d-------- C:\Dokumente und Einstellungen\duAffentier\Anwendungsdaten\Zylom
2006-11-20 22:28 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
2006-11-20 22:28 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sandlot Games


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-19 17:24 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-12-19 17:10 -------- d-------- C:\Dokumente und Einstellungen\duAffentier\Anwendungsdaten\Azureus
2006-12-19 01:36 12288 --a------ C:\WINDOWS\system32\drivers\nhcDriver.sys
2006-12-16 19:37 -------- d-------- C:\Programme\Outlook Express
2006-12-16 19:37 -------- d-------- C:\Programme\Gemeinsame Dateien\System
2006-12-16 16:09 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-12-16 16:08 -------- d-------- C:\Programme\Gemeinsame Dateien\InstallShield
2006-12-16 16:08 -------- d-------- C:\Programme\Gemeinsame Dateien\Designer
2006-12-16 11:53 -------- d-------- C:\Programme\NetMeeting
2006-12-14 21:13 -------- d-------- C:\Programme\Yahoo!
2006-12-13 21:45 -------- d-------- C:\Programme\TVgenial
2006-12-06 05:18 24120 --a------ C:\Dokumente und Einstellungen\duAffentier\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2006-12-02 23:55 14848 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-12-02 21:32 -------- d-------- C:\Dokumente und Einstellungen\duAffentier\Anwendungsdaten\AdobeUM
2006-11-24 19:05 -------- d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2006-11-24 16:31 2278400 --a------ C:\WINDOWS\system32\TUKernel.exe
2006-11-24 15:21 1007616 --a------ C:\WINDOWS\system32\logonuiX.exe
2006-11-23 19:33 -------- d-------- C:\Programme\Windows Media Player
2006-11-23 19:28 -------- d-------- C:\Programme\Windows Media Connect 2
2006-11-22 18:57 -------- d-------- C:\Dokumente und Einstellungen\duAffentier\Anwendungsdaten\Xfire
2006-11-22 13:57 -------- d-------- C:\Dokumente und Einstellungen\duAffentier\Anwendungsdaten\Identities
2006-11-22 13:37 -------- d-------- C:\Dokumente und Einstellungen\duAffentier\Anwendungsdaten\RapidGet
2006-11-15 22:28 -------- d-------- C:\Programme\MSXML 4.0
2006-11-11 16:51 -------- dr-h----- C:\Dokumente und Einstellungen\duAffentier\Anwendungsdaten\SecuROM
2006-11-08 06:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 23:28 22784 --a------ C:\WINDOWS\system32\drivers\point32.sys
2006-11-05 14:44 -------- d-------- C:\Programme\Java
2006-11-04 20:25 1321744 --a------ C:\WINDOWS\system32\msxml6.dll
2006-11-04 14:53 -------- d-------- C:\Dokumente und Einstellungen\duAffentier\Anwendungsdaten\Adobe
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-03 13:16 -------- d-------- C:\Dokumente und Einstellungen\duAffentier\Anwendungsdaten\NASA
2006-11-03 10:02 8282112 --a------ C:\WINDOWS\system32\wmploc.dll
2006-11-03 09:56 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-11-03 09:55 275968 --a------ C:\WINDOWS\system32\wmerror.dll
2006-11-03 09:54 8192 --a------ C:\WINDOWS\system32\asferror.dll
2006-11-02 22:38 -------- d-------- C:\Programme\Internet Explorer
2006-11-02 11:51 43008 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-11-02 10:17 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2006-11-02 10:17 286720 --------- C:\WINDOWS\Setup1.exe
2006-10-29 14:41 -------- d-------- C:\Programme\Gemeinsame Dateien\Alice
2006-10-29 14:41 -------- d-------- C:\Programme\Alice
2006-10-27 15:09 6049280 --a------ C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50688 --a------ C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458752 --a------ C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 180736 --a------ C:\WINDOWS\system32\ieui.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-20 02:38 715776 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 20:41 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 13:35 146432 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-11 17:24 58880 --a------ C:\WINDOWS\system32\pnrpnsp.dll
2006-10-11 17:24 553984 --a------ C:\WINDOWS\system32\p2psvc.dll
2006-10-11 17:24 313344 --a------ C:\WINDOWS\system32\p2pgraph.dll
2006-10-11 17:24 153088 --a------ C:\WINDOWS\system32\p2p.dll
2006-10-11 17:24 116224 --a------ C:\WINDOWS\system32\p2pnetsh.dll
2006-10-11 17:24 104960 --a------ C:\WINDOWS\system32\p2pgasvc.dll
2006-10-02 15:28 312128 --------- C:\WINDOWS\system32\msdelta.dll
2006-09-28 20:13 95344 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-09-28 18:56 55808 --------- C:\WINDOWS\system32\WudfSvc.dll
2006-09-28 18:56 316416 --------- C:\WINDOWS\system32\WUDFx.dll
2006-09-28 18:56 165376 --------- C:\WINDOWS\system32\WudfPlatform.dll
2006-09-28 18:56 146432 --------- C:\WINDOWS\system32\WudfHost.exe
2006-09-25 17:58 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-21 19:07 18944 --a------ C:\WINDOWS\system32\cool.exe
2006-09-21 16:49 274432 --a------ C:\WINDOWS\system32\imon.dll
2006-09-21 15:48 94208 --a------ C:\WINDOWS\system32\uhvjsul.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager"="\"C:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="D:\\ICQLite\\ICQLite.exe -trayboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"HControl"="C:\\WINDOWS\\ATK0100\\HControl.exe"
"nwiz"="nwiz.exe /install"
"Alcmtr"="ALCMTR.EXE"
"Power_Gear"="C:\\Programme\\ASUS\\Power4 Gear\\BatteryLife.exe 1"
"Wireless Console 2"="C:\\Programme\\Wireless Console 2\\wcourier.exe"
"ccApp"="\"c:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,eb,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{4fbbdfd6-2ca9-4bba-93e4-aadf75321bca}"="discriminable"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{D3B3C51E-8D11-4667-85B9-0930F519BED7}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"MaxRecentDocs"=dword:00000015
"GreyMSIAds"=dword:00000001
"NoDrives"=hex:00,00,00,00
"NoSharedDocuments"=hex:00,00,00,00
"NoLowDiskSpaceChecks"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamonitor.exe"="C:\\Programme\\Video ActiveX Object\\isamonitor.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Alcmtr"="ALCMTR.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Speed Launch.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^ASUS ChkMail.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\ASUS ChkMail.lnk"
"backup"="C:\\WINDOWS\\pss\\ASUS ChkMail.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Asus\\ASUSCH~1\\ChkMail.exe "
"item"="ASUS ChkMail"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Bluetooth Manager.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Bluetooth Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\Bluetooth Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Toshiba\\BLUETO~1\\TOSBTM~1.EXE "
"item"="Bluetooth Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Lycos WLAN Sniffer.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Lycos WLAN Sniffer.lnk"
"backup"="C:\\WINDOWS\\pss\\Lycos WLAN Sniffer.lnkCommon Startup"
"location"="Common Startup"
"command"="D:\\LycosWLANSniffer\\WLANSniffer.exe HIDE"
"item"="Lycos WLAN Sniffer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="D:\\OFFICE~1\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^nvtemplogger.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\nvtemplogger.lnk"
"backup"="C:\\WINDOWS\\pss\\nvtemplogger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\DOKUME~1\\DUAFFE~1\\LOKALE~1\\Temp\\Rar$EX01.860\\NvTempLogger 3.35\\setup\\NvTempLogger.exe "
"item"="nvtemplogger"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WinZip Quick Pick.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\WinZip Quick Pick.lnk"
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="D:\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^duAffentier^Startmenü^Programme^Autostart^Adobe Gamma.lnk]
"path"="C:\\Dokumente und Einstellungen\\duAffentier\\Startmenü\\Programme\\Autostart\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\GEMEIN~1\\Adobe\\Calibration\\Adobe Gamma Loader.exe "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^duAffentier^Startmenü^Programme^Autostart^Registration .LNK]
"path"="C:\\Dokumente und Einstellungen\\duAffentier\\Startmenü\\Programme\\Autostart\\Registration .LNK"
"backup"="C:\\WINDOWS\\pss\\Registration .LNKStartup"
"location"="Startup"
"command"="C:\\Tom Clancy's Splinter Cell Double Agent\\support\\Register\\Reg.exe -d 802858 -l german -r 7 -g -c us -i "
"item"="Registration "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^duAffentier^Startmenü^Programme^Autostart^Verknüpfung mit cpuz.lnk]
"path"="C:\\Dokumente und Einstellungen\\duAffentier\\Startmenü\\Programme\\Autostart\\Verknüpfung mit cpuz.lnk"
"backup"="C:\\WINDOWS\\pss\\Verknüpfung mit cpuz.lnkStartup"
"location"="Startup"
"command"="D:\\CPUz\\cpuz.exe "
"item"="Verknüpfung mit cpuz"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^duAffentier^Startmenü^Programme^Autostart^Xfire.lnk]
"path"="C:\\Dokumente und Einstellungen\\duAffentier\\Startmenü\\Programme\\Autostart\\Xfire.lnk"
"backup"="C:\\WINDOWS\\pss\\Xfire.lnkStartup"
"location"="Startup"
"command"="D:\\Xfire\\Xfire.exe "
"item"="Xfire"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABLKSR]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ABLKSR"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ABLKSR\\ABLKSR.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="D:\\AIM95\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCMTR"
"hkey"="HKLM"
"command"="ALCMTR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Anti-Blaxx"
"hkey"="HKLM"
"command"="d:\\Anti-Blaxx\\Anti-Blaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALU"
"hkey"="HKLM"
"command"="C:\\Programme\\ASUS\\ASUS Live Update\\ALU.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"c:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"d:\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Core"
"hkey"="HKCU"
"command"="C:\\Programme\\Electronic Arts\\EA Link\\Core.exe -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EOUApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EOUWiz"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Intel\\Wireless\\Bin\\EOUWiz.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HControl"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ATK0100\\HControl.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="\"d:\\ICQLite\\ICQLite.exe\" -minimize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ifrmewrk"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ZCfgSvc"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Programme\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NB Probe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooccctrl.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ooccctrl"
"hkey"="HKLM"
"command"="D:\\oo CleverCache\\ooccctrl.exe /tasktray"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power_Gear]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BatteryLife"
"hkey"="HKLM"
"command"="C:\\Programme\\ASUS\\Power4 Gear\\BatteryLife.exe 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"D:\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="C:\\Programme\\ASUSTeK\\ASUSDVD\\PDVDServ.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RTHDCPL"
"hkey"="HKLM"
"command"="RTHDCPL.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sm56hlpr"
"hkey"="HKLM"
"command"="sm56hlpr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Application Launcher"
"hkey"="HKLM"
"command"="\"D:\\Sony Handy\\Application Launcher\\Application Launcher.exe\" /startoptions"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"command"="c:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="D:\\Steam\\\\Steam.exe -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Programme\\Java\\j2re1.4.2_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPEnh"
"hkey"="HKLM"
"command"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UrlLstCk"
"hkey"="HKLM"
"command"="c:\\Programme\\Norton Internet Security\\UrlLstCk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VVSN"
"hkey"="HKLM"
"command"="C:\\Programme\\VVSN\\VVSN.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wcourier"
"hkey"="HKLM"
"command"="C:\\Programme\\Wireless Console 2\\wcourier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WMPNSCFG"
"hkey"="HKCU"
"command"="C:\\Programme\\Windows Media Player\\WMPNSCFG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YahooMessenger.exe\" -quiet"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjkij
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winubg32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job

Completion time: 06-12-19 17:46:51.35
C:\ComboFix.txt ... 06-12-19 17:46
C:\ComboFix2.txt ... 06-12-19 17:29
C:\ComboFix3.txt ... 06-12-19 17:26
Dieser Beitrag wurde am 19.12.2006 um 21:46 Uhr von duAffentier editiert.
Seitenanfang Seitenende
20.12.2006, 03:36
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:

Zitat

Registry values to delete:
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run|isamonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|AntiVermins
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|discriminable
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{4fbbdfd6-2ca9-4bba-93e4-aadf75321bca}

registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjkij
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winubg32
HKLM\SOFTWARE\Classes\CLSID\{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2}
HKLM\SOFTWARE\Classes\CLSID\{4fbbdfd6-2ca9-4bba-93e4-aadf75321bca}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6B112EBD-0C90-4AC4-A969-F36797F00006}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D45FFA6D-FA2F-4C0F-A291-7B9DB5786D48}
HKLM\SOFTWARE\AntiVermins
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video ActiveX Object
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03

Files to delete:
C:\WINDOWS\system32\kuhmk.dll

Folders to delete:
C:\Programme\Video ActiveX Object
C:\Programme\AntiVermins
Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

««
smitfraud.fix abarbeiten (Option 1 und 2 - lasse auch die Registry mitreinigen)
http://virus-protect.org/artikel/tools/smitfrautfix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
20.12.2006, 21:02
Member

Themenstarter

Beiträge: 79
#3 das blinken ist weg...

mus ich nun noch das smitfrau.fix machen?!?!lg

Reprot:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\olysocru

*******************

Script file located at: \??\C:\upukovcu.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\kuhmk.dll deleted successfully.


Folder C:\Programme\Video ActiveX Object not found!
Deletion of folder C:\Programme\Video ActiveX Object failed!

Could not process line:
C:\Programme\Video ActiveX Object
Status: 0xc0000034

Folder C:\Programme\AntiVermins deleted successfully.
Registry value HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run|isamonitor.exe deleted successfully.


Could not delete registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|AntiVermins
Deletion of registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|AntiVermins failed!
Status: 0xc0000034



Could not delete registry value HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|discriminable
Deletion of registry value HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|discriminable failed!
Status: 0xc0000034

Registry value HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{4fbbdfd6-2ca9-4bba-93e4-aadf75321bca} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjkij deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winubg32 deleted successfully.
Registry key HKLM\SOFTWARE\Classes\CLSID\{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} deleted successfully.
Registry key HKLM\SOFTWARE\Classes\CLSID\{4fbbdfd6-2ca9-4bba-93e4-aadf75321bca} deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6B112EBD-0C90-4AC4-A969-F36797F00006} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6B112EBD-0C90-4AC4-A969-F36797F00006} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D45FFA6D-FA2F-4C0F-A291-7B9DB5786D48} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D45FFA6D-FA2F-4C0F-A291-7B9DB5786D48} failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\AntiVermins not found!
Deletion of registry key HKLM\SOFTWARE\AntiVermins failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video ActiveX Object not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video ActiveX Object failed!
Status: 0xc0000034



Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object not found!
Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object failed!
Status: 0xc0000034

Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 deleted successfully.
Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On deleted successfully.
Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Seitenanfang Seitenende