Home » Spyware & Browser Hijacker Support Forum » Warndreieck Security Alert: Spyware found » Themenansicht
Warndreieck Security Alert: Spyware found |
||
|---|---|---|
| #0
| ||
|
11.01.2007, 14:48
...neu hier
Beiträge: 2 |
||
 
|
|
|
|
11.01.2007, 16:48
Ehrenmitglied
 Beiträge: 29434 |
#2
1.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Die Datei "fixme.reg" auf dem Desktop doppelklicken und der Registry mit "ja" oder "yes" beifügen Zitat REGEDIT42. arbeite das avenger script ab + smitfraudfix http://virus-protect.org/artikel/spyware/antiverminser.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
11.01.2007, 19:34
...neu hier
Themenstarter Beiträge: 2 |
#3
Hallo, danke schon mal fuer die hilfe - diesen editor rapport habe ich zuerst erhalten und dann nach weiteren abarbeiten diesen: bin ich da auf dem richtigen weg?
Zuerst der: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\iaijknqm ******************* Script file located at: \??\C:\xujwwbca.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\gwquvw.dll deleted successfully. File C:\WINDOWS\system32\axlet.dll not found! Deletion of file C:\WINDOWS\system32\axlet.dll failed! Could not process line: C:\WINDOWS\system32\axlet.dll Status: 0xc0000034 File C:\Dokumente und Einstellungen\Ingo-Marc Ferdini\Favoriten\Antivirus Test Online.url not found! Deletion of file C:\Dokumente und Einstellungen\Ingo-Marc Ferdini\Favoriten\Antivirus Test Online.url failed! Could not process line: C:\Dokumente und Einstellungen\Ingo-Marc Ferdini\Favoriten\Antivirus Test Online.url Status: 0xc0000034 File C:\Dokumente und Einstellungen\Ingo-Marc Ferdini\Favoriten\Online Security Test.url deleted successfully. File C:\Dokumente und Einstellungen\All Users\Startmenü\Online Security Guide.url deleted successfully. File C:\Dokumente und Einstellungen\All Users\Startmenü\Security Troubleshooting.url deleted successfully. File C:\WINDOWS\system32\ishost.exe not found! Deletion of file C:\WINDOWS\system32\ishost.exe failed! Could not process line: C:\WINDOWS\system32\ishost.exe Status: 0xc0000034 File C:\WINDOWS\system32\ismini.exe not found! Deletion of file C:\WINDOWS\system32\ismini.exe failed! Could not process line: C:\WINDOWS\system32\ismini.exe Status: 0xc0000034 File C:\WINDOWS\system32\ixt0.dll not found! Deletion of file C:\WINDOWS\system32\ixt0.dll failed! Could not process line: C:\WINDOWS\system32\ixt0.dll Status: 0xc0000034 Folder C:\WINDOWS\system32\components not found! Deletion of folder C:\WINDOWS\system32\components failed! Could not process line: C:\WINDOWS\system32\components Status: 0xc0000034 Folder C:\Programme\AntiVerminser deleted successfully. Folder C:\Programme\Video ActiveX Object deleted successfully. Folder C:\Dokumente und Einstellungen\Ingo-Marc Ferdini\Startmenü\Programme\AntiVerminser not found! Deletion of folder C:\Dokumente und Einstellungen\Ingo-Marc Ferdini\Startmenü\Programme\AntiVerminser failed! Could not process line: C:\Dokumente und Einstellungen\Ingo-Marc Ferdini\Startmenü\Programme\AntiVerminser Status: 0xc0000034 Could not open folder C:\Dokumente und Einstellungen\%Username\Lokale Einstellungen\Temporary Internet Files\Content.IE5\A5678X4T for deletion Deletion of folder C:\Dokumente und Einstellungen\%Username\Lokale Einstellungen\Temporary Internet Files\Content.IE5\A5678X4T failed! Could not process line: C:\Dokumente und Einstellungen\%Username\Lokale Einstellungen\Temporary Internet Files\Content.IE5\A5678X4T Status: 0xc000003a Folder C:\Dokumente und Einstellungen\Ingo-Marc Ferdini\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YTGZAXU5 not found! Deletion of folder C:\Dokumente und Einstellungen\Ingo-Marc Ferdini\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YTGZAXU5 failed! Could not process line: C:\Dokumente und Einstellungen\Ingo-Marc Ferdini\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YTGZAXU5 Status: 0xc0000034 Could not delete registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|AntiVerminser Deletion of registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|AntiVerminser failed! Status: 0xc0000034 Registry value HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|carbinyl deleted successfully. Registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler|{8d8c2387-7f80-4022-9be6-43630a969558} deleted successfully. Could not delete registry value HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|eupeptic Deletion of registry value HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|eupeptic failed! Status: 0xc0000034 Could not delete registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler|{8670ee50-01f9-47da-ac1e-cf8549e9e521} Deletion of registry value HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler|{8670ee50-01f9-47da-ac1e-cf8549e9e521} failed! Status: 0xc0000034 Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe deleted successfully. Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe failed! Status: 0xc0000034 Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamini.exe Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamini.exe failed! Status: 0xc0000034 Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|wininet.dll Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|wininet.dll failed! Status: 0xc0000034 Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|none deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8670ee50-01f9-47da-ac1e-cf8549e9e521} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8670ee50-01f9-47da-ac1e-cf8549e9e521} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AntiVerminser.exe not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AntiVerminser.exe failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVerminser not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVerminser failed! Status: 0xc0000034 Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AntiVerminser not found! Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AntiVerminser failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{823B335C-00DE-4886-BE7A-FBDC0F69294E} deleted successfully. Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video ActiveX Object not found! Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video ActiveX Object failed! Status: 0xc0000034 Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object not found! Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object failed! Status: 0xc0000034 Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 deleted successfully. Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On deleted successfully. Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} deleted successfully. Registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} not found! Deletion of registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4d74aaa-a178-4463-846b-b4bc87a024e0} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4d74aaa-a178-4463-846b-b4bc87a024e0} failed! Status: 0xc0000034 Registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f4d74aaa-a178-4463-846b-b4bc87a024e0} not found! Deletion of registry key HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f4d74aaa-a178-4463-846b-b4bc87a024e0} failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. Dann der: SmitFraudFix v2.132 Scan done at 19:25:37,93, 11.01.2007 Run from C:\Dokumente und Einstellungen\Ingo-Marc Ferdini\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is FAT32 Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Ingo-Marc Ferdini »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Ingo-Marc Ferdini\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\INGO-M~1\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop C:\DOKUME~1\ALLUSE~1\DESKTOP\Online Security Guide.url FOUND ! C:\DOKUME~1\ALLUSE~1\DESKTOP\Security Troubleshooting.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Programme »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\PROGRA~1\\Google\\GO333C~1\\GOEC62~1.DLL" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Dieser Beitrag wurde am 11.01.2007 um 19:42 Uhr von ferducci editiert.
|
|
|
|
|
|
|
12.01.2007, 00:11
Ehrenmitglied
Beiträge: 29434 |
#4
ferducci
kommen noch poups ? du musst auch option 2 von smitfraudfix anwenden ! __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
bin auch neu hier und habe auch dieses ComboxFix laufen lassen und folgendes feedback bekommen - kannst du mir da helfen, mein pc ist langsam, es kommen andauernd pop ups und dieses warndreieck kommt auch immer wieder????
Ingo-Marc Ferdini - 07-01-11 13:42:12,81 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Dokumente und Einstellungen\Ingo-Marc Ferdini"
((((((((((((((((((((((((((((((( Files Created from 2006-12-11 to 2007-01-11 ))))))))))))))))))))))))))))))))))
2007-01-11 11:09 <DIR> d-------- C:\Programme\Enigma Software Group
2007-01-10 00:57 <DIR> d-------- C:\Dokumente und Einstellungen\Ingo-Marc Ferdini\Anwendungsdaten\Lavasoft
2007-01-10 00:55 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-01-10 00:55 87,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-01-10 00:55 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-01-10 00:55 666,240 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-01-10 00:55 36,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-01-10 00:55 24,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-01-10 00:55 16,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-01-10 00:55 <DIR> d-------- C:\Programme\Alwil Software
2007-01-09 23:28 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-01-09 23:28 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2007-01-09 23:28 <DIR> d-------- C:\Programme\Spyware Doctor
2007-01-09 23:28 <DIR> d-------- C:\Dokumente und Einstellungen\Ingo-Marc Ferdini\Anwendungsdaten\PC Tools
2007-01-09 23:28 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2007-01-09 17:11 20,992 --a------ C:\WINDOWS\system32\gwquvw.dll
2007-01-09 17:11 <DIR> d-------- C:\Programme\Video ActiveX Object
2007-01-09 17:11 <DIR> d-------- C:\Programme\AntiVerminser
2007-01-04 15:01 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-01-04 15:01 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-12-21 11:01 <DIR> d-------- C:\Programme\WinRAR
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-26 04:07 -------- d-------- C:\Programme\MSN Messenger
2006-11-25 00:01 -------- d-------- C:\Programme\Windows Media Connect 2
2006-11-21 03:03 -------- d-------- C:\Programme\MSXML 4.0
2006-11-08 06:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-05 01:50 39448 --a------ C:\Dokumente und Einstellungen\Ingo-Marc Ferdini\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-02 20:25 176835 --a------ C:\WINDOWS\GalleryPlayer Images Uninstaller.exe
2006-10-20 02:38 715776 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 23:03 43008 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 22:58 8704 --------- C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 22:58 8704 --------- C:\WINDOWS\system32\uwdf.exe
2006-10-18 22:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 22:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 22:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 22:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 22:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 22:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 22:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 22:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 22:47 63488 --------- C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 22:47 629760 --------- C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 22:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 22:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 22:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 22:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 22:47 429056 --------- C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 22:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 22:47 4096 --------- C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 22:47 4096 --------- C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 22:47 4096 --------- C:\WINDOWS\system32\wdfapi.dll
2006-10-18 22:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 22:47 35840 --------- C:\WINDOWS\system32\wpdconns.dll
2006-10-18 22:47 356352 --------- C:\WINDOWS\system32\wpdsp.dll
2006-10-18 22:47 348672 --------- C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 22:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 22:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 22:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 22:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 22:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 22:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 22:47 276992 --------- C:\WINDOWS\system32\audiodev.dll
2006-10-18 22:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 22:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 22:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 22:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 22:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 22:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 22:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 22:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 22:47 222208 --a------ C:\WINDOWS\system32\WMASF.dll
2006-10-18 22:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 22:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 22:47 204288 --------- C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 22:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 22:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 22:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 22:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 22:47 1661440 --------- C:\WINDOWS\system32\wmpencen.dll
2006-10-18 22:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 22:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 22:47 154624 --------- C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 22:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 22:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 22:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 22:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 22:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 22:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 22:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 22:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 22:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 21:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 21:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 21:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-18 10:32 807032 --a------ C:\WINDOWS\system32\wmv9dmod.dll
2006-10-13 13:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 13:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 13:35 146432 --a------ C:\WINDOWS\system32\nwprovau.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"googletalk"="\"C:\\Programme\\Google\\Google Talk\\googletalk.exe\" /autostart"
"MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"Spyware Doctor"="\"C:\\Programme\\Spyware Doctor\\swdoctor.exe\" /Q"
"SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LaunchApp"="Alaunch"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"SynTPLpr"="C:\\Programme\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe"
"RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"EPM-DM"="c:\\acer\\epm\\epm-dm.exe"
"ePowerManagement"="C:\\Acer\\ePM\\ePM.exe boot"
"LManager"="C:\\Programme\\Launch Manager\\QtZgAcer.EXE"
"eRecoveryService"="C:\\Windows\\System32\\Check.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"LWBMOUSE"="C:\\Programme\\Belkin\\Wireless Mouse Driver\\MOUSE32A.EXE"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"HP Software Update"="\"C:\\Programme\\HP\\HP Software Update\\HPWuSchd2.exe\""
"HP Component Manager"="\"C:\\Programme\\HP\\hpcoretech\\hpcmpmgr.exe\""
"Picasa Media Detector"="C:\\Programme\\Picasa2\\PicasaMediaDetector.exe"
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Programme\\Google\\Gmail Notifier\\gnotify.exe"
"Backup NOW! Scheduler"="\"C:\\Programme\\NewTech Infosystems\\NTI Backup NOW! 3\\Schdlr32.exe\" -s"
"Google Desktop Search"="\"C:\\Programme\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"Acrobat Assistant 7.0"="\"C:\\Programme\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"SpyHunter"="C:\\Programme\\Enigma Software Group\\SpyHunter\\SpyHunter.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Spyware Doctor"="\"C:\\Programme\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Spyware Doctor"="\"C:\\Programme\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamonitor.exe"="C:\\Programme\\Video ActiveX Object\\isamonitor.exe"
"none"="C:\\Programme\\Video ActiveX Object\\pmsngr.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
"carbinyl"="{8d8c2387-7f80-4022-9be6-43630a969558}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 07-01-11 13:44:45.43
C:\ComboFix.txt ... 07-01-11 13:44