Home » Spyware & Browser Hijacker Support Forum » rsvp32_2.dll / Trojaner Proxy.Agent.LY.16 blockiert Internetzugang » Themenansicht
rsvp32_2.dll / Trojaner Proxy.Agent.LY.16 blockiert Internetzugang |
||
|---|---|---|
| #0
| ||
|
04.03.2007, 22:25
...neu hier
Beiträge: 2 |
||
 
|
|
|
|
05.03.2007, 09:27
Ehrenmitglied
 Beiträge: 29434 |
#2
LSPfix
http://www.spychecker.com/program/lspfix.html hake an: "I know what Im doing" -- Remove und lösche rsvp32_2.dll (eventuell musst du die dll von links nach rechts bringen) + Remove + rechner neustarten wenn der 010-Eintrag im HijackThis nicht mehr vorhanden ist und damit die dll aus dem winsock, kannst du sie loeschen O10 - Broken Internet access because of LSP provider 'rsvp32_2.dll' missing «« Avenger http://virus-protect.org/artikel/tools/avenger.html Input script manually (anhaken) kopiere in: View/edit script Zitat Files to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
05.03.2007, 18:04
...neu hier
Themenstarter Beiträge: 2 |
||
|
|
|
|
Hat einwandfrei funktioniert!Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Ich habe mal wie gewünscht sämtliche Logfiles angehängt. Was kann ich denn machen um den Schädling wieder zu entfernen?
Logfile of HijackThis v1.99.1
Scan saved at 17:48:09, on 04.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\AT-AR215\AT-AR215 USB ADSL WAN Adapter\dslmon.exe
C:\Programme\Google\Google Updater\GoogleUpdater.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\SpamPal\spampal.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\Programme\Outlook Express\msimn.exe
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programme\hijackthis\HijackThis.exe
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Startup: SpamPal.lnk = C:\Programme\SpamPal\spampal.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Programme\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'rsvp32_2.dll' missing
O17 - HKLM\System\CCS\Services\Tcpip\..\{1890832E-576E-4FE8-87E4-8CDF2CDFE48C}: NameServer = 217.237.151.142 217.237.151.115
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
ComboScan v20070226.18 run by User on 2007-03-04 at 20:31:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Successfully created restore point.
Performed disk cleanup.
-- HijackThis (run as User.exe) -------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 20:31:34, on 04.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\AT-AR215\AT-AR215 USB ADSL WAN Adapter\dslmon.exe
C:\Programme\Google\Google Updater\GoogleUpdater.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\SpamPal\spampal.exe
C:\Programme\Gemeinsame Dateien\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\Programme\comboscan.exe
C:\PROGRA~1\HIJACK~1\User.exe
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: SpamPal.lnk = C:\Programme\SpamPal\spampal.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Programme\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'rsvp32_2.dll' missing
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-- File Associations ------------------------------------------------------------
.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
[COLOR=red].js - JSFile - unable to read value[/COLOR]
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------
3R ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service) - C:\WINDOWS\system32\drivers\ADIHdAud.sys
2S ADILOADER (General Purpose USB Driver (adildr.sys)) - C:\WINDOWS\system32\drivers\adildr.sys
3R adiusbaw (AT-AR215 USB ADSL Modem) - C:\WINDOWS\system32\drivers\adiusbaw.sys
3R AEAudioService (AEAudio Service) - C:\WINDOWS\system32\drivers\aeaudio.sys
1R avgio - C:\Programme\AntiVir PersonalEdition Classic\avgio.sys
3R avgntflt - C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys
3R FETNDIS (VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber) - C:\WINDOWS\system32\drivers\fetnd5.sys
3S HdAudAddService (Microsoft UAA Function Driver for High Definition Audio Service) - C:\WINDOWS\system32\drivers\Hdaudio.sys
3R HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys
1R intelppm (Intel-Prozessortreiber) - C:\WINDOWS\system32\drivers\intelppm.sys
3R L8042Kbd (Logitech SetPoint Keyboard Driver) - C:\WINDOWS\system32\drivers\L8042Kbd.sys
3R L8042mou (Logitech SetPoint PS/2 Mouse Filter Driver) - C:\WINDOWS\system32\drivers\L8042mou.Sys
3R LMouKE (Logitech SetPoint Mouse Filter Driver) - C:\WINDOWS\system32\drivers\LMouKE.Sys
3R MTsensor (ATK0110 ACPI UTILITY) - C:\WINDOWS\system32\drivers\ASACPI.sys
3R SenFiltService (SenFilt Service) - C:\WINDOWS\system32\drivers\senfilt.sys
0R srescan - C:\WINDOWS\system32\ZoneLabs\srescan.sys
0R uagp35 (Microsoft AGPv3.5-Filter) - C:\WINDOWS\system32\drivers\UAGP35.SYS
3R usbehci (Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbprint (Microsoft USB-Druckerklasse) - C:\WINDOWS\system32\drivers\usbprint.sys
3S USBSTOR (USB-Massenspeichertreiber) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
3R viagfx - C:\WINDOWS\system32\drivers\vtmini.sys
1R vsdatant - C:\WINDOWS\system32\vsdatant.sys
1R WS2IFSL (Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
2R AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
2R AntiVirService (AntiVir PersonalEdition Classic Guard) - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
3S gusvc (Google Updater Service) - "C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe"
2R LexBceS (LexBce Server) - C:\WINDOWS\system32\LEXBCES.EXE
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
2R vsmon (TrueVector Internet Monitor) - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
-- Files created between 2007-02-04 and 2007-03-04 ------------------------------
2007-03-04 17:46:25 0 d-------- C:\Programme\hijackthis<HIJACK~1>
2007-03-04 16:46:26 453049 --a------ C:\Programme\comboscan.exe<COMBOS~1.EXE>
2007-03-04 16:44:35 339257 --a------ C:\Programme\CleanUp452.exe<CLEANU~1.EXE>
2007-03-04 16:15:30 5037072 --a------ C:\Programme\spybotsd14.exe<SPYBOT~1.EXE>
2007-03-04 15:29:28 0 d-------- C:\Programme\Opera
2007-03-04 15:27:22 0 --a------ C:\WINDOWS\nsreg.dat
2007-03-04 15:27:04 0 d-------- C:\Programme\Mozilla Firefox<MOZILL~1>
2007-02-24 16:04:53 8704 --a------ C:\WINDOWS\system32\sporder.dll
2007-02-24 16:04:53 77824 -----n--- C:\WINDOWS\system32\rsvp32_2.dll
2007-02-24 16:04:53 101888 --a------ C:\WINDOWS\lrm.exe
2007-02-16 16:39:33 0 d---s---- C:\Dokumente und Einstellungen\User\UserData
2007-02-13 08:42:08 0 d-------- C:\WINDOWS\Downloaded Installations<DOWNLO~2>
2007-02-13 08:39:36 23067984 --a------ C:\Programme\AdbeRdr80_de_DE.exe<ADBERD~1.EXE>
2007-02-13 08:39:19 7241896 --a------ C:\Programme\psa30se_de_de.exe<PSA30S~1.EXE>
-- Find3M Report ----------------------------------------------------------------
2007-03-04 16:46:56 289 --a------ C:\Programme\datFind.zip
2007-03-04 16:45:22 212849 --a------ C:\Programme\hijackthis.zip<HIJACK~1.ZIP>
2007-03-04 15:41:30 201030 --a------ C:\Programme\lspfix.zip
2007-03-04 15:29:33 0 d---s---- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Microsoft<MICROS~1>
2007-03-04 15:27:14 0 d-------- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Mozilla
2007-03-04 15:13:45 0 d-------- C:\Programme\Google
2007-03-04 14:25:00 0 d-------- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Opera
2007-03-04 14:16:30 195645 --a------ C:\Programme\unlocker1.8.5.exe<UNLOCK~1.EXE>
2007-03-01 13:48:51 0 d-------- C:\Dokumente und Einstellungen\User\Anwendungsdaten\uTorrent
2007-02-27 12:13:19 0 d-------- C:\Programme\AntiVir PersonalEdition Classic<ANTIVI~1>
2007-02-25 13:18:51 0 d-------- C:\Programme\eMule
2007-02-13 08:44:30 0 d-------- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Adobe
2007-02-13 08:44:00 0 d-------- C:\Programme\Gemeinsame Dateien\Adobe
2007-02-06 23:51:00 0 d-------- C:\Programme\CDex_170b2<CDEX_1~1>
2007-02-06 23:51:00 0 d-------- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Help
2007-01-31 15:16:54 97095168 --a------ C:\Programme\epson31305eu.exe<EPSON3~2.EXE>
2007-01-30 17:03:37 0 d-------- C:\Programme\EPSON
2007-01-30 16:58:04 66104832 --a------ C:\Programme\epson25955eu.exe<EPSON2~1.EXE>
2007-01-30 16:54:36 21707264 --a------ C:\Programme\epson31412eu.exe<EPSON3~1.EXE>
2007-01-24 08:06:54 0 d-------- C:\Dokumente und Einstellungen\User\Anwendungsdaten\SpamPal
2007-01-13 16:39:14 0 d-------- C:\Programme\Ahead
2007-01-13 15:49:45 0 d-------- C:\Programme\Gemeinsame Dateien<GEMEIN~1>
2007-01-13 15:49:45 0 d-------- C:\Programme\Gemeinsame Dateien\Ahead
2007-01-07 15:25:47 0 d-------- C:\Programme\PDFCreator<PDFCRE~1>
2007-01-07 15:25:38 0 d-------- C:\Dokumente und Einstellungen\User\Anwendungsdaten\PDFCreator<PDFCRE~1>
2007-01-05 15:03:40 0 d-------- C:\Programme\DVD Audio Extractor<DVDAUD~1>
2007-01-05 14:55:00 0 d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared<MICROS~1>
2007-01-05 14:54:36 0 d-------- C:\Programme\Gemeinsame Dateien\Designer
2007-01-05 00:23:16 0 d-------- C:\Dokumente und Einstellungen\User\Anwendungsdaten\Macromedia<MACROM~1>
2007-01-03 22:54:05 2272 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Monkeys Audio Codec.dat<SP5EB9~1.DAT>
2007-01-03 22:54:05 167936 --a------ C:\WINDOWS\system32\SpoonUninstall.exe<SPOONU~1.EXE>
2007-01-03 22:53:48 2316 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Mp4 Codec.dat<SP930E~1.DAT>
2007-01-03 22:53:32 2421 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Musepack Codec.dat<SPOONU~4.DAT>
2007-01-03 22:53:14 2421 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Ogg Vorbis Codec.dat<SPOONU~3.DAT>
2007-01-03 22:50:40 36100 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat<SPOONU~1.DAT>
2007-01-03 22:34:25 253952 -----n--- C:\WINDOWS\Setup1.exe
2007-01-03 22:34:24 74752 --a------ C:\WINDOWS\ST6UNST.EXE
2007-01-03 11:59:59 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2006-12-29 19:28:45 316594 --a------ C:\WINDOWS\system32\perfh007.dat
2006-12-29 19:28:45 48156 --a------ C:\WINDOWS\system32\perfc007.dat
2006-12-29 19:13:07 0 -rahs---- C:\MSDOS.SYS
2006-12-29 19:13:07 0 -rahs---- C:\IO.SYS
2006-12-29 19:13:07 0 --a------ C:\CONFIG.SYS
2006-12-29 19:13:07 0 --a------ C:\AUTOEXEC.BAT
2006-12-29 19:10:25 21740 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2006-12-29 18:58:17 62 --ahs---- C:\Dokumente und Einstellungen\User\Anwendungsdaten\desktop.ini
2006-12-12 00:00:00 139264 --a------ C:\WINDOWS\system32\esint32.dll
-- Registry Dump ----------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"VTTimer"="VTTimer.exe"
"VTTrayp"="VTtrayp.exe"
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"SoundMAXPnP"="C:\\Programme\\Analog Devices\\Core\\smax4pnp.exe"
"SoundMAX"="\"C:\\Programme\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"Zone Labs Client"="\"C:\\Programme\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"2kadiras"="2kadiras.exe"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"UnlockerAssistant"="\"C:\\Programme\\Unlocker\\UnlockerAssistant.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
-- End of ComboScan: finished at 2007-03-04 at 20:31:56 -------------------------
ComboScan v20070226.18 run by User on 2007-03-04 at 20:31:29
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information -----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: German
CPU 0: Intel(R) Pentium(R) 4 CPU 3.06GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.06GHz
Percentage of Memory in Use: 30%
Physical Memory (total/avail): 1470.42 MiB / 1017.48 MiB
Pagefile Memory (total/avail): 1993.43 MiB / 1716.12 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1996.61 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 153.38 GiB total, 117.92 GiB free.
D: is CDROM (No Media)
-- Security Center --------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
FW: ZoneAlarm Firewall v6.5.737.000 (Zone Labs, Inc.)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
-- Environment Variables --------------------------------------------------------
ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users
APPDATA=C:\Dokumente und Einstellungen\User\Anwendungsdaten
CommonProgramFiles=C:\Programme\Gemeinsame Dateien
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Dokumente und Einstellungen\User
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Programme
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOKUME~1\User\LOKALE~1\Temp
TMP=C:\DOKUME~1\User\LOKALE~1\Temp
tvdumpflags=8
USERNAME=User
USERPROFILE=C:\Dokumente und Einstellungen\User
windir=C:\WINDOWS
-- User Profiles ----------------------------------------------------------------
User (admin)
-- Add/Remove Programs ----------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUN0407.EXE -f"C:\Programme\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Programme\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A80000000002}
Adobe Streamline 4.0 --> C:\WINDOWS\uninst.exe -f"C:\Programme\Adobe\Streamline 4.0\DeIsL2.isu"
AT-AR215 USB ADSL WAN Adapter --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\setup.exe" -l0x7
Avira AntiVir PersonalEdition Classic --> C:\Programme\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
CDex extraction audio --> "C:\Programme\CDex_170b2\uninstall.exe"
CleanUp! --> C:\Programme\CleanUp!\uninstall.exe
Cool Edit Pro v1.2a --> C:\PROGRA~1\Cooledit\UNWISE.EXE C:\PROGRA~1\Cooledit\INSTALL.LOG
dBpowerAMP Monkeys Audio Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Monkeys Audio Codec.dat
dBpowerAMP Mp4 Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Mp4 Codec.dat
dBpowerAMP Musepack Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Musepack Codec.dat
dBpowerAMP Music Converter --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
dBpowerAMP Ogg Vorbis Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Ogg Vorbis Codec.dat
dBpowerAMP WMA V9.1 Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat
DVD Shrink 3.2 --> "C:\Programme\DVD Shrink\unins000.exe"
eMule --> "C:\Programme\eMule\Uninstall.exe"
EPSON Scan --> C:\Programme\epson\escndv\setup\setup.exe /r
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\programme\google\googletoolbar2.dll"
Google Updater --> "C:\Programme\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 1.99.1 --> C:\Programme\hijackthis\HijackThis.exe /uninstall
ICQ 5.1 --> C:\Programme\ICQLite\ICQLiteUninstall.EXE
Lexmark Supplies Monitor --> C:\WINDOWS\system32\LXSMUNIN.EXE
Lexmark Z25-Z35 --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXAXUN5C.EXE -dLexmark Z25-Z35
Logitech SetPoint --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x7 -removeonly
Macromedia Dreamweaver MX --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x7 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x7 mmUninstall
Macromedia Fireworks MX --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\Setup.exe" -l0x7 UNINSTALL
Macromedia Flash MX --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x7 UNINSTALL
Macromedia FreeHand 10 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4D826618-59C6-11D4-976E-00C04F8EEB39}\Setup.exe" -l0x7 UNINSTALL
Microsoft Office XP Professional mit FrontPage --> MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9}
Mozilla Firefox (2.0) --> C:\Programme\Mozilla Firefox\uninstall\uninst.exe
Mp3tag V.2.32a --> C:\Programme\Mp3tag\Mp3tagUninstall.EXE
Nero 6 Ultra Edition --> C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Newsletter Maker 2.5 --> C:\WINDOWS\st6unst.exe -n "C:\Programme\NewsletterMaker\ST6UNST.LOG"
Opera 9.10 --> MsiExec.exe /X{20B579BE-034A-4140-AFA0-B9BC8435FAFA}
PDFCreator 0.8.0 --> C:\Programme\PDFCreator\unins000.exe
SoundMAX --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x7 -removeonly
SpamPal --> "C:\Programme\SpamPal\Uninstall.exe" "C:\Programme\SpamPal\install.log"
Unlocker 1.8.5 --> C:\Programme\Unlocker\uninst.exe
Update für Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB911164) -->
WinRAR Archivierer --> C:\Programme\WinRAR\uninstall.exe
WinZip --> C:\Programme\WinZip\WINZIP32.EXE /uninstall
Xaldon WebSpider 2 --> C:\WINDOWS\unin0407.exe -f"C:\Programme\Xaldon\WebSpider 2\DeIsL1.isu" -c"C:\Programme\Xaldon\WebSpider 2\_ISREG32.DLL"
ZoneAlarm --> C:\Programme\Zone Labs\ZoneAlarm\zauninst.exe
-- End of ComboScan: finished at 2007-03-04 at 20:31:56 -------------------------
Verzeichnis von C:\WINDOWS\system32
04.03.2007 16:08 54.112 vsconfig.xml
04.03.2007 15:13 2.422 wpa.dbl
24.02.2007 16:04 77.824 rsvp32_2.dll
24.02.2007 16:04 8.704 sporder.dll
06.01.2007 13:17 789.696 FNTCACHE.DAT
05.01.2007 14:39 2.422 wpa.bak
03.01.2007 22:54 2.272 SpoonUninstall-dBpowerAMP Monkeys Audio Codec.dat
03.01.2007 22:54 167.936 SpoonUninstall.exe
03.01.2007 22:53 27.958 SpoonUninstall-dBpowerAMP Monkeys Audio Codec.bmp
03.01.2007 22:53 2.316 SpoonUninstall-dBpowerAMP Mp4 Codec.dat
03.01.2007 22:53 33.846 SpoonUninstall-dBpowerAMP Mp4 Codec.bmp
03.01.2007 22:53 2.421 SpoonUninstall-dBpowerAMP Musepack Codec.dat
03.01.2007 22:53 33.846 SpoonUninstall-dBpowerAMP Musepack Codec.bmp
03.01.2007 22:53 2.421 SpoonUninstall-dBpowerAMP Ogg Vorbis Codec.dat
03.01.2007 22:53 33.846 SpoonUninstall-dBpowerAMP Ogg Vorbis Codec.bmp
03.01.2007 22:52 1.375 SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat
03.01.2007 22:52 33.846 SpoonUninstall-dBpowerAMP WMA V9.1 Codec.bmp
03.01.2007 22:50 36.100 SpoonUninstall-dBpowerAMP Music Converter.dat
03.01.2007 22:50 33.846 SpoonUninstall-dBpowerAMP Music Converter.bmp
03.01.2007 11:59 4.212 zllictbl.dat
29.12.2006 19:28 311.604 perfh009.dat
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9447-B1EA
Verzeichnis von C:\DOKUME~1\User\LOKALE~1\Temp
04.03.2007 18:24 16.384 ~DF24ED.tmp
04.03.2007 18:24 512 ~DF1C65.tmp
04.03.2007 18:24 16.384 ~DF1C4D.tmp
3 Datei(en) 33.280 Bytes
0 Verzeichnis(se), 126.611.795.968 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9447-B1EA
Verzeichnis von C:\WINDOWS
04.03.2007 17:22 254 wiadebug.log
04.03.2007 17:22 50 wiaservc.log
04.03.2007 16:51 33.523 wmsetup.log
04.03.2007 16:08 0 0.log
04.03.2007 16:08 2.048 bootstat.dat
04.03.2007 16:07 4.560 SchedLgU.Txt
04.03.2007 16:07 1.801.036 WindowsUpdate.log
04.03.2007 15:27 0 nsreg.dat
24.02.2007 16:04 101.888 lrm.exe
06.02.2007 20:40 116 NeroDigital.ini
31.01.2007 17:22 557 wmsetup10.log
31.01.2007 15:12 671.991 setupapi.log
22.01.2007 15:02 2.210 coolmp3.ini
05.01.2007 14:55 400 ODBC.INI
05.01.2007 14:39 849.948 setuplog.txt
03.01.2007 23:44 132 Adobereg.db
03.01.2007 22:52 316.640 WMSysPr9.prx
03.01.2007 22:50 759 win.ini
03.01.2007 22:37 155 cool.ini
03.01.2007 22:36 0 PROTOCOL.INI
03.01.2007 22:34 253.952 Setup1.exe
03.01.2007 22:34 74.752 ST6UNST.EXE
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9447-B1EA
Verzeichnis von C:\WINDOWS\Temp
04.03.2007 16:08 256 ZLT03524.TMP
04.03.2007 16:08 256 ZLT034de.TMP
2 Datei(en) 512 Bytes
0 Verzeichnis(se), 126.611.787.776 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9447-B1EA
Verzeichnis von C:\
04.03.2007 20:38 0 sys.txt
04.03.2007 20:38 346 down.txt
04.03.2007 20:37 328 tmp.txt
04.03.2007 20:36 7.689 system.txt
04.03.2007 20:36 390 systemtemp.txt
04.03.2007 20:34 91.812 system32.txt
04.03.2007 16:08 704.643.072 pagefile.sys
06.01.2007 13:53 521 Verknpfung mit Incoming.lnk
29.12.2006 19:13 0 IO.SYS
29.12.2006 19:13 0 CONFIG.SYS
29.12.2006 19:13 0 MSDOS.SYS
29.12.2006 19:13 0 AUTOEXEC.BAT
29.12.2006 19:07 211 boot.ini
28.02.2006 13:00 4.952 bootfont.bin
28.02.2006 13:00 251.184 ntldr
28.02.2006 13:00 47.564 NTDETECT.COM
16 Datei(en) 705.048.069 Bytes
0 Verzeichnis(se), 126.611.783.680 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 9447-B1EA
Verzeichnis von C:\WINDOWS\Downloaded Program Files
29.12.2006 19:12 65 desktop.ini
09.11.2006 14:36 5.019 swflash.inf
2 Datei(en) 5.084 Bytes
0 Verzeichnis(se), 126.611.787.776 Bytes frei