Mein PC versendet Spammails! |
||
---|---|---|
#0
| ||
02.05.2007, 22:55
...neu hier
Beiträge: 1 |
||
|
||
03.05.2007, 07:42
Member
Beiträge: 694 |
#2
Hi,
wow, da hat es Dich aber gut erwischt,und einige sind noch da: O20 - Winlogon Notify: cigjqglc - afauj.dll (file missing) O20 - Winlogon Notify: dbyuejhx - dbyuejhx.dll (file missing) O20 - Winlogon Notify: dgytsgqv - dgytsgqv.dll (file missing) O20 - Winlogon Notify: edlcyddm - edlcyddm.dll (file missing) O20 - Winlogon Notify: jfcjtsnu - jfcjtsnu.dll (file missing) O20 - Winlogon Notify: jurdhtmw - jurdhtmw.dll (file missing) O20 - Winlogon Notify: lnwpljvs - C:\WINDOWS\SYSTEM32\lnwpljvs.dll O20 - Winlogon Notify: nrdurolv - nrdurolv.dll (file missing) O20 - Winlogon Notify: rjolohxc - rjolohxc.dll (file missing) O20 - Winlogon Notify: rkljkplw - rkljkplw.dll (file missing) O20 - Winlogon Notify: shfoxpob - C:\WINDOWS\system32\shfoxpob.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O20 - Winlogon Notify: yitnycek - yitnycek.dll (file missing) O20 - Winlogon Notify: yxtisuvd - yxtisuvd.dll (file missing) .. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinMedia] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ggvexaaa5537562" "hkey"="HKCU" "command"="C:\\WINDOWS\\system32\\ggvexaaa5537562.exe" "inimapping"="0" .. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {32031715-0682-3851-A63F-56C30BE4BF3B} C:\WINDOWS\system\bspctl32.dll [x] {4DC76606-E948-4092-85CE-897E90276369} C:\WINDOWS\system32\afauj.dll [x] {E0BD085A-881A-45DA-87FD-EC52C59BCDCb} C:\WINDOWS\system32\bkirjvkc.dll [x] .. Wahrscheinlich ist den Rechner neu aufzusetzten doch das einfachste... Wenn ich nachher Zeit habe schaue ich noch mal genauer drüber... Chris |
|
|
||
03.05.2007, 08:45
Moderator
Beiträge: 6466 |
#3
@MoeDaBoss
Zitat Vermutlich ist dieses Problem dadurch entstanden, dass mir jemand einen Link per ICQ geschickt hat, der auf meinen PC einen Virus installiert hatVielleicht weißt Du es nicht: Das Problem entsteht dadurch, dass man auf einen dieser Links klickt. __________ Durchsuchen --> Aussuchen --> Untersuchen |
|
|
T-Online hat mir geschrieben, dass mein PC angeblich Spammails verschickt.
(Vermutlich ist dieses Problem dadurch entstanden, dass mir jemand einen Link per ICQ geschickt hat, der auf meinen PC einen Virus installiert hat. Dieser Virus hat auch anderen Personen aus meiner Kontaktliste diesen Link weitergeschickt.)
(Das Drive Cleaner Popup ist mir auch bekannt, jedoch konnte ich dieses Problem schon lösen.)
Antivir findet keine verdächtigen Dateien auf dem Rechner.
Mir wurde geraten die Festplatte zu formatieren, jedoch möchte ich wissen ob es eine andere Lösung gibt.
Ich bedanke mich für jede Hilfe.
Logfile of HijackThis v1.99.1
Scan saved at 22:59:59, on 02.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Programme\Java\jre1.5.0_10\bin\jusched.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programme\TrojanHunter 4.6\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Java\jre1.5.0_10\bin\jucheck.exe
C:\Dokumente und Einstellungen\Moritz\Desktop\hjt.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Image Helper - {32031715-0682-3851-A63F-56C30BE4BF3B} - C:\WINDOWS\system\bspctl32.dll (file missing)
O2 - BHO: (no name) - {4DC76606-E948-4092-85CE-897E90276369} - C:\WINDOWS\system32\afauj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {E0BD085A-881A-45DA-87FD-EC52C59BCDCb} - C:\WINDOWS\system32\bkirjvkc.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WheelMouse] C:\Programme\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [THGuard] "C:\Programme\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Programme\a-squared Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (Steuerung des DownloadManager ) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.0.6.5.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176759214640
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - Winlogon Notify: cigjqglc - afauj.dll (file missing)
O20 - Winlogon Notify: dbyuejhx - dbyuejhx.dll (file missing)
O20 - Winlogon Notify: dgytsgqv - dgytsgqv.dll (file missing)
O20 - Winlogon Notify: edlcyddm - edlcyddm.dll (file missing)
O20 - Winlogon Notify: jfcjtsnu - jfcjtsnu.dll (file missing)
O20 - Winlogon Notify: jurdhtmw - jurdhtmw.dll (file missing)
O20 - Winlogon Notify: lnwpljvs - C:\WINDOWS\SYSTEM32\lnwpljvs.dll
O20 - Winlogon Notify: nrdurolv - nrdurolv.dll (file missing)
O20 - Winlogon Notify: rjolohxc - rjolohxc.dll (file missing)
O20 - Winlogon Notify: rkljkplw - rkljkplw.dll (file missing)
O20 - Winlogon Notify: shfoxpob - C:\WINDOWS\system32\shfoxpob.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: yitnycek - yitnycek.dll (file missing)
O20 - Winlogon Notify: yxtisuvd - yxtisuvd.dll (file missing)
O21 - SSODL: IEFilter - {1F957709-268E-4CCB-A0AA-3D1826CB64CB} - IEFilter.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
"Moritz" - 07-05-02 23:05:25 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Dokumente und Einstellungen\Moritz\Desktop\"
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\service.exe
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((( Files Created from 2007-04-02 to 2007-05-02 ))))))))))))))))))))))))))))))))))
2007-05-02 22:37 <DIR> d-------- C:\Programme\XP Codec Pack
2007-05-02 22:22 <DIR> d-------- C:\c42dccde2217572fbd6c20e7ad
2007-05-02 18:30 <DIR> d-------- C:\avenger
2007-05-02 18:24 <DIR> d-------- C:\Programme\a-squared Anti-Malware
2007-05-02 18:24 <DIR> d-------- C:\DOKUME~1\Moritz\ANWEND~1\TrojanHunter
2007-05-02 17:51 <DIR> d-------- C:\Programme\TrojanHunter 4.6
2007-04-24 20:44 43,584 --a------ C:\WINDOWS\system32\drivers\avipbb.sys
2007-04-24 20:44 28,352 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys
2007-04-21 14:42 <DIR> d-------- C:\Programme\Windows Media Connect 2
2007-04-21 14:41 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-04-21 14:41 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-04-21 14:41 <DIR> d-------- C:\5f1684ca83b5c0c1b125386a33a3646f
2007-04-21 14:41 <DIR> d-------- C:\41859164b09cb5ae0043
2007-04-21 14:41 <DIR> d-------- C:\1a08cf4ac5b24dd9911c49
2007-04-19 13:33 <DIR> d-------- C:\Programme\Buka
2007-04-16 23:35 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-04-16 23:34 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2007-04-16 23:34 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-04-16 23:16 <DIR> d-------- C:\Programme\RegistrySmart
2007-04-16 23:16 <DIR> d-------- C:\DOKUME~1\Moritz\ANWEND~1\RegistrySmart
2007-04-16 21:18 0 --a------ C:\WINDOWS\cdi1okj.dll
2007-04-16 19:58 119,828 --a------ C:\WINDOWS\system32\mjxxkeop.dll
2007-04-16 18:45 4 --a------ C:\WINDOWS\system32\shfoxpob.dat
2007-04-12 21:03 <DIR> d-------- C:\Programme\ASIO4ALL v2
2007-04-12 20:39 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2007-04-12 20:39 <DIR> d-------- C:\Programme\VstPlugins
2007-04-12 20:39 <DIR> d-------- C:\Programme\Image-Line
2007-04-11 11:52 <DIR> d-------- C:\Temp
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-02 22:35 -------- d-------- C:\Programme\divx
2007-04-26 17:08 -------- d-------- C:\DOKUME~1\Moritz\ANWEND~1\divx
2007-04-24 13:46 -------- d-------- C:\Programme\steam
2007-04-23 22:09 -------- d-------- C:\DOKUME~1\Moritz\ANWEND~1\openoffice.org2
2007-04-16 23:53 48360 --a------ C:\WINDOWS\system32\perfc007.dat
2007-04-16 23:53 316924 --a------ C:\WINDOWS\system32\perfh007.dat
2007-04-16 21:34 -------- d-------- C:\Programme\bittorrent
2007-04-16 21:33 -------- d-------- C:\DOKUME~1\Moritz\ANWEND~1\lavasoft
2007-04-16 21:08 -------- d-------- C:\Programme\icqlite
2007-04-09 02:58 -------- d-------- C:\DOKUME~1\Moritz\ANWEND~1\teamspeak2
2007-04-08 20:31 -------- d-------- C:\DOKUME~1\Moritz\ANWEND~1\limewire
2007-04-01 16:03 119828 --a------ C:\WINDOWS\system32\erlbxlul.dll
2007-03-30 00:47 108144 --a------ C:\WINDOWS\system32\cmdlineext.dll
2007-03-29 22:48 -------- dr-h----- C:\DOKUME~1\Moritz\ANWEND~1\securom
2007-03-27 09:55 524288 --a------ C:\WINDOWS\system32\divxsm.exe
2007-03-27 09:55 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-03-27 09:55 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-03-27 09:55 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-03-27 09:49 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-03-27 09:49 593920 --a------ C:\WINDOWS\system32\dpugui11.dll
2007-03-27 09:49 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-03-27 09:49 53248 --a------ C:\WINDOWS\system32\dpugui10.dll
2007-03-27 09:49 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-03-27 09:49 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-03-27 09:49 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-03-27 09:49 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-03-27 09:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-03-27 09:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-03-27 09:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-03-27 09:48 639066 --a------ C:\WINDOWS\system32\divx.dll
2007-03-19 14:15 -------- d-------- C:\Programme\microsoft frontpage
2007-03-19 14:15 -------- d-------- C:\DOKUME~1\Moritz\ANWEND~1\microsoft web folders
2007-03-04 04:13 -------- d-------- C:\DOKUME~1\Moritz\ANWEND~1\command & conquer 3 tiberium wars demo
2007-02-28 14:53 0 --a------ C:\WINDOWS\nsreg.dat
2007-02-16 03:40 124472 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{32031715-0682-3851-A63F-56C30BE4BF3B} C:\WINDOWS\system\bspctl32.dll [x]
{4DC76606-E948-4092-85CE-897E90276369} C:\WINDOWS\system32\afauj.dll [x]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
{E0BD085A-881A-45DA-87FD-EC52C59BCDCb} C:\WINDOWS\system32\bkirjvkc.dll [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"WheelMouse"="C:\\Programme\\A4Tech\\Mouse\\Amoumain.exe"
"snpstd"="C:\\WINDOWS\\vsnpstd.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb08.exe"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"THGuard"="\"C:\\Programme\\TrojanHunter 4.6\\THGuard.exe\""
"a-squared"="\"C:\\Programme\\a-squared Anti-Malware\\a2guard.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"IEFilter"="{1F957709-268E-4CCB-A0AA-3D1826CB64CB}"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cigjqglc
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dbyuejhx
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dgytsgqv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\edlcyddm
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jfcjtsnu
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jurdhtmw
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lnwpljvs
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nrdurolv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rjolohxc
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rkljkplw
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\shfoxpob
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yitnycek
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yxtisuvd
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^MS_update_0610_KB72306.exe]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\MS_update_0610_KB72306.exe"
"backup"="C:\\WINDOWS\\pss\\MS_update_0610_KB72306.exeCommon Startup"
"location"="Common Startup"
"command"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\MS_update_0610_KB72306.exe"
"item"="MS_update_0610_KB72306"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bittorrent"
"hkey"="HKCU"
"command"="\"C:\\Programme\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpotdd01"
"hkey"="HKLM"
"command"="C:\\Programme\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DllRunning]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="skpvwwth"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\system32\\skpvwwth.dll\",setvm"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\himem.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="skksd32"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\skksd32.exe -s"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd"
"hkey"="HKLM"
"command"="C:\\Programme\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMnEx32]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="skksd32"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\skksd32.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TeaTimer"
"hkey"="HKCU"
"command"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Steam\\Steam.exe\" -silent"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\syswin]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="v6"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\v6.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinMedia]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ggvexaaa5537562"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ggvexaaa5537562.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=dword:00000003
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f52a2ffa-1728-11db-a4fb-806d6172696f}]
Shell\AutoRun\command E:\Setup.exe
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\RegistrySmart Scheduled Scan.job
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-02 23:07:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-05-02 23:07:48
C:\ComboFix-quarantined-files.txt ... 07-05-02 23:07