|
virus alert in der taaskbar Habe oben beschriebenes Problem und es öffnen sich permanent fenster. Hier das Loffile von HiJackThis v. 2.0.2.: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:03: VIRUS ALERT!, on 06.09.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\slserv.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Wireless 11Mbps Network\XPFix.exe C:\Program Files\lg_fwupdate\fwupdate.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files\Mozilla Firefox\firefox.exe E:\dsfsd\qlketzd.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: {94dce973-f7c1-c1fa-bce4-12426dae49e5} - {5e94ead6-2421-4ecb-af1c-1c7f379ecd49} - C:\WINDOWS\system32\qfhooj.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: QXK Olive - {B5D0BE4E-83F4-4320-BC40-D96FA1620811} - C:\WINDOWS\vanwxemgner.dll O2 - BHO: (no name) - {E07D22E1-CE3A-487F-B754-8044DBEDB049} - (no file) O2 - BHO: (no name) - {E29BC4ED-E59F-496E-9C68-06ADD6CF6FB8} - (no file) O3 - Toolbar: gksraemq - {6134A39A-C1EA-4E6F-B6D2-9ED5D9CC03B5} - C:\WINDOWS\gksraemq.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Alice] C:\Program Files\Wireless 11Mbps Network\XPFix.exe O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: qfhooj.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O20 - Winlogon Notify: fcccYRIA - fcccYRIA.dll (file missing) O21 - SSODL: dgksvbpn - {E947C9E0-6FC0-4481-BDFA-10AD096A87D5} - C:\WINDOWS\dgksvbpn.dll O21 - SSODL: xrdwbfgn - {D44C1E17-4940-4E6C-951A-FC2FF8A240F4} - C:\WINDOWS\xrdwbfgn.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm -- End of file - 6331 bytes |
Habe die Systemwiederherstellung deaktiviert. MBR-tool zeigt folgendes: Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK Blacklight findet keine versteckten Prozesse! Malwarebytes: Malwarebytes' Anti-Malware 1.26 Datenbank Version: 1120 Windows 5.1.2600 Service Pack 2 06.09.2008 20:37:41 mbam-log-2008-09-06 (20-37-29).txt Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|) Durchsuchte Objekte: 98845 Laufzeit: 47 minute(s), 4 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 21 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 16 Infizierte Verzeichnisse: 2 Infizierte Dateien: 27 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\WINDOWS\system32\qfhooj.dll (Trojan.Vundo) -> No action taken. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e94ead6-2421-4ecb-af1c-1c7f379ecd49} (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{5e94ead6-2421-4ecb-af1c-1c7f379ecd49} (Trojan.Vundo.H) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{0cc45c33-dc90-4fad-9788-b33de4e5932a} (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\Interface\{262c3e78-3869-4ea7-a0a1-fde72109b500} (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\Interface\{adf98080-7ee6-4fe8-bca9-3b03d1ebea42} (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{b5d0be4e-83f4-4320-bc40-d96fa1620811} (Trojan.FakeAlert) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b5d0be4e-83f4-4320-bc40-d96fa1620811} (Trojan.FakeAlert) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{f8002213-df67-421e-878a-012876559432} (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\Interface\{7006ba68-2584-4a40-8faf-239d867975a9} (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{6134a39a-c1ea-4e6f-b6d2-9ed5d9cc03b5} (Trojan.FakeAlert) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\gksraemq.brql (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\gksraemq.toolbar.1 (Trojan.FakeAlert) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6134a39a-c1ea-4e6f-b6d2-9ed5d9cc03b5} (Trojan.FakeAlert) -> No action taken. Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76487-OEM-0011903-00117) -> No action taken. HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken. Infizierte Verzeichnisse: C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> No action taken. Infizierte Dateien: C:\WINDOWS\system32\qfhooj.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\raarwtll.dll (Trojan.Vundo.H) -> No action taken. C:\WINDOWS\system32\lltwraar.ini (Trojan.Vundo.H) -> No action taken. C:\x (Trojan.FakeAlert) -> No action taken. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CPAFGL2J\nd82m0[1] (Trojan.Vundo) -> No action taken. C:\Documents and Settings\multi media\Local Settings\Temporary Internet Files\Content.IE5\UDQLAB0V\cntr[1].gif (Trojan.Vundo) -> No action taken. C:\WINDOWS\exdo.exe (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\vtUOEwWp.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\hoxhsenf.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\vanwxemgner.dll (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\xrdwbfgn.dll (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\sxmaokgf.exe (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\gksraemq.dll (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\dgksvbpn.dll (Trojan.FakeAlert) -> No action taken. C:\Documents and Settings\multi media\Application Data\TmpRecentIcons\MS Antivirus.lnk (Rogue.Link) -> No action taken. C:\Documents and Settings\multi media\Desktop\BEST ZOO PORN.url (Rogue.Link) -> No action taken. C:\Documents and Settings\multi media\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> No action taken. C:\Documents and Settings\multi media\Desktop\Privacy Protector.url (Rogue.Link) -> No action taken. C:\Documents and Settings\multi media\Desktop\Error Cleaner.url (Rogue.Link) -> No action taken. C:\Documents and Settings\multi media\Favorites\Error Cleaner.url (Rogue.Link) -> No action taken. C:\Documents and Settings\multi media\Favorites\Privacy Protector.url (Rogue.Link) -> No action taken. C:\Documents and Settings\multi media\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> No action taken. |
silentrunner: "Silent Runners.vbs", revision 58, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS] "Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."] "Sony Ericsson PC Suite" = ""C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon" ["Sony Ericsson Mobile Communications AB"] HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++} "FlashPlayerUpdate" = "C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"" ["Sun Microsystems, Inc."] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."] "ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "Alice" = "C:\Program Files\Wireless 11Mbps Network\XPFix.exe" ["Gemtek"] "LGODDFU" = ""C:\Program Files\lg_fwupdate\fwupdate.exe" blrun" ["BL"] "QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."] "AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"" ["Kaspersky Lab"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}\(Default) = "IEVkbdBHO" -> {HKLM...CLSID} = "IEVkbdBHO Class" \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll" ["Kaspersky Lab"] {5e94ead6-2421-4ecb-af1c-1c7f379ecd49}\(Default) = "{94dce973-f7c1-c1fa-bce4-12426dae49e5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\qfhooj.dll" [null data] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."] {B5D0BE4E-83F4-4320-BC40-D96FA1620811}\(Default) = (no title provided) -> {HKLM...CLSID} = "QXK Olive" \InProcServer32\(Default) = "C:\WINDOWS\vanwxemgner.dll" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1" -> {HKLM...CLSID} = "dBpShell Class" \InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll" [empty string] "{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter" -> {HKLM...CLSID} = "dMCIShell Class" \InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll" [empty string] "{AF32DAFE-1358-4F35-A673-FB123BC6303F}" = "Cutter 4.1 Shell Extension" -> {HKLM...CLSID} = "Cutter 4.1 Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\CUTTER~1\cutt4cm.dll" ["M.Dev Software"] "{310A0C95-EA11-42AE-A8E4-53E69E650310}" = "ZipGenius Zip Drop handler" -> {HKLM...CLSID} = "ZG 5.5 Drag and Drop handler" \InProcServer32\(Default) = "C:\PROGRA~1\ZIPGEN~1\DROPHA~1.DLL" ["M.Dev Software"] "{2E5AC2E0-406D-11D4-86B3-FA5861508E25}" = "ZipGenius Zip InfoTip" -> {HKLM...CLSID} = "ZipGenius 5 Zip InfoTip" \InProcServer32\(Default) = "C:\PROGRA~1\ZIPGEN~1\zgtips.dll" [empty string] "{3E307794-57B9-473A-98CC-4A039255063F}" = "OpenOffice.org/ZipGenius Shell Extension" -> {HKLM...CLSID} = "Openoffice.org/ZipGenius 5 Zip Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\ZIPGEN~1\oodll.dll" ["M.Dev Software"] "{FE8D01BF-610A-4261-9C6E-32D65A42C907}" = "ZipGenius 5.5 DnD Extract handler" -> {HKLM...CLSID} = "Delphi Context Menu Shell Extension Example" \InProcServer32\(Default) = "C:\PROGRA~1\ZIPGEN~1\ZGDRAG~1.DLL" ["M.Dev Software"] "{C169E5F0-E2B3-41F3-B81A-7BA529CBE193}" = "ZipGenius Shell Extension" -> {HKLM...CLSID} = "ZipGenius 5 Zip Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\ZIPGEN~1\contmenu.dll" ["M.Dev Software"] "{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW" -> {HKLM...CLSID} = "Shell Extension for CDRW" \InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Nero AG"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."] "{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Web traffic protection statistics" -> {HKLM...CLSID} = "Web traffic protection statistics" \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll" ["Kaspersky Lab"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\SYSTEM\CurrentControlSet\Control\Lsa\ <<!>> "Authentication Packages" = "msv1_0"|"C:\WINDOWS\system32\khfFWNgd" HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> fcccYRIA\DLLName = "fcccYRIA.dll" [file not found] <<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] {FED7043D-346A-414D-ACD7-550D052499A7}\(Default) = "dBpowerAMP Column Handler" -> {HKLM...CLSID} = "dBpShell Class" \InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll" [empty string] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Cutter4.1\(Default) = "{AF32DAFE-1358-4F35-A673-FB123BC6303F}" -> {HKLM...CLSID} = "Cutter 4.1 Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\CUTTER~1\cutt4cm.dll" ["M.Dev Software"] Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ShellEx.dll" ["Kaspersky Lab"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] ZipGenius 5\(Default) = "{C169E5F0-E2B3-41F3-B81A-7BA529CBE193}" -> {HKLM...CLSID} = "ZipGenius 5 Zip Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\ZIPGEN~1\contmenu.dll" ["M.Dev Software"] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] ZipGenius 5\(Default) = "{C169E5F0-E2B3-41F3-B81A-7BA529CBE193}" -> {HKLM...CLSID} = "ZipGenius 5 Zip Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\ZIPGEN~1\contmenu.dll" ["M.Dev Software"] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ShellEx.dll" ["Kaspersky Lab"] MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}" -> {HKLM...CLSID} = "MBAMShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}" -> {HKLM...CLSID} = "MBAMShlExt Class" \InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoToolbarCustomize" = (REG_DWORD) dword:0x00000001 {User Configuration|Administrative Templates|Windows Components|Internet Explorer|Toolbars| Disable customizing browser toolbar buttons} "NoDrives" = (REG_DWORD) dword:0x0000000C {unrecognized setting} "StartMenuLogoff" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "NoStartMenuMorePrograms" = (REG_DWORD) dword:0x00000001 {User Configuration|Administrative Templates|Start Menu and Taskbar| Remove All Programs list from the Start menu} "NoSetFolders" = (REG_DWORD) dword:0x00000001 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "DisableTaskMgr" = (REG_DWORD) dword:0x00000001 {User Configuration|Administrative Templates|System|Ctrl+Alt+Del Options| Remove Task Manager} "DisableRegistryTools" = (REG_DWORD) dword:0x00000001 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} "NoDispCPL" = (REG_DWORD) dword:0x00000001 {User Configuration|Administrative Templates|Control Panel|Display| Remove Display in Control Panel} HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\ "NoBrowserOptions" = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|Windows Components|Internet Explorer|Browser Menus| Tools menu: Disable Internet Options... menu option} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "J:\Bilder\Photos - ind\Bilder Thailand\IMG_0546.JPG" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\multi media\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Active Desktop web content (hidden if disabled): HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\ "FriendlyName" = "Privacy Protection" "Source" = "file:///C:\WINDOWS\privacy_danger\index.htm" "SubscribedURL" = "" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ dMCAudioCDInput\ "Provider" = "dMC Audio CD Input" "InvokeProgID" = "dMC.AudioCD.Autorun" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\dMC.AudioCD.Autorun\shell\open\command\(Default) = ""C:\Program Files\Illustrate\dBpowerAMP\CDGrab.exe"" ["Illustrate"] DVDDecrypterPlayDVDMovieOnArrival\ "Provider" = "DVD Decrypter" "InvokeProgID" = "DVDDecrypter" "InvokeVerb" = "PlayDVDMovieOnArrival_Decrypt" HKLM\SOFTWARE\Classes\DVDDecrypter\shell\PlayDVDMovieOnArrival_Decrypt\Command\(Default) = ""C:\Program Files\DVD Decrypter\DVDDecrypter.exe" /MODE READ /SOURCE "%1"" ["LIGHTNING UK!"] iTunesBurnCDOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.BurnCD" "InvokeVerb" = "burn" HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."] iTunesImportSongsOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.ImportSongsOnCD" "InvokeVerb" = "import" HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."] iTunesPlaySongsOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.PlaySongsOnCD" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."] iTunesShowSongsOnArrival\ "Provider" = "iTunes" "InvokeProgID" = "iTunes.ShowSongsOnCD" "InvokeVerb" = "showsongs" HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."] MSWPDShellNamespaceHandler\ "Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS] NeroAutoPlay2CDAudio\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay2" "InvokeVerb" = "HandleCDBurningOnArrival_CDAudio" HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"] NeroAutoPlay2CopyCD\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay2" "InvokeVerb" = "PlayCDAudioOnArrival_CopyCD" HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"] NeroAutoPlay2DataDisc\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay2" "InvokeVerb" = "HandleCDBurningOnArrival_DataDisc" HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"] NeroAutoPlay2LaunchNeroStartSmart\ "Provider" = "Nero StartSmart" "InvokeProgID" = "Nero.AutoPlay2" "InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart" HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"] NeroAutoPlay2VideoCapture\ "Provider" = "NeroVision Express SE" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = ""C:\Program Files\Ahead\NeroVision\NeroVision.exe" /New:VideoCapture" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] PDVDPlayDVDMovieOnArrival\ "Provider" = "ASUSDVD" "InvokeProgID" = "DVD" "InvokeVerb" = "PlayWithPowerDVD" HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = ""C:\Program Files\ASUSTek\ASUSDVD\ASUSDVD.exe" "%l"" ["CyberLink Corp."] PPCDBurningOnArrival\ "Provider" = "PowerProducer" "InvokeProgID" = "Picture" "InvokeVerb" = "OpenWithPowerProducer" HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerProducer\Command\(Default) = ""C:\Program Files\CyberLink DVD Solution\PowerProducer\Producer.exe"" ["CyberLink"] PPDCameraArrival\ "Provider" = "PowerProducer" "InvokeProgID" = "Picture" "InvokeVerb" = "OpenWithPowerProducer" HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerProducer\Command\(Default) = ""C:\Program Files\CyberLink DVD Solution\PowerProducer\Producer.exe"" ["CyberLink"] PPDVArrival\ "Provider" = "PowerProducer" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = ""C:\Program Files\CyberLink DVD Solution\PowerProducer\Producer.exe"" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] Startup items in "multi media" & "All Users" startup folders: ------------------------------------------------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup "Adobe Reader - Schnellstart" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS] Enabled Scheduled Tasks: ------------------------ "AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 16 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{6134A39A-C1EA-4E6F-B6D2-9ED5D9CC03B5}" = (no title provided) -> {HKLM...CLSID} = "gksraemq" \InProcServer32\(Default) = "C:\WINDOWS\gksraemq.dll" [null data] Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Web traffic protection statistics" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll" ["Kaspersky Lab"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_05" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_05" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll" ["Sun Microsystems, Inc."] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\ "ButtonText" = "Web traffic protection statistics" {B205A35E-1FC4-4CE3-818B-899DBBB3388C}\ {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple, Inc."] Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] InCD Helper, InCDsrv, "C:\Program Files\Ahead\InCD\InCDsrv.exe" ["Nero AG"] Kaspersky Anti-Virus, AVP, ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" -r" ["Kaspersky Lab"] LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"] SmartLinkService, SLService, "slserv.exe" [" "] ---------- (launch time: 2008-09-06 20:39:57) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 82 seconds, including 18 seconds for message boxes) P.S: das wars erstmal - danach kommt noch ergebnis combofix |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 10:00 Uhr. |
Copyright ©2000-2025, Trojaner-Board