My Spybot S&D resident was active while combofix was running and detected a lot of registry changes... while it was working i allowed everything, but when it restarted and more registry changes were detected i had no clue what to do (I just closed the window and the resident denied the changes)... how would i know if those changes are made by the program or by the maleware?
Anyway here are the logs:
"Gerald" - 2007-06-03 22:55:00 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\PROGRA~1\"
((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))
REGISTRY ENTRIES REMOVED:
[HKEY_CLASSES_ROOT\clsid\{D39F89D2-6B9B-4F87-B117-8FA00AF2E1B0}]
@=""
"IDEx"="ADDR"
[HKEY_CLASSES_ROOT\clsid\{D39F89D2-6B9B-4F87-B117-8FA00AF2E1B0}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{D39F89D2-6B9B-4F87-B117-8FA00AF2E1B0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{D39F89D2-6B9B-4F87-B117-8FA00AF2E1B0}\InprocServer32]
@="C:\\WINDOWS\\system32\\maxml2.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{3C6A534F-6B62-4618-9C2B-33E3AD409BBC}]
@=""
[HKEY_CLASSES_ROOT\clsid\{3C6A534F-6B62-4618-9C2B-33E3AD409BBC}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{3C6A534F-6B62-4618-9C2B-33E3AD409BBC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{3C6A534F-6B62-4618-9C2B-33E3AD409BBC}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{6BD5E96F-AC11-4CA9-92A2-113DFAF7B963}]
@=""
[HKEY_CLASSES_ROOT\clsid\{6BD5E96F-AC11-4CA9-92A2-113DFAF7B963}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{6BD5E96F-AC11-4CA9-92A2-113DFAF7B963}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{6BD5E96F-AC11-4CA9-92A2-113DFAF7B963}\InprocServer32]
@="C:\\WINDOWS\\system32\\sxbcsp.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{55A87A16-AFD0-450D-971B-E06BD5A63DD3}]
@=""
[HKEY_CLASSES_ROOT\clsid\{55A87A16-AFD0-450D-971B-E06BD5A63DD3}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{55A87A16-AFD0-450D-971B-E06BD5A63DD3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{55A87A16-AFD0-450D-971B-E06BD5A63DD3}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{A4C1779D-78E4-4D86-8134-0CAB719E8B2D}]
@=""
[HKEY_CLASSES_ROOT\clsid\{A4C1779D-78E4-4D86-8134-0CAB719E8B2D}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{A4C1779D-78E4-4D86-8134-0CAB719E8B2D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{A4C1779D-78E4-4D86-8134-0CAB719E8B2D}\InprocServer32]
@="C:\\WINDOWS\\system32\\hbicons.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{98526621-A7CF-498F-9E03-395ED426E5FF}]
@=""
[HKEY_CLASSES_ROOT\clsid\{98526621-A7CF-498F-9E03-395ED426E5FF}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{98526621-A7CF-498F-9E03-395ED426E5FF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{98526621-A7CF-498F-9E03-395ED426E5FF}\InprocServer32]
@="C:\\WINDOWS\\system32\\mdbsync.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{FE2A1758-E2A7-4322-A8B3-94C7D34D5994}]
@=""
[HKEY_CLASSES_ROOT\clsid\{FE2A1758-E2A7-4322-A8B3-94C7D34D5994}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{FE2A1758-E2A7-4322-A8B3-94C7D34D5994}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{FE2A1758-E2A7-4322-A8B3-94C7D34D5994}\InprocServer32]
@="C:\\WINDOWS\\system32\\ktdsf.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{04807675-4536-47DC-B0A8-31FC523E1E4C}]
@=""
[HKEY_CLASSES_ROOT\clsid\{04807675-4536-47DC-B0A8-31FC523E1E4C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{04807675-4536-47DC-B0A8-31FC523E1E4C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{04807675-4536-47DC-B0A8-31FC523E1E4C}\InprocServer32]
@="C:\\WINDOWS\\system32\\dgprpres.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{315E3A73-65F0-42AF-96A0-2DD5474C1ED0}]
@=""
[HKEY_CLASSES_ROOT\clsid\{315E3A73-65F0-42AF-96A0-2DD5474C1ED0}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{315E3A73-65F0-42AF-96A0-2DD5474C1ED0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{315E3A73-65F0-42AF-96A0-2DD5474C1ED0}\InprocServer32]
@="C:\\WINDOWS\\system32\\wgiprop.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{6892FBD9-243D-4F53-A551-9296BAD1FFB5}]
@=""
[HKEY_CLASSES_ROOT\clsid\{6892FBD9-243D-4F53-A551-9296BAD1FFB5}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{6892FBD9-243D-4F53-A551-9296BAD1FFB5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{6892FBD9-243D-4F53-A551-9296BAD1FFB5}\InprocServer32]
@="C:\\WINDOWS\\system32\\muutb.dll"
"ThreadingModel"="Apartment"
[HKEY_CLASSES_ROOT\clsid\{A43EF7BD-2C59-4CE6-968F-A7EE42E8356B}]
@=""
[HKEY_CLASSES_ROOT\clsid\{A43EF7BD-2C59-4CE6-968F-A7EE42E8356B}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{A43EF7BD-2C59-4CE6-968F-A7EE42E8356B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{A43EF7BD-2C59-4CE6-968F-A7EE42E8356B}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Granting SeDebugPrivilege to Administratoren ... successful
((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))
No infected Qoologic files found. Reg entries were fixed
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
"C:\WINDOWS\keyboard151.dat"
"C:\Programme\Gemeinsame Dateien\Yazzle1122OinAdmin.exe"
"C:\Programme\Gemeinsame Dateien\Yazzle1122OinUninstaller.exe"
"C:\Programme\Gemeinsame Dateien\{98CC8~2\system.dll"
"C:\Programme\Gemeinsame Dateien\{98CC8~2\Update.exe"
"C:\Programme\Gemeinsame Dateien\{98CC8~3\system.dll"
"C:\Programme\Gemeinsame Dateien\{98CC8~3\Update.exe"
"C:\Programme\Gemeinsame Dateien\{98CC8~1\system.dll"
"C:\Programme\install.log"
"C:\WINDOWS\system32\wapitr.exe"
"C:\Temp\tn3"
"C:\Programme\Gemeinsame Dateien\{98CC8~2"
"C:\Programme\Gemeinsame Dateien\{98CC8~3"
"C:\Programme\Gemeinsame Dateien\{98CC8~1"
-- Purity Folders:
C:\DOKUME~1\Gerald\ANWEND~1\APPATC~1
C:\DOKUME~1\Gerald\EIGENE~1\SCURIT~1
((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_CMDSERVICE
-------\LEGACY_COM+_MESSAGES
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_NM
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\cmdService
-------\nm
((((((((((((((((((((((((((((((( Files Created from 2007-05-03 to 2007-06-03 ))))))))))))))))))))))))))))))))))
2007-06-03 18:32 <DIR> d-------- C:\Programme\a-squared Free
2007-06-03 18:23 <DIR> d-------- C:\Programme\Lavasoft
2007-06-03 18:19 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-06-03 17:08 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-05-28 14:28 <DIR> d-------- C:\Programme\ICQLite
2007-05-28 14:28 <DIR> d-------- C:\DOKUME~1\Gerald\ANWEND~1\ICQLite
2007-05-26 11:21 217 --a------ C:\WINDOWS\nnlywsc.exe
2007-05-26 11:21 <DIR> d-------- C:\Programme\WinTouch
2007-05-18 20:13 53,248 --a------ C:\WINDOWS\system32\ImageOle.dll
2007-05-18 20:12 <DIR> d-------- C:\DOKUME~1\Gerald\ANWEND~1\InstallShield
2007-05-04 21:45 <DIR> d-------- C:\Programme\B2BPOKER
2007-05-04 21:38 <DIR> d-------- C:\Casino
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-03 21:03:31 -------- d-----w C:\DOKUME~1\Gerald\ANWEND~1\OpenOffice.org2
2007-06-03 16:41:43 -------- d-----w C:\DOKUME~1\Gerald\ANWEND~1\Lavasoft
2007-06-03 11:45:12 -------- d-----w C:\Programme\extensions
2007-06-02 14:44:55 -------- d-----w C:\DOKUME~1\Gerald\ANWEND~1\teamspeak2
2007-06-01 17:39:05 -------- d-----w C:\Programme\updates
2007-06-01 17:38:39 6,768 ----a-w C:\Programme\xpistub.dll
2007-06-01 17:38:39 -------- d-----w C:\Programme\uninstall
2007-06-01 17:38:39 -------- d-----w C:\Programme\searchplugins
2007-06-01 17:38:39 -------- d-----w C:\Programme\res
2007-06-01 17:38:39 -------- d-----w C:\Programme\plugins
2007-06-01 17:38:39 -------- d-----w C:\Programme\greprefs
2007-06-01 17:38:39 -------- d-----w C:\Programme\components
2007-06-01 17:38:39 -------- d-----w C:\Programme\chrome
2007-06-01 17:38:38 7,786 ----a-w C:\Programme\xpcom.dll
2007-06-01 17:38:38 68,213 ----a-w C:\Programme\xpcom_compat.dll
2007-06-01 17:38:38 63,606 ----a-w C:\Programme\xpicleanup.exe
2007-06-01 17:38:38 400,496 ----a-w C:\Programme\xpcom_core.dll
2007-06-01 17:38:38 123,524 ----a-w C:\Programme\updater.exe
2007-06-01 17:38:38 114,790 ----a-w C:\Programme\ssl3.dll
2007-06-01 17:38:37 245,870 ----a-w C:\Programme\softokn3.dll
2007-06-01 17:38:37 106,602 ----a-w C:\Programme\smime3.dll
2007-06-01 17:38:34 28,787 ----a-w C:\Programme\plc4.dll
2007-06-01 17:38:34 254,061 ----a-w C:\Programme\nssckbi.dll
2007-06-01 17:38:34 24,686 ----a-w C:\Programme\plds4.dll
2007-06-01 17:38:33 7,209,069 ----a-w C:\Programme\firefox.exe
2007-06-01 17:38:33 417,895 ----a-w C:\Programme\js3250.dll
2007-06-01 17:38:33 372,838 ----a-w C:\Programme\nss3.dll
2007-06-01 17:38:33 172,159 ----a-w C:\Programme\freebl3.dll
2007-06-01 17:38:33 155,758 ----a-w C:\Programme\nspr4.dll
2007-06-01 17:38:23 8,322 ----a-w C:\Programme\AccessibleMarshal.dll
2007-06-01 17:38:22 0 ----a-w C:\Programme\.autoreg
2007-05-30 13:57:00 -------- d-----w C:\Programme\WC3Banlist
2007-05-29 19:18:57 -------- d-----w C:\DOKUME~1\Gerald\ANWEND~1\Skype
2007-05-22 22:54:32 -------- d-----w C:\Programme\Picasa2
2007-05-22 20:35:11 -------- d-----w C:\Programme\mIRC
2007-05-18 18:13:25 -------- d--h--w C:\Programme\InstallShield Installation Information
2007-05-05 14:07:20 -------- d-----w C:\Programme\ParadisePoker
2007-05-04 19:53:34 -------- d-----w C:\DOKUME~1\Gerald\ANWEND~1\Microgaming
2007-05-04 19:25:45 -------- d-----w C:\Programme\Full Tilt Poker
2007-05-03 23:16:53 -------- d-----w C:\Programme\PokerStars
2007-05-03 23:13:04 -------- d-----w C:\Programme\HollywoodPoker
2007-05-01 07:33:43 -------- d-----w C:\Programme\Poker.com
2007-05-01 07:22:05 -------- d-----w C:\Programme\PacificPoker
2007-05-01 07:18:09 -------- d-----w C:\Programme\PokerRoom.com
2007-04-30 21:34:54 -------- d-----w C:\Programme\PartyGaming
2007-04-30 10:47:37 -------- d-----w C:\DOKUME~1\Gerald\ANWEND~1\Screenshot Sender
2007-04-24 02:45:13 -------- d-----w C:\DOKUME~1\Gerald\ANWEND~1\MusicIP
2007-04-24 02:44:55 -------- d-----w C:\Programme\Winamp
2007-04-20 03:20:55 -------- d-----w C:\Programme\CarbonPoker
2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-07 12:12:41 -------- d-----w C:\Programme\Der Schreibtrainer
2007-03-25 08:36:53 422,948 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-03-25 08:36:52 78,264 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-03-19 12:22:21 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
2007-03-17 13:44:25 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:30 579,072 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:30 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:30 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:32:24 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-07 23:51:00 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2005-07-29 14:24:26 472 --sha-r C:\WINDOWS\R2VyYWxk\lZpVsqU4.vbs
2005-07-14 19:31:20 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 20:38]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Programme\BitComet\tools\BitCometBHO_1.1.2.7.dll [2007-02-08 07:04]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programme\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="%systemroot%\system32\dumprep 0 -u" []
"Jet Detection"="C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2006-05-16 13:42]
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"ToADiMon.exe"="C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe" []
"DAEMON Tools"="C:\Programme\DAEMON Tools\daemon.exe" [2006-09-14 22:09]
"WinampAgent"="C:\Programme\Winamp\winampa.exe" [2007-04-23 19:57]
"w106eff3.dll"="w106eff3.dll" []
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-05-16 23:46]
"ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" [2006-07-11 12:15]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"updateMgr"="C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"inhvh"="C:\WINDOWS\system32\myvdfy.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Programme\ICQLite\ICQLite.exe -trayboot
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
C:\WINDOWS\system32\ad.html
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
********************************************************************
catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-06-03 23:02:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
********************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wampmysqld]
"ImagePath"="c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld"
Completion time: 2007-06-03 23:05:09 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-03 23:05
--- E O F ---
Hijack this logfile:
Logfile of HijackThis v1.99.1
Scan saved at 11:12:03 PM, on 6/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Programme\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\OpenOffice.org 2.0\program\soffice.exe
C:\Programme\OpenOffice.org 2.0\program\soffice.BIN
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.de/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Jet Detection] C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [w106eff3.dll] RUNDLL32.EXE w106eff3.dll,I2 000a15a60106eff3
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [ms041426777-173] C:\WINDOWS\ms041426777-173.exe
O4 - HKLM\..\Run: [lqaufw] C:\WINDOWS\system32\myvdfy.exe reg_run
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IpWins] C:\Programme\ipwins\ipwins.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Programme\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
O4 - HKCU\..\Run: [inhvh] C:\WINDOWS\system32\myvdfy.exe reg_run
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Programme\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programme\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google-Suche -
res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search -
res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Ins Deutsche übersetzen -
res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download all links using BitComet -
res://C:\Programme\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet -
res://C:\Programme\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet -
res://C:\Programme\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Im Cache gespeicherte Seite -
res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Post Image to Blog -
res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image -
res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack -
res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack -
res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack -
res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O8 - Extra context menu item: Verweisseiten -
res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten -
res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Dokumente und Einstellungen\Gerald\Startmenü\Programme\Absolute Poker\Absolute Poker.lnk (file missing)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Dokumente und Einstellungen\Gerald\Startmenü\Programme\Absolute Poker\Absolute Poker.lnk (file missing)
O9 - Extra button: PacificPoker - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - C:\Microgaming\Poker\bet365MPP\MPPoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Programme\Poker.com\Poker.exe (HKCU)
O15 - Trusted Zone:
http://toolbar.imageshack.us
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn.com/DE-DE/a-U ... E_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) -
http://toolbar.imageshack.us/toolbar/Im ... oolbar.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
http://www3.ca.com/securityadvisor/viru ... ebscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZI ... b53083.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programme\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe