Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pc Didn't Start Clearly


  • This topic is locked This topic is locked
7 replies to this topic

#1 Be water my friend

Be water my friend

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany/NRW
  • Local time:09:29 AM

Posted 20 December 2006 - 08:25 AM

Logfile of HijackThis v1.99.1
Scan saved at 14:16:55, on 20.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Razer\razerhid.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\Programme\Miranda IM\miranda32.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Razer\razertra.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Razer\razerofa.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\Hijack\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [razer] C:\Programme\Razer\razerhid.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MirandaIM] "C:\Programme\Miranda IM\miranda32.exe" "C:\Programme\Miranda IM\Morpheu$"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe

BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:29 AM

Posted 23 December 2006 - 12:49 PM

Hello Be water my friend and welcome to the BC HijackThis forum. I see no signs of viruses or malware in the log. Let's try a different scanner and see if that shows us anything.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Files Created Within group click 30 days
    • In the Files Modified Within group select 30 days
    • In the File String Search group select Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 Be water my friend

Be water my friend
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany/NRW
  • Local time:09:29 AM

Posted 25 December 2006 - 03:37 AM

Thx for your help, in the other thread (link in description) acklan says something about INternet Problems, which i didn't understand. Is it very bad??

But first here is my scan:

WinPFind3 logfile created on: 25.12.2006 09:19:38
WinPFind3U by OldTimer - Version 1.0.2 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)


[Processes - Non-Microsoft Only]
ati2evxx.exe -> C:\WINDOWS\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4140 | Size = 401408 bytes | Modified Date = 02.08.2006 23:01:20 | Attr = ]
ati2evxx.exe -> C:\WINDOWS\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4140 | Size = 401408 bytes | Modified Date = 02.08.2006 23:01:20 | Attr = ]
avgnt.exe -> C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe -> Avira GmbH [Ver = 7.00.01.06 | Size = 262184 bytes | Modified Date = 12.12.2006 18:33:24 | Attr = ]
avguard.exe -> C:\Programme\AntiVir PersonalEdition Classic\avguard.exe -> AVIRA GmbH [Ver = 7.00.00.44 | Size = 200744 bytes | Modified Date = 12.12.2006 18:33:24 | Attr = ]
firefox.exe -> C:\Programme\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.1: 2006120418 | Size = 7620696 bytes | Modified Date = 21.12.2006 17:13:22 | Attr = ]
issch.exe -> C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1146 | Size = 81920 bytes | Modified Date = 16.06.2004 05:03:04 | Attr = ]
itouch.exe -> C:\Programme\Logitech\iTouch\iTouch.exe -> Logitech Inc. [Ver = 2.22.289 | Size = 892928 bytes | Modified Date = 18.03.2004 08:33:26 | Attr = ]
jusched.exe -> C:\Programme\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 10.11.2005 12:03:52 | Attr = ]
miranda32.exe -> C:\Programme\Miranda IM\miranda32.exe -> [Ver = 0.4.0.1 | Size = 322048 bytes | Modified Date = 16.06.2005 13:34:02 | Attr = ]
mixer.exe -> C:\WINDOWS\mixer.exe -> C-Media Electronic Inc. (www.cmedia.com.tw) [Ver = 1.50 | Size = 1228800 bytes | Modified Date = 25.03.2002 15:02:02 | Attr = ]
razerhid.exe -> C:\Programme\Razer\razerhid.exe -> [Ver = 1, 0, 0, 1 | Size = 147456 bytes | Modified Date = 17.05.2005 17:21:12 | Attr = ]
razerofa.exe -> C:\Programme\Razer\razerofa.exe -> Razer Inc. [Ver = 4.0.0.4 | Size = 143360 bytes | Modified Date = 18.01.2005 00:06:12 | Attr = ]
razertra.exe -> C:\Programme\Razer\razertra.exe -> [Ver = 1, 0, 0, 1 | Size = 114688 bytes | Modified Date = 06.04.2005 19:32:24 | Attr = ]
sched.exe -> C:\Programme\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.34 | Size = 47656 bytes | Modified Date = 12.12.2006 18:33:28 | Attr = ]
schedhlp.exe -> C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe -> Acronis [Ver = 1,0,0,232 | Size = 82832 bytes | Modified Date = 22.09.2006 00:35:14 | Attr = ]
schedul2.exe -> C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -> Acronis [Ver = 1,0,0,232 | Size = 226192 bytes | Modified Date = 22.09.2006 00:35:08 | Attr = ]
winpfind3u.exe -> C:\Dokumente und Einstellungen\Administrator\Desktop\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.2.0 | Size = 302592 bytes | Modified Date = 24.12.2006 15:26:30 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AcrSch2Svc) Acronis Scheduler2 Service [Win32_Own | Auto | Running] -> C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -> Acronis [Ver = 1,0,0,232 | Size = 226192 bytes | Modified Date = 22.09.2006 00:35:08 | Attr = ]
(AntiVirScheduler) AntiVir PersonalEdition Classic Planer [Win32_Own | Auto | Running] -> C:\Programme\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.34 | Size = 47656 bytes | Modified Date = 12.12.2006 18:33:28 | Attr = ]
(AntiVirService) AntiVir PersonalEdition Classic Guard [Win32_Own | Auto | Running] -> C:\Programme\AntiVir PersonalEdition Classic\avguard.exe -> AVIRA GmbH [Ver = 7.00.00.44 | Size = 200744 bytes | Modified Date = 12.12.2006 18:33:24 | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> C:\WINDOWS\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4140 | Size = 401408 bytes | Modified Date = 02.08.2006 23:01:20 | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> C:\WINDOWS\system32\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 02.08.2006 16:27:00 | Attr = ]
(dmadmin) Verwaltungsdienst für die Verwaltung logischer Datenträger [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 05.08.2004 13:00:00 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04.04.2005 00:41:10 | Attr = ]
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 6, 6, 0 | Size = 724992 bytes | Modified Date = 09.10.2006 22:11:08 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Acronis Scheduler2 Service -> C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe -> Acronis [Ver = 1,0,0,232 | Size = 82832 bytes | Modified Date = 22.09.2006 00:35:14 | Attr = ]
avgnt -> C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe -> Avira GmbH [Ver = 7.00.01.06 | Size = 262184 bytes | Modified Date = 12.12.2006 18:33:24 | Attr = ]
C-Media Mixer -> C:\WINDOWS\mixer.exe -> C-Media Electronic Inc. (www.cmedia.com.tw) [Ver = 1.50 | Size = 1228800 bytes | Modified Date = 25.03.2002 15:02:02 | Attr = ]
DAEMON Tools -> C:\Programme\DAEMON Tools\daemon.exe -> DT Soft Ltd. [Ver = 4.06.0.0 | Size = 157592 bytes | Modified Date = 14.09.2006 21:09:08 | Attr = ]
ISUSPM Startup -> C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1146 | Size = 221184 bytes | Modified Date = 16.06.2004 05:03:26 | Attr = ]
ISUSScheduler -> C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1146 | Size = 81920 bytes | Modified Date = 16.06.2004 05:03:04 | Attr = ]
JMB36X Configure -> C:\WINDOWS\system32\JMRaidTool.exe -> JMicron Technology Corp. [Ver = 1.10.02 | Size = 385024 bytes | Modified Date = 02.06.2006 09:45:20 | Attr = R ]
KernelFaultCheck -> -> File not found
razer -> C:\Programme\Razer\razerhid.exe -> [Ver = 1, 0, 0, 1 | Size = 147456 bytes | Modified Date = 17.05.2005 17:21:12 | Attr = ]
SoundMAX -> C:\Programme\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 28 | Size = 729088 bytes | Modified Date = 10.04.2006 09:19:46 | Attr = ]
SoundMAXPnP -> C:\Programme\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 6, 0, 0, 61 | Size = 843776 bytes | Modified Date = 01.05.2006 18:07:44 | Attr = R ]
SunJavaUpdateSched -> C:\Programme\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 10.11.2005 12:03:52 | Attr = ]
zBrowser Launcher -> C:\Programme\Logitech\iTouch\iTouch.exe -> Logitech Inc. [Ver = 2.22.289 | Size = 892928 bytes | Modified Date = 18.03.2004 08:33:26 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MirandaIM -> C:\Programme\Miranda IM\miranda32.exe -> [Ver = 0.4.0.1 | Size = 322048 bytes | Modified Date = 16.06.2005 13:34:02 | Attr = ]
< Windows NT\\Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\run
-> -> File not found
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk -> C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23.09.2005 20:05:26 | Attr = ]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\startupreg\
AcronisTimounterMonitor -> C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe -> Acronis [Ver = 3.3 build 442 | Size = 1949912 bytes | Modified Date = 22.09.2006 00:41:30 | Attr = ]
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 5, 0, 18 | Size = 139264 bytes | Modified Date = 09.10.2006 11:28:56 | Attr = ]
EA Core -> C:\Programme\Electronic Arts\EA Downloader\Core.exe -> Electronic Arts [Ver = 2.2.1.54 | Size = 1826816 bytes | Modified Date = 16.08.2006 12:33:12 | Attr = ]
mmtask -> c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe -> File not found
MSMSGS -> C:\Programme\Messenger\msmsgs.exe -> File not found
NeroFilterCheck -> C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date = 12.01.2006 16:40:44 | Attr = ]
PowerBar -> C:\Programme\CyberLink\PowerStarter\PowerBar.exe -> File not found
SpybotSD TeaTimer -> C:\Programme\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 31.05.2005 01:04:00 | Attr = ]
Steam -> -> File not found
TrueImageMonitor.exe -> C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe -> Acronis [Ver = 10,0,0,4827 | Size = 1176768 bytes | Modified Date = 22.09.2006 00:33:02 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = Die derzeitige Homepage ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> about:blank ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 12.01.2006 18:38:22 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Programme\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 10.11.2005 12:22:12 | Attr = ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8193 - Sun Java Konsole ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8194 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8192 - Reg Data - Key not found ->
NextId -> 8195 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll [MenuText: Sun Java Konsole] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 69746 bytes | Modified Date = 10.11.2005 12:22:12 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> C:\Programme\Java\jre1.5.0_06\bin\ssv.dll [MenuText: Sun Java Konsole] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 10.11.2005 12:22:12 | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Recherchieren] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
Nach Microsoft &Excel exportieren -> -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskleiste und Startmenü] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [CPL-Erweiterung für Anzeigeverschiebung] -> File not found
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} [HKLM] -> C:\Programme\AntiVir PersonalEdition Classic\shlext.dll [Shell Extension for Malware scanning] -> H+BEDV Datentechnik GmbH [Ver = 7.00.00.04 | Size = 69672 bytes | Modified Date = 02.12.2005 15:52:18 | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shellerweiterungen für die Dateikomprimierung] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [Benutzerkonten] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Kontextmenü für die Verschlüsselung] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> C:\WINDOWS\system32\hticons.dll [Erweiterung für HyperTerminal-Icons] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 05.08.2004 13:00:00 | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Programme\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 126464 bytes | Modified Date = 14.09.2006 00:20:24 | Attr = ]
{C539A15A-3AF9-4c92-B771-50CB78F5C751} [HKLM] -> C:\Programme\Acronis\TrueImageHome\tishell.dll [Acronis True Image Shell Context Menu Extension] -> Acronis [Ver = 10,0,0,4827 | Size = 500952 bytes | Modified Date = 22.09.2006 00:40:08 | Attr = ]
{C539A15B-3AF9-4c92-B771-50CB78F5C751} [HKLM] -> C:\Programme\Acronis\TrueImageHome\tishell.dll [Acronis True Image Shell Extension] -> Acronis [Ver = 10,0,0,4827 | Size = 500952 bytes | Modified Date = 22.09.2006 00:40:08 | Attr = ]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> C:\Programme\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.2488 | Size = 54848 bytes | Modified Date = 28.10.2006 11:46:50 | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{C539A15A-3AF9-4c92-B771-50CB78F5C751} [HKLM] -> C:\Programme\Acronis\TrueImageHome\tishell.dll [Acronis True Image Shell Context Menu Extension] -> Acronis [Ver = 10,0,0,4827 | Size = 500952 bytes | Modified Date = 22.09.2006 00:40:08 | Attr = ]
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} [HKLM] -> C:\Programme\Nero\Nero 7\Nero BackItUp\NBShell.dll [NBShellHook Class] -> Nero AG [Ver = 2, 6, 6, 0 | Size = 73728 bytes | Modified Date = 09.10.2006 22:11:32 | Attr = ]
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} [HKLM] -> C:\Programme\AntiVir PersonalEdition Classic\shlext.dll [Shell Extension for Malware scanning] -> H+BEDV Datentechnik GmbH [Ver = 7.00.00.04 | Size = 69672 bytes | Modified Date = 02.12.2005 15:52:18 | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Programme\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 14.09.2006 00:20:24 | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Programme\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 14.09.2006 00:20:24 | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{C539A15A-3AF9-4c92-B771-50CB78F5C751} [HKLM] -> C:\Programme\Acronis\TrueImageHome\tishell.dll [Acronis True Image Shell Context Menu Extension] -> Acronis [Ver = 10,0,0,4827 | Size = 500952 bytes | Modified Date = 22.09.2006 00:40:08 | Attr = ]
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} [HKLM] -> C:\Programme\Nero\Nero 7\Nero BackItUp\NBShell.dll [NBShellHook Class] -> Nero AG [Ver = 2, 6, 6, 0 | Size = 73728 bytes | Modified Date = 09.10.2006 22:11:32 | Attr = ]
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} [HKLM] -> C:\Programme\AntiVir PersonalEdition Classic\shlext.dll [Shell Extension for Malware scanning] -> H+BEDV Datentechnik GmbH [Ver = 7.00.00.04 | Size = 69672 bytes | Modified Date = 02.12.2005 15:52:18 | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> C:\Programme\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 126464 bytes | Modified Date = 14.09.2006 00:20:24 | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> C:\Programme\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 14.12.2004 00:20:02 | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{45583A6F-4720-4B9A-ABCC-94383B08DAF6} -> () ->
{9E171CB1-4CDC-405D-B274-77BF1C1F72A3} -> (Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found


[Files - Created Wihin 30 days]
BricoPackFoldersDelete.cmd -> C:\WINDOWS\BricoPackFoldersDelete.cmd -> [Ver = | Size = 2589 bytes | Created Date = 20.12.2006 17:49:09 | Attr = ]
cmaudio.dat -> C:\WINDOWS\cmaudio.dat -> [Ver = | Size = 22337 bytes | Created Date = 21.12.2006 15:52:54 | Attr = R ]
cmijack.dat -> C:\WINDOWS\cmijack.dat -> [Ver = | Size = 39260 bytes | Created Date = 21.12.2006 15:52:54 | Attr = R ]
CMMIXER.INI -> C:\WINDOWS\CMMIXER.INI -> [Ver = | Size = 101 bytes | Created Date = 22.12.2006 12:04:13 | Attr = ]
cmuninst.dat -> C:\WINDOWS\cmuninst.dat -> C-Media Electronics Inc. [Ver = 1, 0, 0, 2 | Size = 135168 bytes | Created Date = 21.12.2006 17:07:48 | Attr = ]
cmuninst.exe -> C:\WINDOWS\cmuninst.exe -> C-Media Electronics Inc. [Ver = 1, 0, 0, 3 | Size = 135168 bytes | Created Date = 21.12.2006 17:07:48 | Attr = ]
CMUninst.OLD -> C:\WINDOWS\CMUninst.OLD -> C-Media Electronics Inc. [Ver = 1, 0, 0, 2 | Size = 135168 bytes | Created Date = 21.12.2006 16:05:13 | Attr = ]
ie7_main.log -> C:\WINDOWS\ie7_main.log -> [Ver = | Size = 1239 bytes | Created Date = 20.12.2006 14:04:41 | Attr = ]
mixer.exe -> C:\WINDOWS\mixer.exe -> C-Media Electronic Inc. (www.cmedia.com.tw) [Ver = 1.50 | Size = 1228800 bytes | Created Date = 21.12.2006 17:07:48 | Attr = ]
mixerdef.ini -> C:\WINDOWS\mixerdef.ini -> [Ver = | Size = 25 bytes | Created Date = 21.12.2006 15:57:11 | Attr = ]
wmsetup.log -> C:\WINDOWS\wmsetup.log -> [Ver = | Size = 5630 bytes | Created Date = 20.12.2006 14:05:33 | Attr = ]
Audio3D.dll -> C:\WINDOWS\System32\Audio3D.dll -> Sensaura Ltd [Ver = 4.12.01.2008a | Size = 712704 bytes | Created Date = 21.12.2006 17:07:48 | Attr = ]
cmnprop.dll -> C:\WINDOWS\System32\cmnprop.dll -> C-Media Corporation [Ver = 5.00.2195.10 | Size = 32768 bytes | Created Date = 21.12.2006 17:07:48 | Attr = ]
l3codecp.acm -> C:\WINDOWS\System32\l3codecp.acm -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 3, 4, 0, 0 | Size = 232448 bytes | Created Date = 20.12.2006 14:05:30 | Attr = ]
pxcpyi64.exe -> C:\WINDOWS\System32\pxcpyi64.exe -> Sonic Solutions [Ver = 1.00.28a | Size = 108544 bytes | Created Date = 07.12.2006 18:29:33 | Attr = ]
pxwma.dll -> C:\WINDOWS\System32\pxwma.dll -> Sonic Solutions [Ver = 1, 0, 0, 3 | Size = 151552 bytes | Created Date = 07.12.2006 18:29:33 | Attr = ]
TZLog.log -> C:\WINDOWS\System32\TZLog.log -> [Ver = | Size = 3532 bytes | Created Date = 20.12.2006 14:04:35 | Attr = ]
ACEDRV07.sys -> C:\WINDOWS\System32\drivers\ACEDRV07.sys -> Protect Software GmbH [Ver = 6, 8, 0, 60428 | Size = 101376 bytes | Created Date = 21.12.2006 11:09:06 | Attr = ]
cmaudio.sys -> C:\WINDOWS\System32\drivers\cmaudio.sys -> C-Media Inc [Ver = 5.12.01.0636 | Size = 374094 bytes | Created Date = 21.12.2006 17:07:48 | Attr = ]

[Files - Modified Wihin 30 days]
boot.ini -> C:\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 20.12.2006 18:07:32 | Attr = HS]
dxva.log -> C:\dxva.log -> [Ver = | Size = 0 bytes | Modified Date = 16.12.2006 20:02:22 | Attr = ]
VO.log -> C:\VO.log -> [Ver = | Size = 115 bytes | Modified Date = 17.12.2006 00:28:28 | Attr = ]
0.log -> C:\WINDOWS\0.log -> [Ver = | Size = 0 bytes | Modified Date = 25.12.2006 09:14:32 | Attr = ]
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 25.12.2006 09:13:58 | Attr = S]
BricoPack Wallpaper.bmp -> C:\WINDOWS\BricoPack Wallpaper.bmp -> [Ver = | Size = 3932214 bytes | Modified Date = 20.12.2006 17:49:44 | Attr = ]
BricoPackFoldersDelete.cmd -> C:\WINDOWS\BricoPackFoldersDelete.cmd -> [Ver = | Size = 2589 bytes | Modified Date = 20.12.2006 17:50:04 | Attr = ]
BricoPackUninst.cmd -> C:\WINDOWS\BricoPackUninst.cmd -> [Ver = | Size = 51976 bytes | Modified Date = 20.12.2006 17:50:04 | Attr = ]
BricoPackUninst.txt -> C:\WINDOWS\BricoPackUninst.txt -> [Ver = | Size = 51976 bytes | Modified Date = 20.12.2006 17:50:04 | Attr = ]
CMMIXER.INI -> C:\WINDOWS\CMMIXER.INI -> [Ver = | Size = 101 bytes | Modified Date = 22.12.2006 12:08:48 | Attr = ]
comsetup.log -> C:\WINDOWS\comsetup.log -> [Ver = | Size = 245560 bytes | Modified Date = 20.12.2006 14:05:50 | Attr = ]
FaxSetup.log -> C:\WINDOWS\FaxSetup.log -> [Ver = | Size = 716364 bytes | Modified Date = 20.12.2006 14:05:48 | Attr = ]
ie7_main.log -> C:\WINDOWS\ie7_main.log -> [Ver = | Size = 1239 bytes | Modified Date = 20.12.2006 14:04:48 | Attr = ]
iis6.log -> C:\WINDOWS\iis6.log -> [Ver = | Size = 813848 bytes | Modified Date = 20.12.2006 14:05:50 | Attr = ]
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 20.12.2006 14:05:30 | Attr = ]
imsins.log -> C:\WINDOWS\imsins.log -> [Ver = | Size = 1393 bytes | Modified Date = 20.12.2006 14:05:50 | Attr = ]
iTouch.ini -> C:\WINDOWS\iTouch.ini -> [Ver = | Size = 51 bytes | Modified Date = 25.12.2006 09:14:14 | Attr = ]
KB904412.log -> C:\WINDOWS\KB904412.log -> [Ver = | Size = 28568 bytes | Modified Date = 20.12.2006 14:00:10 | Attr = ]
MedCtrOC.log -> C:\WINDOWS\MedCtrOC.log -> [Ver = | Size = 49937 bytes | Modified Date = 20.12.2006 14:05:50 | Attr = ]
mixerdef.ini -> C:\WINDOWS\mixerdef.ini -> [Ver = | Size = 25 bytes | Modified Date = 22.12.2006 09:36:50 | Attr = ]
msgsocm.log -> C:\WINDOWS\msgsocm.log -> [Ver = | Size = 36007 bytes | Modified Date = 20.12.2006 14:05:48 | Attr = ]
msmqinst.log -> C:\WINDOWS\msmqinst.log -> [Ver = | Size = 227410 bytes | Modified Date = 20.12.2006 14:05:48 | Attr = ]
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [Ver = | Size = 69 bytes | Modified Date = 22.12.2006 17:50:36 | Attr = ]
netfxocm.log -> C:\WINDOWS\netfxocm.log -> [Ver = | Size = 126252 bytes | Modified Date = 20.12.2006 14:05:50 | Attr = ]
ntdtcsetup.log -> C:\WINDOWS\ntdtcsetup.log -> [Ver = | Size = 147145 bytes | Modified Date = 20.12.2006 14:05:50 | Attr = ]
ocgen.log -> C:\WINDOWS\ocgen.log -> [Ver = | Size = 347156 bytes | Modified Date = 20.12.2006 14:05:50 | Attr = ]
ocmsn.log -> C:\WINDOWS\ocmsn.log -> [Ver = | Size = 39531 bytes | Modified Date = 20.12.2006 14:05:50 | Attr = ]
SchedLgU.Txt -> C:\WINDOWS\SchedLgU.Txt -> [Ver = | Size = 28036 bytes | Modified Date = 24.12.2006 23:54:48 | Attr = ]
setupact.log -> C:\WINDOWS\setupact.log -> [Ver = | Size = 191031 bytes | Modified Date = 20.12.2006 12:53:28 | Attr = ]
setupapi.log -> C:\WINDOWS\setupapi.log -> [Ver = | Size = 642690 bytes | Modified Date = 22.12.2006 12:02:48 | Attr = ]
SMinstall.log -> C:\WINDOWS\SMinstall.log -> [Ver = | Size = 31816 bytes | Modified Date = 21.12.2006 17:03:08 | Attr = ]
spupdsvc.log -> C:\WINDOWS\spupdsvc.log -> [Ver = | Size = 13653 bytes | Modified Date = 20.12.2006 14:07:52 | Attr = ]
system.ini -> C:\WINDOWS\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 20.12.2006 18:07:32 | Attr = ]
tabletoc.log -> C:\WINDOWS\tabletoc.log -> [Ver = | Size = 36706 bytes | Modified Date = 20.12.2006 14:05:50 | Attr = ]
tsoc.log -> C:\WINDOWS\tsoc.log -> [Ver = | Size = 331781 bytes | Modified Date = 20.12.2006 14:05:50 | Attr = ]
updspapi.log -> C:\WINDOWS\updspapi.log -> [Ver = | Size = 40011 bytes | Modified Date = 20.12.2006 14:05:42 | Attr = ]
wiadebug.log -> C:\WINDOWS\wiadebug.log -> [Ver = | Size = 216 bytes | Modified Date = 18.12.2006 23:14:38 | Attr = ]
wiaservc.log -> C:\WINDOWS\wiaservc.log -> [Ver = | Size = 50 bytes | Modified Date = 18.12.2006 19:43:36 | Attr = ]
win.ini -> C:\WINDOWS\win.ini -> [Ver = | Size = 516 bytes | Modified Date = 20.12.2006 18:07:32 | Attr = ]
WindowsUpdate.log -> C:\WINDOWS\WindowsUpdate.log -> [Ver = | Size = 139724 bytes | Modified Date = 24.12.2006 23:54:44 | Attr = ]
wmsetup.log -> C:\WINDOWS\wmsetup.log -> [Ver = | Size = 5630 bytes | Modified Date = 20.12.2006 14:12:46 | Attr = ]
WMSysPr9.prx -> C:\WINDOWS\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 20.12.2006 14:05:04 | Attr = ]
amcompat.tlb -> C:\WINDOWS\System32\amcompat.tlb -> [Ver = | Size = 16832 bytes | Modified Date = 20.12.2006 14:07:40 | Attr = ]
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [Ver = | Size = 110192 bytes | Modified Date = 20.12.2006 17:30:18 | Attr = ]
nscompat.tlb -> C:\WINDOWS\System32\nscompat.tlb -> [Ver = | Size = 23392 bytes | Modified Date = 20.12.2006 14:07:40 | Attr = ]
TZLog.log -> C:\WINDOWS\System32\TZLog.log -> [Ver = | Size = 3532 bytes | Modified Date = 20.12.2006 14:04:36 | Attr = ]
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 24.12.2006 09:28:40 | Attr = ]
ACEDRV07.sys -> C:\WINDOWS\System32\drivers\ACEDRV07.sys -> Protect Software GmbH [Ver = 6, 8, 0, 60428 | Size = 101376 bytes | Modified Date = 21.12.2006 11:09:08 | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , -> C:\Programme\Gemeinsame Dateien\Acronis\MediaBuilder\bootmenu.exe -> [Ver = | Size = 33736 bytes | Modified Date = 21.09.2006 23:24:20 | Attr = ]
UPX! , -> C:\Programme\Gemeinsame Dateien\Acronis\MediaBuilder\bootwiz.sys -> [Ver = | Size = 24576 bytes | Modified Date = 22.09.2006 00:32:52 | Attr = ]
UPX! , -> C:\Programme\Gemeinsame Dateien\Acronis\MediaBuilder\kernel.dat -> [Ver = | Size = 664466 bytes | Modified Date = 21.09.2006 23:26:44 | Attr = ]
UPX! , -> C:\Programme\Gemeinsame Dateien\Acronis\MediaBuilder\mouse.com -> [Ver = | Size = 4850 bytes | Modified Date = 21.09.2006 23:24:24 | Attr = ]
UPX! , -> C:\Programme\Gemeinsame Dateien\Acronis\MediaBuilder\ramdisk.exe -> [Ver = | Size = 19172 bytes | Modified Date = 22.09.2006 00:27:56 | Attr = ]
UPX! , -> C:\Programme\Gemeinsame Dateien\Acronis\TrueImage\bootwiz.sys -> [Ver = | Size = 24576 bytes | Modified Date = 22.09.2006 00:32:52 | Attr = ]
UPX! , -> C:\Programme\Gemeinsame Dateien\Acronis\TrueImage\kernel.dat -> [Ver = | Size = 664466 bytes | Modified Date = 21.09.2006 23:26:44 | Attr = ]
UPX! , -> C:\Programme\Gemeinsame Dateien\Acronis\TrueImage\mouse.com -> [Ver = | Size = 4850 bytes | Modified Date = 21.09.2006 23:24:24 | Attr = ]
UPX! , -> C:\Programme\Gemeinsame Dateien\Acronis\TrueImage\splash.run -> [Ver = | Size = 23297 bytes | Modified Date = 22.09.2006 00:28:06 | Attr = ]
UPX! , -> C:\Programme\Gemeinsame Dateien\Acronis\TrueImageHome\bootmenu.exe -> [Ver = | Size = 1866082 bytes | Modified Date = 22.09.2006 00:43:14 | Attr = ]
UPX! , -> C:\Programme\Gemeinsame Dateien\Acronis\TrueImageHome\bootwiz.sys -> [Ver = | Size = 24576 bytes | Modified Date = 22.09.2006 00:32:52 | Attr = ]
UPX! , -> C:\Programme\Gemeinsame Dateien\Acronis\TrueImageHome\kernel.dat -> [Ver = | Size = 664466 bytes | Modified Date = 21.09.2006 23:26:44 | Attr = ]
UPX! , -> C:\Programme\Gemeinsame Dateien\Acronis\TrueImageHome\mouse.com -> [Ver = | Size = 4850 bytes | Modified Date = 21.09.2006 23:24:24 | Attr = ]
UPX! , -> C:\Programme\Gemeinsame Dateien\Acronis\TrueImageHome\splash.run -> [Ver = | Size = 23297 bytes | Modified Date = 22.09.2006 01:18:30 | Attr = ]
PEC2 , PECompact2 , -> C:\Programme\Gemeinsame Dateien\Adobe\ESD\AdobeDownloadManager.exe -> Adobe Systems [Ver = 2.0.0.43 | Size = 414208 bytes | Modified Date = 13.11.2004 04:36:04 | Attr = ]
Umonitor , -> C:\Programme\Gemeinsame Dateien\Ahead\Lib\ROLLBACK.DB -> [Ver = | Size = 388096 bytes | Modified Date = 30.10.2006 11:13:44 | Attr = ]
Thawte Consulting , -> C:\Programme\Gemeinsame Dateien\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 02.03.2006 16:18:34 | Attr = ]
PEC2 , PECompact2 , -> C:\Programme\Gemeinsame Dateien\Real\GToolbar\GDSSetup.exe -> [Ver = | Size = 755816 bytes | Modified Date = 28.10.2006 11:46:58 | Attr = ]
PEC2 , PECompact2 , -> C:\Programme\Gemeinsame Dateien\Real\GToolbar\GoogleToolbarInstaller.exe -> Google [Ver = 3, 0, 131, 0 | Size = 662032 bytes | Modified Date = 28.10.2006 11:46:58 | Attr = ]
Thawte Consulting , -> C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3760 | Size = 185896 bytes | Modified Date = 28.10.2006 11:46:48 | Attr = ]
Thawte Consulting , -> C:\Programme\Gemeinsame Dateien\Real\Update_OB\rnxproc.exe -> RealNetworks, Inc. [Ver = 7.0.0.3105 | Size = 58912 bytes | Modified Date = 28.10.2006 11:46:50 | Attr = ]
PEC2 , -> C:\WINDOWS\System32\dfrg.msc -> [Ver = | Size = 41118 bytes | Modified Date = 05.08.2004 13:00:00 | Attr = ]
Thawte Consulting , -> C:\WINDOWS\System32\pxcpya64.exe -> Sonic Solutions [Ver = 1.00.35a | Size = 63144 bytes | Modified Date = 25.08.2006 04:47:00 | Attr = ]
Thawte Consulting , -> C:\WINDOWS\System32\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 67240 bytes | Modified Date = 25.08.2006 04:47:00 | Attr = ]
Thawte Consulting , -> C:\WINDOWS\System32\pxinsa64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 62632 bytes | Modified Date = 25.08.2006 04:47:00 | Attr = ]
Thawte Consulting , -> C:\WINDOWS\System32\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 115880 bytes | Modified Date = 25.08.2006 04:47:00 | Attr = ]
Thawte Consulting , -> C:\WINDOWS\System32\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Modified Date = 28.10.2006 11:46:54 | Attr = ]
winsync , -> C:\WINDOWS\System32\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 05.08.2004 13:00:00 | Attr = ]
WSUD , UPX0 , -> C:\WINDOWS\System32\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 05.08.2004 13:00:00 | Attr = ]

< End of report >

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:29 AM

Posted 25 December 2006 - 01:35 PM

Hi Be water my friend. I do not see any signs of viruses or malware in the log. It is clean.

Does the machine not boot properly every time you reboot it (or start it up)? Can you post the exact message you see back here so I can see what it says?

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 Be water my friend

Be water my friend
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany/NRW
  • Local time:09:29 AM

Posted 25 December 2006 - 05:05 PM

I must say that after my first hijack the problem didnt appear anytime, so maybe with the adware and spybot tutorial the problem get killed, but maybe it happens tomorrow a next time

But in the other thread the man who helped me had see some other problems in the Event Viewer

Edited by Be water my friend, 25 December 2006 - 05:14 PM.


#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:29 AM

Posted 25 December 2006 - 08:16 PM

Hi Be water my friend. Yes, he was looking at the error messages for DHCP and TCPIP and saying it appeared that there might be some problems with the network. If the network was not working then those error messages would point to the specific problem.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 Be water my friend

Be water my friend
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany/NRW
  • Local time:09:29 AM

Posted 26 December 2006 - 05:11 AM

So I must say thank you and the Bleeping Forum, but you have to know: i will be back if I have an other prob^^

Thx and good bye

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:29 AM

Posted 27 December 2006 - 09:56 AM

You are welcome Be water my friend. I am glad that we could help.

I think it was just a temporary hiccup in the system. If it occurs again, please post back so we can take a new look at it.

I will now close this topic. If you have any new malware related questions of issues in the future please start a new topic.

Cheers and Happy Computing.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users