Zitat:

was soll bzw. kann ich tun, außer Windows neu zu installieren.

Das HJT logfile ohne nervige Zeilenumbrüche posten. -.-
Folge auch mal meinen Link zu silentrunners.

Zitat:

Zitat von root24

Das HJT logfile ohne nervige Zeilenumbrüche posten. -.-
.

btw sollten alle Logfiles imho in Code Tag gepostet werden [CODE][/CODE]

Entschuldigung für die Umstände mit der Log File, soll ich den Inhalt der .txt Datei posten der von dem Programm kommt?

Kein Problem und ja sollst Du.

Dann hier mal das ergebnis, ich hoffe ich habe alles richtig gemacht!

Code: Alles auswählenAufklappen

ATTFilter

"Silent Runners.vbs", revision 55, h**p://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ICQ" = ""E:\Programme\ICQ6\ICQ.exe" silent" ["ICQ, Inc."]
"ctfmon.exe" = "E:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"AVP" = ""E:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"" ["Kaspersky Lab"]
"SunJavaUpdateSched" = "E:\Programme\Java\jre1.5.0_10\bin\jusched.exe" ["Sun Microsystems, Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"razer" = "E:\Programme\Razer\razerhid.exe" [empty string]
"QuickTime Task" = ""E:\Programme\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]
"Launch LGDCore" = ""E:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE" ["Logitech Inc."]
"Launch LCDMon" = ""E:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe"" ["Logitech Inc."]
"KernelFaultCheck" = "%systemroot%\system32\dumprep 0 -k" [MS]
"ATICCC" = ""E:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
                   \InProcServer32\(Default) = "E:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "SSVHelper Class"
                   \InProcServer32\(Default) = "E:\Programme\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]
{E3FB9237-4475-437B-8C10-299097A8C0A8}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "SXG Advisor"
                   \InProcServer32\(Default) = "E:\WINDOWS\dgtxrdfxlw.dll" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
  -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "E:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
  -> {HKLM...CLSID} = "MCLiteShellExt Class"
                   \InProcServer32\(Default) = "E:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "E:\Programme\WinRAR\rarext.dll" [null data]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
  -> {HKLM...CLSID} = "Meine freigegebenen Ordner"
                   \InProcServer32\(Default) = "E:\Programme\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universelle Plug & Play-Geräte"
  -> {HKLM...CLSID} = "Universelle Plug & Play-Geräte"
                   \InProcServer32\(Default) = "E:\WINDOWS\system32\upnpui.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
  -> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung"
                   \InProcServer32\(Default) = "E:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "E:\Programme\Microsoft Office\Office10\msohev.dll" [MS]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
  -> {HKLM...CLSID} = "SimpleShlExt Class"
                   \InProcServer32\(Default) = "E:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"
  -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
                   \InProcServer32\(Default) = "E:\Programme\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"
  -> {HKLM...CLSID} = "TuneUp Theme Extension"
                   \InProcServer32\(Default) = "E:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statistik für Web-Anti-Virus"
  -> {HKLM...CLSID} = "Statistik für Web-Anti-Virus"
                   \InProcServer32\(Default) = "E:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
  -> {HKLM...CLSID} = "WPDShServiceObj Class"
                   \InProcServer32\(Default) = "E:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
"bxlrvps" = "{DA01CDDA-4FAC-4A6D-9930-2C45BC6B256B}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "E:\WINDOWS\bxlrvps.dll" [null data]
"alofkmn" = "{48F2C6F6-BFBC-47A8-B7B6-C466A8EE0432}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "E:\WINDOWS\alofkmn.dll" [null data]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "E:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll" ["Kaspersky Lab"]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> klogon\DLLName = "E:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
<<!>> taskmgr.exe\Debugger = "E:\Programme\TuneUp Utilities 2008\PMLauncher.exe" ["TuneUp Software GmbH"]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
  -> {HKLM...CLSID} = "PDF Shell Extension"
                   \InProcServer32\(Default) = "E:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
  -> {HKLM...CLSID} = "MCLiteShellExt Class"
                   \InProcServer32\(Default) = "E:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "E:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll" ["Kaspersky Lab"]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
  -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
                   \InProcServer32\(Default) = "E:\Programme\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "E:\Programme\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
  -> {HKLM...CLSID} = "MCLiteShellExt Class"
                   \InProcServer32\(Default) = "E:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
  -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
                   \InProcServer32\(Default) = "E:\Programme\TuneUp Utilities 2008\SDShelEx-win32.dll" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "E:\Programme\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "E:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "E:\Programme\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "E:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "E:\Dokumente und Einstellungen\SevIs\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"


Startup items in "SevIs" & "All Users" startup folders:
-------------------------------------------------------

E:\Dokumente und Einstellungen\SevIs\Startmenü\Programme\Autostart
<<!>> "PowerReg Scheduler.exe" [empty string]

E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"HP Digital Imaging Monitor" -> shortcut to: "E:\Programme\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]
"Microsoft Office" -> shortcut to: "E:\Programme\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"NETGEAR WG311v2 Smart Configuration" -> shortcut to: "E:\Programme\NETGEAR WG311v2 Adapter\wlancfg5.exe /HIDE" [empty string]


Enabled Scheduled Tasks:
------------------------

"1-Klick-Wartung" -> launches: "E:\Programme\TuneUp Utilities 2008\OneClick.exe /schedulestart" ["TuneUp Software GmbH"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{60570909-486A-4609-B7AE-CBCAA3831168}" = (no title provided)
  -> {HKLM...CLSID} = "ekvgsnw"
                   \InProcServer32\(Default) = "E:\WINDOWS\ekvgsnw.dll" [null data]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statistik für Web-Anti-Virus"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "E:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}"
  -> {HKCU...CLSID} = "Java Plug-in 1.5.0_10"
                   \InProcServer32\(Default) = "E:\Programme\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."]
  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_10"
                   \InProcServer32\(Default) = "E:\Programme\Java\jre1.5.0_10\bin\npjpi150_10.dll" ["Sun Microsystems, Inc."]

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Statistik für Web-Anti-Virus"

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\
"ButtonText" = "PartyPoker.com"
"MenuText" = "PartyPoker.com"
"Exec" = "F:\Programme\PartyGaming\PartyPoker\RunApp.exe" [file not found]

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "E:\Programme\ICQLite\ICQLite.exe" [file not found]

{E59EB121-F339-4851-A3BA-FE49C35617C2}\
"ButtonText" = "ICQ6"
"MenuText" = "ICQ6"
"Exec" = "E:\Programme\ICQ6\ICQ.exe" ["ICQ, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "E:\Programme\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> "TuneUp" = "file://E|/Dokumente und Einstellungen/All Users/Anwendungsdaten/TuneUp Software/Common/base.css" [file not found]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ad-Aware 2007 Service, aawservice, ""E:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft"]
Ati HotKey Poller, Ati HotKey Poller, "E:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
HP CUE DeviceDiscovery Service, hpqddsvc, "E:\WINDOWS\system32\svchost.exe -k hpdevmgmt" {"E:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll" ["Hewlett-Packard Co."]}
hpqcxs08, hpqcxs08, "E:\WINDOWS\system32\svchost.exe -k hpdevmgmt" {"E:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll" ["Hewlett-Packard Co."]}
Kaspersky Internet Security 7.0, AVP, ""E:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r" ["Kaspersky Lab"]
Machine Debug Manager, MDM, ""E:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Net Driver HPZ12, Net Driver HPZ12, "E:\WINDOWS\System32\svchost.exe -k HPZ12" {"E:\WINDOWS\system32\HPZinw12.dll" ["Hewlett-Packard"]}
Pml Driver HPZ12, Pml Driver HPZ12, "E:\WINDOWS\System32\svchost.exe -k HPZ12" {"E:\WINDOWS\system32\HPZipm12.dll" ["Hewlett-Packard"]}
PnkBstrA, PnkBstrA, "E:\WINDOWS\system32\PnkBstrA.exe" [null data]
TuneUp Designerweiterung, UxTuneUp, "E:\WINDOWS\System32\svchost.exe -k netsvcs" {"E:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]}


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
LIDIL hpzll5ha\Driver = "hpzll5ha.dll" ["Hewlett-Packard Company"]


---------- (launch time: 2008-02-27 20:21:34)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points, use the -supp parameter or answer "No" at the
  first message box and "Yes" at the second message box.
---------- (total run time: 34 seconds, including 9 seconds for message boxes)
         

Ok, dann so bitte weiter

Anleitung SmitfraudFix:

Lade dir dieses Tool -> SmitfraudFix
-Boote im abgesicherten Modus
-Starte es dann und lass das System Reinigen. (Option 2)



-Poste danach wie in der Anleitung beschrieben, das Ergebnis des Scans, die C:\rapport.txt

Hurraaa ihr seit die besten =))))
Die Symbole sind bisher nicht wieder gekommen, aber hier mal die log file:

Code: Alles auswählenAufklappen

ATTFilter

SmitFraudFix v2.298

Scan done at 14:23:12,29, 28.02.2008
Run from E:\Dokumente und Einstellungen\SevIs\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
E:\WINDOWS\dgtxrdfxlw.dll deleted.
E:\WINDOWS\ekvgsnw.dll deleted.
E:\WINDOWS\bxlrvps.dll deleted.
E:\WINDOWS\alofkmn.dll deleted.


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

E:\WINDOWS\fkxvkns.exe Deleted
E:\DOKUME~1\SevIs\FAVORI~1\Error Cleaner.url Deleted
E:\DOKUME~1\SevIs\FAVORI~1\Privacy Protector.url Deleted
E:\DOKUME~1\SevIs\FAVORI~1\Spyware?Malware Protection.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NETGEAR WG311v2 802.11g Wireless PCI Adapter - Paketplaner-Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{AAB7F6EC-BA15-4DF2-B001-AD4A289183AE}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{AAB7F6EC-BA15-4DF2-B001-AD4A289183AE}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{AAB7F6EC-BA15-4DF2-B001-AD4A289183AE}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End