[beautifuljohanna]

Hallo !

Can you help me please?

I have installed Registrar Lite. Install, run, copy and paste this line to reglite's address bar:
CODE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

I get "C:\WINDOWS\System32\kbdk.dll"

Them I have downloaded FindnFix.exe.

Double-clicked on the FINDnFIX.exe and now I post the contents of Log.txt in this thread.

»»»»»»»»»»»»»»»»»»*** freeatlast100.100free.com ***»»»»»»»»»»»»»»»»

Microsoft Windows XP [Version 5.1.2600]
»»»IE build and last SP(s)
6.0.2900.2180 SP2
Der Typ des Dateisystems ist NTFS.
C: ist nicht fehlerhaft.

11.12.2004
11:21pm up 0 days, 0:27

»»»»»»»»»»»»»»»»»»***LOG!***»»»»»»»»»»»»»»»»

Scanning for file(s)...
»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»
»»»»» (*1*) »»»»» .........
»»Locked or 'Suspect' file(s) found...

C:\WINDOWS\System32\KBDK.DLL +++ File read error
\\?\C:\WINDOWS\System32\KBDK.DLL +++ File read error

»»»»» (*2*) »»»»»........
**File C:\FINDnFIX\LIST.TXT
KBDK.DLL Can't Open!

»»»»» (*3*) »»»»»........

No matches found.

unknown/hidden files...

No matches found.

»»»»» (*4*) »»»»».........
Sniffing..........
Power SNiF 1.34 - The Ultimate File Snifferdog. Created Mar 16 1992, 21:09:15.



»»»»»(*5*)»»»»»
**File C:\WINDOWS\SYSTEM32\DLLXXX.TXT
¯ Access denied ® ..................... KBDK.DLL .....57344 25.04.2004

»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»*»»»

»»Size of Windows key:
(*Default-450 *No AppInit-398 *fake(infected)-448,504,512...)

Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 448

»»Dumping Values........
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\DeviceNotSelectedTimeout SZ 15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\GDIProcessHandleQuota DWORD 00002710
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Spooler SZ yes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\swapdisk SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\TransmissionRetryTimeout SZ 90
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\USERProcessHandleQuota DWORD 00002710

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs = (*** MISSING TRAILING NULL CHARACTER ***)
DeviceNotSelectedTimeout = 15
GDIProcessHandleQuota = REG_DWORD 0x00002710
Spooler = yes
swapdisk =
TransmissionRetryTimeout = 90
USERProcessHandleQuota = REG_DWORD 0x00002710

»»Security settings for 'Windows' key:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(NI) ALLOW Read VORDEFINIERT\Benutzer
(IO) ALLOW Read VORDEFINIERT\Benutzer
(NI) ALLOW Read VORDEFINIERT\Hauptbenutzer
(IO) ALLOW Read VORDEFINIERT\Hauptbenutzer
(NI) ALLOW Full access VORDEFINIERT\Administratoren
(IO) ALLOW Full access VORDEFINIERT\Administratoren
(NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(NI) ALLOW Full access VORDEFINIERT\Administratoren
(IO) ALLOW Full access ERSTELLER-BESITZER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read VORDEFINIERT\Benutzer
Read VORDEFINIERT\Hauptbenutzer
Full access VORDEFINIERT\Administratoren
Full access NT-AUTORITŽT\SYSTEM


»»Member of...: (Admin logon required!)
User is a member of group CHEF\Kein.
User is a member of group \Jeder.
User is a member of group VORDEFINIERT\Administratoren.
User is a member of group VORDEFINIERT\Benutzer.
User is a member of group NT-AUTORITÄT\INTERAKTIV.
User is a member of group NT-AUTORITÄT\Authentifizierte Benutzer.
User is a member of group \LOKAL.

»» Service search:(different variant) '"Network Security Service","__NS_Service_3"...

[SC] GetServiceKeyName FAILED 1060:

Der angegebene Dienst ist kein installierter Dienst.

[SC] GetServiceDisplayName FAILED 1060:

Der angegebene Dienst ist kein installierter Dienst.


»»Notepad check....

C:\WINDOWS\
notepad.exe Tue 3 Aug 2004 23:58:08 A.... 70.144 68,50 K

1 item found: 1 file, 0 directories.
Total of file sizes: 70.144 bytes 68,50 K

C:\WINDOWS\SYSTEM32\
notepad.exe Tue 3 Aug 2004 23:58:08 A.... 70.144 68,50 K

1 item found: 1 file, 0 directories.
Total of file sizes: 70.144 bytes 68,50 K

No matches found.

»»Dir 'junkxxx' was created with the following permissions...
(FAT32=NA)
Directory "C:\junkxxx"
Permissions:
Type Flags Inh. Mask Gen. Std. File Group or User
======= ======== ==== ======== ==== ==== ==== ================
Allow 00000003 tco- 001F01FF ---- DSPO rw+x VORDEFINIERT\Administratoren
Allow 00000003 tco- 001F01FF ---- DSPO rw+x NT-AUTORITÄT\SYSTEM
Allow 00000000 t--- 001F01FF ---- DSPO rw+x CHEF\Chef2004
Allow 0000000B -co- 10000000 ---A ---- ---- \ERSTELLER-BESITZER
Allow 00000003 tco- 001200A9 ---- -S-- r--x VORDEFINIERT\Benutzer
Allow 00000002 tc-- 00000004 ---- ---- --+- VORDEFINIERT\Benutzer
Allow 00000002 tc-- 00000002 ---- ---- -w-- VORDEFINIERT\Benutzer

Owner: CHEF\Chef2004

Primary Group: CHEF\Kein



»»»»»»Backups created...»»»»»»
11:23pm up 0 days, 0:28
11.12.2004

A C:\FINDnFIX\winBack.hiv
--a-- - - - - - 8,192 12-11-2004 winback.hiv
A C:\FINDnFIX\keys1\winkey.reg
--a-- - - - - - 287 12-11-2004 winkey.reg

»»Performing string scan....
00001150: ?
00001190: vk : f AppInit_
000011D0:DLLs G C : \ W I N D O W S \ S y s t e m 3 2 \ k b d k . d
00001210:l l vk P UDeviceNotSelectedTimeout
00001250: 1 5 _ 9 0 x, vk ' zGDIProce
00001290:ssHandleQuota" vk Spooler2 y e s h
000012D0: p vk =pswapdisk vk
00001310: ` R TransmissionRetryTimeout p
00001350: X vk ' USERProcessHandleQuota x
00001390:
000013D0:
00001410:
00001450:
00001490:
000014D0:
00001510:
00001550:

---------- WIN.TXT
fùAppInit_DLLsÖ�æGÀÿÿÿC
--------------
C:\WINDOWS\System32\kbdk.dll
yes
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710


**File C:\FINDnFIX\WIN.TXT
 


  

 Øÿÿÿvk : Ø


fùAppInit_DLLsÖ�æGÀÿÿÿC : \ W I N D O W S \ S y s t e m 3 2 \ k b d k . d l l  °
Ðÿÿÿvk  P

ÀUDeviceNotSelectedTimeoutðÿÿÿ1 5  _£ûóðÿÿÿ9 0  x, Ðÿÿÿvk  €' 
zGDIProcessHandleQuota"þàÿÿÿvk  À

°ºSpooler2ðÿÿÿy e s h  °
 p  è àÿÿÿvk  €

=pswapdiskÐÿÿÿvk  `

R¿TransmissionRetryTimeoutàÿÿÿ°
 p  è  X Ðÿÿÿvk  €' 
USERProcessHandleQuota x




************************

End

Waht can I do ???????????????????????????

[Advertisements]

Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log as a new topic in the Hijack This forum. It will get a better response there from the people most qualified to analyze logs.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide. Also see this post.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.

[coachwife6]

Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log as a new topic in the Hijack This forum. It will get a better response there from the people most qualified to analyze logs.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide. Also see this post.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.