pc sehr langsam, WinFixer,WinAntiVirus Pro 2006, Trojans, logs auch dabei

Home » Viren, Trojaner & Malware Forum » pc sehr langsam, WinFixer,WinAntiVirus Pro 2006, Trojans, logs auch dabei » Themenansicht

Seite(n): 1 2

Antworten

pc sehr langsam, WinFixer,WinAntiVirus Pro 2006, Trojans, logs auch dabei

11.09.2006, 16:31 Deyani Member Beiträge: 11	#1 Logfile of HijackThis v1.99.1Scan saved at 15:58, on 9/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\DTV\RemoteControl.exe C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HPQ\Shared\hpqwmi.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\Adobelm_Cleanup.0001 C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\Adobelm_Cleanup.0001 C:\Documents and Settings\DeyanPC\My Documents\programs\security\hijack\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [DTVRemote] "C:\Program Files\DTV\RemoteControl.exe" O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: MSWin.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://locator.cdn.imageservr.com O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.trasferimento.biz/l/a3ad1d8edc539b47a7e227b1feea490d_35.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37900.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326 O20 - AppInit_DLLs: "", svchost.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe ComboFix 06.09.07 - Running from: C:\Documents and Settings\DeyanPC\My Documents\programs\security\combofix Microsoft Windows XP [Version 5.1.2600] (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\QooBox\Purity\WINDOWS\system32\STEM32~1 ((((((((((((((((((((((((((((((( Files Created from 2006-08-11 to 2006-09-11 )))))))))))))))))))))))))))))))))) 2006-09-10 16:26 106,516 --a------ C:\WINDOWS\system32\skjwytpj.dll 2006-09-10 16:25 1,132,505 ---hs---- C:\WINDOWS\system32\llnmp.bak1 2006-09-10 11:14 106,516 --a------ C:\WINDOWS\system32\dadcqcan.dll 2006-09-09 10:36 106,516 --a------ C:\WINDOWS\system32\atnwbond.dll 2006-09-07 12:27 106,516 --a------ C:\WINDOWS\system32\oiyjknwi.dll 2006-09-05 23:26 106,516 --a------ C:\WINDOWS\system32\omdwkoqo.dll 2006-09-04 20:48 106,516 --a------ C:\WINDOWS\system32\lttchjyn.dll 2006-09-03 12:26 102,420 --a------ C:\WINDOWS\system32\erwpditm.dll 2006-09-02 12:25 102,420 --a------ C:\WINDOWS\system32\ioqofpom.dll 2006-08-26 04:54 13,844 --a------ C:\WINDOWS\system32\pppyrcrm.exe 2006-08-24 22:26 13,844 --a------ C:\WINDOWS\system32\rkrthmga.exe 2006-08-22 00:18 13,844 --a------ C:\WINDOWS\system32\ywvqfkvo.exe 2006-08-16 02:50 2,580 --a------ C:\WINDOWS\system32\pyeytrqk.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-09-11 15:59 -------- d-------- C:\Program Files\CleanUp! 2006-09-11 15:49 -------- d-------- C:\Documents and Settings\DeyanPC\Application Data\Skype 2006-09-10 20:12 -------- d-------- C:\Program Files\Common Files\Logitech 2006-09-10 17:53 -------- d-------- C:\Program Files\Roguescanfix 2006-09-10 15:10 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys 2006-09-10 11:14 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys 2006-09-10 11:14 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys 2006-09-06 01:19 -------- d---s---- C:\Documents and Settings\DeyanPC\Application Data\Microsoft 2006-09-05 00:26 -------- d-------- C:\Program Files\Nokia 2006-09-05 00:26 -------- d-------- C:\Program Files\Common Files\PCSuite 2006-09-05 00:26 -------- d-------- C:\Program Files\Common Files\Nokia 2006-09-05 00:26 -------- d-------- C:\Program Files\Common Files 2006-09-05 00:21 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-08-25 00:00 -------- d-------- C:\Program Files\audiograbber 2006-08-24 18:26 -------- d-------- C:\Program Files\Registry Mechanic 2006-08-22 20:58 -------- d-------- C:\Documents and Settings\DeyanPC\Application Data\Sonic 2006-08-22 20:58 -------- d-------- C:\Documents and Settings\DeyanPC\Application Data\Leadertech 2006-08-21 20:00 -------- d-------- C:\Documents and Settings\DeyanPC\Application Data\Apple Computer 2006-08-16 03:02 -------- d-------- C:\Program Files\Internet Explorer 2006-07-28 01:24 -------- d-------- C:\Program Files\iTunes 2006-07-28 01:22 -------- d-------- C:\Program Files\iPod 2006-07-27 16:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-24 23:09 53624 --a------ C:\Documents and Settings\DeyanPC\Application Data\GDIPFONTCACHEV1.DAT 2006-07-21 11:24 72704 --a------ C:\WINDOWS\system32\hlink.dll 2006-07-18 00:46 -------- d-------- C:\Program Files\Winamp 2006-07-16 15:50 -------- d-------- C:\Program Files\Zone Labs 2006-07-16 13:50 -------- d-------- C:\Program Files\Grisoft 2006-07-16 13:49 -------- d-------- C:\Documents and Settings\DeyanPC\Application Data\AVG7 2006-07-16 13:48 4992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys 2006-07-16 13:48 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys 2006-07-16 13:48 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys 2006-07-14 00:46 -------- d-------- C:\Program Files\Microsoft Office 2006-07-14 00:46 -------- d-------- C:\Program Files\Common Files\Microsoft Shared 2006-07-14 00:10 -------- d-------- C:\Program Files\Microsoft ActiveSync 2006-07-14 00:09 -------- d-------- C:\Program Files\Microsoft Visual Studio 2006-07-14 00:08 -------- d-------- C:\Program Files\Common Files\System 2006-07-09 13:42 42920 --a------ C:\WINDOWS\system32\vsutil_loc0407.dll 2006-07-05 16:39 569396 --------- C:\WINDOWS\system32\pmnll.dll 2006-06-17 14:04 5875 --a------ C:\Documents and Settings\DeyanPC\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC" "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName" "SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe" "SoundMAX"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe /tray" "AGRSMMSG"="AGRSMMSG.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe" "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe" "Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe" "eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start" "UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r" "dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0\\bin\\jusched.exe" "hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe" "WatchDog"="C:\\Program Files\\InterVideo\\DVD Check\\DVDCheck.exe" "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" "Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\"" @="" "DTVRemote"="\"C:\\Program Files\\DTV\\RemoteControl.exe\"" "USIUDF_Eject_Monitor"="C:\\Program Files\\Common Files\\Ulead Systems\\DVD\\USISrv.exe" "HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\"" "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" "RegistryMechanic"="" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "QuickTime Task"="\"C:\\Program Files\\K-Lite Codec Pack\\QuickTime\\qttask.exe\" -atboottime" "DataLayer"="C:\\Program Files\\Common Files\\PCSuite\\DataLayer\\DataLayer.exe" "PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -onlytray" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnll Completion time: Mon 09/11/2006 16:03:27.71 ComboFix.txt ComboFix2.txt Datfind.bat Logs: Volume in drive C has no label. Volume Serihier nicht! Number is FC8A-D7FF Directory of C:\WINDOWS\system32 09/11/2006 16:06 0 llnmp.tmp 09/11/2006 16:06 1,142,208 llnmp.ini 09/11/2006 15:02 54,112 vsconfig.xml 09/11/2006 15:01 2,206 wpa.dbl 09/11/2006 14:59 0 mcrh.tmp 09/10/2006 16:26 106,516 skjwytpj.dll 09/10/2006 16:25 1,132,505 llnmp.bak1 09/10/2006 11:14 106,516 dadcqcan.dll 09/09/2006 10:36 106,516 atnwbond.dll 09/07/2006 12:27 106,516 oiyjknwi.dll 09/05/2006 23:26 106,516 omdwkoqo.dll 09/04/2006 20:48 106,516 lttchjyn.dll 09/03/2006 12:26 102,420 erwpditm.dll 09/02/2006 12:25 102,420 ioqofpom.dll 08/26/2006 04:54 13,844 pppyrcrm.exe 08/24/2006 22:26 13,844 rkrthmga.exe 08/22/2006 00:18 13,844 ywvqfkvo.exe 08/16/2006 02:50 2,580 pyeytrqk.exe 08/09/2006 22:03 8,325,544 MRT.exe 07/28/2006 14:28 3,054,080 mshtml.dll 07/27/2006 16:24 679,424 inetcomm.dll 07/26/2006 01:03 4,212 zllictbl.dat 07/25/2006 23:33 613,888 urlmon.dll 07/21/2006 11:24 72,704 hlink.dll 07/16/2006 20:34 382,260 perfh009.dat 07/16/2006 20:34 53,838 perfc009.dat 07/16/2006 20:34 441,802 PerfStringBackup.INI 07/14/2006 18:31 332,288 netapi32.dll 07/14/2006 18:25 546,304 hhctrl.ocx 07/14/2006 10:01 215,264 FNTCACHE.DAT 07/13/2006 16:33 8,453,632 shell32.dll 07/09/2006 15:38 25,605 ikhcore.log 07/09/2006 13:42 42,920 vsutil_loc0407.dll 07/09/2006 13:42 392,824 vsdatant.sys 07/09/2006 13:42 71,672 zlcommdb.dll 07/09/2006 13:42 83,960 zlcomm.dll 07/09/2006 13:42 100,344 vsxml.dll 07/09/2006 13:42 59,384 vswmi.dll 07/09/2006 13:42 440,312 vsutil.dll 07/09/2006 13:42 71,672 vsregexp.dll 07/09/2006 13:42 268,280 vspubapi.dll 07/09/2006 13:42 157,688 vsinit.dll 07/09/2006 13:42 104,440 vsmonapi.dll 07/09/2006 13:42 83,960 vsdata.dll 07/05/2006 16:39 569,396 pmnll.dll 07/05/2006 13:55 984,064 kernel32.dll 06/26/2006 20:37 148,480 dnsapi.dll 06/26/2006 20:37 8,192 rasadhlp.dll 06/23/2006 14:02 658,944 wininet.dll 06/23/2006 14:02 1,494,016 shdocvw.dll 06/23/2006 14:02 532,480 mstime.dll 06/23/2006 14:02 39,424 pngfilt.dll 06/23/2006 14:02 448,512 mshtmled.dll 06/23/2006 14:02 146,432 msrating.dll 06/23/2006 14:02 474,112 shlwapi.dll 06/23/2006 14:02 251,392 iepeers.dll 06/23/2006 14:02 1,054,208 danim.dll 06/23/2006 14:02 357,888 dxtmsft.dll 06/23/2006 14:02 205,312 dxtrans.dll 06/23/2006 14:02 55,808 extmgr.dll 06/23/2006 14:02 16,384 jsproxy.dll 06/23/2006 14:02 96,256 inseng.dll 06/23/2006 14:02 151,040 cdfview.dll 06/23/2006 14:02 1,022,976 browseui.dll 06/23/2006 11:34 24,576 xpsp3res.dll 06/22/2006 13:47 181,248 rasmans.dll 06/20/2006 23:32 796,584 libeay32_0.9.6l.dll 06/19/2006 16:20 702,768 WgaLogon.dll 06/19/2006 16:19 571,184 LegitCheckControl.dll 06/19/2006 16:19 304,944 WgaTray.exe 06/15/2006 15:20 45,292 OEMINFO.PNF 06/01/2006 21:47 163,840 jgdw400.dll 06/01/2006 21:47 27,648 jgpl400.dll Volume in drive C has no label. Volume Serihier nicht! Number is FC8A-D7FF Directory of C:\DOCUME~1\DeyanPC\LOCALS~1\Temp 09/11/2006 15:29 59,964 Adobelm_Cleanup.0001 09/11/2006 15:28 2,048,000 AcrC8F4.tmp 2 File(s) 2,107,964 bytes 0 Dir(s) 27,043,569,664 bytes free Directory of C:\WINDOWS 09/11/2006 15:01 159 wiadebug.log 09/11/2006 15:01 3,638 ModemLog_Agere Systems AC'97 Modem.txt 09/11/2006 15:01 1,159,036 WindowsUpdate.log 09/11/2006 15:01 49 wiaservc.log 09/11/2006 15:00 0 0.log 09/11/2006 15:00 2,048 bootstat.dat 09/11/2006 01:09 32,646 SchedLgU.Txt 09/10/2006 20:47 2,875 KB893803v2Uninst.log 09/10/2006 20:47 71,903 iis6.log 09/10/2006 20:47 173,304 comsetup.log 09/10/2006 20:47 1,374 imsins.log 09/10/2006 20:47 107,384 ntdtcsetup.log 09/10/2006 20:47 192,398 tsoc.log 09/10/2006 20:47 27,897 ocmsn.log 09/10/2006 20:46 264,992 ocgen.log 09/10/2006 20:46 25,132 msgsocm.log 09/10/2006 20:46 497,737 FaxSetup.log 09/10/2006 20:46 930,699 setupapi.log 09/10/2006 19:46 268 _delis32.ini 09/10/2006 17:25 3,234 spupdsvc.log 09/10/2006 17:22 15,872 WgaNotify.log 09/10/2006 17:19 22,191 updspapi.log 09/09/2006 16:31 61,136 wmsetup.log 09/09/2006 14:32 54,156 QTFont.qfn 09/05/2006 00:22 19 SoundConverter.INI 09/01/2006 00:50 1,409 QTFont.for 08/25/2006 00:00 14,686 cdplayer.ini 08/24/2006 18:23 1,026,392 dp2_log.txt 08/16/2006 03:06 1,374 imsins.BAK 08/16/2006 03:06 17,334 KB920214.log 08/16/2006 03:05 17,148 KB921883.log 08/16/2006 03:05 16,874 KB922616.log 08/16/2006 03:05 17,321 KB921398.log 08/16/2006 03:03 20,295 KB918899.log 08/16/2006 03:02 12,683 KB920670.log 08/16/2006 03:01 12,843 KB917422.log 08/16/2006 03:01 13,189 KB920683.log 07/28/2006 01:24 357 GEARInstall.log 07/27/2006 13:27 271,029 LVEventLog.log 07/16/2006 12:57 472 setupact.log 07/15/2006 03:01 3,335 KB885884.log 07/14/2006 00:16 748 ODBC.INI 07/14/2006 00:13 628 win.ini 07/12/2006 01:02 12,535 KB917159.log 07/12/2006 01:02 13,086 KB914388.log 07/12/2006 01:01 11,304 KB916595.log 07/06/2006 22:05 0 pestpatrol5.INI 06/28/2006 03:01 15,700 KB911280.log 06/17/2006 16:18 11,919 KB917734.log 06/17/2006 16:17 14,404 KB918439.log 06/17/2006 16:17 14,787 KB917344.log 06/17/2006 16:17 14,551 KB917953.log 06/17/2006 16:17 18,165 KB916281.log 06/17/2006 16:17 12,437 KB914389.log 06/17/2006 14:09 100,724 cpeins04.dat 06/17/2006 14:04 206 HPGdiPlus.ini 06/15/2006 18:30 104,156 hpoins04.dat 06/13/2006 13:14 794 DirectX.log 06/12/2006 23:43 316,640 WMSysPr9.prx Directory of C:\ 09/11/2006 16:08 0 sys.txt 09/11/2006 16:08 8,986 system.txt 09/11/2006 16:07 329 systemtemp.txt 09/11/2006 16:06 111,287 system32.txt 09/11/2006 16:03 9,809 ComboFix.txt 09/11/2006 15:00 527,880,192 hiberfil.sys 09/11/2006 15:00 792,723,456 pagefile.sys 09/10/2006 16:55 320 temp.txt 09/10/2006 16:46 10,118 ComboFix2.txt 09/10/2006 16:16 1,600 VundoFix.txt 08/16/2006 18:25 1,341,440 01.mpg 07/27/2006 13:27 2,048 TimeShift.mpg 07/16/2006 13:52 12,286,415 AVG7QT.DAT 07/09/2006 15:32 6,990 caisslog.txt 06/15/2006 20:45 1,167 _Sid.txt Problembeschreibung: Mein PC ist extrem langsam, wenn ich ein Programm oder eine Web-Seite öffnen möchte, ab und zu versuchen sich Programme selber zu installieren(wie WinFixer, Win...) und mein PC lädt sich auch von alleine herunter, verstehe ich auch nicht warum, lädt auch sehr langsam beim Windowsstarten! Habe AVG und ZONEALARM drauf, aber keine Besserung! Danke für die Hilfe! Dieser Beitrag wurde am 11.09.2006 um 22:36 Uhr von Deyani editiert.

12.09.2006, 14:03 Sabina Ehrenmitglied Beiträge: 29434	#2 avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat registry keys to delete: HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnll Files to delete: C:\WINDOWS\system32\llnmp.ini C:\WINDOWS\system32\skjwytpj.dll C:\WINDOWS\system32\llnmp.bak1 C:\WINDOWS\system32\dadcqcan.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\atnwbond.dll C:\WINDOWS\system32\oiyjknwi.dll C:\WINDOWS\system32\omdwkoqo.dll C:\WINDOWS\system32\lttchjyn.dll C:\WINDOWS\system32\erwpditm.dll C:\WINDOWS\system32\ioqofpom.dll C:\WINDOWS\system32\pppyrcrm.exe C:\WINDOWS\system32\rkrthmga.exe C:\WINDOWS\system32\ywvqfkvo.exe C:\WINDOWS\system32\pyeytrqk.exe C:\WINDOWS\Temp\sa118.exe C:\WINDOWS\Temp\winE6.tmp.exe C:\WINDOWS\system32\ssqpqpp.dll C:\WINDOWS\system32\urqnmkj.dll C:\WINDOWS\system32\xxywuur.dll C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWA6P_0001_N91M1807NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UWA6P_0001_N91M1807NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWA6P_0001_N91M1807NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWA6P_0001_N91M1807NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWA6P_0001_N91M1807NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA6P_0001_N91M1807NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.13\UWA6P_0001_N91M1807NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.12\UWA6P_0001_N91M1807NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.11\UWA6P_0001_N91M1807NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.10\UWA6P_0001_N91M1807NetInstaller.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe C:\Documents and Settings\DeyanPC\Local Settings\Temporary Internet Files\Content.IE5\YJSRWJ4L\WinAntiVirusPro2006FreeInstall[1].cab C:\Documents and Settings\DeyanPC\Local Settings\Temp\ICD2.tmp\UWA6P_0001_N91M1807NetInstaller.exe Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten poste das log vom avenger, was erscheint Start - Programme - Zubehör - Systemprogramme - Datenträgerbereinigung - Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k. - Click:Temporäre Dateien, o.k öffne das HijackThis -- Button "scan" -- vor Eintrag Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O20 - AppInit_DLLs: "", svchost.dll PC neustarten virustotal Oben auf der Seite --> auf Durchsuchen klicken --> die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten http://www.virustotal.com/flash/index_en.html C:\WINDOWS\system32\Drivers\CO_Mon.sys poste den report __________ MfG Sabina rund um die PC-Sicherheit

12.09.2006, 17:35 Deyani Member Themenstarter Beiträge: 11	#3 hi, danke hier nochmal die neuen reports Virustotal STATUS: QUEUED Your file "CO_Mon.sys" is queued in position: 29. Estimated start time is between 6 and 9 minutes. Antivirus Version Update Result Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\mrfnkggb ***************** Script file located at: \??\C:\Program Files\jbjecuuu.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger *************** Beginning to process script file: File C:\WINDOWS\system32\llnmp.ini deleted successfully. File C:\WINDOWS\system32\skjwytpj.dll deleted successfully. File C:\WINDOWS\system32\llnmp.bak1 deleted successfully. File C:\WINDOWS\system32\dadcqcan.dll deleted successfully. File C:\WINDOWS\system32\mcrh.tmp deleted successfully. File C:\WINDOWS\system32\atnwbond.dll deleted successfully. File C:\WINDOWS\system32\oiyjknwi.dll deleted successfully. File C:\WINDOWS\system32\omdwkoqo.dll deleted successfully. File C:\WINDOWS\system32\lttchjyn.dll deleted successfully. File C:\WINDOWS\system32\erwpditm.dll deleted successfully. File C:\WINDOWS\system32\ioqofpom.dll deleted successfully. File C:\WINDOWS\system32\pppyrcrm.exe deleted successfully. File C:\WINDOWS\system32\rkrthmga.exe deleted successfully. File C:\WINDOWS\system32\ywvqfkvo.exe deleted successfully. File C:\WINDOWS\system32\pyeytrqk.exe deleted successfully. File C:\WINDOWS\Temp\sa118.exe not found! Deletion of file C:\WINDOWS\Temp\sa118.exe failed! Could not process line: C:\WINDOWS\Temp\sa118.exe Status: 0xc0000034 File C:\WINDOWS\Temp\winE6.tmp.exe not found! Deletion of file C:\WINDOWS\Temp\winE6.tmp.exe failed! Could not process line: C:\WINDOWS\Temp\winE6.tmp.exe Status: 0xc0000034 File C:\WINDOWS\system32\ssqpqpp.dll not found! Deletion of file C:\WINDOWS\system32\ssqpqpp.dll failed! Could not process line: C:\WINDOWS\system32\ssqpqpp.dll Status: 0xc0000034 File C:\WINDOWS\system32\urqnmkj.dll not found! Deletion of file C:\WINDOWS\system32\urqnmkj.dll failed! Could not process line: C:\WINDOWS\system32\urqnmkj.dll Status: 0xc0000034 File C:\WINDOWS\system32\xxywuur.dll not found! Deletion of file C:\WINDOWS\system32\xxywuur.dll failed! Could not process line: C:\WINDOWS\system32\xxywuur.dll Status: 0xc0000034 File C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully. Could not delete file C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exe Deletion of file C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exe failed! Could not process line: C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exe Status: 0xc0000035 File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\CONFLICT.13\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\CONFLICT.12\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\CONFLICT.11\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\CONFLICT.10\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully. File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe deleted successfully. Could not open file C:\Documents and Settings\DeyanPC\Local Settings\Temporary Internet Files\Content.IE5\YJSRWJ4L\WinAntiVirusPro2006FreeInstall[1].cab for deletion Deletion of file C:\Documents and Settings\DeyanPC\Local Settings\Temporary Internet Files\Content.IE5\YJSRWJ4L\WinAntiVirusPro2006FreeInstall[1].cab failed! Could not process line: C:\Documents and Settings\DeyanPC\Local Settings\Temporary Internet Files\Content.IE5\YJSRWJ4L\WinAntiVirusPro2006FreeInstall[1].cab Status: 0xc000003a Could not open file C:\Documents and Settings\DeyanPC\Local Settings\Temp\ICD2.tmp\UWA6P_0001_N91M1807NetInstaller.exe for deletion Deletion of file C:\Documents and Settings\DeyanPC\Local Settings\Temp\ICD2.tmp\UWA6P_0001_N91M1807NetInstaller.exe failed! Could not process line: C:\Documents and Settings\DeyanPC\Local Settings\Temp\ICD2.tmp\UWA6P_0001_N91M1807NetInstaller.exe Status: 0xc000003a Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnll deleted successfully. Completed script processing. ***************** Finished! Terminate.

13.09.2006, 00:19 Sabina Ehrenmitglied Beiträge: 29434	#4 1. loesche das backup vom avenger unter C:\Avenger\backup.zip 2. scanne und poste den scanreport http://virus-protect.org/cureit.html __________ MfG Sabina rund um die PC-Sicherheit

13.09.2006, 01:03 Deyani Member Themenstarter Beiträge: 11	#5 hi, hier da log von DrWeb Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.06080) Copyright (c) Igor Daniloff, 1992-2006 Log generated on: 2006-09-13, 00:47:40 [DEYAN][DeyanPC] Command-line: "C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini Operating system:Windows XP Home Edition x86 (Build 2600), Service Pack 2 ============================================================================= Engine version: 4.33 (4.33.4.07270) Engine API version: 2.01 [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crwtoday.cdb - 306 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43352.cdb - 2016 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43351.cdb - 943 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43347.cdb - 707 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43346.cdb - 1429 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43344.cdb - 694 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43342.cdb - 744 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43341.cdb - 841 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43340.cdb - 822 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43338.cdb - 989 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43337.cdb - 855 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43334.cdb - 900 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43328.cdb - 743 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43327.cdb - 958 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43326.cdb - 793 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43325.cdb - 713 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43324.cdb - 655 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43323.cdb - 655 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43322.cdb - 778 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43321.cdb - 846 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43320.cdb - 808 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43319.cdb - 764 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43318.cdb - 838 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43317.cdb - 363 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43316.cdb - 730 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43315.cdb - 627 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43314.cdb - 824 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43313.cdb - 842 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43312.cdb - 830 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43311.cdb - 862 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43310.cdb - 853 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43309.cdb - 733 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43308.cdb - 708 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43307.cdb - 839 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43306.cdb - 930 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43305.cdb - 759 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43304.cdb - 721 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43303.cdb - 638 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43302.cdb - 806 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43301.cdb - 504 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43300.cdb - 24 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\cwrtoday.cdb - 232 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\cwntoday.cdb - 196 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\cwn43304.cdb - 793 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\cwn43301.cdb - 773 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records Total virus records: 140764 Key file: C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\cureit.key License key number: 0000000010 Registered to: Dr.Web CureIt Project License key activates: 2005-03-05 License key expires: 2007-03-05 ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 0 Infected objects found: 0 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 0 Kb/s Scan time: 00:00:00 ----------------------------------------------------------------------------- [Scan path] C:\WINDOWS\system32\smss.exe [Scan path] C:\WINDOWS\system32\csrss.exe [Scan path] C:\WINDOWS\system32\winlogon.exe [Scan path] C:\WINDOWS\system32\services.exe [Scan path] C:\WINDOWS\system32\lsass.exe [Scan path] C:\WINDOWS\system32\svchost.exe [Scan path] C:\WINDOWS\explorer.exe [Scan path] C:\WINDOWS\system32\spoolsv.exe [Scan path] C:\WINDOWS\System32\SCardSvr.exe [Scan path] C:\WINDOWS\system32\cisvc.exe [Scan path] C:\WINDOWS\System32\snmp.exe [Scan path] C:\WINDOWS\system32\wdfmgr.exe [Scan path] C:\WINDOWS\AGRSMMSG.exe [Scan path] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [Scan path] C:\WINDOWS\system32\igfxtray.exe [Scan path] C:\WINDOWS\system32\hkcmd.exe [Scan path] C:\Program Files\Java\jre1.5.0\bin\jusched.exe [Scan path] C:\WINDOWS\system32\rundll32.exe [Scan path] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe [Scan path] C:\Program Files\iTunes\iTunesHelper.exe [Scan path] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe [Scan path] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [Scan path] C:\WINDOWS\system32\ctfmon.exe [Scan path] C:\Program Files\iPod\bin\iPodService.exe [Scan path] C:\WINDOWS\System32\Wbem\wmiprvse.exe [Scan path] C:\WINDOWS\system32\cidaemon.exe [Scan path] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\_start.exe [Scan path] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\cureit.exe [Scan path] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [Scan path] c:\windows\system32\ime\tintlgnt\tintsetp.exe [Scan path] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [Scan path] c:\program files\analog devices\soundmax\smax4.exe [Scan path] C:\Program Files\HPQ\Default Settings\cpqset.exe [Scan path] c:\program files\hpq\quick launch buttons\eabservr.exe [Scan path] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [Scan path] C:\WINDOWS\system32\dla\tfswctrl.exe [Scan path] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [Scan path] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [Scan path] C:\WINDOWS\system32\bthprops.cpl [Scan path] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [Scan path] C:\Program Files\DTV\RemoteControl.exe [Scan path] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [Scan path] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [Scan path] c:\progra~1\grisoft\avgfre~1\avgcc.exe [Scan path] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [Scan path] C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe [Scan path] c:\program files\nokia\nokia pc suite 6\launchapplication.exe [Scan path] c:\progra~1\grisoft\avgfre~1\avgw.exe [Scan path] C:\Documents and Settings\DeyanPC\Start Menu\Programs\Startup\desktop.ini [Scan path] C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [Scan path] C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [Scan path] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini [Scan path] C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [Scan path] C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [Scan path] C:\Program Files\Microsoft Office\Office10\OSA.EXE [Scan path] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MSWin.exe [Scan path] C:\WINDOWS\system32\mmsys.cpl [Scan path] C:\WINDOWS\system32\icmui.dll [Scan path] C:\WINDOWS\system32\rshx32.dll [Scan path] C:\WINDOWS\system32\docprop.dll [Scan path] C:\WINDOWS\system32\ntshrui.dll [Scan path] C:\WINDOWS\system32\themeui.dll [Scan path] C:\WINDOWS\system32\deskadp.dll [Scan path] C:\WINDOWS\system32\deskmon.dll [Scan path] C:\WINDOWS\system32\dssec.dll [Scan path] C:\WINDOWS\system32\SlayerXP.dll [Scan path] C:\WINDOWS\system32\shscrap.dll [Scan path] C:\WINDOWS\system32\diskcopy.dll [Scan path] C:\WINDOWS\system32\ntlanui2.dll [Scan path] C:\WINDOWS\system32\printui.dll [Scan path] C:\WINDOWS\system32\dskquoui.dll [Scan path] C:\WINDOWS\system32\syncui.dll [Scan path] C:\WINDOWS\system32\hticons.dll [Scan path] C:\WINDOWS\system32\fontext.dll [Scan path] C:\WINDOWS\system32\deskperf.dll [Scan path] C:\WINDOWS\system32\cryptext.dll [Scan path] C:\WINDOWS\system32\NETSHELL.dll [Scan path] C:\WINDOWS\system32\wiashext.dll [Scan path] C:\WINDOWS\system32\remotepg.dll [Scan path] C:\WINDOWS\system32\wshext.dll [Scan path] C:\Program Files\Common Files\System\Ole DB\oledb32.dll [Scan path] C:\WINDOWS\system32\mstask.dll [Scan path] C:\WINDOWS\system32\shdocvw.dll [Scan path] C:\WINDOWS\system32\wuaucpl.cpl [Scan path] C:\WINDOWS\system32\twext.dll [Scan path] C:\WINDOWS\system32\shmedia.dll [Scan path] C:\WINDOWS\system32\browseui.dll [Scan path] C:\WINDOWS\system32\sendmail.dll [Scan path] C:\WINDOWS\system32\occache.dll [Scan path] C:\WINDOWS\system32\webcheck.dll [Scan path] C:\WINDOWS\system32\appwiz.cpl [Scan path] C:\WINDOWS\system32\shimgvw.dll [Scan path] C:\WINDOWS\system32\netplwiz.dll [Scan path] C:\WINDOWS\system32\zipfldr.dll [Scan path] C:\WINDOWS\system32\cdfview.dll [Scan path] C:\WINDOWS\system32\extmgr.dll [Scan path] C:\WINDOWS\system32\msieftp.dll [Scan path] C:\WINDOWS\system32\docprop2.dll [Scan path] C:\WINDOWS\system32\dsquery.dll [Scan path] C:\WINDOWS\system32\dsuiext.dll [Scan path] C:\WINDOWS\system32\mydocs.dll [Scan path] C:\WINDOWS\System32\cscui.dll [Scan path] C:\WINDOWS\msagent\agentpsh.dll [Scan path] C:\WINDOWS\system32\dfsshlex.dll [Scan path] C:\WINDOWS\system32\photowiz.dll [Scan path] C:\WINDOWS\System32\mmcshext.dll [Scan path] C:\WINDOWS\system32\cabview.dll [Scan path] C:\Program Files\Outlook Express\wabfind.dll [Scan path] C:\WINDOWS\system32\wmpshell.dll [Scan path] C:\WINDOWS\system32\btneighborhood.dll [Scan path] C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [Scan path] C:\Program Files\Sonic\RecordNow!\shlext.dll [Scan path] C:\WINDOWS\system32\dla\tfswshx.dll [Scan path] C:\WINDOWS\system32\Audiodev.dll [Scan path] C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll [Scan path] C:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll [Scan path] C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL [Scan path] C:\Program Files\Microsoft Office\Office10\msohev.dll [Scan path] C:\Program Files\WinRAR\rarext.dll [Scan path] C:\WINDOWS\system32\upnpui.dll [Scan path] C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL [Scan path] C:\Program Files\iTunes\iTunesMiniPlayer.dll [Scan path] C:\PROGRA~1\Grisoft\AVGFRE~1\avgse.dll [Scan path] C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Scan path] c:\program files\google\googletoolbar1.dll [Scan path] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Scan path] C:\WINDOWS\system32\pmnll.dll >C:\WINDOWS\system32\pmnll.dll infected with Trojan.Virtumod - will be cured after reboot [Scan path] C:\WINDOWS\system32\SHELL32.dll [Scan path] C:\WINDOWS\system32\stobject.dll [Scan path] C:\WINDOWS\system32\crypt32.dll [Scan path] C:\WINDOWS\system32\cryptnet.dll [Scan path] C:\WINDOWS\system32\cscdll.dll [Scan path] C:\WINDOWS\system32\igfxsrvc.dll [Scan path] C:\WINDOWS\system32\wlnotify.dll [Scan path] C:\WINDOWS\system32\sclgntfy.dll [Scan path] C:\WINDOWS\system32\WgaLogon.dll [Scan path] c:\windows\system32\svchost.exe [Scan path] C:\WINDOWS\system32\DRIVERS\ACPI.sys [Scan path] C:\WINDOWS\system32\DRIVERS\ACPIEC.sys [Scan path] C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [Scan path] C:\WINDOWS\system32\drivers\aeaudio.sys [Scan path] C:\WINDOWS\system32\drivers\aec.sys [Scan path] C:\WINDOWS\System32\drivers\afd.sys [Scan path] C:\WINDOWS\system32\DRIVERS\AGRSM.sys [Scan path] C:\WINDOWS\System32\alg.exe [Scan path] C:\WINDOWS\system32\DRIVERS\arp1394.sys [Scan path] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [Scan path] C:\WINDOWS\system32\DRIVERS\asyncmac.sys [Scan path] C:\WINDOWS\system32\DRIVERS\atapi.sys [Scan path] C:\WINDOWS\system32\DRIVERS\atmarpc.sys [Scan path] C:\WINDOWS\system32\DRIVERS\audstub.sys [Scan path] C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [Scan path] C:\WINDOWS\System32\Drivers\avg7core.sys [Scan path] C:\WINDOWS\System32\Drivers\avg7rsw.sys [Scan path] C:\WINDOWS\System32\Drivers\avg7rsxp.sys [Scan path] C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [Scan path] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [Scan path] C:\WINDOWS\System32\Drivers\avgtdi.sys [Scan path] C:\WINDOWS\system32\DRIVERS\b57xp32.sys [Scan path] C:\WINDOWS\system32\DRIVERS\BthEnum.sys [Scan path] C:\WINDOWS\system32\DRIVERS\bthpan.sys [Scan path] C:\WINDOWS\System32\Drivers\BTHport.sys [Scan path] C:\WINDOWS\System32\Drivers\BTHUSB.sys [Scan path] C:\WINDOWS\system32\DRIVERS\btkrnl.sys [Scan path] C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [Scan path] C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [Scan path] C:\WINDOWS\system32\DRIVERS\cdrom.sys [Scan path] C:\WINDOWS\system32\clipsrv.exe [Scan path] C:\WINDOWS\System32\Drivers\ClntMgmt.sys [Scan path] C:\WINDOWS\system32\DRIVERS\CmBatt.sys [Scan path] C:\WINDOWS\system32\DRIVERS\compbatt.sys [Scan path] c:\windows\system32\dllhost.exe [Scan path] C:\WINDOWS\system32\Drivers\CO_Mon.sys [Scan path] C:\WINDOWS\system32\DRIVERS\disk.sys [Scan path] c:\windows\system32\dmadmin.exe [Scan path] C:\WINDOWS\System32\drivers\dmboot.sys [Scan path] C:\WINDOWS\System32\drivers\dmio.sys [Scan path] C:\WINDOWS\System32\drivers\dmload.sys [Scan path] C:\WINDOWS\system32\drivers\DMusic.sys [Scan path] C:\WINDOWS\system32\drivers\drmkaud.sys [Scan path] C:\WINDOWS\system32\drivers\drvmcdb.sys [Scan path] C:\WINDOWS\system32\drivers\drvnddm.sys [Scan path] C:\WINDOWS\system32\drivers\EABFiltr.sys [Scan path] C:\WINDOWS\system32\drivers\eabusb.sys [Scan path] C:\WINDOWS\system32\fxssvc.exe [Scan path] C:\WINDOWS\system32\DRIVERS\fltMgr.sys [Scan path] C:\WINDOWS\system32\DRIVERS\ftdisk.sys [Scan path] C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [Scan path] C:\WINDOWS\system32\DRIVERS\msgpc.sys [Scan path] C:\WINDOWS\system32\DRIVERS\gtipci21.sys [Scan path] C:\WINDOWS\system32\DRIVERS\hidusb.sys [Scan path] C:\Program Files\HPQ\Shared\hpqwmi.exe [Scan path] C:\WINDOWS\system32\DRIVERS\HPZid412.sys [Scan path] C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [Scan path] C:\WINDOWS\system32\DRIVERS\HPZius12.sys [Scan path] C:\WINDOWS\System32\Drivers\HTTP.sys [Scan path] C:\WINDOWS\system32\DRIVERS\i8042prt.sys [Scan path] C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [Scan path] C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [Scan path] C:\WINDOWS\system32\DRIVERS\imapi.sys [Scan path] C:\WINDOWS\system32\imapi.exe [Scan path] C:\WINDOWS\system32\DRIVERS\intelide.sys [Scan path] C:\WINDOWS\system32\DRIVERS\intelppm.sys [Scan path] C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [Scan path] C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [Scan path] C:\WINDOWS\system32\DRIVERS\ipinip.sys [Scan path] C:\WINDOWS\system32\DRIVERS\ipnat.sys [Scan path] C:\WINDOWS\system32\DRIVERS\ipsec.sys [Scan path] C:\WINDOWS\system32\DRIVERS\irda.sys [Scan path] C:\WINDOWS\system32\DRIVERS\irenum.sys [Scan path] C:\WINDOWS\system32\DRIVERS\isapnp.sys [Scan path] C:\WINDOWS\system32\DRIVERS\kbdclass.sys [Scan path] C:\WINDOWS\system32\drivers\kmixer.sys [Scan path] C:\WINDOWS\System32\Drivers\AVUSB_TX.sys [Scan path] C:\WINDOWS\system32\tcpsvcs.exe [Scan path] C:\WINDOWS\system32\drivers\Lvckap.sys [Scan path] C:\WINDOWS\System32\Drivers\LVEzLD06.sys [Scan path] C:\WINDOWS\system32\drivers\LVPrcMon.sys [Scan path] C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [Scan path] C:\WINDOWS\system32\mnmsrvc.exe [Scan path] C:\WINDOWS\system32\DRIVERS\mouclass.sys [Scan path] C:\WINDOWS\system32\DRIVERS\mouhid.sys [Scan path] C:\WINDOWS\system32\DRIVERS\MPE.sys [Scan path] C:\WINDOWS\system32\DRIVERS\mrxdav.sys [Scan path] C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [Scan path] C:\WINDOWS\system32\msdtc.exe [Scan path] c:\windows\system32\msiexec.exe [Scan path] C:\WINDOWS\system32\drivers\MSKSSRV.sys [Scan path] C:\WINDOWS\system32\drivers\MSPCLOCK.sys [Scan path] C:\WINDOWS\system32\drivers\MSPQM.sys [Scan path] C:\WINDOWS\system32\DRIVERS\mssmbios.sys [Scan path] C:\WINDOWS\system32\drivers\MSTEE.sys [Scan path] C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [Scan path] C:\WINDOWS\system32\DRIVERS\NdisIP.sys [Scan path] C:\WINDOWS\system32\DRIVERS\ndistapi.sys [Scan path] C:\WINDOWS\system32\DRIVERS\ndisuio.sys [Scan path] C:\WINDOWS\system32\DRIVERS\ndiswan.sys [Scan path] C:\WINDOWS\system32\DRIVERS\netbios.sys [Scan path] C:\WINDOWS\system32\DRIVERS\netbt.sys [Scan path] C:\WINDOWS\system32\netdde.exe [Scan path] C:\WINDOWS\system32\DRIVERS\nic1394.sys [Scan path] C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [Scan path] C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [Scan path] C:\WINDOWS\system32\DRIVERS\ohci1394.sys [Scan path] C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [Scan path] C:\WINDOWS\system32\DRIVERS\parport.sys [Scan path] C:\WINDOWS\system32\DRIVERS\pci.sys [Scan path] C:\WINDOWS\system32\DRIVERS\pcmcia.sys [Scan path] C:\WINDOWS\system32\HPZipm12.exe [Scan path] C:\WINDOWS\system32\DRIVERS\raspptp.sys [Scan path] C:\WINDOWS\system32\DRIVERS\psched.sys [Scan path] C:\WINDOWS\system32\DRIVERS\ptilink.sys [Scan path] C:\WINDOWS\System32\Drivers\PxHelp20.sys [Scan path] C:\WINDOWS\system32\DRIVERS\rasacd.sys [Scan path] C:\WINDOWS\system32\DRIVERS\rasirda.sys [Scan path] C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [Scan path] C:\WINDOWS\system32\DRIVERS\raspppoe.sys [Scan path] C:\WINDOWS\system32\DRIVERS\raspti.sys [Scan path] C:\WINDOWS\system32\DRIVERS\rdbss.sys [Scan path] C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [Scan path] C:\WINDOWS\system32\sessmgr.exe [Scan path] C:\WINDOWS\system32\DRIVERS\redbook.sys [Scan path] C:\WINDOWS\system32\DRIVERS\rfcomm.sys [Scan path] C:\WINDOWS\system32\locator.exe [Scan path] C:\WINDOWS\system32\rsvp.exe [Scan path] C:\WINDOWS\system32\DRIVERS\sdbus.sys [Scan path] C:\WINDOWS\system32\DRIVERS\secdrv.sys [Scan path] C:\WINDOWS\system32\DRIVERS\serenum.sys [Scan path] C:\WINDOWS\system32\DRIVERS\Serihier nicht!.sys [Scan path] C:\WINDOWS\system32\DRIVERS\SLIP.sys [Scan path] C:\WINDOWS\system32\DRIVERS\smcirda.sys [Scan path] C:\WINDOWS\system32\drivers\smwdm.sys [Scan path] C:\WINDOWS\System32\snmptrap.exe [Scan path] C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [Scan path] C:\WINDOWS\system32\drivers\splitter.sys [Scan path] C:\WINDOWS\system32\DRIVERS\sr.sys [Scan path] C:\WINDOWS\system32\ZoneLabs\srescan.sys [Scan path] C:\WINDOWS\system32\DRIVERS\srv.sys [Scan path] C:\WINDOWS\system32\drivers\sscdbhk5.sys [Scan path] C:\WINDOWS\system32\drivers\ssrtln.sys [Scan path] C:\WINDOWS\system32\DRIVERS\StreamIP.sys [Scan path] C:\WINDOWS\system32\DRIVERS\swenum.sys [Scan path] C:\WINDOWS\system32\drivers\swmidi.sys [Scan path] C:\WINDOWS\system32\DRIVERS\SynTP.sys [Scan path] C:\WINDOWS\system32\drivers\sysaudio.sys [Scan path] C:\WINDOWS\system32\smlogsvc.exe [Scan path] C:\WINDOWS\system32\DRIVERS\tcpip.sys [Scan path] C:\WINDOWS\system32\DRIVERS\tcpip6.sys [Scan path] C:\WINDOWS\system32\DRIVERS\termdd.sys [Scan path] C:\WINDOWS\system32\dla\tfsnboio.sys [Scan path] C:\WINDOWS\system32\dla\tfsncofs.sys [Scan path] C:\WINDOWS\system32\dla\tfsndrct.sys [Scan path] C:\WINDOWS\system32\dla\tfsndres.sys [Scan path] C:\WINDOWS\system32\dla\tfsnifs.sys [Scan path] C:\WINDOWS\system32\dla\tfsnopio.sys [Scan path] C:\WINDOWS\system32\dla\tfsnpool.sys [Scan path] C:\WINDOWS\system32\dla\tfsnudf.sys [Scan path] C:\WINDOWS\system32\dla\tfsnudfa.sys [Scan path] C:\WINDOWS\system32\drivers\tifm21.sys [Scan path] C:\WINDOWS\system32\DRIVERS\tunmp.sys [Scan path] C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [Scan path] C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [Scan path] C:\WINDOWS\system32\DRIVERS\update.sys [Scan path] C:\WINDOWS\System32\ups.exe [Scan path] C:\WINDOWS\system32\drivers\usbaudio.sys [Scan path] C:\WINDOWS\system32\DRIVERS\usbccgp.sys [Scan path] C:\WINDOWS\system32\DRIVERS\usbehci.sys [Scan path] C:\WINDOWS\system32\DRIVERS\usbhub.sys [Scan path] C:\WINDOWS\system32\DRIVERS\usbprint.sys [Scan path] C:\WINDOWS\system32\DRIVERS\usbscan.sys [Scan path] C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [Scan path] C:\WINDOWS\system32\DRIVERS\usbuhci.sys [Scan path] C:\WINDOWS\System32\Drivers\USIUDF.sys [Scan path] C:\WINDOWS\System32\drivers\vga.sys [Scan path] C:\WINDOWS\System32\vsdatant.sys [Scan path] c:\windows\system32\zonelabs\vsmon.exe [Scan path] C:\WINDOWS\System32\vssvc.exe [Scan path] C:\WINDOWS\system32\DRIVERS\w29n51.sys [Scan path] C:\WINDOWS\system32\DRIVERS\wanarp.sys [Scan path] C:\WINDOWS\system32\drivers\wdmaud.sys [Scan path] c:\program files\windows media connect\mswmccds.exe [Scan path] C:\Program Files\Windows Media Connect\mswmcls.exe [Scan path] C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [Scan path] C:\WINDOWS\system32\wbem\wmiapsrv.exe [Scan path] C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [Scan path] C:\WINDOWS\system32\ntsd.exe ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 328 Infected objects found: 1 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 478 Kb/s Scan time: 00:02:35 ----------------------------------------------------------------------------- ============================================================================= Total session statistics ============================================================================= Objects scanned: 328 Infected objects found: 1 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 478 Kb/s Scan time: 00:02:35 ============================================================================= ============================================================================= Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.06080) Copyright (c) Igor Daniloff, 1992-2006 Log generated on: 2006-09-13, 00:55:04 [DEYAN][DeyanPC] Command-line: "C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini Operating system:Windows XP Home Edition x86 (Build 2600), Service Pack 2 ============================================================================= Engine version: 4.33 (4.33.4.07270) Engine API version: 2.01 [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crwtoday.cdb - 306 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43352.cdb - 2016 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43351.cdb - 943 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43347.cdb - 707 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43346.cdb - 1429 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43344.cdb - 694 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43342.cdb - 744 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43341.cdb - 841 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43340.cdb - 822 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43338.cdb - 989 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43337.cdb - 855 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43334.cdb - 900 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43328.cdb - 743 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43327.cdb - 958 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43326.cdb - 793 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43325.cdb - 713 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43324.cdb - 655 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43323.cdb - 655 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43322.cdb - 778 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43321.cdb - 846 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43320.cdb - 808 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43319.cdb - 764 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43318.cdb - 838 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43317.cdb - 363 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43316.cdb - 730 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43315.cdb - 627 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43314.cdb - 824 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43313.cdb - 842 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43312.cdb - 830 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43311.cdb - 862 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43310.cdb - 853 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43309.cdb - 733 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43308.cdb - 708 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43307.cdb - 839 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43306.cdb - 930 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43305.cdb - 759 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43304.cdb - 721 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43303.cdb - 638 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43302.cdb - 806 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43301.cdb - 504 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crw43300.cdb - 24 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\cwrtoday.cdb - 232 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\cwntoday.cdb - 196 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\cwn43304.cdb - 793 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\cwn43301.cdb - 773 virus records [Virus base] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records Total virus records: 140764 Key file: C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\cureit.key License key number: 0000000010 Registered to: Dr.Web CureIt Project License key activates: 2005-03-05 License key expires: 2007-03-05 ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 0 Infected objects found: 0 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 0 Kb/s Scan time: 00:00:00 ----------------------------------------------------------------------------- [Scan path] C:\WINDOWS\system32\smss.exe [Scan path] C:\WINDOWS\system32\csrss.exe [Scan path] C:\WINDOWS\system32\winlogon.exe [Scan path] C:\WINDOWS\system32\services.exe [Scan path] C:\WINDOWS\system32\lsass.exe [Scan path] C:\WINDOWS\system32\svchost.exe [Scan path] C:\WINDOWS\explorer.exe [Scan path] C:\WINDOWS\system32\spoolsv.exe [Scan path] C:\WINDOWS\System32\SCardSvr.exe [Scan path] C:\WINDOWS\system32\cisvc.exe [Scan path] C:\WINDOWS\System32\snmp.exe [Scan path] C:\WINDOWS\system32\wdfmgr.exe [Scan path] C:\WINDOWS\AGRSMMSG.exe [Scan path] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [Scan path] C:\WINDOWS\system32\igfxtray.exe [Scan path] C:\WINDOWS\system32\hkcmd.exe [Scan path] C:\Program Files\Java\jre1.5.0\bin\jusched.exe [Scan path] C:\WINDOWS\system32\rundll32.exe [Scan path] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe [Scan path] C:\Program Files\iTunes\iTunesHelper.exe [Scan path] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe [Scan path] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [Scan path] C:\WINDOWS\system32\ctfmon.exe [Scan path] C:\Program Files\iPod\bin\iPodService.exe [Scan path] C:\WINDOWS\System32\Wbem\wmiprvse.exe [Scan path] C:\WINDOWS\system32\cidaemon.exe [Scan path] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\_start.exe [Scan path] C:\DOCUME~1\DeyanPC\LOCALS~1\Temp\RarSFX0\cureit.exe [Scan path] C:\WINDOWS\system32\wuauclt.exe [Scan path] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [Scan path] c:\windows\system32\ime\tintlgnt\tintsetp.exe [Scan path] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [Scan path] c:\program files\analog devices\soundmax\smax4.exe [Scan path] C:\Program Files\HPQ\Default Settings\cpqset.exe [Scan path] c:\program files\hpq\quick launch buttons\eabservr.exe [Scan path] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [Scan path] C:\WINDOWS\system32\dla\tfswctrl.exe [Scan path] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [Scan path] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [Scan path] C:\WINDOWS\system32\bthprops.cpl [Scan path] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [Scan path] C:\Program Files\DTV\RemoteControl.exe [Scan path] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [Scan path] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [Scan path] c:\progra~1\grisoft\avgfre~1\avgcc.exe [Scan path] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [Scan path] C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe [Scan path] c:\program files\nokia\nokia pc suite 6\launchapplication.exe [Scan path] c:\progra~1\grisoft\avgfre~1\avgw.exe [Scan path] C:\Documents and Settings\DeyanPC\Start Menu\Programs\Startup\desktop.ini [Scan path] C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [Scan path] C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [Scan path] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini [Scan path] C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [Scan path] C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [Scan path] C:\Program Files\Microsoft Office\Office10\OSA.EXE [Scan path] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MSWin.exe [Scan path] C:\WINDOWS\system32\mmsys.cpl [Scan path] C:\WINDOWS\system32\icmui.dll [Scan path] C:\WINDOWS\system32\rshx32.dll [Scan path] C:\WINDOWS\system32\docprop.dll [Scan path] C:\WINDOWS\system32\ntshrui.dll [Scan path] C:\WINDOWS\system32\themeui.dll [Scan path] C:\WINDOWS\system32\deskadp.dll [Scan path] C:\WINDOWS\system32\deskmon.dll [Scan path] C:\WINDOWS\system32\dssec.dll [Scan path] C:\WINDOWS\system32\SlayerXP.dll [Scan path] C:\WINDOWS\system32\shscrap.dll [Scan path] C:\WINDOWS\system32\diskcopy.dll [Scan path] C:\WINDOWS\system32\ntlanui2.dll [Scan path] C:\WINDOWS\system32\printui.dll [Scan path] C:\WINDOWS\system32\dskquoui.dll [Scan path] C:\WINDOWS\system32\syncui.dll [Scan path] C:\WINDOWS\system32\hticons.dll [Scan path] C:\WINDOWS\system32\fontext.dll [Scan path] C:\WINDOWS\system32\deskperf.dll [Scan path] C:\WINDOWS\system32\cryptext.dll [Scan path] C:\WINDOWS\system32\NETSHELL.dll [Scan path] C:\WINDOWS\system32\wiashext.dll [Scan path] C:\WINDOWS\system32\remotepg.dll [Scan path] C:\WINDOWS\system32\wshext.dll [Scan path] C:\Program Files\Common Files\System\Ole DB\oledb32.dll [Scan path] C:\WINDOWS\system32\mstask.dll [Scan path] C:\WINDOWS\system32\shdocvw.dll [Scan path] C:\WINDOWS\system32\wuaucpl.cpl [Scan path] C:\WINDOWS\system32\twext.dll [Scan path] C:\WINDOWS\system32\shmedia.dll [Scan path] C:\WINDOWS\system32\browseui.dll [Scan path] C:\WINDOWS\system32\sendmail.dll [Scan path] C:\WINDOWS\system32\occache.dll [Scan path] C:\WINDOWS\system32\webcheck.dll [Scan path] C:\WINDOWS\system32\appwiz.cpl [Scan path] C:\WINDOWS\system32\shimgvw.dll [Scan path] C:\WINDOWS\system32\netplwiz.dll [Scan path] C:\WINDOWS\system32\zipfldr.dll [Scan path] C:\WINDOWS\system32\cdfview.dll [Scan path] C:\WINDOWS\system32\extmgr.dll [Scan path] C:\WINDOWS\system32\msieftp.dll [Scan path] C:\WINDOWS\system32\docprop2.dll [Scan path] C:\WINDOWS\system32\dsquery.dll [Scan path] C:\WINDOWS\system32\dsuiext.dll [Scan path] C:\WINDOWS\system32\mydocs.dll [Scan path] C:\WINDOWS\System32\cscui.dll [Scan path] C:\WINDOWS\msagent\agentpsh.dll [Scan path] C:\WINDOWS\system32\dfsshlex.dll [Scan path] C:\WINDOWS\system32\photowiz.dll [Scan path] C:\WINDOWS\System32\mmcshext.dll [Scan path] C:\WINDOWS\system32\cabview.dll [Scan path] C:\Program Files\Outlook Express\wabfind.dll [Scan path] C:\WINDOWS\system32\wmpshell.dll [Scan path] C:\WINDOWS\system32\btneighborhood.dll [Scan path] C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [Scan path] C:\Program Files\Sonic\RecordNow!\shlext.dll [Scan path] C:\WINDOWS\system32\dla\tfswshx.dll [Scan path] C:\WINDOWS\system32\Audiodev.dll [Scan path] C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll [Scan path] C:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll [Scan path] C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL [Scan path] C:\Program Files\Microsoft Office\Office10\msohev.dll [Scan path] C:\Program Files\WinRAR\rarext.dll [Scan path] C:\WINDOWS\system32\upnpui.dll [Scan path] C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL [Scan path] C:\Program Files\iTunes\iTunesMiniPlayer.dll [Scan path] C:\PROGRA~1\Grisoft\AVGFRE~1\avgse.dll [Scan path] C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Scan path] c:\program files\google\googletoolbar1.dll [Scan path] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Scan path] C:\WINDOWS\system32\pmnll.dll >C:\WINDOWS\system32\pmnll.dll infected with Trojan.Virtumod - will be cured after reboot [Scan path] C:\WINDOWS\system32\SHELL32.dll [Scan path] C:\WINDOWS\system32\stobject.dll [Scan path] C:\WINDOWS\system32\crypt32.dll [Scan path] C:\WINDOWS\system32\cryptnet.dll [Scan path] C:\WINDOWS\system32\cscdll.dll [Scan path] C:\WINDOWS\system32\igfxsrvc.dll [Scan path] C:\WINDOWS\system32\wlnotify.dll [Scan path] C:\WINDOWS\system32\sclgntfy.dll [Scan path] C:\WINDOWS\system32\WgaLogon.dll [Scan path] c:\windows\system32\svchost.exe [Scan path] C:\WINDOWS\system32\DRIVERS\ACPI.sys [Scan path] C:\WINDOWS\system32\DRIVERS\ACPIEC.sys [Scan path] C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [Scan path] C:\WINDOWS\system32\drivers\aeaudio.sys [Scan path] C:\WINDOWS\system32\drivers\aec.sys [Scan path] C:\WINDOWS\System32\drivers\afd.sys [Scan path] C:\WINDOWS\system32\DRIVERS\AGRSM.sys [Scan path] C:\WINDOWS\System32\alg.exe [Scan path] C:\WINDOWS\system32\DRIVERS\arp1394.sys [Scan path] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [Scan path] C:\WINDOWS\system32\DRIVERS\asyncmac.sys [Scan path] C:\WINDOWS\system32\DRIVERS\atapi.sys [Scan path] C:\WINDOWS\system32\DRIVERS\atmarpc.sys [Scan path] C:\WINDOWS\system32\DRIVERS\audstub.sys [Scan path] C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [Scan path] C:\WINDOWS\System32\Drivers\avg7core.sys [Scan path] C:\WINDOWS\System32\Drivers\avg7rsw.sys [Scan path] C:\WINDOWS\System32\Drivers\avg7rsxp.sys [Scan path] C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [Scan path] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [Scan path] C:\WINDOWS\System32\Drivers\avgtdi.sys [Scan path] C:\WINDOWS\system32\DRIVERS\b57xp32.sys [Scan path] C:\WINDOWS\system32\DRIVERS\BthEnum.sys [Scan path] C:\WINDOWS\system32\DRIVERS\bthpan.sys [Scan path] C:\WINDOWS\System32\Drivers\BTHport.sys [Scan path] C:\WINDOWS\System32\Drivers\BTHUSB.sys [Scan path] C:\WINDOWS\system32\DRIVERS\btkrnl.sys [Scan path] C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [Scan path] C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [Scan path] C:\WINDOWS\system32\DRIVERS\cdrom.sys [Scan path] C:\WINDOWS\system32\clipsrv.exe [Scan path] C:\WINDOWS\System32\Drivers\ClntMgmt.sys [Scan path] C:\WINDOWS\system32\DRIVERS\CmBatt.sys [Scan path] C:\WINDOWS\system32\DRIVERS\compbatt.sys [Scan path] c:\windows\system32\dllhost.exe [Scan path] C:\WINDOWS\system32\Drivers\CO_Mon.sys [Scan path] C:\WINDOWS\system32\DRIVERS\disk.sys [Scan path] c:\windows\system32\dmadmin.exe [Scan path] C:\WINDOWS\System32\drivers\dmboot.sys [Scan path] C:\WINDOWS\System32\drivers\dmio.sys [Scan path] C:\WINDOWS\System32\drivers\dmload.sys [Scan path] C:\WINDOWS\system32\drivers\DMusic.sys [Scan path] C:\WINDOWS\system32\drivers\drmkaud.sys [Scan path] C:\WINDOWS\system32\drivers\drvmcdb.sys [Scan path] C:\WINDOWS\system32\drivers\drvnddm.sys [Scan path] C:\WINDOWS\system32\drivers\EABFiltr.sys [Scan path] C:\WINDOWS\system32\drivers\eabusb.sys [Scan path] C:\WINDOWS\system32\fxssvc.exe [Scan path] C:\WINDOWS\system32\DRIVERS\fltMgr.sys [Scan path] C:\WINDOWS\system32\DRIVERS\ftdisk.sys [Scan path] C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [Scan path] C:\WINDOWS\system32\DRIVERS\msgpc.sys [Scan path] C:\WINDOWS\system32\DRIVERS\gtipci21.sys [Scan path] C:\WINDOWS\system32\DRIVERS\hidusb.sys [Scan path] C:\Program Files\HPQ\Shared\hpqwmi.exe [Scan path] C:\WINDOWS\system32\DRIVERS\HPZid412.sys [Scan path] C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [Scan path] C:\WINDOWS\system32\DRIVERS\HPZius12.sys [Scan path] C:\WINDOWS\System32\Drivers\HTTP.sys [Scan path] C:\WINDOWS\system32\DRIVERS\i8042prt.sys [Scan path] C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [Scan path] C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [Scan path] C:\WINDOWS\system32\DRIVERS\imapi.sys [Scan path] C:\WINDOWS\system32\imapi.exe [Scan path] C:\WINDOWS\system32\DRIVERS\intelide.sys [Scan path] C:\WINDOWS\system32\DRIVERS\intelppm.sys [Scan path] C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys [Scan path] C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [Scan path] C:\WINDOWS\system32\DRIVERS\ipinip.sys [Scan path] C:\WINDOWS\system32\DRIVERS\ipnat.sys [Scan path] C:\WINDOWS\system32\DRIVERS\ipsec.sys [Scan path] C:\WINDOWS\system32\DRIVERS\irda.sys [Scan path] C:\WINDOWS\system32\DRIVERS\irenum.sys [Scan path] C:\WINDOWS\system32\DRIVERS\isapnp.sys [Scan path] C:\WINDOWS\system32\DRIVERS\kbdclass.sys [Scan path] C:\WINDOWS\system32\drivers\kmixer.sys [Scan path] C:\WINDOWS\System32\Drivers\AVUSB_TX.sys [Scan path] C:\WINDOWS\system32\tcpsvcs.exe [Scan path] C:\WINDOWS\system32\drivers\Lvckap.sys [Scan path] C:\WINDOWS\System32\Drivers\LVEzLD06.sys [Scan path] C:\WINDOWS\system32\drivers\LVPrcMon.sys [Scan path] C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [Scan path] C:\WINDOWS\system32\mnmsrvc.exe [Scan path] C:\WINDOWS\system32\DRIVERS\mouclass.sys [Scan path] C:\WINDOWS\system32\DRIVERS\mouhid.sys [Scan path] C:\WINDOWS\system32\DRIVERS\MPE.sys [Scan path] C:\WINDOWS\system32\DRIVERS\mrxdav.sys [Scan path] C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [Scan path] C:\WINDOWS\system32\msdtc.exe [Scan path] c:\windows\system32\msiexec.exe [Scan path] C:\WINDOWS\system32\drivers\MSKSSRV.sys [Scan path] C:\WINDOWS\system32\drivers\MSPCLOCK.sys [Scan path] C:\WINDOWS\system32\drivers\MSPQM.sys [Scan path] C:\WINDOWS\system32\DRIVERS\mssmbios.sys [Scan path] C:\WINDOWS\system32\drivers\MSTEE.sys [Scan path] C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [Scan path] C:\WINDOWS\system32\DRIVERS\NdisIP.sys [Scan path] C:\WINDOWS\system32\DRIVERS\ndistapi.sys [Scan path] C:\WINDOWS\system32\DRIVERS\ndisuio.sys [Scan path] C:\WINDOWS\system32\DRIVERS\ndiswan.sys [Scan path] C:\WINDOWS\system32\DRIVERS\netbios.sys [Scan path] C:\WINDOWS\system32\DRIVERS\netbt.sys [Scan path] C:\WINDOWS\system32\netdde.exe [Scan path] C:\WINDOWS\system32\DRIVERS\nic1394.sys [Scan path] C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [Scan path] C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [Scan path] C:\WINDOWS\system32\DRIVERS\ohci1394.sys [Scan path] C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [Scan path] C:\WINDOWS\system32\DRIVERS\parport.sys [Scan path] C:\WINDOWS\system32\DRIVERS\pci.sys [Scan path] C:\WINDOWS\system32\DRIVERS\pcmcia.sys [Scan path] C:\WINDOWS\system32\HPZipm12.exe [Scan path] C:\WINDOWS\system32\DRIVERS\raspptp.sys [Scan path] C:\WINDOWS\system32\DRIVERS\psched.sys [Scan path] C:\WINDOWS\system32\DRIVERS\ptilink.sys [Scan path] C:\WINDOWS\System32\Drivers\PxHelp20.sys [Scan path] C:\WINDOWS\system32\DRIVERS\rasacd.sys [Scan path] C:\WINDOWS\system32\DRIVERS\rasirda.sys [Scan path] C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [Scan path] C:\WINDOWS\system32\DRIVERS\raspppoe.sys [Scan path] C:\WINDOWS\system32\DRIVERS\raspti.sys [Scan path] C:\WINDOWS\system32\DRIVERS\rdbss.sys [Scan path] C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [Scan path] C:\WINDOWS\system32\sessmgr.exe [Scan path] C:\WINDOWS\system32\DRIVERS\redbook.sys [Scan path] C:\WINDOWS\system32\DRIVERS\rfcomm.sys [Scan path] C:\WINDOWS\system32\locator.exe [Scan path] C:\WINDOWS\system32\rsvp.exe [Scan path] C:\WINDOWS\system32\DRIVERS\sdbus.sys [Scan path] C:\WINDOWS\system32\DRIVERS\secdrv.sys [Scan path] C:\WINDOWS\system32\DRIVERS\serenum.sys [Scan path] C:\WINDOWS\system32\DRIVERS\Serihier nicht!.sys [Scan path] C:\WINDOWS\system32\DRIVERS\SLIP.sys [Scan path] C:\WINDOWS\system32\DRIVERS\smcirda.sys [Scan path] C:\WINDOWS\system32\drivers\smwdm.sys [Scan path] C:\WINDOWS\System32\snmptrap.exe [Scan path] C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [Scan path] C:\WINDOWS\system32\drivers\splitter.sys [Scan path] C:\WINDOWS\system32\DRIVERS\sr.sys [Scan path] C:\WINDOWS\system32\ZoneLabs\srescan.sys [Scan path] C:\WINDOWS\system32\DRIVERS\srv.sys [Scan path] C:\WINDOWS\system32\drivers\sscdbhk5.sys [Scan path] C:\WINDOWS\system32\drivers\ssrtln.sys [Scan path] C:\WINDOWS\system32\DRIVERS\StreamIP.sys [Scan path] C:\WINDOWS\system32\DRIVERS\swenum.sys [Scan path] C:\WINDOWS\system32\drivers\swmidi.sys [Scan path] C:\WINDOWS\system32\DRIVERS\SynTP.sys [Scan path] C:\WINDOWS\system32\drivers\sysaudio.sys [Scan path] C:\WINDOWS\system32\smlogsvc.exe [Scan path] C:\WINDOWS\system32\DRIVERS\tcpip.sys [Scan path] C:\WINDOWS\system32\DRIVERS\tcpip6.sys [Scan path] C:\WINDOWS\system32\DRIVERS\termdd.sys [Scan path] C:\WINDOWS\system32\dla\tfsnboio.sys [Scan path] C:\WINDOWS\system32\dla\tfsncofs.sys [Scan path] C:\WINDOWS\system32\dla\tfsndrct.sys [Scan path] C:\WINDOWS\system32\dla\tfsndres.sys [Scan path] C:\WINDOWS\system32\dla\tfsnifs.sys [Scan path] C:\WINDOWS\system32\dla\tfsnopio.sys [Scan path] C:\WINDOWS\system32\dla\tfsnpool.sys [Scan path] C:\WINDOWS\system32\dla\tfsnudf.sys [Scan path] C:\WINDOWS\system32\dla\tfsnudfa.sys [Scan path] C:\WINDOWS\system32\drivers\tifm21.sys [Scan path] C:\WINDOWS\system32\DRIVERS\tunmp.sys [Scan path] C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [Scan path] C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [Scan path] C:\WINDOWS\system32\DRIVERS\update.sys [Scan path] C:\WINDOWS\System32\ups.exe [Scan path] C:\WINDOWS\system32\drivers\usbaudio.sys [Scan path] C:\WINDOWS\system32\DRIVERS\usbccgp.sys [Scan path] C:\WINDOWS\system32\DRIVERS\usbehci.sys [Scan path] C:\WINDOWS\system32\DRIVERS\usbhub.sys [Scan path] C:\WINDOWS\system32\DRIVERS\usbprint.sys [Scan path] C:\WINDOWS\system32\DRIVERS\usbscan.sys [Scan path] C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [Scan path] C:\WINDOWS\system32\DRIVERS\usbuhci.sys [Scan path] C:\WINDOWS\System32\Drivers\USIUDF.sys [Scan path] C:\WINDOWS\System32\drivers\vga.sys [Scan path] C:\WINDOWS\System32\vsdatant.sys [Scan path] c:\windows\system32\zonelabs\vsmon.exe [Scan path] C:\WINDOWS\System32\vssvc.exe [Scan path] C:\WINDOWS\system32\DRIVERS\w29n51.sys [Scan path] C:\WINDOWS\system32\DRIVERS\wanarp.sys [Scan path] C:\WINDOWS\system32\drivers\wdmaud.sys [Scan path] c:\program files\windows media connect\mswmccds.exe [Scan path] C:\Program Files\Windows Media Connect\mswmcls.exe [Scan path] C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [Scan path] C:\WINDOWS\system32\wbem\wmiapsrv.exe [Scan path] C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [Scan path] C:\WINDOWS\system32\ntsd.exe ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 329 Infected objects found: 1 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 1813 Kb/s Scan time: 00:00:41 ----------------------------------------------------------------------------- [Scan path] D:\ ----------------------------------------------------------------------------- Scan statistics ----------------------------------------------------------------------------- Objects scanned: 686 Infected objects found: 0 Objects with modifications found: 0 Suspicious objects found: 0 Adware programs found: 0 Dialer programs found: 0 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 0 Objects renamed: 0 Objects moved: 0 Objects ignored: 0 Scan speed: 157942 Kb/s Scan time: 00:00:20 -----------------------------------------------------------------------------

13.09.2006, 01:46 Sabina Ehrenmitglied Beiträge: 29434	#6 einen Virus hat der dr. web noch gefunden (ich hatte die dll uebersehen starte den rechner neu, dann scanne noch mal und berichte __________ MfG Sabina rund um die PC-Sicherheit

13.09.2006, 13:58 Deyani Member Themenstarter Beiträge: 11	#7 hier das Log: Brauche ich überhaupt AVG, Zonealarm oder RegistryMechanic, wenn all die Viren und Fehler zulassen? [Scan path] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Scan path] C:\WINDOWS\system32\pmnll.dll >C:\WINDOWS\system32\pmnll.dll infected with Trojan.Virtumod - will be cured after reboot Dieser Beitrag wurde am 13.09.2006 um 14:38 Uhr von Deyani editiert.

13.09.2006, 14:09 Sabina Ehrenmitglied Beiträge: 29434	#8 Avenger Zitat Files to delete: C:\WINDOWS\system32\pmnll.dll poste noch mal die 4 logs von datfindbat __________ MfG Sabina rund um die PC-Sicherheit

13.09.2006, 14:52 Deyani Member Themenstarter Beiträge: 11	#9 Mit Avenger kommt eine Fehlermeldung: "Error: selected file does not appear to be a valid script" Error code: 0 Datfind.bat logs Volume in drive C has no label. Volume Serihier nicht! Number is FC8A-D7FF Directory of C:\WINDOWS\system32 09/13/2006 14:46 726 llnmp.ini 09/13/2006 13:06 54,112 vsconfig.xml 09/13/2006 13:06 2,206 wpa.dbl 09/12/2006 17:19 106,516 qygtnvre.dll 09/11/2006 20:31 106,516 pnebnpeh.dll 09/11/2006 20:31 1,149,738 llnmp.bak2 08/09/2006 22:03 8,325,544 MRT.exe 07/28/2006 14:28 3,054,080 mshtml.dll 07/27/2006 16:24 679,424 inetcomm.dll 07/26/2006 01:03 4,212 zllictbl.dat 07/25/2006 23:33 613,888 urlmon.dll 07/21/2006 11:24 72,704 hlink.dll 07/16/2006 20:34 382,260 perfh009.dat 07/16/2006 20:34 53,838 perfc009.dat 07/16/2006 20:34 441,802 PerfStringBackup.INI 07/14/2006 18:31 332,288 netapi32.dll 07/14/2006 18:25 546,304 hhctrl.ocx 07/14/2006 10:01 215,264 FNTCACHE.DAT 07/13/2006 16:33 8,453,632 shell32.dll 07/09/2006 15:38 25,605 ikhcore.log 07/09/2006 13:42 42,920 vsutil_loc0407.dll 07/09/2006 13:42 392,824 vsdatant.sys 07/09/2006 13:42 71,672 zlcommdb.dll 07/09/2006 13:42 83,960 zlcomm.dll 07/09/2006 13:42 100,344 vsxml.dll 07/09/2006 13:42 59,384 vswmi.dll 07/09/2006 13:42 440,312 vsutil.dll 07/09/2006 13:42 71,672 vsregexp.dll 07/09/2006 13:42 104,440 vsmonapi.dll 07/09/2006 13:42 157,688 vsinit.dll 07/09/2006 13:42 268,280 vspubapi.dll 07/09/2006 13:42 83,960 vsdata.dll 07/05/2006 16:39 569,396 pmnll.dll 07/05/2006 13:55 984,064 kernel32.dll 06/26/2006 20:37 148,480 dnsapi.dll 06/26/2006 20:37 8,192 rasadhlp.dll 06/23/2006 14:02 658,944 wininet.dll 06/23/2006 14:02 1,494,016 shdocvw.dll 06/23/2006 14:02 532,480 mstime.dll 06/23/2006 14:02 146,432 msrating.dll 06/23/2006 14:02 448,512 mshtmled.dll 06/23/2006 14:02 474,112 shlwapi.dll 06/23/2006 14:02 39,424 pngfilt.dll 06/23/2006 14:02 16,384 jsproxy.dll 06/23/2006 14:02 251,392 iepeers.dll 06/23/2006 14:02 1,054,208 danim.dll 06/23/2006 14:02 55,808 extmgr.dll 06/23/2006 14:02 96,256 inseng.dll 06/23/2006 14:02 205,312 dxtrans.dll 06/23/2006 14:02 357,888 dxtmsft.dll 06/23/2006 14:02 151,040 cdfview.dll 06/23/2006 14:02 1,022,976 browseui.dll 06/23/2006 11:34 24,576 xpsp3res.dll 06/22/2006 13:47 181,248 rasmans.dll 06/20/2006 23:32 796,584 libeay32_0.9.6l.dll 06/19/2006 16:20 702,768 WgaLogon.dll 06/19/2006 16:19 571,184 LegitCheckControl.dll 06/19/2006 16:19 304,944 WgaTray.exe 06/15/2006 15:20 45,292 OEMINFO.PNF 06/01/2006 21:47 27,648 jgpl400.dll 06/01/2006 21:47 163,840 jgdw400.dll 2263 File(s) 406,937,924 bytes 0 Dir(s) 28,027,985,920 bytes free Volume in drive C has no label. Volume Serihier nicht! Number is FC8A-D7FF Directory of C:\DOCUME~1\DeyanPC\LOCALS~1\Temp 09/13/2006 13:07 0 tmp3C.tmp 09/13/2006 13:06 1,224 jusched.log 09/13/2006 01:11 0 tmp3B.tmp 09/12/2006 23:59 12,054 hpodvd09.log 09/12/2006 23:53 0 tmpD.tmp 09/12/2006 17:26 0 tmpC.tmp 09/12/2006 17:15 0 tmp39.tmp 09/11/2006 22:40 0 tmp37.tmp 8 File(s) 13,278 bytes 0 Dir(s) 28,027,871,232 bytes free Volume in drive C has no label. Volume Serihier nicht! Number is FC8A-D7FF Directory of C:\WINDOWS 09/13/2006 13:12 1,242,244 WindowsUpdate.log 09/13/2006 13:06 159 wiadebug.log 09/13/2006 13:06 3,638 ModemLog_Agere Systems AC'97 Modem.txt 09/13/2006 13:06 49 wiaservc.log 09/13/2006 13:05 0 0.log 09/13/2006 13:05 2,048 bootstat.dat 09/13/2006 01:09 32,646 SchedLgU.Txt 09/12/2006 17:17 532 setupact.log 09/12/2006 02:10 62,279 wmsetup.log 09/11/2006 22:36 932,271 setupapi.log 09/10/2006 20:47 2,875 KB893803v2Uninst.log 09/10/2006 20:47 71,903 iis6.log 09/10/2006 20:47 173,304 comsetup.log 09/10/2006 20:47 1,374 imsins.log 09/10/2006 20:47 192,398 tsoc.log 09/10/2006 20:47 107,384 ntdtcsetup.log 09/10/2006 20:47 27,897 ocmsn.log 09/10/2006 20:46 264,992 ocgen.log 09/10/2006 20:46 25,132 msgsocm.log 09/10/2006 20:46 497,737 FaxSetup.log 09/10/2006 19:46 268 _delis32.ini 09/10/2006 17:25 3,234 spupdsvc.log 09/10/2006 17:22 15,872 WgaNotify.log 09/10/2006 17:19 22,191 updspapi.log 09/09/2006 14:32 54,156 QTFont.qfn 09/05/2006 00:22 19 SoundConverter.INI 09/01/2006 00:50 1,409 QTFont.for 08/25/2006 00:00 14,686 cdplayer.ini 08/24/2006 18:23 1,026,392 dp2_log.txt 08/16/2006 03:06 1,374 imsins.BAK 08/16/2006 03:06 17,334 KB920214.log 08/16/2006 03:05 17,148 KB921883.log 08/16/2006 03:05 16,874 KB922616.log 08/16/2006 03:05 17,321 KB921398.log 08/16/2006 03:03 20,295 KB918899.log 08/16/2006 03:02 12,683 KB920670.log 08/16/2006 03:01 12,843 KB917422.log 08/16/2006 03:01 13,189 KB920683.log 07/28/2006 01:24 357 GEARInstall.log 07/27/2006 13:27 271,029 LVEventLog.log 07/15/2006 03:01 3,335 KB885884.log 07/14/2006 00:16 748 ODBC.INI 07/14/2006 00:13 628 win.ini 07/12/2006 01:02 12,535 KB917159.log 07/12/2006 01:02 13,086 KB914388.log 07/12/2006 01:01 11,304 KB916595.log 07/06/2006 22:05 0 pestpatrol5.INI 06/28/2006 03:01 15,700 KB911280.log 06/17/2006 16:18 11,919 KB917734.log 06/17/2006 16:17 14,404 KB918439.log 06/17/2006 16:17 14,787 KB917344.log 06/17/2006 16:17 14,551 KB917953.log 06/17/2006 16:17 18,165 KB916281.log 06/17/2006 16:17 12,437 KB914389.log 06/17/2006 14:09 100,724 cpeins04.dat 06/17/2006 14:04 206 HPGdiPlus.ini 06/15/2006 18:30 104,156 hpoins04.dat 06/13/2006 13:14 794 DirectX.log 06/12/2006 23:43 316,640 WMSysPr9.prx 175 File(s) 13,748,600 bytes 0 Dir(s) 28,027,867,136 bytes free Volume in drive C has no label. Volume Serihier nicht! Number is FC8A-D7FF Directory of C:\ 09/13/2006 14:47 0 sys.txt 09/13/2006 14:47 8,986 system.txt 09/13/2006 14:47 601 systemtemp.txt 09/13/2006 14:46 110,694 system32.txt 09/13/2006 14:45 398 avenger.txt 09/13/2006 13:05 527,880,192 hiberfil.sys 09/13/2006 13:05 792,723,456 pagefile.sys 09/11/2006 16:03 9,809 ComboFix.txt 09/10/2006 16:55 320 temp.txt 09/10/2006 16:46 10,118 ComboFix2.txt 09/10/2006 16:16 1,600 VundoFix.txt 08/16/2006 18:25 1,341,440 01.mpg 07/27/2006 13:27 2,048 TimeShift.mpg 07/16/2006 13:52 12,286,415 AVG7QT.DAT 07/09/2006 15:32 6,990 caisslog.txt 06/15/2006 20:45 1,167 _Sid.txt [/b]

13.09.2006, 22:56 Sabina Ehrenmitglied Beiträge: 29434	#10 kopiere es solange in den avenger, bis neugestartet wird, poste dann den report Zitat Files to delete: C:\WINDOWS\system32\llnmp.ini C:\WINDOWS\system32\qygtnvre.dll C:\WINDOWS\system32\pnebnpeh.dll C:\WINDOWS\system32\llnmp.bak2 C:\WINDOWS\system32\pmnll.dll __________ MfG Sabina rund um die PC-Sicherheit

13.09.2006, 23:52 Deyani Member Themenstarter Beiträge: 11	#11 Jedes Mal beim Windowsstarten kriege ich eine Fehlermeldung "hpqthb08.exe-Application error: The application failed to initialize properly(0xc0000135). Click on OK to terminate the application "??? sonst Logfile of The Avenger version 1, by Swandog46Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\cr^dkybm ***************** Script file located at: \??\C:\Documents and Settings\bojbayde.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at c:\Avenger *************** Beginning to process script file: File C:\WINDOWS\system32\llnmp.ini deleted successfully. File C:\WINDOWS\system32\qygtnvre.dll deleted successfully. File C:\WINDOWS\system32\pnebnpeh.dll deleted successfully. File C:\WINDOWS\system32\llnmp.bak2 deleted successfully. File C:\WINDOWS\system32\pmnll.dll deleted successfully. Completed script processing. ***************** Finished! Terminate.

14.09.2006, 00:22 Sabina Ehrenmitglied Beiträge: 29434	#12 o.k. scanne und poste den scanreport http://virus-protect.org/artikel/tools/superantispyware.html __________ MfG Sabina rund um die PC-Sicherheit

15.09.2006, 02:01 Deyani Member Themenstarter Beiträge: 11	#13 hi, hier die logs: SUPERAntiSpyware Scan Log Generated 09/15/2006 at 00:41 AM Core Rules Database Version : 3082 Trace Rules Database Version: 1114 Memory Thread detected : 0 Registry Thread detected : 123 File Thread detected : 58 Trojan.WinFixer HKLM\Software\Classes\CLSID\{ACAF8C94-40EB-4A4F-A2F7-E709D4CEF9A2} HKCR\CLSID\{ACAF8C94-40EB-4A4F-A2F7-E709D4CEF9A2} HKCR\CLSID\{ACAF8C94-40EB-4A4F-A2F7-E709D4CEF9A2}\InprocServer32 HKCR\CLSID\{ACAF8C94-40EB-4A4F-A2F7-E709D4CEF9A2}\InprocServer32#ThreadingModel C:\WINDOWS\system32\pmnll.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ACAF8C94-40EB-4A4F-A2F7-E709D4CEF9A2} Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\pmnll Adware.Tracking Cookie C:\Documents and Settings\DeyanPC\Cookies\deyanpc@scanner[1].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@www.burstbeacon[1].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@estat[1].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@vip.clickzs[1].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@try.starware[1].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@e-2dj6wjloagcjmgq.stats.esomniture[1].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@ads.jurawelt[2].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@cz9.clickzs[2].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@ad.zanox[2].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@mediaplex[2].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@www.burstnet[2].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@maxserving[1].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@clickwwwsearch[1].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@fastclick[1].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@questionmarket[2].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@overture[1].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@www.winantivirus[1].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@www.etracker[1].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@e-2dj6wjlyqpdzclp.stats.esomniture[2].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@maps[1].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@cz11.clickzs[2].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@apmebf[1].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@stats1.reliablestats[1].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@cs.sexcounter[2].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@ad.yieldmanager[2].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@2o7[2].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@vip2.clickzs[2].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@doubleclick[1].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@h.starware[1].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@as1.falkag[1].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@m1.webstats4u[1].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@komtrack[2].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@winantivirus[2].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@cgi-bin[3].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@a[1].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@as-eu.falkag[1].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@cgi-bin[1].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@atdmt[2].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@tacoda[1].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@sexlist[2].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@burstnet[2].txt C:\Documents and Settings\DeyanPC\Cookies\deyanpc@hmt.connexpromotions[2].txt Trojan.Unknown Origin HKLM\SOFTWARE\Microsoft\MSSMGR HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST HKLM\SOFTWARE\Microsoft\MSSMGR#BPTV HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST HKLM\SOFTWARE\Microsoft\MSSMGR#PID HKLM\SOFTWARE\Microsoft\MSSMGR#Rid HKLM\SOFTWARE\Microsoft\MSSMGR#LID HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV C:\System Volume Information\_restore{8F4E23D5-7A0B-4AF9-B850-707FD945F2C0}\RP79\A0037040.exe Trojan.Malware HKCR\MezziaCodec.Chl HKCR\MezziaCodec.Chl\CLSID Malware.SpywareQuake HKCR\TypeLib\{5E05EA9F-1EA7-4D0B-A09B-D5E29EC758B9} HKCR\TypeLib\{5E05EA9F-1EA7-4D0B-A09B-D5E29EC758B9}\1.0 HKCR\TypeLib\{5E05EA9F-1EA7-4D0B-A09B-D5E29EC758B9}\1.0\0 HKCR\TypeLib\{5E05EA9F-1EA7-4D0B-A09B-D5E29EC758B9}\1.0\0\win32 HKCR\TypeLib\{5E05EA9F-1EA7-4D0B-A09B-D5E29EC758B9}\1.0\FLAGS HKCR\TypeLib\{5E05EA9F-1EA7-4D0B-A09B-D5E29EC758B9}\1.0\HELPDIR HKCR\Interface\{2DD8D482-8F1C-4180-AA8E-9D5819E5F2EA} HKCR\Interface\{2DD8D482-8F1C-4180-AA8E-9D5819E5F2EA}\ProxyStubClsid HKCR\Interface\{2DD8D482-8F1C-4180-AA8E-9D5819E5F2EA}\ProxyStubClsid32 HKCR\Interface\{2DD8D482-8F1C-4180-AA8E-9D5819E5F2EA}\TypeLib HKCR\Interface\{2DD8D482-8F1C-4180-AA8E-9D5819E5F2EA}\TypeLib#Version HKCR\Interface\{411F83B1-A0EC-4155-AF99-0137F5EFB270} HKCR\Interface\{411F83B1-A0EC-4155-AF99-0137F5EFB270}\ProxyStubClsid HKCR\Interface\{411F83B1-A0EC-4155-AF99-0137F5EFB270}\ProxyStubClsid32 HKCR\Interface\{411F83B1-A0EC-4155-AF99-0137F5EFB270}\TypeLib HKCR\Interface\{411F83B1-A0EC-4155-AF99-0137F5EFB270}\TypeLib#Version HKCR\Interface\{4E3645AF-7A81-4F83-9B8C-1E4F930D873F} HKCR\Interface\{4E3645AF-7A81-4F83-9B8C-1E4F930D873F}\ProxyStubClsid HKCR\Interface\{4E3645AF-7A81-4F83-9B8C-1E4F930D873F}\ProxyStubClsid32 HKCR\Interface\{4E3645AF-7A81-4F83-9B8C-1E4F930D873F}\TypeLib HKCR\Interface\{4E3645AF-7A81-4F83-9B8C-1E4F930D873F}\TypeLib#Version HKCR\Interface\{61032A65-2371-4C89-B5BB-DF73090FB5EA} HKCR\Interface\{61032A65-2371-4C89-B5BB-DF73090FB5EA}\ProxyStubClsid HKCR\Interface\{61032A65-2371-4C89-B5BB-DF73090FB5EA}\ProxyStubClsid32 HKCR\Interface\{61032A65-2371-4C89-B5BB-DF73090FB5EA}\TypeLib HKCR\Interface\{61032A65-2371-4C89-B5BB-DF73090FB5EA}\TypeLib#Version HKCR\Interface\{66189AF2-7726-46E8-8628-0F95AB854792} HKCR\Interface\{66189AF2-7726-46E8-8628-0F95AB854792}\ProxyStubClsid HKCR\Interface\{66189AF2-7726-46E8-8628-0F95AB854792}\ProxyStubClsid32 HKCR\Interface\{66189AF2-7726-46E8-8628-0F95AB854792}\TypeLib HKCR\Interface\{66189AF2-7726-46E8-8628-0F95AB854792}\TypeLib#Version HKCR\Interface\{7A2F6251-6C99-4DA5-9827-954EB45DCB82} HKCR\Interface\{7A2F6251-6C99-4DA5-9827-954EB45DCB82}\ProxyStubClsid HKCR\Interface\{7A2F6251-6C99-4DA5-9827-954EB45DCB82}\ProxyStubClsid32 HKCR\Interface\{7A2F6251-6C99-4DA5-9827-954EB45DCB82}\TypeLib HKCR\Interface\{7A2F6251-6C99-4DA5-9827-954EB45DCB82}\TypeLib#Version HKCR\Interface\{82C6C396-DD7B-4CE5-B668-C0087D1F3A1F} HKCR\Interface\{82C6C396-DD7B-4CE5-B668-C0087D1F3A1F}\ProxyStubClsid HKCR\Interface\{82C6C396-DD7B-4CE5-B668-C0087D1F3A1F}\ProxyStubClsid32 HKCR\Interface\{82C6C396-DD7B-4CE5-B668-C0087D1F3A1F}\TypeLib HKCR\Interface\{82C6C396-DD7B-4CE5-B668-C0087D1F3A1F}\TypeLib#Version HKCR\Interface\{853E0D78-F4C2-47CB-A3F5-A774DA60DFCD} HKCR\Interface\{853E0D78-F4C2-47CB-A3F5-A774DA60DFCD}\ProxyStubClsid HKCR\Interface\{853E0D78-F4C2-47CB-A3F5-A774DA60DFCD}\ProxyStubClsid32 HKCR\Interface\{853E0D78-F4C2-47CB-A3F5-A774DA60DFCD}\TypeLib HKCR\Interface\{853E0D78-F4C2-47CB-A3F5-A774DA60DFCD}\TypeLib#Version HKCR\Interface\{94786C47-EB3F-4BD5-A66B-0D49E2C90541} HKCR\Interface\{94786C47-EB3F-4BD5-A66B-0D49E2C90541}\ProxyStubClsid HKCR\Interface\{94786C47-EB3F-4BD5-A66B-0D49E2C90541}\ProxyStubClsid32 HKCR\Interface\{94786C47-EB3F-4BD5-A66B-0D49E2C90541}\TypeLib HKCR\Interface\{94786C47-EB3F-4BD5-A66B-0D49E2C90541}\TypeLib#Version HKCR\Interface\{9989A9BC-9828-467E-AF06-E3B279E6E97B} HKCR\Interface\{9989A9BC-9828-467E-AF06-E3B279E6E97B}\ProxyStubClsid HKCR\Interface\{9989A9BC-9828-467E-AF06-E3B279E6E97B}\ProxyStubClsid32 HKCR\Interface\{9989A9BC-9828-467E-AF06-E3B279E6E97B}\TypeLib HKCR\Interface\{9989A9BC-9828-467E-AF06-E3B279E6E97B}\TypeLib#Version HKCR\Interface\{B2B3702A-5425-489E-A3AF-EDCCAFEBA019} HKCR\Interface\{B2B3702A-5425-489E-A3AF-EDCCAFEBA019}\ProxyStubClsid HKCR\Interface\{B2B3702A-5425-489E-A3AF-EDCCAFEBA019}\ProxyStubClsid32 HKCR\Interface\{B2B3702A-5425-489E-A3AF-EDCCAFEBA019}\TypeLib HKCR\Interface\{B2B3702A-5425-489E-A3AF-EDCCAFEBA019}\TypeLib#Version HKCR\Interface\{C1C56112-2B2E-4D3C-8CFC-7E10C77FACEF} HKCR\Interface\{C1C56112-2B2E-4D3C-8CFC-7E10C77FACEF}\ProxyStubClsid HKCR\Interface\{C1C56112-2B2E-4D3C-8CFC-7E10C77FACEF}\ProxyStubClsid32 HKCR\Interface\{C1C56112-2B2E-4D3C-8CFC-7E10C77FACEF}\TypeLib HKCR\Interface\{C1C56112-2B2E-4D3C-8CFC-7E10C77FACEF}\TypeLib#Version HKCR\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23} HKCR\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23}\ProxyStubClsid HKCR\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23}\ProxyStubClsid32 HKCR\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23}\TypeLib HKCR\Interface\{D01D4AAB-22C5-427F-A941-C4B65A3D8A23}\TypeLib#Version HKCR\Interface\{DDB0D689-FAE0-4165-9F7C-877602F9DD66} HKCR\Interface\{DDB0D689-FAE0-4165-9F7C-877602F9DD66}\ProxyStubClsid HKCR\Interface\{DDB0D689-FAE0-4165-9F7C-877602F9DD66}\ProxyStubClsid32 HKCR\Interface\{DDB0D689-FAE0-4165-9F7C-877602F9DD66}\TypeLib HKCR\Interface\{DDB0D689-FAE0-4165-9F7C-877602F9DD66}\TypeLib#Version HKCR\Interface\{E5AD5BD5-C710-45E0-ABD3-E770FE85DAE8} HKCR\Interface\{E5AD5BD5-C710-45E0-ABD3-E770FE85DAE8}\ProxyStubClsid HKCR\Interface\{E5AD5BD5-C710-45E0-ABD3-E770FE85DAE8}\ProxyStubClsid32 HKCR\Interface\{E5AD5BD5-C710-45E0-ABD3-E770FE85DAE8}\TypeLib HKCR\Interface\{E5AD5BD5-C710-45E0-ABD3-E770FE85DAE8}\TypeLib#Version HKCR\Interface\{EB5CA3AF-26C1-467B-9A55-2820E0451AAB} HKCR\Interface\{EB5CA3AF-26C1-467B-9A55-2820E0451AAB}\ProxyStubClsid HKCR\Interface\{EB5CA3AF-26C1-467B-9A55-2820E0451AAB}\ProxyStubClsid32 HKCR\Interface\{EB5CA3AF-26C1-467B-9A55-2820E0451AAB}\TypeLib HKCR\Interface\{EB5CA3AF-26C1-467B-9A55-2820E0451AAB}\TypeLib#Version HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202} HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\cfbYbUxocre HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\FLXiwgyG HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\ihVegI HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\InprocServer32 HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\InprocServer32#RuntimeVersion HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\InprocServer32#Assembly HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\InprocServer32#Class HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\InprocServer32\11.0.0.0 HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\InprocServer32\11.0.0.0#RuntimeVersion HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\InprocServer32\11.0.0.0#Class HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\InprocServer32\11.0.0.0#Assembly HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\mjtQvjWvp HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\pxomlaDvdRqwq HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\SmxgBdnwmad HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\tpKfor C:\System Volume Information\_restore{8F4E23D5-7A0B-4AF9-B850-707FD945F2C0}\RP79\A0037042.exe C:\System Volume Information\_restore{8F4E23D5-7A0B-4AF9-B850-707FD945F2C0}\RP81\A0044140.exe Trojan.Downloader-MSWin C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MSWin.exe C:\WINDOWS\Prefetch\MSWIN.EXE-08AA3C8D.pf Trojan.Smitfraud Variant C:\System Volume Information\_restore{8F4E23D5-7A0B-4AF9-B850-707FD945F2C0}\RP116\A0080856.exe C:\System Volume Information\_restore{8F4E23D5-7A0B-4AF9-B850-707FD945F2C0}\RP116\A0080857.exe Adware.Vundo Variant C:\System Volume Information\_restore{8F4E23D5-7A0B-4AF9-B850-707FD945F2C0}\RP116\A0080858.dll C:\System Volume Information\_restore{8F4E23D5-7A0B-4AF9-B850-707FD945F2C0}\RP116\A0080988.dll Adware.ClickSpring C:\System Volume Information\_restore{8F4E23D5-7A0B-4AF9-B850-707FD945F2C0}\RP79\A0036020.dll C:\System Volume Information\_restore{8F4E23D5-7A0B-4AF9-B850-707FD945F2C0}\RP79\A0037039.dll C:\System Volume Information\_restore{8F4E23D5-7A0B-4AF9-B850-707FD945F2C0}\RP81\A0044089.exe C:\System Volume Information\_restore{8F4E23D5-7A0B-4AF9-B850-707FD945F2C0}\RP81\A0044090.dll Adware.ClickSpring/Outer Info Network C:\System Volume Information\_restore{8F4E23D5-7A0B-4AF9-B850-707FD945F2C0}\RP79\A0036067.exe C:\System Volume Information\_restore{8F4E23D5-7A0B-4AF9-B850-707FD945F2C0}\RP87\A0052384.exe Nach einem zweiten Scan in Safe Mode: SUPERAntiSpyware Scan Log Generated 09/15/2006 at 01:49 AM Core Rules Database Version : 3082 Trace Rules Database Version: 1114 Memory Thread detected : 0 Registry Thread detected : 0 File Thread detected : 0

15.09.2006, 12:22 Sabina Ehrenmitglied Beiträge: 29434	#14 1. suche : svchost.dll (berichte, ob du die dll findest) 2. Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. (dann wieder aktivieren) 3. Tuneup wende an: Cleanup repair -- TuneUp Diskcleaner Cleanup repair -- Registry Cleaner http://virus-protect.org/reinigungstoolsregistry.html dann berichte, wie es laeuft __________ MfG Sabina rund um die PC-Sicherheit

15.09.2006, 14:43 Deyani Member Themenstarter Beiträge: 11	#15 hi, danke, es läuft immer besser, nur eine Sache: Beim Herunterladen muss ich immer ein Programm manuell beenden "hpcmpmgr.exe", sonst lässt sich mein PC nicht von alleine herunterladen oder ausschalten? Was mache ich mit all den Programmen, die ich installiert habe, darf ich die löschen oder? Danke nochmals!

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2