Computer mit Antivirus2008 gekillt ??

#16 joa ... mach ich mal, hab ich mir auch schon überlegt, aber nicht richtig zeit dazu gefunden ...

mal der bericht von bitfinder, aber der hat auch nur 1 datei gefunden:

Zusammenfassung:

C:\Dokumente und Einstellungen\5h15h4\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K9IN49UZ\floaty[1].htm Verdächtig JS.Trojan.Psyme.O
C:\Dokumente und Einstellungen\5h15h4\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K9IN49UZ\floaty[1].htm Desinfizieren fehlgeschlagen
C:\Dokumente und Einstellungen\5h15h4\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K9IN49UZ\floaty[1].htm Verschoben


«

#17 Lösche das am besten gleich ganz.Dann versuche nochmal irgendwie ein Scan mit Hijackthis zu erstellen, aber vllt. hat jemand noch 'ne bessere Idee hier!?- aber komisch,das hätte der cleaner eigentlich schon machen müssen, da wurde der Trojaner also schon wieder neu aus dem Netz geholt

#18 Hallo, 5h15h4

1.
sdfix
http://virus-protect.org/artikel/tools/sdfix.html
unter C:\ findet man nun den SDFix-Ordner

boote in den abgesicherten Modus (die Taste F8 drücken, während der Rechner neustartet)

gehe in den Ordner C:\SDFix

RunThis.bat doppelt klicken
folge allen Anweisungen, während gescannt wird - dann wird der Rechner neustarten
kopiere mit der rechten Maustaste den Text ab, der erscheint

-----------

2.
wieder sdfix, aber im normalmodus:
RunThis.bat doppelt klicken
schreibe rein: A
poste hier den kompletten scanreport
__________
MfG Sabina

rund um die PC-Sicherheit

#19 System Report
*************

Run on 13.07.2008 at 14:51: VIRUS ALERT!

Microsoft Windows XP [Version 5.1.2600]

Current user is an administrator

Running Processes:

\SystemRoot\System32\smss.exe [496]
\??\C:\WINDOWS\system32\csrss.exe [544]
\??\C:\WINDOWS\system32\winlogon.exe [568]
C:\WINDOWS\system32\services.exe [620]
C:\WINDOWS\system32\lsass.exe [632]
C:\WINDOWS\system32\svchost.exe [868]
C:\WINDOWS\system32\svchost.exe [988]
C:\WINDOWS\System32\svchost.exe [1056]
C:\WINDOWS\system32\svchost.exe [1168]
C:\WINDOWS\system32\svchost.exe [1256]
C:\WINDOWS\Explorer.EXE [1568]
C:\WINDOWS\system32\spoolsv.exe [1732]
C:\Programme\Softwin\BitDefender8\bdmcon.exe [284]
C:\Programme\Softwin\BitDefender8\bdnagent.exe [420]
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [512]
C:\Programme\ICQ6\ICQ.exe [524]
C:\PROGRA~1\AVG\AVG8\avgrsx.exe [1960]
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe [156]
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe [244]
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [664]
C:\Programme\ICQ6Toolbar\ICQ Service.exe [1304]
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [1332]
C:\WINDOWS\system32\nvsvc32.exe [2136]
C:\WINDOWS\system32\wdfmgr.exe [2232]
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe [2288]
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe [2360]
C:\WINDOWS\system32\wscntfy.exe [3292]
C:\WINDOWS\System32\alg.exe [3488]
C:\WINDOWS\system32\rundll32.exe [3252]
C:\Programme\Internet Explorer\iexplore.exe [2356]


Drivers - Running:

ACPI
AFD
AmdK7
atapi
audstub
AvgLdx86
AvgMfx86
Beep
Cdfs
Cdrom
cmuda
Disk
dmio
dmload
Fdc
Fips
Flpydisk
FltMgr
Ftdisk
gagp30kx
gameenum
Gpc
hidusb
HTTP
i8042prt
Imapi
IpNat
IPSec
irda
IRENUM
irsir
isapnp
Kbdclass
kmixer
KSecDD
LHidFlt2
LHidUsb
LMouFlt2
mnmdd
Mouclass
mouhid
MountMgr
MRxDAV
MRxSmb
Msfs
mssmbios
Mup
NDIS
NdisTapi
Ndisuio
NdisWan
NDProxy
NetBIOS
NetBT
Npfs
Ntfs
Null
nv
Parport
PartMgr
ParVdm
PCI
PCIIde
PptpMiniport
PSched
Ptilink
PxHelp20
RasAcd
Rasirda
Rasl2tp
RasPppoe
Raspti
Rdbss
RDPCDD
rdpdr
redbook
serenum
Serial
SISNIC
sr
Srv
swenum
sysaudio
Tcpip
TermDD
Udfs
Update
usbehci
usbhub
usbohci
VgaSave
VolSnap
Wanarp
wdmaud
WmBEnum
WmFilter
WmHidLo
WmXlCore


Drivers - Stopped:

Abiosdsk
abp480n5
ACPIEC
adpu160m
aec
Aha154x
aic78u2
aic78xx
AliIde
amsint
asc
asc3350p
asc3550
AsyncMac
Atdisk
Atmarpc
cbidf2k
cd20xrnt
Cdaudio
Changer
CmdIde
Cpqarray
dac960nt
dmboot
DMusic
dpti2o
drmkaud
Fastfat
hpn
i2omgmt
i2omp
ini910u
IntelIde
Ip6Fw
IpFilterDriver
IpInIp
kbdhid
lbrtfdc
Modem
mraid35x
MSKSSRV
MSPCLOCK
MSPQM
NwlnkFlt
NwlnkFwd
PCIDump
Pcmcia
PDCOMP
PDFRAME
PDRELI
PDRFRAME
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RDPWD
Secdrv
Sfloppy
Simbad
Sparrow
splitter
swmidi
symc810
symc8xx
sym_hi
sym_u3
TDPIPE
TDTCP
TosIde
ultra
USBSTOR
ViaIde
WDICA
WmVirHid


Services - Running:

ALG
AudioSrv
avg8wd
bdss
ClipInc002
ClipInc003
CryptSvc
DcomLaunch
Dhcp
dmserver
Dnscache
ERSvc
Eventlog
EventSystem
FastUserSwitchingCompatibility
gusvc
helpsvc
ICQ
Irmon
lanmanserver
lanmanworkstation
LmHosts
MDM
Netman
Nla
NVSvc
PlugPlay
PolicyAgent
ProtectedStorage
RemoteRegistry
RpcSs
SamSs
Schedule
seclogon
SENS
SharedAccess
ShellHWDetection
Spooler
srservice
SSDPSRV
TermService
Themes
TrkWks
UMWdf
W32Time
WebClient
winmgmt
wscsvc
WZCSVC
XCOMM


Services - Stopped:

Alerter
AppMgmt
BITS
Browser
CiSvc
ClipInc001
ClipSrv
COMSysApp
dmadmin
HidServ
HTTPFilter
ImapiService
Messenger
mnmsrvc
MSDTC
MSIServer
NetDDE
NetDDEdsdm
Netlogon
NtLmSsp
NtmsSvc
ose
RasAuto
RasMan
RDSessMgr
RemoteAccess
RpcLocator
RSVP
SCardSvr
stisvc
SwPrv
SysmonLog
TapiSrv
TlntSvr
upnphost
UPS
usnjsvc
VSS
WmdmPmSN
Wmi
WmiApSrv
wuauserv
xmlprov


Files Created/Modified - 60 Days:


C:\

11 Jul 2008 20:20:02 211 ..SH. "C:\boot.ini"
13 Jul 2008 14:42:28 536.399.872 A.SH. "C:\hiberfil.sys"
13 Jul 2008 14:42:22 805.306.368 A.SH. "C:\pagefile.sys"


C:\WINDOWS\

13 Jul 2008 14:42:48 0 A.... "C:\WINDOWS\0.log"
13 Jul 2008 14:42:34 2.048 A.S.. "C:\WINDOWS\bootstat.dat"
12 Jul 2008 19:11:54 856 A.... "C:\WINDOWS\cookies.ini"
11 Jul 2008 17:48:22 163.840 A.... "C:\WINDOWS\enfp.exe"
11 Jul 2008 17:48:22 311.296 A.... "C:\WINDOWS\fdxbameg.dll"
11 Jul 2008 17:48:22 262.144 A.... "C:\WINDOWS\fsrpknov.dll"
11 Jul 2008 17:48:24 159.744 A.... "C:\WINDOWS\gpefaowr.exe"
12 Jul 2008 18:33:48 113.912 A.... "C:\WINDOWS\ntbtlog.txt"
11 Jul 2008 18:00:44 512 A.... "C:\WINDOWS\ODBC.INI"
6 Jul 2008 15:32:42 1.409 A.... "C:\WINDOWS\QTFont.for"
9 Jul 2008 22:02:36 54.156 A..H. "C:\WINDOWS\QTFont.qfn"
12 Jul 2008 22:21:18 32.552 A.... "C:\WINDOWS\SchedLgU.Txt"
11 Jul 2008 17:48:24 155.648 A.... "C:\WINDOWS\sqvgnrpx.dll"
11 Jul 2008 15:51:32 30.208 A.... "C:\WINDOWS\Sys3.exe"
11 Jul 2008 15:51:32 30.720 A.... "C:\WINDOWS\Sys4.exe"
11 Jul 2008 15:51:32 32.256 A.... "C:\WINDOWS\Sys43.exe"
11 Jul 2008 15:51:32 31.744 A.... "C:\WINDOWS\Sys44.exe"
11 Jul 2008 20:20:02 227 A.... "C:\WINDOWS\system.ini"
11 Jul 2008 17:48:22 393.216 A.... "C:\WINDOWS\wbxdpgfelkn.dll"
12 Jul 2008 19:17:22 703 A.... "C:\WINDOWS\win.ini"
12 Jul 2008 22:21:14 566 A.... "C:\WINDOWS\WindowsUpdate.log"
23 May 2008 16:34:36 316.640 A.... "C:\WINDOWS\WMSysPr9.prx"
14 Jun 2008 12:08:20 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00013"
14 Jun 2008 12:08:20 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00014"
14 Jun 2008 12:08:20 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00015"
14 Jun 2008 12:08:20 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00016"
14 Jun 2008 12:08:20 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00017"
14 Jun 2008 12:08:20 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00018"
14 Jun 2008 12:08:20 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00019"
14 Jun 2008 12:08:20 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00020"
14 Jun 2008 12:08:20 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00021"
14 Jun 2008 12:08:20 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00022"
14 Jun 2008 12:08:20 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00023"
14 Jun 2008 12:08:20 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00024"
14 Jun 2008 12:08:20 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00025"
14 Jun 2008 12:08:20 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00026"
14 Jun 2008 12:08:20 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00027"
14 Jun 2008 12:08:20 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00028"
14 Jun 2008 12:08:20 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00029"
14 Jun 2008 12:08:20 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00030"
14 Jun 2008 12:08:20 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00031"
14 Jun 2008 12:08:20 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00032"
14 Jun 2008 12:08:20 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00033"
14 Jun 2008 12:08:20 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00034"
14 Jun 2008 12:08:20 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00035"
14 Jun 2008 12:08:22 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00036"
14 Jun 2008 12:08:22 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00037"
14 Jun 2008 12:08:22 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00038"
14 Jun 2008 12:08:22 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00039"
14 Jun 2008 12:08:22 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00040"
14 Jun 2008 12:08:22 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00041"
14 Jun 2008 12:08:22 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00042"
14 Jun 2008 12:08:22 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00043"
14 Jun 2008 12:08:22 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00044"
14 Jun 2008 12:08:22 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00045"
14 Jun 2008 12:08:22 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00046"
14 Jun 2008 12:08:22 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00047"
14 Jun 2008 12:08:22 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00048"
14 Jun 2008 12:08:22 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00051"
14 Jun 2008 12:08:22 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00052"
14 Jun 2008 12:08:22 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00053"
14 Jun 2008 12:08:22 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00054"
14 Jun 2008 12:08:22 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00055"
14 Jun 2008 12:08:22 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00056"
14 Jun 2008 12:08:22 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00057"
14 Jun 2008 12:08:22 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00058"
14 Jun 2008 12:08:22 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00059"
14 Jun 2008 12:08:22 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00060"
14 Jun 2008 12:08:22 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00061"
14 Jun 2008 12:08:22 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00062"
14 Jun 2008 12:08:22 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00063"
14 Jun 2008 12:08:22 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00064"
14 Jun 2008 12:08:22 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00065"
14 Jun 2008 12:08:22 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00066"
14 Jun 2008 12:08:24 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00067"
14 Jun 2008 12:08:24 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00068"
14 Jun 2008 12:08:24 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00069"
14 Jun 2008 12:08:24 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00070"
14 Jun 2008 12:08:24 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00071"
14 Jun 2008 12:08:24 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00072"
14 Jun 2008 12:08:24 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00073"
14 Jun 2008 12:08:24 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00074"
14 Jun 2008 12:08:24 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00075"
14 Jun 2008 12:08:24 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00076"
14 Jun 2008 12:08:24 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00077"
14 Jun 2008 12:08:24 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00078"
14 Jun 2008 12:08:24 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00079"
14 Jun 2008 12:08:24 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00080"
14 Jun 2008 12:08:24 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00081"
14 Jun 2008 12:08:24 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00082"
14 Jun 2008 12:08:24 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00083"
14 Jun 2008 12:08:24 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00084"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00085"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00086"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00087"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00088"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00089"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00090"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00091"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00092"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00093"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00094"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00095"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00096"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00097"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00098"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00099"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00100"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00101"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00102"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00103"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00104"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00105"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00106"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00107"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00108"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00109"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00110"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00111"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00112"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00113"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00114"
14 Jun 2008 12:08:26 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00115"
14 Jun 2008 12:08:28 8.192 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00116"
13 Jul 2008 14:42:36 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG"
14 Jun 2008 12:08:54 48.732 A.... "C:\WINDOWS\inf\accessor.PNF"
14 Jun 2008 12:07:48 12.552 A.... "C:\WINDOWS\inf\acpi.PNF"
14 Jun 2008 12:07:52 10.760 A.... "C:\WINDOWS\inf\agp.PNF"
14 Jun 2008 12:07:52 57.132 A.... "C:\WINDOWS\inf\cdrom.PNF"
23 May 2008 16:33:50 13.082 A.... "C:\WINDOWS\inf\codecs10.PNF"
14 Jun 2008 12:08:54 17.644 A.... "C:\WINDOWS\inf\communic.PNF"
14 Jun 2008 12:08:48 134.892 A.... "C:\WINDOWS\inf\comnt5.PNF"
14 Jun 2008 12:07:46 16.988 A.... "C:\WINDOWS\inf\cpu.PNF"
23 May 2008 16:33:42 6.770 A.... "C:\WINDOWS\inf\DRM10.PNF"
14 Jun 2008 12:08:48 10.240 A.... "C:\WINDOWS\inf\dtcnt5.PNF"
14 Jun 2008 12:07:48 7.956 A.... "C:\WINDOWS\inf\fdc.PNF"
14 Jun 2008 12:07:48 8.496 A.... "C:\WINDOWS\inf\flpydisk.PNF"
14 Jun 2008 12:08:46 56.016 A.... "C:\WINDOWS\inf\fxsocm.PNF"
14 Jun 2008 12:07:48 14.136 A.... "C:\WINDOWS\inf\gameport.PNF"
14 Jun 2008 12:08:52 15.124 A.... "C:\WINDOWS\inf\games.PNF"
14 Jun 2008 12:08:12 11.468 A.... "C:\WINDOWS\inf\hal.PNF"
14 Jun 2008 12:08:52 4.488 A.... "C:\WINDOWS\inf\ieaccess.PNF"
14 Jun 2008 12:08:54 13.316 A.... "C:\WINDOWS\inf\igames.PNF"
14 Jun 2008 12:08:48 982.028 A.... "C:\WINDOWS\inf\iis.PNF"
14 Jun 2008 12:08:52 105.272 A.... "C:\WINDOWS\inf\ims.PNF"
17 Jun 2008 19:37:06 1.410.400 A.... "C:\WINDOWS\inf\INFCACHE.1"
14 Jun 2008 12:07:46 188.236 A.... "C:\WINDOWS\inf\machine.PNF"
14 Jun 2008 12:08:56 106.616 A.... "C:\WINDOWS\inf\medctroc.PNF"
23 May 2008 16:35:48 5.322 A.... "C:\WINDOWS\inf\MPCD10.PNF"
23 May 2008 16:33:36 6.178 A.... "C:\WINDOWS\inf\MPPRE10.PNF"
23 May 2008 16:35:50 5.346 A.... "C:\WINDOWS\inf\MPSTUB10.PNF"
14 Jun 2008 12:07:54 49.644 A.... "C:\WINDOWS\inf\mshdc.PNF"
14 Jun 2008 12:08:50 13.880 A.... "C:\WINDOWS\inf\msmqocm.PNF"
14 Jun 2008 12:08:56 7.888 A.... "C:\WINDOWS\inf\msnmsn.PNF"
14 Jun 2008 12:07:48 30.552 A.... "C:\WINDOWS\inf\msports.PNF"
14 Jun 2008 12:08:54 12.232 A.... "C:\WINDOWS\inf\multimed.PNF"
14 Jun 2008 12:08:56 3.652 A.... "C:\WINDOWS\inf\netbeac.PNF"
14 Jun 2008 12:08:56 174.876 A.... "C:\WINDOWS\inf\netfxocm.PNF"
14 Jun 2008 12:08:56 6.272 A.... "C:\WINDOWS\inf\netiprip.PNF"
14 Jun 2008 12:07:48 24.528 A.... "C:\WINDOWS\inf\netirsir.PNF"
14 Jun 2008 12:08:58 10.476 A.... "C:\WINDOWS\inf\netlpd.PNF"
14 Jun 2008 12:08:46 17.136 A.... "C:\WINDOWS\inf\netoc.PNF"
14 Jun 2008 12:08:12 5.748 A.... "C:\WINDOWS\inf\netpsa.PNF"
14 Jun 2008 12:08:12 23.608 A.... "C:\WINDOWS\inf\netrasa.PNF"
14 Jun 2008 12:07:52 21.784 A.... "C:\WINDOWS\inf\netsis.PNF"
14 Jun 2008 12:08:56 20.228 A.... "C:\WINDOWS\inf\netsnmp.PNF"
14 Jun 2008 12:08:56 10.772 A.... "C:\WINDOWS\inf\nettpsmp.PNF"
14 Jun 2008 12:08:56 4.004 A.... "C:\WINDOWS\inf\netupnp.PNF"
14 Jun 2008 12:08:52 4.416 A.... "C:\WINDOWS\inf\oeaccess.PNF"
14 Jun 2008 12:08:54 21.608 A.... "C:\WINDOWS\inf\optional.PNF"
14 Jun 2008 12:08:56 14.256 A.... "C:\WINDOWS\inf\p2p.PNF"
14 Jun 2008 12:08:54 12.360 A.... "C:\WINDOWS\inf\pinball.PNF"
14 Jun 2008 12:08:52 3.948 A.... "C:\WINDOWS\inf\rootau.PNF"
14 Jun 2008 12:08:50 41.548 A.... "C:\WINDOWS\inf\setupqry.PNF"
17 Jun 2008 19:37:04 6.332 A.... "C:\WINDOWS\inf\skins.PNF"
17 Jun 2008 19:37:04 6.436 A.... "C:\WINDOWS\inf\swflash.PNF"
14 Jun 2008 12:08:46 7.248 A.... "C:\WINDOWS\inf\SYSOC.PNF"
14 Jun 2008 12:08:54 534.644 A.... "C:\WINDOWS\inf\tabletpc.PNF"
14 Jun 2008 12:08:50 123.104 A.... "C:\WINDOWS\inf\tsoc.PNF"
14 Jun 2008 12:07:54 51.832 A.... "C:\WINDOWS\inf\usbport.PNF"
14 Jun 2008 12:08:12 10.596 A.... "C:\WINDOWS\inf\wave.PNF"
14 Jun 2008 12:08:46 14.024 A.... "C:\WINDOWS\inf\wbemoc.PNF"
14 Jun 2008 12:08:56 6.952 A.... "C:\WINDOWS\inf\wbemsnmp.PNF"
14 Jun 2008 12:08:52 4.096 A.... "C:\WINDOWS\inf\wmaccess.PNF"
23 May 2008 16:34:38 22.162 A.... "C:\WINDOWS\inf\WMDM10.PNF"
23 May 2008 16:34:04 10.744 A.... "C:\WINDOWS\inf\WMFSDK10.PNF"
23 May 2008 16:34:58 65.684 A.... "C:\WINDOWS\inf\WMP10.PNF"
14 Jun 2008 12:08:52 4.424 A.... "C:\WINDOWS\inf\wmpocm.PNF"
23 May 2008 16:35:54 5.242 A.... "C:\WINDOWS\inf\WMSET10.PNF"
17 Jun 2008 19:37:04 3.988 A.... "C:\WINDOWS\inf\wmsetsdk.PNF"
23 May 2008 16:34:44 10.612 A.... "C:\WINDOWS\inf\WPD10.PNF"
17 Jun 2008 19:37:06 10.468 A.... "C:\WINDOWS\inf\wpdmtp.PNF"
23 Jun 2008 16:48:48 211 ..... "C:\WINDOWS\pss\boot.ini.backup"
12 Jul 2008 19:27:58 0 A.... "C:\WINDOWS\system32\00B947F8_kds.xml"
12 Jul 2008 19:38:18 0 A.... "C:\WINDOWS\system32\00B94858_kds.xml"
12 Jul 2008 19:41:36 0 A.... "C:\WINDOWS\system32\00B94938_kds.xml"
13 Jul 2008 14:44:54 0 A.... "C:\WINDOWS\system32\07292243-.txt"
23 May 2008 16:35:42 16.832 A.... "C:\WINDOWS\system32\amcompat.tlb"
11 Jul 2008 20:02:06 10.520 A.... "C:\WINDOWS\system32\avgrsstx.dll"
11 Jul 2008 19:40:20 116.864 A.... "C:\WINDOWS\system32\bthait.dll"
13 Jul 2008 14:45:14 116.864 A.... "C:\WINDOWS\system32\bylgesmg.dll"
12 Jul 2008 14:28:04 116.864 A.... "C:\WINDOWS\system32\cxqtalun.dll"
11 Jul 2008 19:28:14 33.664 A.... "C:\WINDOWS\system32\fccyXRkl.dll"
11 Jul 2008 19:33:30 321.792 A.... "C:\WINDOWS\system32\geBQjJDW.dll"
13 Jul 2008 14:46:20 1.773.474 ..SH. "C:\WINDOWS\system32\hvrtkjgt.ini"
11 Jul 2008 19:40:20 116.864 A.... "C:\WINDOWS\system32\hxoipaff.dll"
13 Jul 2008 14:45:14 116.864 A.... "C:\WINDOWS\system32\jdpald.dll"
11 Jul 2008 19:49:42 1.772.857 ..SH. "C:\WINDOWS\system32\kaegpwop.ini"
13 Jul 2008 14:43:40 1.773.414 ..SH. "C:\WINDOWS\system32\lqqfonbs.ini"
12 Jul 2008 19:07:08 143 A.... "C:\WINDOWS\system32\mcrh.tmp"
23 May 2008 16:35:42 23.392 A.... "C:\WINDOWS\system32\nscompat.tlb"
13 Jul 2008 14:43:42 65.261 A.... "C:\WINDOWS\system32\nvapps.xml"
11 Jul 2008 19:39:14 1.774.271 ..SH. "C:\WINDOWS\system32\okrpbumt.ini"
11 Jul 2008 19:28:14 33.664 A.... "C:\WINDOWS\system32\opnkkLEt.dll"
11 Jul 2008 19:40:16 92.672 A.... "C:\WINDOWS\system32\powpgeak.dll"
12 Jul 2008 14:28:04 116.864 A.... "C:\WINDOWS\system32\qeubwk.dll"
12 Jul 2008 14:28:56 92.672 ..... "C:\WINDOWS\system32\sbnofqql.dll"
11 Jul 2008 15:51:32 3.262 A.... "C:\WINDOWS\system32\sex1.ico"
11 Jul 2008 15:51:32 3.262 A.... "C:\WINDOWS\system32\sex2.ico"
13 Jul 2008 14:46:00 93.184 A.... "C:\WINDOWS\system32\tgjktrvh.dll"
9 Jul 2008 13:19:06 117.760 A.... "C:\WINDOWS\system32\vav.cpl"
13 Jul 2008 14:51:20 151.938 A.SH. "C:\WINDOWS\system32\WDJjQBeg.ini"
13 Jul 2008 14:49:04 151.916 A.SH. "C:\WINDOWS\system32\WDJjQBeg.ini2"
12 Jul 2008 15:56:10 1.152 A.... "C:\WINDOWS\system32\windrv.sys"
11 Jul 2008 17:47:32 2.206 A.... "C:\WINDOWS\system32\wpa.dbl"
12 Jul 2008 19:44:16 4.605 A.... "C:\WINDOWS\system32\x_dtrace_log"
13 Jul 2008 14:42:58 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
13 Jul 2008 14:51:22 21.565 A.... "C:\WINDOWS\Temp\scs8.tmp"
14 Jun 2008 12:08:58 13.832 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.inf"
14 Jun 2008 12:08:28 967 A.... "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.txt"
13 Jul 2008 14:43:44 3.364 A.... "C:\WINDOWS\Debug\UserMode\userenv.log"
14 Jun 2008 12:07:12 6.129 A.... "C:\WINDOWS\Downloaded Installations\{DAE64D1C-EFB7-4C1C-83FA-B11F8E0E85D4}\0x0409.ini"
14 Jun 2008 12:07:12 2.059 A.... "C:\WINDOWS\Downloaded Installations\{DAE64D1C-EFB7-4C1C-83FA-B11F8E0E85D4}\Setup.INI"
14 Jun 2008 12:07:12 128.625 A.... "C:\WINDOWS\Downloaded Installations\{DAE64D1C-EFB7-4C1C-83FA-B11F8E0E85D4}\setup.isn"
14 Jun 2008 12:07:34 12.461.568 A.... "C:\WINDOWS\Downloaded Installations\{DAE64D1C-EFB7-4C1C-83FA-B11F8E0E85D4}\veoh.msi"
23 May 2008 16:34:54 3.153.920 A.... "C:\WINDOWS\security\Database\secedit.sdb"
11 Jul 2008 20:02:00 96.520 A.... "C:\WINDOWS\system32\drivers\avgldx86.sys"
11 Jul 2008 20:01:58 26.824 A.... "C:\WINDOWS\system32\drivers\avgmfx86.sys"
11 Jul 2008 19:28:14 10.752 A.... "C:\WINDOWS\system32\drivers\vmdesched.sys"
13 Jul 2008 14:44:12 16.384 A.... "C:\WINDOWS\Temp\Cookies\index.dat"
12 Jul 2008 19:16:44 0 A.... "C:\WINDOWS\Temp\tmp00007901\tmp00000000"
13 Jul 2008 14:44:12 0 A.... "C:\WINDOWS\Temp\tmp0000768f\tmp00000000"
14 Jun 2008 12:08:58 8 A.... "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp"
11 Jul 2008 20:01:50 6.061.540 A.... "C:\WINDOWS\system32\drivers\Avg\avi7.avg"
11 Jul 2008 20:01:56 25.183.868 A.... "C:\WINDOWS\system32\drivers\Avg\incavi.avm"
11 Jul 2008 20:01:50 43.820 A.... "C:\WINDOWS\system32\drivers\Avg\microavi.avg"
11 Jul 2008 20:01:50 116.658 A.... "C:\WINDOWS\system32\drivers\Avg\miniavi.avg"
29 May 2008 18:24:46 40.697 A.... "C:\WINDOWS\system32\Macromed\Flash\install.log"
29 May 2008 18:24:32 70.264 A.... "C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe"
12 Jul 2008 16:41:02 67 ..SH. "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini"
13 Jul 2008 14:44:12 32.768 A.... "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat"
12 Jul 2008 16:41:02 113 ..SH. "C:\WINDOWS\Temp\Verlauf\History.IE5\desktop.ini"
13 Jul 2008 14:44:12 16.384 A.... "C:\WINDOWS\Temp\Verlauf\History.IE5\index.dat"
12 Jul 2008 16:41:02 67 ..SH. "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ARATQBQX\desktop.ini"
12 Jul 2008 16:41:02 67 ..SH. "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\K3IVO1U9\desktop.ini"
12 Jul 2008 16:41:02 67 ..SH. "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KZ4R612V\desktop.ini"
12 Jul 2008 16:41:02 67 ..SH. "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ODW3UT6D\desktop.ini"


C:\Programme\

11 Jul 2008 19:38:34 196.608 A.... "C:\Programme\Antivirus 2008 PRO\zlib.dll"
25 Jun 2008 15:58:36 1.209.584 A.... "C:\Programme\CCleaner\CCleaner.exe"
26 Jun 2008 3:27:36 21.504 A.... "C:\Programme\CCleaner\lang-1031.dll"
12 Jul 2008 17:27:32 114.509 A.... "C:\Programme\CCleaner\uninst.exe"
18 May 2008 17:52:40 228.864 A.... "C:\Programme\ICQ6\7z.dll"
18 May 2008 17:52:38 595.968 A.... "C:\Programme\ICQ6\AOLSvcMgr.dll"
18 May 2008 17:52:38 782.336 A.... "C:\Programme\ICQ6\coolcore49.dll"
18 May 2008 17:52:38 430.080 A.... "C:\Programme\ICQ6\dBenderC14.dll"
18 May 2008 17:52:38 389.120 A.... "C:\Programme\ICQ6\FlashPlayerControl.dll"
18 May 2008 18:30:12 172.280 A.... "C:\Programme\ICQ6\ICQ.exe"
18 May 2008 18:30:14 15.096 A.... "C:\Programme\ICQ6\ICQLRun.exe"
18 May 2008 18:30:14 88.312 A.... "C:\Programme\ICQ6\IcqUpdater.exe"
18 May 2008 18:26:48 88.064 A.... "C:\Programme\ICQ6\MBContainer.dll"
18 May 2008 18:12:20 2.389.504 A.... "C:\Programme\ICQ6\MCore.dll"
18 May 2008 18:09:00 109.056 A.... "C:\Programme\ICQ6\MCoreLib.dll"
18 May 2008 18:25:58 106.496 A.... "C:\Programme\ICQ6\MCrashReport.dll"
18 May 2008 18:07:58 210.432 A.... "C:\Programme\ICQ6\MDb.dll"
18 May 2008 18:08:14 38.912 A.... "C:\Programme\ICQ6\MDevHelpers.dll"
18 May 2008 18:20:24 598.016 A.... "C:\Programme\ICQ6\MISB.dll"
18 May 2008 18:08:40 220.160 A.... "C:\Programme\ICQ6\MKernel.dll"
18 May 2008 18:09:44 78.848 A.... "C:\Programme\ICQ6\MReport.dll"
18 May 2008 18:24:10 3.212.800 A.... "C:\Programme\ICQ6\MUICore.dll"
18 May 2008 18:19:28 788.992 A.... "C:\Programme\ICQ6\MUICoreLib.dll"
18 May 2008 18:25:38 1.270.784 A.... "C:\Programme\ICQ6\MUIMessage.dll"
18 May 2008 18:18:40 398.848 A.... "C:\Programme\ICQ6\MUIUtils.dll"
18 May 2008 18:07:38 281.088 A.... "C:\Programme\ICQ6\MUtils.dll"
18 May 2008 17:52:38 307.200 A.... "C:\Programme\ICQ6\pb_videoconf.dll"
18 May 2008 17:52:38 3.371.008 A.... "C:\Programme\ICQ6\sipXtapi.dll"
18 May 2008 17:52:38 229.376 A.... "C:\Programme\ICQ6\SSCE5532.dll"
18 May 2008 17:52:38 249.856 A.... "C:\Programme\ICQ6\xprt5.dll"
18 May 2008 17:52:38 249.856 A.... "C:\Programme\ICQ6\xprt6.dll"
18 May 2008 17:52:40 102.912 A.... "C:\Programme\ICQ6\Zip.dll"
10 Jun 2008 19:26:28 222.456 A.... "C:\Programme\ICQ6Toolbar\ICQ Service.exe"
12 Jun 2008 16:46:16 958.712 A.... "C:\Programme\ICQ6Toolbar\ICQToolBar.dll"
12 Jun 2008 10:58:10 122.104 A.... "C:\Programme\ICQ6Toolbar\ICQUnToolbar.exe"
10 Jun 2008 19:26:26 142.584 A.... "C:\Programme\ICQ6Toolbar\ServiceStarter.exe"
25 May 2008 23:33:58 14.455 A.... "C:\Programme\Last.fm\unins000.dat"
25 May 2008 23:33:42 711.685 A.... "C:\Programme\Last.fm\unins000.exe"
6 Jul 2008 19:44:40 13.952 A.... "C:\Programme\Mozilla Firefox\AccessibleMarshal.dll"
6 Jul 2008 19:44:58 7.666.288 A.... "C:\Programme\Mozilla Firefox\firefox.exe"
6 Jul 2008 19:45:00 200.829 A.... "C:\Programme\Mozilla Firefox\freebl3.dll"
6 Jul 2008 19:45:00 458.856 A.... "C:\Programme\Mozilla Firefox\js3250.dll"
6 Jul 2008 19:45:00 161.392 A.... "C:\Programme\Mozilla Firefox\nspr4.dll"
6 Jul 2008 19:45:02 382.568 A.... "C:\Programme\Mozilla Firefox\nss3.dll"
6 Jul 2008 19:45:02 276.080 A.... "C:\Programme\Mozilla Firefox\nssckbi.dll"
6 Jul 2008 19:45:02 34.424 A.... "C:\Programme\Mozilla Firefox\plc4.dll"
6 Jul 2008 19:45:02 30.320 A.... "C:\Programme\Mozilla Firefox\plds4.dll"
6 Jul 2008 19:45:06 112.232 A.... "C:\Programme\Mozilla Firefox\smime3.dll"
6 Jul 2008 19:45:06 254.060 A.... "C:\Programme\Mozilla Firefox\softokn3.dll"
6 Jul 2008 19:45:06 136.808 A.... "C:\Programme\Mozilla Firefox\ssl3.dll"
6 Jul 2008 19:45:08 132.232 A.... "C:\Programme\Mozilla Firefox\updater.exe"
6 Jul 2008 19:45:08 13.416 A.... "C:\Programme\Mozilla Firefox\xpcom.dll"
6 Jul 2008 19:45:08 73.848 A.... "C:\Programme\Mozilla Firefox\xpcom_compat.dll"
6 Jul 2008 19:45:08 422.000 A.... "C:\Programme\Mozilla Firefox\xpcom_core.dll"
6 Jul 2008 19:45:10 73.336 A.... "C:\Programme\Mozilla Firefox\xpicleanup.exe"
6 Jul 2008 19:45:10 12.400 A.... "C:\Programme\Mozilla Firefox\xpistub.dll"
11 Jul 2008 15:51:32 28.160 A.... "C:\Programme\PCHealthCenter\0.exe"
11 Jul 2008 15:51:32 32.256 A.... "C:\Programme\PCHealthCenter\1.exe"
11 Jul 2008 15:51:32 31.744 A.... "C:\Programme\PCHealthCenter\2.exe"
11 Jul 2008 15:51:32 30.208 A.... "C:\Programme\PCHealthCenter\3.exe"
11 Jul 2008 15:51:32 30.720 A.... "C:\Programme\PCHealthCenter\4.exe"
11 Jul 2008 15:51:32 876.670 A.... "C:\Programme\PCHealthCenter\5.exe"
11 Jul 2008 15:51:32 2.190 A.... "C:\Programme\PCHealthCenter\sc.html"
12 Jul 2008 15:56:30 1.064.400 A.... "C:\Programme\SpyNoMore\SNM.exe"
12 Jul 2008 15:56:38 2.766.288 A.... "C:\Programme\SpyNoMore\SNMMain.dat"
12 Jul 2008 15:54:40 60.007 A.... "C:\Programme\SpyNoMore\uninst.exe"
9 Jul 2008 13:20:56 324.608 A.... "C:\Programme\VAV\vav.exe"
11 Jul 2008 20:01:38 181.528 A.... "C:\Programme\AVG\AVG8\avg7api.dll"
11 Jul 2008 20:01:38 945.944 A.... "C:\Programme\AVG\AVG8\avgabout.dll"
11 Jul 2008 20:01:38 312.600 A.... "C:\Programme\AVG\AVG8\avgapix.dll"
11 Jul 2008 20:01:38 405.272 A.... "C:\Programme\AVG\AVG8\avgcfgex.exe"
11 Jul 2008 20:01:38 557.848 A.... "C:\Programme\AVG\AVG8\avgcfgx.dll"
11 Jul 2008 20:01:42 202.008 A.... "C:\Programme\AVG\AVG8\avgcmgr.exe"
11 Jul 2008 20:01:42 1.351.960 A.... "C:\Programme\AVG\AVG8\avgcorex.dll"
11 Jul 2008 20:01:42 67.352 A.... "C:\Programme\AVG\AVG8\avgcrlpx.dll"
11 Jul 2008 20:01:38 68.376 A.... "C:\Programme\AVG\AVG8\avgdumpx.exe"
11 Jul 2008 20:01:40 1.000.728 A.... "C:\Programme\AVG\AVG8\avgfrw.exe"
11 Jul 2008 20:01:38 582.424 A.... "C:\Programme\AVG\AVG8\avginet.dll"
11 Jul 2008 20:01:38 443.672 A.... "C:\Programme\AVG\AVG8\avgiproxy.exe"
11 Jul 2008 20:01:38 152.856 A.... "C:\Programme\AVG\AVG8\avglngx.dll"
11 Jul 2008 20:01:42 161.048 A.... "C:\Programme\AVG\AVG8\avglogx.dll"
11 Jul 2008 20:01:38 170.776 A.... "C:\Programme\AVG\AVG8\avgmail.dll"
11 Jul 2008 20:01:38 281.880 A.... "C:\Programme\AVG\AVG8\avgmvflx.dll"
11 Jul 2008 20:01:38 247.064 A.... "C:\Programme\AVG\AVG8\avgoff2k.dll"
11 Jul 2008 20:01:50 79.128 A.... "C:\Programme\AVG\AVG8\avgpp.dll"
11 Jul 2008 20:01:42 966.424 A.... "C:\Programme\AVG\AVG8\avgresf.dll"
11 Jul 2008 20:01:38 287.000 A.... "C:\Programme\AVG\AVG8\avgrsx.exe"
11 Jul 2008 20:01:38 294.168 A.... "C:\Programme\AVG\AVG8\avgscanx.dll"
11 Jul 2008 20:01:38 551.192 A.... "C:\Programme\AVG\AVG8\avgscanx.exe"
11 Jul 2008 20:01:38 330.520 A.... "C:\Programme\AVG\AVG8\avgsched.dll"
11 Jul 2008 20:01:42 99.608 A.... "C:\Programme\AVG\AVG8\avgse.dll"
11 Jul 2008 20:01:38 161.048 A.... "C:\Programme\AVG\AVG8\avgsrmax.exe"
11 Jul 2008 20:01:38 358.168 A.... "C:\Programme\AVG\AVG8\avgsrmx.dll"
11 Jul 2008 20:01:42 455.960 A.... "C:\Programme\AVG\AVG8\avgssie.dll"
11 Jul 2008 20:01:38 1.232.152 A.... "C:\Programme\AVG\AVG8\avgtray.exe"
11 Jul 2008 20:01:38 2.749.720 A.... "C:\Programme\AVG\AVG8\avgui.exe"
11 Jul 2008 20:01:42 1.821.976 A.... "C:\Programme\AVG\AVG8\avguiadv.dll"
11 Jul 2008 20:01:42 1.948.440 A.... "C:\Programme\AVG\AVG8\avguires.dll"
11 Jul 2008 20:01:38 1.066.240 A.... "C:\Programme\AVG\AVG8\avgupd.dll"
11 Jul 2008 20:01:38 640.280 A.... "C:\Programme\AVG\AVG8\avgupd.exe"
11 Jul 2008 20:01:38 309.528 A.... "C:\Programme\AVG\AVG8\avgvvx.dll"
11 Jul 2008 20:01:38 833.304 A.... "C:\Programme\AVG\AVG8\avgwd.dll"
11 Jul 2008 20:01:38 231.192 A.... "C:\Programme\AVG\AVG8\avgwdsvc.exe"
11 Jul 2008 20:01:38 223.512 A.... "C:\Programme\AVG\AVG8\avgwdwsc.dll"
11 Jul 2008 20:01:42 308.504 A.... "C:\Programme\AVG\AVG8\avgxpl.dll"
11 Jul 2008 20:01:50 18.984 A.... "C:\Programme\AVG\AVG8\contacts_us.html"
11 Jul 2008 20:01:50 1.045.128 A.... "C:\Programme\AVG\AVG8\dbghelp.dll"
11 Jul 2008 20:01:38 59.069 A.... "C:\Programme\AVG\AVG8\dfncfg.dat"
11 Jul 2008 20:01:42 862.808 A.... "C:\Programme\AVG\AVG8\setup.dat"
11 Jul 2008 20:01:42 2.539.800 A.... "C:\Programme\AVG\AVG8\setup.exe"
14 Jun 2008 12:10:54 1.991.211 A.... "C:\Programme\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\ISSetup.dll"
14 Jun 2008 12:09:08 294.912 A.... "C:\Programme\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe"
2 Jul 2008 14:50:02 535.552 ..... "C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\ISSetup.dll"
2 Jul 2008 14:50:02 372.736 A.... "C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe"
2 Jul 2008 14:50:02 156.616 A.... "C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\_Setup.dll"
8 Jun 2008 15:55:42 25.088 A.... "C:\Programme\Logitech\Profiler\LWPGames.dat"
6 Jul 2008 19:44:42 67.696 A.... "C:\Programme\Mozilla Firefox\components\jar50.dll"
6 Jul 2008 19:44:42 54.376 A.... "C:\Programme\Mozilla Firefox\components\jsd3250.dll"
6 Jul 2008 19:44:42 34.952 A.... "C:\Programme\Mozilla Firefox\components\myspell.dll"
6 Jul 2008 19:44:46 46.720 A.... "C:\Programme\Mozilla Firefox\components\spellchk.dll"
6 Jul 2008 19:44:46 172.144 A.... "C:\Programme\Mozilla Firefox\components\xpinstal.dll"
6 Jul 2008 19:45:02 22.664 A.... "C:\Programme\Mozilla Firefox\plugins\npnul32.dll"
6 Jul 2008 19:45:06 117 A.... "C:\Programme\Mozilla Firefox\res\hiddenWindow.html"
6 Jul 2008 19:45:08 451.928 A.... "C:\Programme\Mozilla Firefox\uninstall\helper.exe"
12 Jul 2008 19:17:44 0 A.... "C:\Programme\Softwin\BitDefender8\schedule.dat"
12 Jul 2008 18:39:00 225 A.... "C:\Programme\Tobit ClipInc\Server\provider-1253034.dat"
22 May 2008 17:02:38 112.128 A.... "C:\Programme\Valve\Steam\CSERHelper.dll"
22 May 2008 17:02:22 1.039.192 A.... "C:\Programme\Valve\Steam\dbghelp.dll"
22 May 2008 17:02:40 210.168 A.... "C:\Programme\Valve\Steam\GameOverlayRenderer.dll"
22 May 2008 17:02:40 1.012.984 A.... "C:\Programme\Valve\Steam\GameOverlayUI.exe"
22 May 2008 17:02:50 540.672 A.... "C:\Programme\Valve\Steam\mss32_s.dll"
22 May 2008 17:02:24 3.028.216 A.... "C:\Programme\Valve\Steam\Steam.dll"
22 May 2008 17:02:00 1.271.032 A.... "C:\Programme\Valve\Steam\Steam.exe"
22 May 2008 17:02:38 2.273.528 A.... "C:\Programme\Valve\Steam\steamclient.dll"
22 May 2008 17:02:20 2.932.984 A.... "C:\Programme\Valve\Steam\SteamUI.dll"
22 May 2008 17:02:38 229.112 A.... "C:\Programme\Valve\Steam\tier0_s.dll"
22 May 2008 17:02:40 345.848 A.... "C:\Programme\Valve\Steam\vstdlib_s.dll"
22 May 2008 17:02:18 251.128 A.... "C:\Programme\Valve\Steam\WriteMiniDump.exe"
13 May 2008 17:23:38 417.792 A.... "C:\Programme\Windows Media Player\Plugins\wmp_scrobbler.dll"
13 Jul 2008 14:44:32 13.338 A.... "C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\plugins.htm"
12 Jul 2008 19:16:14 0 A.... "C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\versions.dat"
12 Jul 2008 19:16:00 1.043 A.... "C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Local Manager\products.dat"
6 Jul 2008 19:44:46 7.164 A.... "C:\Programme\Mozilla Firefox\defaults\profile\bookmarks.html"
11 Jul 2008 19:37:28 318 A.... "C:\Programme\Tobit ClipInc\Server\Audio\BIG.fm[17-47 11-07-2008 128602720741846250].dat"
11 Jul 2008 20:22:06 318 A.... "C:\Programme\Tobit ClipInc\Server\Audio\BIG.fm[19-37 11-07-2008 128602786401718750].dat"
11 Jul 2008 20:48:46 318 A.... "C:\Programme\Tobit ClipInc\Server\Audio\BIG.fm[20-24 11-07-2008 128602814947343750].dat"
12 Jul 2008 16:37:12 318 A.... "C:\Programme\Tobit ClipInc\Server\Audio\BIG.fm[14-26 12-07-2008 128603464002500000].dat"
12 Jul 2008 22:21:16 318 A.... "C:\Programme\Tobit ClipInc\Server\Audio\BIG.fm[18-38 12-07-2008 128603615397812500].dat"
12 Jul 2008 18:30:56 318 A.... "C:\Programme\Tobit ClipInc\Server\Audio\BIG.fm[18-07 12-07-2008 128603596597031250].dat"
10 Jul 2008 18:23:38 318 A.... "C:\Programme\Tobit ClipInc\Server\Audio\BIG.fm[17-23 10-07-2008 128601842073750000].dat"
12 Jul 2008 17:53:34 318 A.... "C:\Programme\Tobit ClipInc\Server\Audio\BIG.fm[16-40 12-07-2008 128603544310781250].dat"
11 Jul 2008 17:47:52 318 A.... "C:\Programme\Tobit ClipInc\Server\Audio\BIG.fm[17-47 11-07-2008 128602720685156250].dat"
13 Jul 2008 14:43:54 318 A.... "C:\Programme\Tobit ClipInc\Server\Audio\BIG.fm[14-43 13-07-2008 128604338284218750].dat"
11 Jul 2008 20:48:50 318 A.... "C:\Programme\Tobit ClipInc\Server\Audio\POWERHITZ[20-24 11-07-2008 128602814943750000].dat"
12 Jul 2008 22:21:22 318 A.... "C:\Programme\Tobit ClipInc\Server\Audio\POWERHITZ[18-38 12-07-2008 128603615381718750].dat"
12 Jul 2008 16:37:16 318 A.... "C:\Programme\Tobit ClipInc\Server\Audio\POWERHITZ[14-26 12-07-2008 128603463921406250].dat"
12 Jul 2008 17:53:38 318 A.... "C:\Programme\Tobit ClipInc\Server\Audio\POWERHITZ[16-40 12-07-2008 128603544052968750].dat"
12 Jul 2008 18:31:00 318 A.... "C:\Programme\Tobit ClipInc\Server\Audio\POWERHITZ[18-07 12-07-2008 128603596585000000].dat"
11 Jul 2008 19:37:20 318 A.... "C:\Programme\Tobit ClipInc\Server\Audio\POWERHITZ[17-47 11-07-2008 128602720670752500].dat"
12 Jul 2008 18:39:02 318 A.... "C:\Programme\Tobit ClipInc\Server\Audio\POWERHITZ[21-39 09-07-2008 128601131445961250].dat"
11 Jul 2008 20:22:10 318 A.... "C:\Programme\Tobit ClipInc\Server\Audio\POWERHITZ[19-37 11-07-2008 128602786385625000].dat"
10 Jul 2008 18:23:42 318 A.... "C:\Programme\Tobit ClipInc\Server\Audio\POWERHITZ[17-23 10-07-2008 128601842078906250].dat"
23 May 2008 17:58:10 573.800 A.... "C:\Programme\Valve\Steam\appcache\imagecache.dat"
22 May 2008 17:02:24 193.272 A.... "C:\Programme\Valve\Steam\bin\FileSystem_Steam.dll"
22 May 2008 17:02:24 1.277.688 A.... "C:\Programme\Valve\Steam\bin\friendsUI.dll"
22 May 2008 17:02:26 540.672 A.... "C:\Programme\Valve\Steam\bin\mss32_s.dll"
22 May 2008 17:02:26 185.592 A.... "C:\Programme\Valve\Steam\bin\nattypeprobe.dll"
22 May 2008 17:02:26 2.561.272 A.... "C:\Programme\Valve\Steam\bin\p2pcore.dll"
22 May 2008 17:02:28 1.365.240 A.... "C:\Programme\Valve\Steam\bin\p2pvoice.dll"
22 May 2008 17:02:28 937.208 A.... "C:\Programme\Valve\Steam\bin\ServerBrowser.dll"
22 May 2008 17:02:28 615.672 A.... "C:\Programme\Valve\Steam\bin\SteamService.dll"
22 May 2008 17:02:30 87.288 A.... "C:\Programme\Valve\Steam\bin\SteamService.exe"
22 May 2008 17:02:30 197.880 A.... "C:\Programme\Valve\Steam\bin\vaudio_speex.dll"
22 May 2008 17:02:30 439.032 A.... "C:\Programme\Valve\Steam\bin\vgui2.dll"
22 May 2008 17:02:30 1.748 A.... "C:\Programme\Valve\Steam\Public\Account.html"
22 May 2008 17:02:30 36.596 A.... "C:\Programme\Valve\Steam\Public\ssa_english.htm"
22 May 2008 17:02:30 41.518 A.... "C:\Programme\Valve\Steam\Public\ssa_french.htm"
22 May 2008 17:02:30 43.448 A.... "C:\Programme\Valve\Steam\Public\ssa_german.htm"
22 May 2008 17:02:30 42.536 A.... "C:\Programme\Valve\Steam\Public\ssa_italian.htm"
22 May 2008 17:02:30 68.253 A.... "C:\Programme\Valve\Steam\Public\ssa_russian.htm"
22 May 2008 17:02:30 41.413 A.... "C:\Programme\Valve\Steam\Public\ssa_spanish.htm"
11 Jul 2008 20:01:38 423.192 A.... "C:\Programme\AVG\AVG8\Firefox\Components\avgssff.dll"
18 May 2008 17:51:10 1.949.696 A.... "C:\Programme\ICQ6\services\boxelyRenderer\VER2_5_5_1\boxelyrenderer.dll"
18 May 2008 17:51:12 89.600 A.... "C:\Programme\ICQ6\services\urlData\ver1_5_2_1\urlData.dll"
6 Jul 2008 19:44:46 99.840 A.... "C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org\components\BrandRes.dll"
6 Jul 2008 19:44:48 156.544 A.... "C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org\components\fullsoft.dll"
6 Jul 2008 19:44:48 14.456 A.... "C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll"
6 Jul 2008 19:44:48 407.040 A.... "C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org\components\talkback.exe"
24 May 2008 0:41:44 106.496 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\hl2.exe"
2 Jul 2008 14:54:24 4.536 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\content\avatar\avatars4.html"
2 Jul 2008 14:54:24 94.764 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\content\avatar\avatars_galerry4.html"
2 Jul 2008 14:54:24 1.436 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\content\avatar\connect.htm"
2 Jul 2008 14:52:52 4.600 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\content\game_center\index2.html"
2 Jul 2008 14:52:52 619 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\content\game_center\lobby_banner.html"
2 Jul 2008 14:52:54 36.883 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\content\zlango\content.zip"
2 Jul 2008 14:51:32 4.611 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\avatar\avatar.zip"
2 Jul 2008 14:51:32 4.137 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\babylon_feed\flower.zip"
2 Jul 2008 14:51:32 5.704 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\backgammon\backgammon.zip"
2 Jul 2008 14:51:32 16.115 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\bob\bob.zip"
2 Jul 2008 14:51:32 5.865 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\checkers\checkers.zip"
2 Jul 2008 14:51:32 5.170 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\comming_up\comming_up.zip"
2 Jul 2008 14:51:32 4.137 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\coreg\flower.zip"
2 Jul 2008 14:51:32 4.162 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\darts\darts.zip"
2 Jul 2008 14:51:32 17.545 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\email_nudnik\email_nudnik.zip"
2 Jul 2008 14:51:32 14.036 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\funky_neighbours\funky_neighbours.zip"
2 Jul 2008 14:51:32 15.722 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\game_center\games_center.zip"
2 Jul 2008 14:51:36 576.181 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\game_center\xtratranspdlg2.zip"
2 Jul 2008 14:51:32 4.137 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\icq5_notification\flower.zip"
2 Jul 2008 14:51:32 11.253 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\icq_card\icq_card.zip"
2 Jul 2008 14:51:34 3.219 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\icq_dialer\icq_dialer.zip"
2 Jul 2008 14:51:34 3.152 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\icq_sounds\sounds.zip"
2 Jul 2008 14:51:34 8.374 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\icq_welcome\welcome.zip"
2 Jul 2008 14:51:34 15.722 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\mini_game_center\games_center.zip"
2 Jul 2008 14:51:34 53.189 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\mini_game_center\images.zip"
2 Jul 2008 14:51:34 4.539 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\odd_cast_vhost\oddcast.zip"
2 Jul 2008 14:51:34 1.466 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\p7de_cinema\p7_cinema.zip"
2 Jul 2008 14:51:34 4.172 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\p7de_mobileshop\mobile_shop.zip"
2 Jul 2008 14:51:34 2.988 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\p7de_n24news\n24.zip"
2 Jul 2008 14:51:34 4.325 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\p7de_planet\planet_popstars.zip"
2 Jul 2008 14:51:34 3.504 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\p7de_playground\p7_playground.zip"
2 Jul 2008 14:51:34 2.668 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\p7de_shirtstudio\shirtstudio.zip"
2 Jul 2008 14:51:34 5.106 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\p7de_topmodel\p7_topModel.zip"
2 Jul 2008 14:51:34 2.364 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\p7_billing\p7_billing.zip"
2 Jul 2008 14:51:34 4.830 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\pccw_billing\pccw_billing.zip"
2 Jul 2008 14:51:34 5.647 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\pccw_pay_gmib\pccw_pay_gmib.zip"
2 Jul 2008 14:51:34 5.145 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\photo_cropper\photo.zip"
2 Jul 2008 14:51:34 5.194 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\poker\poker.zip"
2 Jul 2008 14:51:34 6.187 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\pool\pool.zip"
2 Jul 2008 14:51:34 5.389 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\rps\rps.zip"
2 Jul 2008 14:51:34 5.078 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\s1de_auto\auto.zip"
2 Jul 2008 14:51:34 2.551 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\s1de_connect4\connectfour.zip"
2 Jul 2008 14:51:34 4.499 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\s1de_horoscope\horoskope.zip"
2 Jul 2008 14:51:34 4.718 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\s1de_soccer\soccer.zip"
2 Jul 2008 14:51:34 1.212 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\s1de_sudoku\sudoku.zip"
2 Jul 2008 14:51:34 4.984 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\slide-a-lama\slide-a-lama.zip"
2 Jul 2008 14:51:34 5.357 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\sms_activation\sms_activation.zip"
2 Jul 2008 14:51:34 16.352 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\teddy\teddy.zip"
2 Jul 2008 14:51:34 17.935 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\teddy2\teddy2.zip"
2 Jul 2008 14:51:34 4.706 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\warsheep\warsheep.zip"
2 Jul 2008 14:51:34 14.352 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\word_puzzle\word_puzzle.zip"
2 Jul 2008 14:51:34 9.696 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\xicq_admirer_matchx\admirer.zip"
2 Jul 2008 14:51:34 9.696 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\xicq_admirer_top5x\admirer.zip"
2 Jul 2008 14:51:34 9.696 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\xicq_admirerx\admirer.zip"
2 Jul 2008 14:52:54 27.586 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\zlango\images.zip"
2 Jul 2008 14:51:34 6.123 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\zlango\zlango1.zip"
2 Jul 2008 14:51:36 4.922 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\zoopaloola\zoopaloola.zip"
24 May 2008 0:41:34 843.776 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\AdminServer.dll"
24 May 2008 0:41:32 397.312 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\bsppack.dll"
24 May 2008 0:42:00 180.224 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\bugreporter.dll"
24 May 2008 0:42:02 163.840 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\bugreporter_public.dll"
24 May 2008 0:41:42 139.264 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\datacache.dll"
24 May 2008 0:41:44 974.848 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\datamodel.dll"
24 May 2008 0:41:50 200.704 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\dmserializers.dll"
24 May 2008 0:42:00 3.883.008 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\engine.dll"
24 May 2008 0:42:00 323.584 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\FileSystem_Steam.dll"
24 May 2008 0:41:50 770.048 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\friendsui.dll"
24 May 2008 0:42:20 1.843.200 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\GameUI.dll"
24 May 2008 0:41:46 69.632 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\inputsystem.dll"
24 May 2008 0:41:56 180.224 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\launcher.dll"
24 May 2008 0:41:46 602.112 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\MaterialSystem.dll"
24 May 2008 0:42:26 372.736 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\Mss32.dll"
24 May 2008 0:41:52 94.208 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\parsifal.dll"
24 May 2008 0:41:44 102.400 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\scenefilecache.dll"
24 May 2008 0:42:32 790.528 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\ServerBrowser.dll"
24 May 2008 0:41:48 619.768 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\shaderapidx9.dll"
24 May 2008 0:41:48 106.496 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\shaderapiempty.dll"
24 May 2008 0:41:50 200.704 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\SoundEmitterSystem.dll"
24 May 2008 0:41:48 126.976 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\soundsystem.dll"
24 May 2008 0:42:08 286.720 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\stdshader_dx9.dll"
24 May 2008 0:42:08 126.976 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\stdshader_dbg.dll"
24 May 2008 0:42:08 172.032 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\stdshader_dx6.dll"
24 May 2008 0:42:08 122.880 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\stdshader_dx7.dll"
24 May 2008 0:42:08 229.376 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\stdshader_dx8.dll"
24 May 2008 0:41:54 64.000 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\steam_api.dll"
24 May 2008 0:41:50 409.600 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\StudioRender.dll"
24 May 2008 0:41:32 214.264 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\tier0.dll"
24 May 2008 0:41:26 241.664 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\tier0_s.dll"
24 May 2008 0:41:32 147.456 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\TrackerNET.dll"
24 May 2008 0:41:34 843.776 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\TrackerUI.dll"
24 May 2008 0:41:44 53.248 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\unicode.dll"
24 May 2008 0:41:34 245.408 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\unicows.dll"
24 May 2008 0:42:00 37.888 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\unitlib.dll"
24 May 2008 0:41:54 77.824 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\valve_avi.dll"
24 May 2008 0:42:26 57.344 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\vaudio_miles.dll"
24 May 2008 0:43:40 155.648 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\vaudio_speex.dll"
24 May 2008 0:41:46 460.280 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\vgui2.dll"
24 May 2008 0:41:48 792.056 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\vguimatsurface.dll"
24 May 2008 0:41:54 1.187.840 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\vphysics.dll"
24 May 2008 0:42:02 118.784 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\vstdlib.dll"
24 May 2008 0:41:28 229.376 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\vstdlib_s.dll"
24 May 2008 0:41:56 352.256 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\bin\vtex.dll"
24 May 2008 0:43:44 110.657 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\demoheader.tmp"
18 May 2008 17:51:36 2.337 A.... "C:\Programme\ICQ6\services\icqApp\ver1\theme\IMAGES\XtraPreloader\connect.htm"
24 May 2008 0:42:12 4.165.632 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\bin\client.dll"
24 May 2008 0:42:14 6.066.176 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\bin\server.dll"
23 May 2008 16:51:56 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\0047fcfb.dat"
23 May 2008 17:31:14 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\01c39b86.dat"
23 May 2008 17:56:30 5.680 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\0294f821.dat"
23 May 2008 16:52:10 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\066b2e76.dat"
23 May 2008 17:32:16 11.144 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\0870da00.dat"
23 May 2008 16:52:22 43.912 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\09f7fbe0.dat"
22 May 2008 19:40:02 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\0e7f8bde.dat"
23 May 2008 17:04:00 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\185ff509.dat"
23 May 2008 17:22:40 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\186aefd1.dat"
22 May 2008 19:45:32 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\2258cff1.dat"
23 May 2008 17:10:56 22.080 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\248b7dc0.dat"
23 May 2008 16:52:14 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\28d299f7.dat"
23 May 2008 17:41:46 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\2cb84df9.dat"
23 May 2008 16:52:16 11.144 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\30555689.dat"
23 May 2008 17:20:42 43.912 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\31c38bbb.dat"
22 May 2008 19:53:44 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\32576554.dat"
23 May 2008 16:52:08 87.600 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\3762dba1.dat"
22 May 2008 19:39:48 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\3c9377de.dat"
23 May 2008 16:53:30 87.600 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\4112d51e.dat"
22 May 2008 19:39:54 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\454f0574.dat"
23 May 2008 16:51:44 43.872 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\4da95abd.dat"
23 May 2008 16:52:02 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\50635851.dat"
22 May 2008 19:40:00 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\507a7114.dat"
23 May 2008 16:51:56 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\51122a3e.dat"
23 May 2008 17:11:12 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\52f1e0ad.dat"
23 May 2008 17:35:12 43.912 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\55d133d2.dat"
22 May 2008 19:47:14 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\55d27634.dat"
23 May 2008 16:57:18 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\57cca965.dat"
24 May 2008 0:56:12 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\63ce0345.dat"
23 May 2008 16:58:28 43.856 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\690e3e0c.dat"
22 May 2008 19:39:44 87.600 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\69e8568a.dat"
22 May 2008 19:45:52 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\6b746c5d.dat"
23 May 2008 17:14:54 87.600 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\6d73a290.dat"
22 May 2008 19:39:50 43.912 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\6d7b6bd5.dat"
24 May 2008 1:06:58 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\789ba220.dat"
24 May 2008 1:04:18 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\7c425e7f.dat"
24 May 2008 0:44:02 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\7fa0b228.dat"
22 May 2008 19:40:00 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\8c36f72b.dat"
23 May 2008 16:56:08 87.600 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\951d5b2a.dat"
23 May 2008 17:32:08 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\967b25da.dat"
24 May 2008 0:43:58 87.600 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\9c33f7e4.dat"
23 May 2008 17:39:12 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\a6f43c39.dat"
22 May 2008 19:39:56 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\a86fc2e7.dat"
24 May 2008 1:06:04 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\a941a1c0.dat"
24 May 2008 0:50:52 11.144 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\b043dd5a.dat"
23 May 2008 17:34:44 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\b80105c8.dat"
23 May 2008 17:08:48 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\c474eae5.dat"
22 May 2008 19:47:18 87.600 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\c49d5113.dat"
24 May 2008 0:43:44 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\c8d0faf5.dat"
23 May 2008 17:50:12 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\c98c2224.dat"
23 May 2008 17:50:00 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\ca931b3e.dat"
22 May 2008 19:40:18 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\d089c8c1.dat"
23 May 2008 16:52:26 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\dae71182.dat"
23 May 2008 16:52:06 43.912 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\df564cba.dat"
23 May 2008 17:38:46 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\e127393b.dat"
24 May 2008 0:44:08 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\e9046caf.dat"
22 May 2008 19:59:56 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\e9be69eb.dat"
23 May 2008 16:52:26 11.144 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\eeda9e6b.dat"
23 May 2008 16:52:28 87.600 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\f234fb28.dat"
23 May 2008 16:52:16 87.616 A.... "C:\Programme\Valve\Steam\SteamApps\don_zip\counter-strike source\cstrike\downloads\f77d940a.dat"


Files with hidden attributes:

Mon 13 Aug 2007 4,348 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\DRMv1.bak"
Tue 5 Jun 2007 126,976 A..H. --- "C:\Dokumente und Einstellungen\5h15h4\Eigene Dateien\Temp\~55.tmp"


Program Folders:

C:\Programme\

Adobe
Ahead
Antivirus 2008 PRO
Apple Software Update
AVG
CCleaner
C-Media 3D Audio
ComPlus Applications
DivX
DsNET Corp
Gemeinsame Dateien
Google
GSC World Publishing
ICQ6
ICQ6Toolbar
ICQToolbar
InstallShield Installation Information
Internet Explorer
Java
Last.fm
LimeWire
Logitech
Mafia
MediaMonkey
Messenger
microsoft frontpage
Microsoft Office
Microsoft Visual Studio
Microsoft Works
Microsoft.NET
Movie Maker
Mozilla Firefox
MP3 WAV Converter
MPlayerC
MSN
MSN Gaming Zone
MSN Messenger
NetMeeting
Online Services
Online-Dienste
Opera
Outlook Express
PCHealthCenter
QuickTime
Real
Real Alternative
Recordings
Rockstar Games
Sierra On-Line
Softwin
SpyNoMore
Taschenrechner
Tobit ClipInc
TomsTuningTools
Uninstall Information
uTorrent
Valve
VAV
Veoh Networks
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
xerox
Xvid
Yahoo!

C:\Programme\Gemeinsame Dateien\

Adobe
DESIGNER
Dienste
InstallShield
Java
Logitech
Microsoft Shared
MSSoap
ODBC
Real
Softwin
SpeechEngines
System
Tobit


Add/Remove Programs:

Adobe Flash Player Plugin
AVG Free 8.0
C-Media 3D Audio
Caesar 3
Carom3D
CCleaner (remove only)
Google Updater
ICQ Toolbar
Icy Tower v1.3.1
VeohTV BETA
Windows Installer 3.1 (KB893803)
Last.fm 1.5.0.24910
LimeWire 4.12.11
MediaMonkey 2.5
Mozilla Firefox (2.0.0.15)
MP3 WAV Converter 3.30
MSN
NVIDIA Drivers
PCFriendly
Real Alternative 1.60
Sierra-Dienstprogramme
SpyNoMore 2.67
Taschenrechner 1.2
Tobit.Software ClipInc.
µTorrent
WebVideo Support
Windows Media Format Runtime
Windows Media Player 10
WinRAR Archivierer
Xvid 1.1.3 final uninstall
Yahoo! Toolbar mit Pop-Up-Blocker
Yahoo! Toolbar
Yahoo! Install Manager
VeohTV BETA
Steam(TM)
AutoUpdate
Windows Live Messenger
MPlayer Control v1.0.1
J2SE Runtime Environment 5.0 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Opera 9.21
Logitech MouseWare 9.80
Logitech Gaming Software
Tom's Tuning Tools
ICQ6
Microsoft Visual C++ 2005 Redistributable
Apple Software Update
BitDefender 8 Free Edition
DivX Codec
DivX Player
Microsoft Office Professional Edition 2003
QuickTime
Nero - Burning Rom
Adobe Reader 8.1.2 - Deutsch
DivX Converter
DivX Web Player
aTube Catcher 1.0 rc2
BMW M3 Challenge
DivX Content Uploader
Half-Life(R) 2
Max Payne 2
µTorrent


Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG8_TRAY"="C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SNM"="C:\\Programme\\SpyNoMore\\SNM.exe /startup"
"BDMCon"="\"C:\\Programme\\Softwin\\BitDefender8\\bdmcon.exe\""
"BDNewsAgent"="\"C:\\Programme\\Softwin\\BitDefender8\\bdnagent.exe\""
"0c0ae63d"="rundll32.exe \"C:\\WINDOWS\\system32\\tgjktrvh.dll\",b"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ICQ"="\"C:\\Programme\\ICQ6\\ICQ.exe\" silent"


Bot Check:

SERVICE_NAME: wscsvc
DISPLAY_NAME : Sicherheitscenter
START_TYPE : 2 AUTO_START

SERVICE_NAME: sharedaccess
DISPLAY_NAME : Windows-Firewall/Gemeinsame Nutzung der Internetverbindung
START_TYPE : 2 AUTO_START

SERVICE_NAME: wuauserv
DISPLAY_NAME : Automatische Updates
START_TYPE : 4 DISABLED

SERVICE_NAME: srservice
DISPLAY_NAME : Systemwiederherstellungsdienst
START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"WaitToKillServiceTimeout"="20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"TransportBindName"="\\Device\\"


ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{43FCD2CF-5569-4208-97D2-52748E0EF6A0}"=""



Environment:


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\QuickTime\QTSystem\
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
CLASSPATH REG_SZ .;C:\Programme\Java\jre1.6.0_01\lib\ext\QTJava.zip
QTJAVA REG_SZ C:\Programme\Java\jre1.6.0_01\lib\ext\QTJava.zip

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0C:\WINDOWS\system32\geBQjJDW\0\0


Subsystem Startup:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"


Midi Drivers:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midi"="wdmaud.drv"


Non-Default IFEO Debugger:


Non-Default Installed Components:


Non-Default Safeboot Minimal:


File Associations:


[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\http\shell\open\command]
@="\"C:\\Programme\\Internet Explorer\\iexplore.exe\" -nohome"

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Programme\\Internet Explorer\\iexplore.exe\" -nohome"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"


Finished!

#20 >>
wende rvaxo im abgesicherten Modus (oder im normalmodus) an + poste dann den report hier
http://virus-protect.org/artikel/tools/rvaxo.html

>>
Funktioniert Combofix jetzt?
http://virus-protect.org/artikel/tools/combofix.html

Gruss Swiss

#21 hab jetzt mal ne cd gebrannt, von einem anderen pc mit hijackthis und malwarebytes ....

aber jetzt kommt immer das ich nicht die urheberrechte dazu hab, oder der angegebene pfad nicht stimmt ...

auf dem andren computer hat alles wunderbar funktioniert

#22 Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere in das weisse Feld:

Zitat

Files to delete:
C:\WINDOWS\enfp.exe
C:\WINDOWS\fdxbameg.dll
C:\WINDOWS\fsrpknov.dll
C:\WINDOWS\gpefaowr.exe
C:\WINDOWS\ntbtlog.txt
C:\WINDOWS\sqvgnrpx.dll
C:\WINDOWS\Sys3.exe
C:\WINDOWS\Sys4.exe
C:\WINDOWS\Sys43.exe
C:\WINDOWS\Sys44.exe
C:\WINDOWS\wbxdpgfelkn.dll
C:\WINDOWS\system32\00B947F8_kds.xml
C:\WINDOWS\system32\00B94858_kds.xml
C:\WINDOWS\system32\00B94938_kds.xml
C:\WINDOWS\system32\07292243-.txt"
C:\WINDOWS\system32\avgrsstx.dll
C:\WINDOWS\system32\bthait.dll
C:\WINDOWS\system32\bylgesmg.dll
C:\WINDOWS\system32\cxqtalun.dll
C:\WINDOWS\system32\fccyXRkl.dll
C:\WINDOWS\system32\geBQjJDW.dll
C:\WINDOWS\system32\hvrtkjgt.ini
C:\WINDOWS\system32\hxoipaff.dll
C:\WINDOWS\system32\jdpald.dll
C:\WINDOWS\system32\kaegpwop.ini
C:\WINDOWS\system32\lqqfonbs.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nscompat.tlb
C:\WINDOWS\system32\okrpbumt.ini
C:\WINDOWS\system32\opnkkLEt.dll
C:\WINDOWS\system32\powpgeak.dll
C:\WINDOWS\system32\qeubwk.dll
C:\WINDOWS\system32\sbnofqql.dll
C:\WINDOWS\system32\sex1.ico
C:\WINDOWS\system32\sex2.ico
C:\WINDOWS\system32\tgjktrvh.dll
C:\WINDOWS\system32\vav.cpl
C:\WINDOWS\system32\WDJjQBeg.ini
C:\WINDOWS\system32\WDJjQBeg.ini2
C:\Dokumente und Einstellungen\%Username%\Desktop\antivirus-2008pro.lnk
C:\Dokumente und Einstellungen\%Username%\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk
Folders to delete:
C:\Dokumente und Einstellungen\5h15h4\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K9IN49UZ
C:\Programme\Antivirus 2008 PRO
C:\Programme\PCHealthCenter
C:\Programme\SpyNoMore
C:\Programme\VAV
C:\Dokumente und Einstellungen\%Username%\Startmenü\Programme\Antivirus 2008 PRO

schliesse alle offenen Programme (denn nach Anwendung des Avengers wird der Rechner neustarten)

Klicke: Execute

bestätige, dass der Rechner neu gestartet wird - klicke "yes"

nach dem Neustart erscheint automatisch ein Log vom Avenger - (C:\avenger.txt), kopiere es ab - mit rechtem Mausklick - kopieren - einfügen

««
Dann versuch noch einmal Malwarebytes und poste ein HJT Log.

Gruss Swiss

#23 @ Tonstudio ...

ich kann des net runterladen ...

aber ich such mal weiter ...

außerdem geht mein Taskmanager (Strg,Alt,Entf) wieder ...

habs auch geschafft ein hijackthis log zu erstellen

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:27: VIRUS ALERT!, on 13.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ICQ6\ICQ.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Dokumente und Einstellungen\5h15h4\Desktop\HijackThis_61608.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = //softwarereferral./jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: QXK Olive - {3EE58090-72BB-4B74-AC0C-FBC6E1B119A5} - C:\WINDOWS\wbxdpgfelkn.dll
O2 - BHO: (no name) - {43FCD2CF-5569-4208-97D2-52748E0EF6A0} - C:\WINDOWS\system32\opnkkLEt.dll
O2 - BHO: (no name) - {70433412-9e24-45f4-806b-8a5d98c900bf} - C:\WINDOWS\system32\qeubwk.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7CF40744-E183-4760-832C-C864BFF2093A} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: {623379ea-6b9e-36a8-bfa4-f32ccfd1da0b} - {b0ad1dfc-c23f-4afb-8a63-e9b6ae973326} - C:\WINDOWS\system32\jdpald.dll
O2 - BHO: (no name) - {C4508F21-4190-46A8-9A4C-D735C61D6B01} - C:\WINDOWS\system32\geBQjJDW.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: sqvgnrpx - {8D52F0EB-21CC-422D-8042-D2F69614D8A6} - C:\WINDOWS\sqvgnrpx.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SNM] C:\Programme\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [BDMCon] "C:\Programme\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programme\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [0c0ae63d] rundll32.exe "C:\WINDOWS\system32\tgjktrvh.dll",b
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: opnkkLEt - C:\WINDOWS\SYSTEM32\opnkkLEt.dll
O21 - SSODL: fsrpknov - {B70BAD8E-BF31-417D-B7EA-AF6349510D47} - C:\WINDOWS\fsrpknov.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 002 (ClipInc002) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 003 (ClipInc003) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
O24 - Desktop Component 0: Privacy Protection - ///C:\WINDOWS\privacy_danger\

--
End of file - 6812 bytes
------------------------------------------------------
soll ich jetzt überall nen hacken hin machen und alles löschen oder was muss ich da noch machen ??

#24 Hallo

>>
Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Einträge (nur bei diesen) bei

Zitat

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://softwarereferral./jump.php?wmid=6010&mid=MjI6Ojg5&lid=2

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: QXK Olive - {3EE58090-72BB-4B74-AC0C-FBC6E1B119A5} - C:\WINDOWS\wbxdpgfelkn.dll

O2 - BHO: (no name) - {43FCD2CF-5569-4208-97D2-52748E0EF6A0} - C:\WINDOWS\system32\opnkkLEt.dll

O2 - BHO: (no name) - {70433412-9e24-45f4-806b-8a5d98c900bf

O2 - BHO: (no name) - {7CF40744-E183-4760-832C-C864BFF2093A} - (no file)

O2 - BHO: {623379ea-6b9e-36a8-bfa4-f32ccfd1da0b} - {b0ad1dfc-c23f-4afb-8a63-e9b6ae973326} - C:\WINDOWS\system32\jdpald.dll

O2 - BHO: (no name) - {C4508F21-4190-46A8-9A4C-D735C61D6B01} - C:\WINDOWS\system32\geBQjJDW.dll

O3 - Toolbar: sqvgnrpx - {8D52F0EB-21CC-422D-8042-D2F69614D8A6} - C:\WINDOWS\sqvgnrpx.dll

O4 - HKLM\..\Run: [0c0ae63d] rundll32.exe "C:\WINDOWS\system32\tgjktrvh.dll",b

O20 - Winlogon Notify: opnkkLEt - C:\WINDOWS\SYSTEM32\opnkkLEt.dll

O21 - SSODL: fsrpknov - {B70BAD8E-BF31-417D-B7EA-AF6349510D47} - C:\WINDOWS\fsrpknov.dll

O24 - Desktop Component 0: Privacy Protection - fC:\WINDOWS\privacy_danger\*

und wähle fix checked + Starte den Rechner neu.

>>
Versuche Malwarebytes.

>>
Falls Malwarebytes immer noch nicht funktioniert, poste dieses Log:
http://virus-protect.org/lsa.html

Gruss Swiss

#25 das Log von LSA ...

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,43,\
00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,00,5c,00,73,00,79,00,\
73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,67,00,65,00,42,00,51,00,6a,00,4a,\
00,44,00,57,00,00,00,00,00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,00,65,00,72,00,62,00,65,00,72,00,6f,00,73,00,00,\
00,6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,73,00,63,00,68,00,61,00,6e,00,\
6e,00,65,00,6c,00,00,00,77,00,64,00,69,00,67,00,65,00,73,00,74,00,00,00,00,\
00
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001
"LsaPid"=dword:00000280
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
"ProviderOrder"=hex(7):57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,4e,00,\
54,00,20,00,41,00,63,00,63,00,65,00,73,00,73,00,20,00,50,00,72,00,6f,00,76,\
00,69,00,64,00,65,00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
6e,00,74,00,6d,00,61,00,72,00,74,00,61,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
"Pattern"=hex:1d,2c,5b,da,0a,06,3d,78,fd,16,45,9f,c0,7e,c4,7b,31,38,64,64,30,\
64,63,66,00,fd,07,00,84,14,00,00,34,fa,07,00,56,82,46,75,20,fa,07,00,40,fd,\
07,00,4c,fd,07,00,32,91,50,65,fe,d4,dd,83,81,f3,e4,18

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
"GrafBlumGroup"=hex:3c,96,79,fd,a4,43,ec,4e,04

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
"Lookup"=hex:8d,1b,de,30,c1,8e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
"SkewMatrix"=hex:7b,c8,ff,bc,34,0f,41,dd,2e,14,f2,f4,b7,ab,bd,a7

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
"Time"=hex:e6,ff,24,93,e2,a6,c7,01

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,5b,d8,39,ad,79,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,0f,9d,3e,ad,79,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,3c,ce,3f,ad,79,c4,01
"Type"=dword:00000031

#26 5h15h4

«
versuche es noch mal mit mit Avenger
http://swandog46.geekstogo.com/avenger.exe

«
dann mit malwarebytes.
__________
MfG Sabina

rund um die PC-Sicherheit

#27

Zitat

Sabina postete
5h15h4

«
versuche es noch mal mit mit Avenger
http://swandog46.geekstogo.com/avenger.exe

«
dann mit malwarebytes.

ich kann den nicht runterladen ...
kannst du den irgendwo bei rapidshare.de oder so online stellen, weil auf der page kann ich den nicht downloaden und ich find den auf keiner andren homepage ...

am dann bitte die .exe datei
-------------------------

also ich hab jetzt mehrer sachen probiert:

combofix.exe konnte ich herunterladen, aber es funktioniert nicht, wenn man einen doppelklick macht.

bei Panda Active Scan kommt immer die fehlermeldung das es die datei nicht gibt, obwohl ich es schon 3-mal installiert habe

Avenger, habe ich glaub das falsche programm kommt mir vor wie ein fileshare programm

ansonsten gibt es nichts neues ...
obwohl antivirus2008 ist glaube ich jetzt komplett gelöscht, es steht jetzt nur noch unten rechts VIRUS ALERT! und im i-net kommen halt immer noch ein paar links ...
ich glaube zu 99% wenn ich malwarebytes durchlaufen lasse, ist mal das grobe behoben ... es müsste nur mal jemand ne .exe datei oder sowas online stellen, bitte!

gruß

#28 das ist ein direkt-download....
http://swandog46.geekstogo.com/avenger.exe

--------------------

http://users.skynet.be/gv_soft/Programmas/GV_Killer.exe - direkt
http://virus-protect.org/artikel/tools/gvkiller.html - Seite (Anleitung)

Doppelklick GV-Killer und TextEditor wird sich öffnen
kopiere das Unterstehende rein:

Zitat

C:\WINDOWS\enfp.exe
C:\WINDOWS\fdxbameg.dll
C:\WINDOWS\fsrpknov.dll
C:\WINDOWS\gpefaowr.exe
C:\WINDOWS\ntbtlog.txt
C:\WINDOWS\sqvgnrpx.dll
C:\WINDOWS\Sys3.exe
C:\WINDOWS\Sys4.exe
C:\WINDOWS\Sys43.exe
C:\WINDOWS\Sys44.exe
C:\WINDOWS\wbxdpgfelkn.dll
C:\WINDOWS\system32\00B947F8_kds.xml
C:\WINDOWS\system32\00B94858_kds.xml
C:\WINDOWS\system32\00B94938_kds.xml
C:\WINDOWS\system32\07292243-.txt"
C:\WINDOWS\system32\avgrsstx.dll
C:\WINDOWS\system32\bthait.dll
C:\WINDOWS\system32\bylgesmg.dll
C:\WINDOWS\system32\cxqtalun.dll
C:\WINDOWS\system32\fccyXRkl.dll
C:\WINDOWS\system32\geBQjJDW.dll
C:\WINDOWS\system32\hvrtkjgt.ini
C:\WINDOWS\system32\hxoipaff.dll
C:\WINDOWS\system32\jdpald.dll
C:\WINDOWS\system32\kaegpwop.ini
C:\WINDOWS\system32\lqqfonbs.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nscompat.tlb
C:\WINDOWS\system32\okrpbumt.ini
C:\WINDOWS\system32\opnkkLEt.dll
C:\WINDOWS\system32\powpgeak.dll
C:\WINDOWS\system32\qeubwk.dll
C:\WINDOWS\system32\sbnofqql.dll
C:\WINDOWS\system32\sex1.ico
C:\WINDOWS\system32\sex2.ico
C:\WINDOWS\system32\tgjktrvh.dll
C:\WINDOWS\system32\vav.cpl
C:\WINDOWS\system32\WDJjQBeg.ini
C:\WINDOWS\system32\WDJjQBeg.ini2
C:\Dokumente und Einstellungen\%Username%\Desktop\antivirus-2008pro.lnk
C:\Dokumente und Einstellungen\%Username%\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk
C:\Dokumente und Einstellungen\5h15h4\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K9IN49UZ
C:\Programme\Antivirus 2008 PRO
C:\Programme\PCHealthCenter
C:\Programme\SpyNoMore
C:\Programme\VAV
C:\Dokumente und Einstellungen\%Username%\Startmenü\Programme\Antivirus 2008 PRO

speichere die Daten (Speichern als...)
input.txt - Speichern
Klicke "Kill on reboot" und lass den Rechner neu starten


GV Killer wird jetzt neu starten und gebe die Erlaubnis, die Ordner/Dateien zu entfernen

GV Killer abschliessen

---------

poste den Report, der erstellt wird
__________
MfG Sabina

rund um die PC-Sicherheit

#29 so .. die ganze geschichte ist jetzt fast abgeschlossen ...
habs nun irgendwie geschafft .. malwarebytes durchlaufen zu lassen ...
hat ca. 1Std. 5Min gedauert und hat 130 Infizierte Datei gefunden

und schreibt mal was ich jetzt noch machen soll:

Malwarebytes' Anti-Malware 1.20
Datenbank Version: 945
Windows 5.1.2600 Service Pack 2

22:34:34 13.07.2008
mbam-log-7-13-2008 (22-34-34).txt

Scan Art: Komplett Scan (C:\|D:\|)
Objekte gescannt: 82202
Scan Dauer: 1 hour(s), 5 minute(s), 22 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 2
Infizierte Registrierungsschlüssel: 22
Infizierte Registrierungswerte: 2
Infizierte Datei Objekte der Registrierung: 16
Infizierte Verzeichnisse: 4
Infizierte Dateien: 74

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
C:\WINDOWS\system32\geBQjJDW.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\opnkkLEt.dll (Trojan.Vundo) -> Unloaded module successfully.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{709e6b75-ac8c-4757-8a55-26eb13676cb9} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{709e6b75-ac8c-4757-8a55-26eb13676cb9} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{43fcd2cf-5569-4208-97d2-52748e0ef6a0} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43fcd2cf-5569-4208-97d2-52748e0ef6a0} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnkklet (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\antivirus 2008 pro (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9869efb4-18e9-11d3-a837-00104b9e30b5} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{1a8831e7-d69c-4d2a-bfd5-d521e288b795} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8d52f0eb-21cc-422d-8042-d2f69614d8a6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{b40ea31d-321c-4275-9f59-dbb52c5ab609} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3ee58090-72bb-4b74-ac0c-fbc6e1b119a5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ee58090-72bb-4b74-ac0c-fbc6e1b119a5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.bpdl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{43fcd2cf-5569-4208-97d2-52748e0ef6a0} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Datei Objekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebqjjdw -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\gebqjjdw -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-640-0077061-23912) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\geBQjJDW.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\WDJjQBeg.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WDJjQBeg.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\powpgeak.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kaegpwop.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tgjktrvh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hvrtkjgt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnkkLEt.dll (Trojan.Vundo) -> Delete on reboot.
C:\Dokumente und Einstellungen\5h15h4\Desktop\backups\backup-20080713-164458-255.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\5h15h4\Desktop\backups\backup-20080713-164458-367.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\5h15h4\Desktop\backups\backup-20080713-164458-521.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\5h15h4\Desktop\backups\backup-20080713-164458-731.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\5h15h4\Desktop\backups\backup-20080713-164633-463.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\5h15h4\Desktop\backups\backup-20080713-164633-820.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\5h15h4\Desktop\backups\backup-20080713-170032-137.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\5h15h4\Desktop\backups\backup-20080713-170032-968.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\5h15h4\Desktop\backups\backup-20080713-170053-842.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\5h15h4\Desktop\backups\backup-20080713-170053-979.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\5h15h4\Desktop\backups\backup-20080713-204209-288.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\5h15h4\Desktop\backups\backup-20080713-204209-392.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\5.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA14D1F6-D0F3-433C-BEA7-CC32568334C5}\RP212\A0062076.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA14D1F6-D0F3-433C-BEA7-CC32568334C5}\RP212\A0062077.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA14D1F6-D0F3-433C-BEA7-CC32568334C5}\RP212\A0062079.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{EA14D1F6-D0F3-433C-BEA7-CC32568334C5}\RP213\A0062384.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\enfp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Sys4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Sys44.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bthait.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bylgesmg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cxqtalun.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccyXRkl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxoipaff.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jdpald.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qeubwk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\0.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\1.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\3.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Programme\VAV\vav.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Programme\VAV\vav.exe (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Programme\VAV\vav0.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Programme\VAV\vav1.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sex1.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sex2.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vav.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\5h15h4\Lokale Einstellungen\Temp\CmdLineExt03.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\cdosys.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\vmdesched.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Sys3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Sys43.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\fdxbameg.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\fsrpknov.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\gpefaowr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\sqvgnrpx.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\wbxdpgfelkn.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\5h15h4\Desktop\XPAntiVirus (Removal) - HijackThis_de Support Board.htm (Rogue.XPantivirus) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\5h15h4\Favoriten\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\5h15h4\Favoriten\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\5h15h4\Favoriten\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.

#30 WOW

Also dann geht jetzt sicherlich auch Combofix, poste ein Log:
http://virus-protect.org/artikel/tools/combofix.html

Gruss Swiss