Jetzt hat es mich auch mit den pop ups erwischt |
||
---|---|---|
#0
| ||
16.07.2006, 13:40
Member
Beiträge: 56 |
||
|
||
16.07.2006, 13:49
Ehrenmitglied
Beiträge: 29434 |
#47
Beginn:
Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfgen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.07.2006, 13:56
Member
Beiträge: 56 |
#48
okay..
hier die logs: Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\WINDOWS\system32 16.07.2006 13:48 19 2.txt 16.07.2006 13:48 1 1.txt 16.07.2006 13:11 46.592 zlbw.dll 16.07.2006 13:10 6.928 satau325.sys 16.07.2006 13:10 9.266 taskdir~.exe 16.07.2006 13:10 84.480 mscdaux.dll 16.07.2006 13:09 3.072 vxgame4.exe 16.07.2006 13:09 2.149 vxgame3.exe 16.07.2006 13:08 63.562 taskdir.exe 16.07.2006 13:08 63.562 ipod.raw.exe 16.07.2006 13:08 30.406 vxgame1.exe 16.07.2006 13:08 4 winsub.xml 16.07.2006 13:08 61 svcp.csv 16.07.2006 13:08 5.744 vxgamet3.exe 16.07.2006 13:08 5.744 testtestt.exe 16.07.2006 13:08 5.596 vxgamet2.exe 16.07.2006 13:08 20.992 8f924053.exe 16.07.2006 13:08 13.312 maxd641.exe 16.07.2006 13:08 1 vx.tll 16.07.2006 13:08 7.051 dlh9jkdq7.exe 16.07.2006 13:08 6.539 dlh9jkdq6.exe 16.07.2006 13:08 6.630 dlh9jkdq5.exe 16.07.2006 13:08 17.894 dlh9jkdq2.exe 16.07.2006 13:08 16 dlh9jkdq8.exe 16.07.2006 13:08 7.644 kernels8.exe 16.07.2006 13:08 7.644 slx.exe???????????????????p 04.07.2006 19:45 2.206 wpa.dbl 18.06.2006 17:09 52 ypxysovg.txt 28.05.2006 19:18 0 nvapps.xml Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\DOKUME~1\NoName\LOKALE~1\Temp 12.08.2006 18:13 46.080 ~e5d141.tmp 12.08.2006 17:54 939 jupdate1.5.0.xml 16.07.2006 13:25 16.384 Perflib_Perfdata_10c4.dat 16.07.2006 13:10 3.072 25.tmp3072.exe 16.07.2006 13:10 26.332 2C.tmp 16.07.2006 13:10 0 2B.tmp 16.07.2006 13:10 5.120 2A.tmp 16.07.2006 13:10 2.560 29.tmp 16.07.2006 13:10 73.216 msn.exe 16.07.2006 13:10 131 kawkgs 16.07.2006 13:09 26.332 28.tmp 16.07.2006 13:09 0 27.tmp 16.07.2006 13:09 5.120 26.tmp 16.07.2006 13:09 2.560 25.tmp 16.07.2006 13:09 131 kaw 16.07.2006 13:09 1.632 vx6.game 16.07.2006 13:09 3.072 vx4.game 16.07.2006 13:09 2.149 vx3.game 16.07.2006 13:08 3.264 vx2.game 16.07.2006 13:08 30.406 vx1.game 16.07.2006 13:08 1.632 vxt4.game 16.07.2006 13:08 5.744 vxt3.game 16.07.2006 13:08 5.596 vxt2.game 16.07.2006 13:08 7.087 vxt1.game 16.07.2006 13:08 20.992 h91746.exe 16.07.2006 13:08 13.312 maxdd1.game 16.07.2006 13:08 7.051 7.dlb 16.07.2006 13:08 6.539 6.dlb 16.07.2006 13:08 6.630 5.dlb 16.07.2006 13:08 17.894 2.dlb 16.07.2006 13:08 2.518 1.dlb 16.07.2006 13:07 416 java_install_reg.log 16.07.2006 11:59 6.176 jusched.log 16.07.2006 11:50 32.768 ~DFE5A9.tmp 16.07.2006 11:50 16.384 ~DF541F.tmp Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\WINDOWS 16.07.2006 13:38 5.466 ModemLog_Kommunikationskabel zwischen zwei Computern.txt 16.07.2006 13:08 1.999 desktop.html 16.07.2006 13:08 17.894 xpupdate.exe 16.07.2006 11:50 0 0.log 16.07.2006 11:50 159 wiadebug.log 16.07.2006 11:50 50 wiaservc.log 16.07.2006 11:49 2.048 bootstat.dat 15.07.2006 18:20 32.118 SchedLgU.Txt 13.07.2006 17:30 711 M3JPEG.INI 11.07.2006 20:37 54.156 QTFont.qfn 10.07.2006 21:31 173.054 Windows Update.log 10.07.2006 21:30 679.378 setupapi.log 10.07.2006 21:11 400 ODBC.INI 08.07.2006 16:17 60.416 ALCFDRTM.VER 08.07.2006 14:08 1.374 setupact.log 07.07.2006 16:00 446.812 wmsetup.log 05.07.2006 01:33 341.442 DirectX.log 02.07.2006 20:58 216 muma2003.INI 02.07.2006 19:59 1.409 QTFont.for 23.06.2006 19:08 2.399 eReg.dat 18.06.2006 18:11 1.750.984 ntbtlog.txt 18.06.2006 03:20 1.167 win.ini 18.06.2006 03:20 332 system.ini 04.06.2006 17:17 0 musicmaker.INI 26.03.2006 16:41 606.848 flashax.exe Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\ 16.07.2006 13:56 0 sys.txt 16.07.2006 13:55 13.035 system.txt 16.07.2006 13:55 10.378 systemtemp.txt 16.07.2006 13:54 115.120 system32.txt 16.07.2006 11:49 805.306.368 pagefile.sys 19.06.2006 16:55 29.398 files.txt 18.06.2006 17:23 36.516 avenger.txt 18.06.2006 13:05 3.253 DirDPF.txt 18.06.2006 13:05 2 DirDPFCns.txt 18.06.2006 03:20 194 boot.ini 11.04.2006 17:20 15.542 GF_Excpt.txt 09.04.2006 16:31 1 DXOkay.bin |
|
|
||
16.07.2006, 14:11
Ehrenmitglied
Beiträge: 29434 |
#49
Den folgenden Text in den Editor (Start - Zubehr - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint
Zitat cd\ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.07.2006, 14:13
Member
Beiträge: 56 |
#50
Verzeichnis von C:\WINDOWS\Downloaded Program Files
19.11.2004 00:32 4.372 basis.xml 22.11.2004 18:12 <DIR> Cache 18.06.2006 17:23 <DIR> CONFLICT.1 18.06.2006 02:42 <DIR> CONFLICT.2 11.10.2000 17:49 49.152 CPSurVid.dll 03.09.2003 09:09 1.003.520 EPScontrol.dll 03.09.2003 09:06 530 EPScontrol.inf 16.03.2005 09:09 1.115.848 EPUWALcontrol.dll 15.03.2005 12:59 539 EPUWALcontrol.inf 24.01.2005 11:38 1.249 erma.inf 16.06.2004 17:03 355.955 ICQVideoControl.dll 08.06.2004 12:26 268 ICQVideoControl.inf 29.01.2004 16:02 409 ITDetector.inf 03.02.2004 11:26 49.152 ITDetector.ocx 25.08.2003 18:12 1.096 iuctl.inf 19.09.2003 16:58 819 kdx.inf 06.02.2001 12:30 302 MSSurVid.inf 11.10.2000 17:49 110.592 MSSurVid.ocx 05.11.2003 08:04 228 odyssey_webmoo.inf 22.08.2003 21:10 226 opuc.inf 09.10.2003 11:32 144 QTPlugin.inf 29.05.2002 23:12 9.488 sporder_.dll 27.08.2005 14:30 5.065 swflash.inf 02.12.2004 14:29 22.528 WinAdServX.dll 29.08.2003 15:55 2.136 WMAVAX.inf 30.06.2003 23:41 1.689 WMV9VCM.inf 23 Datei(en) 2.735.307 Bytes 3 Verzeichnis(se), 755.204.096 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\Common Files 18.06.2006 19:40 <DIR> . 18.06.2006 19:40 <DIR> .. 12.10.2003 15:37 <DIR> System 0 Datei(en) 0 Bytes 3 Verzeichnis(se), 755.204.096 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Dokumente und Einstellungen\NoName\Eigene Dateien 10.07.2006 00:15 <DIR> . 10.07.2006 00:15 <DIR> .. 06.07.2006 14:57 <DIR> 2006 FIFA World CupT 16.10.2004 19:35 <DIR> Alcohol 120% 10.07.2004 11:30 104 Arbeitsplatz.lnk 10.07.2006 00:15 <DIR> Bluetooth 01.06.2005 23:27 6.100 BM-DESIGN.theme 21.02.2004 01:39 41.984 Buch3.NTF 21.02.2004 01:29 248.346 cd 2.bmp 21.02.2004 01:34 1.492.278 cd.bmp 22.10.2004 01:34 <DIR> CelebrityDeathmatch 07.08.2004 10:01 <DIR> Command & Conquer Generle Stunde Null Data 27.01.2005 20:03 <DIR> Corel User Files 11.04.2006 16:28 <DIR> corleone 07.12.2004 18:55 4.396.566 CT1.sts 31.01.2004 02:36 <DIR> Die Vlkerschlacht 07.08.2004 04:12 <DIR> Direct Connect Downloads 12.03.2005 00:31 <DIR> Dungeon Siege 13.02.2005 06:52 <DIR> Dungeon Siege LOA 12.12.2004 01:56 <DIR> EA Games 05.06.2006 00:16 <DIR> Eigene Bilder 11.12.2005 22:02 <DIR> Eigene Musik 16.06.2005 23:35 <DIR> Eigene Videos 09.03.2004 00:49 249.438 Fluch der Karibik.ncd 20.01.2005 22:26 <DIR> FM 2004 26.02.2005 15:56 <DIR> Fotos von Jen 11.04.2006 16:38 <DIR> GF 09.04.2006 03:25 <DIR> GTA San Andreas User Files 18.11.2003 22:09 <DIR> GTA Vice City User Files 03.12.2003 19:12 <DIR> GTA3 User Files 10.04.2004 17:56 <DIR> HdR Die Rckkehr des Knigs tm-Daten 02.04.2005 11:31 <DIR> ICQ Lite 20.02.2004 23:28 269.674 Jan van Helsing Buch3 Covers.ncd 11.11.2004 17:46 103.530 jo1.cdl 27.03.2005 15:24 <DIR> kram 07.08.2004 13:24 <DIR> Manhunt User Files 14.05.2004 21:17 <DIR> Max Payne 2 Savegames 25.10.2005 05:58 <DIR> Max Payne Savegames 11.07.2004 23:27 <DIR> Meine Videos 30.10.2004 00:49 <DIR> My Deliveries 21.12.2003 16:12 <DIR> My eBooks 09.04.2006 22:10 <DIR> My Games 31.05.2006 23:33 <DIR> My Music 30.11.2003 16:07 <DIR> My Pictures 12.10.2003 14:31 <DIR> My Received Files 23.08.2005 22:57 <DIR> My Skype Pictures 13.11.2004 00:14 <DIR> My Skype Received Files 07.12.2004 22:08 <DIR> Neuer Ordner 03.07.2006 00:06 <DIR> Neuer Ordner (2) 07.03.2005 15:59 <DIR> PS-data 16.09.2004 18:54 <DIR> RPGXP 25.10.2003 22:59 1.287.427 SetupPPUpdater.exe 19.10.2005 20:45 480 spider.sav 20.11.2004 23:21 <DIR> Syberia 2 Saves 22.01.2005 16:33 <DIR> TCM 2004 27.02.2005 13:12 <DIR> TCM 2005 04.11.2004 00:37 <DIR> Turbo Lister 13.06.2006 22:27 <DIR> Turbo Lister Backup 28.11.2005 01:08 <DIR> Updater 23.11.2004 19:54 <DIR> VCD 27.06.2004 13:32 9.748 VCD1turkye.nrv 07.07.2005 00:46 <DIR> VHD 21.05.2004 14:46 853 vol.3 circlepreludevirus.b4s 12.12.2004 23:13 <DIR> Word Dokumente 13 Datei(en) 8.106.528 Bytes 51 Verzeichnis(se), 755.200.000 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Program Files\BraveSentry 16.07.2006 13:08 <DIR> . 16.07.2006 13:08 <DIR> .. 16.07.2006 13:08 472.576 BraveSentry.exe 16.07.2006 13:08 100 BraveSentry.lic 16.07.2006 13:08 410.974 BraveSentry0.bs 16.07.2006 13:08 124.928 BraveSentry0.dll 16.07.2006 13:08 25.646 BraveSentry1.bs 16.07.2006 13:08 126.464 BraveSentry1.dll 16.07.2006 13:08 117.760 BraveSentry2.dll 16.07.2006 13:08 119.296 BraveSentry3.dll 16.07.2006 13:08 114.688 Uninstall.exe 9 Datei(en) 1.512.432 Bytes 2 Verzeichnis(se), 755.200.000 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp 16.07.2006 14:12 <DIR> . 16.07.2006 14:12 <DIR> .. 16.07.2006 13:08 2.518 1.dlb 16.07.2006 13:08 17.894 2.dlb 16.07.2006 13:09 2.560 25.tmp 16.07.2006 13:09 5.120 26.tmp 16.07.2006 13:09 0 27.tmp 16.07.2006 13:09 26.332 28.tmp 16.07.2006 13:10 2.560 29.tmp 16.07.2006 13:10 5.120 2A.tmp 16.07.2006 13:10 0 2B.tmp 16.07.2006 13:10 26.332 2C.tmp 10.07.2006 20:03 61.440 32b1c9.mst 10.07.2006 18:59 58.909.184 35f52b.msi 10.07.2006 18:59 61.952 35f52c.mst 16.07.2006 13:08 6.630 5.dlb 16.07.2006 13:08 6.539 6.dlb 16.07.2006 13:08 7.051 7.dlb 10.07.2006 19:15 61.952 8ad22.mst 05.07.2006 01:21 <DIR> AutoRun 31.03.2006 09:41 729.088 AutoRun.exe 22.12.2005 04:49 585.728 AutoRunGUI.dll 07.07.2006 16:00 717 control.xml 13.07.2006 20:50 0 EPSLog.txt 16.07.2006 13:08 20.992 h91746.exe 16.07.2006 13:10 <DIR> hsperfdata_NoName 17.12.2004 12:51 36.864 ICQInstall.exe 07.05.2006 19:12 32.855 ICQRT.dll 03.02.2005 17:30 5.739 ICQTIK.dll 16.07.2006 13:07 416 java_install_reg.log 12.08.2006 17:54 939 jupdate1.5.0.xml 16.07.2006 11:59 6.176 jusched.log 16.07.2006 13:09 131 kaw 16.07.2006 13:10 131 kawkgs 16.07.2006 13:08 13.312 maxdd1.game 10.07.2006 19:16 464 MSI77b58.LOG 10.07.2006 19:00 110.950 MSIA.tmp 16.07.2006 13:10 73.216 msn.exe 16.07.2006 13:25 16.384 Perflib_Perfdata_10c4.dat 03.07.2006 21:49 16.384 Perflib_Perfdata_638.dat 08.07.2006 19:54 16.384 Perflib_Perfdata_640.dat 13.07.2006 17:24 16.384 Perflib_Perfdata_650.dat 02.07.2006 20:54 3.398 pf1058942374.tmp 21.06.2006 21:43 41.351 pf1067364879.tmp 15.07.2006 14:23 <DIR> Rar$DR00.391 11.07.2006 20:30 <DIR> rb 10.07.2006 19:14 <DIR> Samsung CDMA USB Driver 10.07.2006 19:14 <DIR> Samsung Mobile USB Driver 20.01.2005 06:08 168.960 Set42.tmp 16.07.2006 14:12 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}32000.html 16.07.2006 14:04 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}16530.html 03.07.2006 23:35 0 TWAIN.LOG 03.07.2006 23:35 2 Twain001.Mtx 16.07.2006 13:08 30.406 vx1.game 16.07.2006 13:08 3.264 vx2.game 16.07.2006 13:09 2.149 vx3.game 16.07.2006 13:09 3.072 vx4.game 16.07.2006 13:09 1.632 vx6.game 16.07.2006 13:08 7.087 vxt1.game 16.07.2006 13:08 5.596 vxt2.game 16.07.2006 13:08 5.744 vxt3.game 16.07.2006 13:08 1.632 vxt4.game 18.06.2006 12:59 <DIR> WER12.tmp.dir00 03.07.2006 00:07 <DIR> WER26.tmp.dir00 10.07.2006 20:11 <DIR> _is43 10.07.2006 20:32 <DIR> _is5 10.07.2006 18:59 <DIR> _is6 03.07.2006 00:14 <DIR> {A9D3D103-4CCD-4BDE-A11A-04D527EF71CE} 10.07.2006 19:02 1.250 ~17.tmp 16.07.2006 14:04 16.384 ~DF7120.tmp 16.07.2006 14:04 512 ~DF712B.tmp 16.07.2006 14:04 16.384 ~DF7846.tmp 16.07.2006 14:05 16.384 ~DFC0FE.tmp 16.07.2006 14:05 512 ~DFC109.tmp 16.07.2006 14:05 16.384 ~DFC117.tmp 16.07.2006 14:05 512 ~DFC128.tmp 16.07.2006 14:05 16.384 ~DFC136.tmp 16.07.2006 14:05 512 ~DFC141.tmp 16.07.2006 14:05 16.384 ~DFC14F.tmp 03.07.2006 14:37 16.384 ~DFC15B.tmp 16.07.2006 14:05 512 ~DFC184.tmp 16.07.2006 14:05 16.384 ~DFF8D5.tmp 16.07.2006 14:05 512 ~DFF8E0.tmp 16.07.2006 14:05 16.384 ~DFF8EE.tmp 16.07.2006 14:05 512 ~DFF8F9.tmp 16.07.2006 14:05 16.384 ~DFF907.tmp 16.07.2006 14:05 512 ~DFF912.tmp 16.07.2006 14:05 16.384 ~DFF920.tmp 16.07.2006 14:05 512 ~DFF92B.tmp 02.07.2006 20:54 0 ~nwe_temp7044.ncg 228 Datei(en) 65.495.522 Bytes 14 Verzeichnis(se), 755.187.712 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\WINDOWS\Temp 16.07.2006 14:10 <DIR> . 16.07.2006 14:10 <DIR> .. 16.07.2006 13:10 62 $_2341234.TMP 10.07.2006 20:10 24.232 bluesoleilSetup.log 05.07.2006 01:30 16.384 Perflib_Perfdata_d24.dat 3 Datei(en) 40.678 Bytes 2 Verzeichnis(se), 755.187.712 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Temp 13.07.2006 20:50 <DIR> . 13.07.2006 20:50 <DIR> .. 13.07.2006 20:50 0 EnhancedDataOutput.txt 1 Datei(en) 0 Bytes 2 Verzeichnis(se), 755.187.712 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme 11.07.2006 20:28 <DIR> . 11.07.2006 20:28 <DIR> .. 08.01.2006 00:23 <DIR> 1964 30.10.2004 22:51 <DIR> 2015 20.11.2003 23:56 <DIR> 3DMark2001 SE 18.06.2006 14:59 <DIR> ACE-HIGH MP3 WAV WMA OGG Converter 18.01.2006 00:42 <DIR> Adobe 12.10.2003 21:28 <DIR> Ahead 08.12.2003 14:58 <DIR> AIDA32 - Enterprise System Information 10.07.2004 13:43 <DIR> Alcohol Soft 07.06.2006 00:03 <DIR> AntiVir PersonalEdition Classic 04.06.2006 17:15 <DIR> atmospherelite 18.06.2006 17:23 <DIR> Audacity 29.07.2005 14:27 <DIR> AudioCommander 06.06.2006 23:36 <DIR> AviSynth 2.5 12.10.2003 20:54 <DIR> AvRack 03.06.2006 14:28 <DIR> Babylon 18.06.2006 03:51 <DIR> BitTorrent++ 12.06.2006 21:19 <DIR> BPFTP 14.02.2005 01:50 <DIR> BPFTP Server 14.05.2005 18:35 <DIR> BPFTP2 15.06.2006 20:34 <DIR> Browser MOUSE 12.06.2006 08:17 <DIR> CDex_150 15.06.2006 19:59 <DIR> Chimera's Battlefield Editor 18.06.2006 12:50 <DIR> CleanUp! 12.04.2004 15:40 <DIR> Clone DVD 18.06.2006 19:40 <DIR> Common Files 12.10.2003 13:52 <DIR> ComPlus Applications 28.08.2004 23:10 <DIR> Corel 09.06.2004 17:31 <DIR> Creative 15.01.2004 17:17 <DIR> Dark Basic Software 26.11.2004 16:57 <DIR> Die Vlkerschlacht 19.02.2005 02:34 <DIR> Digidesign 06.08.2004 20:25 <DIR> Direct Connect 06.11.2003 21:30 <DIR> directx 08.02.2004 05:41 <DIR> DivX 09.06.2006 11:34 <DIR> DNS 18.06.2006 14:53 <DIR> DOSBox-0.63 05.06.2004 18:02 <DIR> EA GAMES 23.06.2006 19:09 <DIR> EACOM 05.02.2005 14:19 <DIR> EarthView 15.12.2004 17:34 <DIR> eBay 12.04.2004 15:41 <DIR> Elaborate Bytes 11.04.2006 16:16 <DIR> Electronic Arts 06.06.2006 09:29 <DIR> eMule 16.09.2004 18:53 <DIR> Enterbrain 19.06.2006 18:21 <DIR> FadeToBlack 11.04.2005 21:47 <DIR> FarStone 11.05.2004 14:58 <DIR> Fellowes 16.06.2006 00:02 <DIR> ffdshow 08.02.2004 05:35 <DIR> ffvfw 22.03.2005 17:52 <DIR> FFXiBench3 02.10.2004 13:30 <DIR> Futuremark 09.06.2006 11:34 <DIR> GameSpy Arcade 22.12.2004 19:21 <DIR> GanymedeNet 21.06.2006 15:56 <DIR> Gemeinsame Dateien 12.09.2004 14:02 <DIR> GlobalSCAPE 06.01.2004 20:13 <DIR> GlobFX Technologies 18.06.2006 02:44 <DIR> GoldWave 07.07.2005 21:40 <DIR> Google 18.06.2006 12:55 <DIR> GStudio 09.09.2004 16:33 <DIR> GtkRadiant-1.3.8-ET 13.06.2006 14:31 <DIR> Guitar Pro 4 01.06.2006 18:49 <DIR> Guitar Pro 5 16.06.2006 11:35 <DIR> HarvEX 27.02.2005 14:51 <DIR> i-Sound Pro 11.07.2006 20:30 <DIR> ICQLite 12.08.2006 17:55 <DIR> ICQToolbar 22.11.2005 00:41 <DIR> IDA 06.07.2005 17:23 <DIR> ImTOO 30.05.2005 22:00 <DIR> Intelore 12.10.2003 16:06 <DIR> Internet Explorer 17.10.2003 21:45 <DIR> InterVideo 25.03.2006 23:51 <DIR> Java 27.08.2004 19:13 <DIR> Kazaa Lite 11.01.2005 00:30 <DIR> Lavasoft 28.08.2004 22:51 <DIR> LeechFTP 18.06.2006 18:13 <DIR> LimeWire 29.07.2005 14:26 <DIR> LitexMedia 12.02.2005 19:14 <DIR> Macromedia 20.05.2004 14:21 <DIR> MagicISO 22.05.2004 01:37 <DIR> MediaFACE II 20.05.2004 14:21 <DIR> Messenger 16.12.2003 23:49 <DIR> MetaBench 12.10.2003 13:56 <DIR> microsoft frontpage 12.10.2003 21:11 <DIR> Microsoft Office 15.09.2004 15:39 <DIR> mIRC 30.04.2006 05:17 <DIR> Monkey's Audio 20.05.2004 14:21 <DIR> Movie Maker 19.10.2004 22:29 <DIR> MovieJack 3.5 18.06.2006 14:56 <DIR> MovieJack3 06.02.2004 22:26 <DIR> Mplayer 12.10.2003 13:52 <DIR> MSN Gaming Zone 13.12.2003 17:26 <DIR> MSXML 4.0 25.12.2003 14:59 <DIR> Muiltmedia keyboard utility 08.03.2004 01:23 <DIR> Music Box 03.02.2006 00:11 <DIR> MyXOFT 18.06.2006 19:42 <DIR> NetMeeting 11.06.2006 13:55 <DIR> OfficeUpdate11 04.06.2006 14:50 <DIR> Online-Dienste 27.03.2005 17:25 <DIR> onlineTV 12.11.2004 21:13 <DIR> onlineTV 2 10.06.2006 13:18 <DIR> Outlook Express 18.06.2006 19:42 <DIR> PartyGaming 18.06.2006 00:57 <DIR> PartyPoker 18.06.2006 03:44 <DIR> PeerGuardian pr14 16.07.2006 14:05 <DIR> PestPatrol 19.04.2004 20:24 <DIR> phase5 30.04.2006 12:19 <DIR> Philips 21.11.2005 18:14 <DIR> Pinnacle 27.10.2005 02:01 <DIR> Postal2 03.07.2006 00:04 <DIR> PowerISO 11.11.2004 16:43 <DIR> PRINT FIT 25.08.2004 23:27 <DIR> Project64 v1.5 20.04.2004 18:07 <DIR> QuickTime 15.06.2004 17:29 <DIR> Real 12.10.2003 20:54 <DIR> Realtek Sound Manager 10.07.2006 21:28 <DIR> Samsung 18.06.2006 19:44 <DIR> Save 30.11.2003 16:05 <DIR> ScannerU 05.06.2006 13:07 <DIR> Secure Surfing Engine 05.06.2005 21:30 <DIR> Security Task Manager 28.01.2005 19:57 <DIR> shizmoo 11.08.2004 18:08 <DIR> Sierra On-Line 12.11.2004 23:19 <DIR> Skype 31.05.2004 02:26 <DIR> SLD CODEC PACK 29.08.2004 12:32 <DIR> sofTRANS GmbH 26.08.2005 01:27 <DIR> Sony 09.07.2005 18:30 <DIR> Soulseek 01.01.2006 23:14 <DIR> Steganos Internet Anonym 2006 21.11.2005 18:14 <DIR> Steinberg 18.06.2006 17:56 <DIR> Sunbelt Software 09.05.2004 15:31 <DIR> Symantec 15.07.2004 12:18 <DIR> SymNetDrv 21.11.2005 18:20 <DIR> Syncrosoft 06.06.2006 23:42 <DIR> TClock 13.10.2004 22:31 <DIR> Teamspeak2_RC2 20.02.2004 23:24 <DIR> TechSmith 23.11.2004 19:50 <DIR> temp 05.09.2004 23:45 <DIR> TGTSoft 10.02.2005 16:47 <DIR> The All-Seeing Eye 29.06.2006 16:57 <DIR> thriXXX 11.02.2006 02:48 <DIR> Torrent Search 16.11.2004 20:54 <DIR> TrafficMonitor 15.01.2004 23:33 <DIR> TrafMeter 22.08.2005 12:28 <DIR> TrueDownloader 12.09.2004 21:04 <DIR> TV-Browser 29.01.2005 01:07 <DIR> Ubisoft 02.12.2003 16:42 <DIR> VOB 18.06.2006 03:20 <DIR> Weisseradler-Script 1.071 04.04.2006 21:57 2.894.959 werkzeug 4.rar 12.02.2006 23:07 <DIR> Winamp 12.02.2006 22:25 <DIR> Winamp3 17.06.2005 14:31 <DIR> Windows Media Player 18.06.2006 12:11 <DIR> Windows NT 12.03.2005 20:54 <DIR> WinRAR 28.11.2003 14:00 <DIR> WinsysRsr 17.06.2006 00:17 <DIR> Wsr 10.04.2005 22:10 <DIR> WS_FTP 12.10.2003 13:56 <DIR> xerox 18.06.2006 12:46 <DIR> XviD 27.03.2005 20:30 <DIR> Yahoo! 1 Datei(en) 2.894.959 Bytes 161 Verzeichnis(se), 755.171.328 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Dokumente und Einstellungen\NoName\Anwendungsdaten 28.11.2005 01:10 <DIR> Adobe 18.01.2006 00:42 875 AdobeDLM.log 09.11.2003 03:34 <DIR> Ahead 07.07.2005 20:19 <DIR> Alien Skin 11.07.2006 22:21 <DIR> Azureus 21.01.2006 02:45 <DIR> Babylon 15.07.2006 13:27 <DIR> BPFTP 01.12.2003 23:31 <DIR> Corel 18.01.2006 00:42 0 dm.ini 11.04.2005 21:58 <DIR> FarStone 18.01.2006 21:03 98.928 GDIPFONTCACHEV1.DAT 29.08.2004 23:19 <DIR> GlobalSCAPE 07.07.2005 21:40 <DIR> Google 16.06.2006 02:09 <DIR> GreatMemo 20.11.2003 22:01 <DIR> Help 03.02.2005 20:25 <DIR> ICQ 17.08.2004 22:45 <DIR> ICQLite 12.10.2003 14:01 <DIR> Identities 16.07.2006 13:08 1.512.877 Install.dat 23.08.2005 00:14 <DIR> Internet Download Accelerator 21.12.2003 16:12 <DIR> InterTrust 20.10.2003 21:43 <DIR> InterVideo 10.04.2005 22:08 <DIR> Ipswitch 17.06.2004 23:05 <DIR> Kazaa Lite 30.10.2004 11:22 <DIR> Kontiki 11.01.2005 00:30 <DIR> Lavasoft 12.02.2005 19:16 <DIR> Macromedia 14.11.2004 00:39 <DIR> Neo-Modus.com 15.06.2004 17:34 <DIR> Real 12.11.2004 23:19 <DIR> Skype 21.11.2005 18:21 <DIR> Steinberg 09.04.2005 12:52 <DIR> STOPzilla! 30.12.2003 23:54 <DIR> Sun 12.10.2003 22:21 <DIR> Symantec 12.11.2005 15:45 <DIR> teamspeak2 17.01.2004 17:14 <DIR> The Hobbit 17.01.2004 17:24 <DIR> The Hobbit Demo 05.06.2004 10:59 <DIR> tsap 22.02.2006 16:38 <DIR> vlc 07.12.2004 20:20 <DIR> Xfire 4 Datei(en) 1.612.680 Bytes 36 Verzeichnis(se), 755.175.424 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\Programme\Gemeinsame Dateien 21.06.2006 15:56 <DIR> . 21.06.2006 15:56 <DIR> .. 18.01.2006 00:40 <DIR> Adobe 28.11.2005 00:26 <DIR> Adobe Systems Shared 12.10.2003 21:28 <DIR> Ahead 08.06.2006 22:55 <DIR> Blizzard Entertainment 12.10.2003 21:12 <DIR> Designer 12.10.2003 13:53 <DIR> Dienste 23.12.2004 00:34 <DIR> Digidesign 28.12.2003 03:34 <DIR> DirectX 16.10.2003 22:22 <DIR> InstallShield 30.12.2003 23:48 <DIR> Java 12.02.2005 19:14 <DIR> Macromedia 12.02.2005 19:14 <DIR> Macromedia Shared 04.06.2006 17:10 <DIR> MAGIX Shared 12.10.2003 21:12 <DIR> Microsoft Shared 12.10.2003 13:53 <DIR> MSSoap 12.10.2003 14:47 <DIR> ODBC 23.12.2004 15:29 <DIR> PACE Anti-Piracy 23.08.2005 01:43 <DIR> PlayOnline 15.06.2004 17:30 <DIR> Real 17.01.2004 17:11 <DIR> Sierra 12.10.2003 14:47 <DIR> SpeechEngines 12.09.2004 16:06 <DIR> Symantec Shared 12.10.2003 21:10 <DIR> System 05.03.2005 00:34 <DIR> Vbox 19.10.2004 22:29 <DIR> Wise Installation Wizard 15.06.2004 17:30 <DIR> xing shared 0 Datei(en) 0 Bytes 28 Verzeichnis(se), 755.175.424 Bytes frei |
|
|
||
16.07.2006, 14:15
Ehrenmitglied
Beiträge: 29434 |
#51
silentrunner
http://virus-protect.org/silentrunner.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.07.2006, 14:40
Ehrenmitglied
Beiträge: 29434 |
#52
Avenger
http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgefhrt, dann wird der PC automatisch neustarten ** poste das log vom Avenger, was erscheint ** poste das log vom HijackThis ** poste noch mal die 4 logs von datfindbat __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.07.2006, 14:47
Member
Beiträge: 56 |
#53
okay.. nachdem mein rechner einmal abgestrzt ist, hier die silentrunner log:
"Silent Runners.vbs", revision 46, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ "WinUpdate.exe" = "C:\Programme\Windows\WinUpdate.exe" [file not found] HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS] "Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe" ["Symantec Corporation"] "PeerGuardian" = (empty string) "Steam" = ""h:\games\steam\steam.exe" -silent" ["Valve Corporation"] "taskdir" = "C:\WINDOWS\System32\taskdir.exe" [null data] "BraveSentry" = "(null value)" [file not found] HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++} "ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} "pgikh" = "C:\WINDOWS\System32\pgikh.exe" [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "PestPatrol Control Center" = "C:\Programme\PestPatrol\PPControl.exe" [null data] "PPMemCheck" = "C:\Programme\PestPatrol\PPMemCheck.exe" [null data] "CookiePatrol" = "C:\Programme\PestPatrol\CookiePatrol.exe" [null data] "WinsysRsr" = "C:\Programme\Wsr\WinsysRsr.exe" [empty string] "FLMOFFICE4DMOUSE" = "C:\Programme\Browser MOUSE\mouse32a.exe" [empty string] "FLMK08KB" = "C:\Programme\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE" [empty string] "SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."] "TrafMonitor" = "C:\Programme\TrafMeter\trafmonitor.exe /logon" [file not found] "CloneCDElbyCDFL" = ""C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL" ["Elaborate Bytes AG"] "CloneDVDElbyDelay" = ""C:\Programme\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay" ["Elaborate Bytes AG"] "QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS] "MediaFace Integration" = "C:\Programme\Fellowes\MediaFACE 4.0\SetHook.exe" ["Fellowes, Inc."] "TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "RAMDrive" = ""C:\Programme\FarStone\GameDrive\VHD\RDTask.exe"" [file not found] "avgnt" = ""C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"] "isbmyiye" = "C:\bqonysvp.bat" [file not found] "SunServer" = "C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe" ["Sunbelt Software"] "ICQ Lite" = ""C:\Programme\ICQLite\ICQLite.exe" -minimize" ["ICQ Ltd."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung fr HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung" \InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] "{0E6C58A9-F592-4862-B35F-CA45E24003B3}" = "CloneCD" -> {HKLM...CLSID} = "CloneCD Shell Extension" \InProcServer32\(Default) = "C:\Programme\Elaborate Bytes\CloneCD\ElbyVCDShell.dll" ["Elaborate Bytes"] "{8f7261d0-d2b9-11d2-9909-00605205b24c}" = "CuteFTP Shell Extension" -> {HKLM...CLSID} = "CuteFTP Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\GlobalSCAPE\CuteFTP\CuteShell.dll" [file not found] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9}" = "MediaFace extension" -> {HKLM...CLSID} = "ShellExt Class" \InProcServer32\(Default) = "C:\Programme\Fellowes\MediaFACE 4.0\MFShlExt.dll" ["Fellowes, Inc."] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"] "{33D0B7CC-535E-4CD0-B33A-934372B1AEFD}" = "Wise-FTP Network Places" -> {HKLM...CLSID} = "Wise-FTP Network Places" \InProcServer32\(Default) = "C:\WINDOWS\System32\we.dll" [empty string] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{F6C95B20-E9D5-4927-8C00-2B03B554417D}" = "Managed SpoolExt Extension" -> {HKLM...CLSID} = "Managed SpoolExt Class" \InProcServer32\(Default) = "C:\WINDOWS\System32\msgsple.dll" [null data] "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"] "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "C:\Programme\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ INFECTION WARNING! "{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}" = "OLE Automation Module" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\System32\mscdaux.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{076394AD-7FDD-44EF-A075-32C68DBAB99B}" = "*X" (unwritable string) -> {HKLM...CLSID} = "GIANT AntiSpyware Service Hook" \InProcServer32\(Default) = "C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunExecuteHook.dll" ["Sunbelt Software"] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ INFECTION WARNING! "Shell" = "explorer.exe "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00003.exe"" [MS], [file not found], [file not found], [file not found], [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! artm_newreg\DLLName = "C:\Dokumente und Einstellungen\All Users\Dokumente\Settings\artm_new.dll" [null data] INFECTION WARNING! satau320\DLLName = "satau320.dll" [file not found] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ CuteFTP\(Default) = "{8f7261d0-d2b9-11d2-9909-00605205b24c}" -> {HKLM...CLSID} = "CuteFTP Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\GlobalSCAPE\CuteFTP\CuteShell.dll" [file not found] ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] MediaFaceExtension\(Default) = "{6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9}" -> {HKLM...CLSID} = "ShellExt Class" \InProcServer32\(Default) = "C:\Programme\Fellowes\MediaFACE 4.0\MFShlExt.dll" ["Fellowes, Inc."] PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "C:\Programme\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."] Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"] VersionsMenu\(Default) = "{03170921-4754-11cf-AB9A-00C0F00683EB}" -> {HKLM...CLSID} = "Corel Versions" \InProcServer32\(Default) = "C:\Programme\Corel\Versions\CVersion.dll" [file not found] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WS_FTP\(Default) = "{797F3885-5429-11D4-8823-0050DA59922B}" -> {HKLM...CLSID} = "RtClkCtxMenu Class" \InProcServer32\(Default) = "C:\Programme\WS_FTP\wsftpsi.dll" ["Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ CuteFTP\(Default) = "{8f7261d0-d2b9-11d2-9909-00605205b24c}" -> {HKLM...CLSID} = "CuteFTP Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\GlobalSCAPE\CuteFTP\CuteShell.dll" [file not found] ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {HKLM...CLSID} = "MCLiteShellExt Class" \InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] MediaFaceExtension\(Default) = "{6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9}" -> {HKLM...CLSID} = "ShellExt Class" \InProcServer32\(Default) = "C:\Programme\Fellowes\MediaFACE 4.0\MFShlExt.dll" ["Fellowes, Inc."] PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "C:\Programme\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "C:\Programme\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."] Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll" ["H+BEDV Datentechnik GmbH"] VersionsMenu\(Default) = "{03170921-4754-11cf-AB9A-00C0F00683EB}" -> {HKLM...CLSID} = "Corel Versions" \InProcServer32\(Default) = "C:\Programme\Corel\Versions\CVersion.dll" [file not found] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WS_FTP\(Default) = "{797F3885-5429-11D4-8823-0050DA59922B}" -> {HKLM...CLSID} = "RtClkCtxMenu Class" \InProcServer32\(Default) = "C:\Programme\WS_FTP\wsftpsi.dll" ["Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421"] Group Policies [Description] {enabled Group Policy setting}: ------------------------------------------------------------ HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ HIJACK WARNING! "ForceActiveDesktopOn"=dword:00000001 [enables Active Desktop and prevents disabling it] {User Configuration|Administrative Templates|Desktop|Active Desktop| Enable Active Desktop} Active Desktop and Wallpaper: ----------------------------- Active Desktop enabled via Group Policy. HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "%APPDATA%\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp" Startup items in "NoName" & "All Users" startup folders: -------------------------------------------------------- C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart "Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office10\OSA.EXE -b -l" [MS] Enabled Scheduled Tasks: ------------------------ "At1" -> launches: "C:\WINDOWS\dr.exe" [file not found] "At10" -> launches: "C:\WINDOWS\dr.exe" [file not found] "At11" -> launches: "C:\WINDOWS\user32.exe" [file not found] "At12" -> launches: "C:\WINDOWS\patcher.exe" [file not found] "At2" -> launches: "C:\WINDOWS\dr.exe" [file not found] "At3" -> launches: "C:\WINDOWS\user32.exe" [file not found] "At4" -> launches: "C:\WINDOWS\user32.exe" [file not found] "At5" -> launches: "C:\WINDOWS\patcher.exe" [file not found] "At6" -> launches: "C:\WINDOWS\user32.exe" [file not found] "At7" -> launches: "C:\WINDOWS\dr.exe" [file not found] "At8" -> launches: "C:\WINDOWS\user32.exe" [file not found] "At9" -> launches: "C:\WINDOWS\user32.exe" [file not found] "Symantec NetDetect" -> launches: "C:\Programme\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\Programme\Secure Surfing Engine\sselsp.dll [null data], 01 - 03, 48 xfire_lsp_10406.dll [null data], 04 - 13, 47 lsp.dll [null data], 14 - 35, 46 %SystemRoot%\system32\mswsock.dll [MS], 36 - 38, 41 - 45, 49 - 62 %SystemRoot%\system32\rsvpsp.dll [MS], 39 - 40 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{855F3B16-6D32-4FE6-8A56-BBB695989046}" -> {HKLM...CLSID} = "ICQ Toolbar" \InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."] "{00000000-5736-4205-0008-F7ED0776FB27}" -> {HKLM...CLSID} = "Steganos Internet Anonym" \InProcServer32\(Default) = "c:\programme\steganos internet anonym 2006\sia2006iep.dll" [null data] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{855F3B16-6D32-4FE6-8A56-BBB695989046}" = (no title provided) -> {HKLM...CLSID} = "ICQ Toolbar" \InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."] "{00000000-5736-4205-0008-F7ED0776FB27}" = (no title provided) -> {HKLM...CLSID} = "Steganos Internet Anonym" \InProcServer32\(Default) = "c:\programme\steganos internet anonym 2006\sia2006iep.dll" [null data] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."] {20D62373-FA7E-433E-B7B1-CD84A1A158AE}\ "ButtonText" = "concept/design's onlineTV" "Exec" = "C:\Programme\onlineTV\onlineTV.exe" ["concept/design"] {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C}\ {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ "ButtonText" = "PartyPoker.com" "MenuText" = "PartyPoker.com" "Exec" = "C:\Programme\PartyGaming\PartyPoker\RunApp.exe" [file not found] {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ Missing lines (compared with English-language version): "{855F3B16-6D32-4fe6-8A56-BBB695989046}" = (no title provided) -> {HKLM...CLSID} = "ICQ Toolbar" \InProcServer32\(Default) = "C:\Programme\ICQToolbar\toolbaru.dll" ["ICQ Inc."] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir PersonalEdition Classic Service, AntiVirService, "C:\Programme\AntiVir PersonalEdition Classic\avguard.exe" ["AVIRA GmbH"] AntiVir Scheduler, AntiVirScheduler, "C:\Programme\AntiVir PersonalEdition Classic\sched.exe" ["Avira GmbH"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"] SAP-Agent, NwSapAgent, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ipxsap.dll" [MS]} Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 1089 seconds, including 6 seconds for message boxes) -------------------------------------------------------- ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 0 Line: HKEY_CURRENT_USER\Software\Install Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 0 Line: HKEY_CURRENT_USER\software\bravesentry ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\usxcncvp ******************* Script file located at: \??\C:\vvxdyhjh.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\Program Files\BraveSentry\BraveSentry.exe deleted successfully. File C:\Program Files\BraveSentry\BraveSentry.lic deleted successfully. File C:\Program Files\BraveSentry\BraveSentry0.bs deleted successfully. File C:\Program Files\BraveSentry\BraveSentry0.dll deleted successfully. File C:\Program Files\BraveSentry\BraveSentry1.bs deleted successfully. File C:\Program Files\BraveSentry\BraveSentry1.dll deleted successfully. File C:\Program Files\BraveSentry\BraveSentry2.dll deleted successfully. File C:\Program Files\BraveSentry\BraveSentry3.dll deleted successfully. File C:\Program Files\BraveSentry\Uninstall.exe deleted successfully. File C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\1.dlb deleted successfully. File C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\2.dlb deleted successfully. File C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\25.tmp deleted successfully. File C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\26.tmp deleted successfully. File C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\27.tmp deleted successfully. File C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\28.tmp deleted successfully. File C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\29.tmp deleted successfully. File C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\2A.tmp deleted successfully. File C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\2B.tmp deleted successfully. File C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\2C.tmp deleted successfully. File C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\5.dlb deleted successfully. File C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\6.dlb deleted successfully. File C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\7.dlb deleted successfully. File C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\h91746.exe deleted successfully. File C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\kaw deleted successfully. File C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\kawkgs deleted successfully. File C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\maxdd1.game deleted successfully. File C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\msn.exe deleted successfully. File C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\vx1.game deleted successfully. File C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\vx2.game deleted successfully. File C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\vx3.game deleted successfully. File C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\vx4.game deleted successfully. File C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\vx6.game deleted successfully. File C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\vxt1.game deleted successfully. File C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\vxt2.game deleted successfully. File C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\vxt3.game deleted successfully. File C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Temp\vxt4.game deleted successfully. File C:\WINDOWS\Temp\$_2341234.TMP deleted successfully. File C:\WINDOWS\system32\2.txt deleted successfully. File C:\WINDOWS\system32\1.txt deleted successfully. File C:\WINDOWS\system32\zlbw.dll deleted successfully. File C:\WINDOWS\system32\satau325.sys deleted successfully. File C:\WINDOWS\system32\taskdir~.exe deleted successfully. File C:\WINDOWS\system32\mscdaux.dll deleted successfully. File C:\WINDOWS\system32\vxgame4.exe deleted successfully. File C:\WINDOWS\system32\vxgame3.exe deleted successfully. File C:\WINDOWS\system32\taskdir.exe deleted successfully. File C:\WINDOWS\system32\ipod.raw.exe deleted successfully. File C:\WINDOWS\system32\vxgame1.exe deleted successfully. File C:\WINDOWS\system32\winsub.xml deleted successfully. File C:\WINDOWS\system32\svcp.csv deleted successfully. File C:\WINDOWS\system32\vxgamet3.exe deleted successfully. File C:\WINDOWS\system32\testtestt.exe deleted successfully. File C:\WINDOWS\system32\vxgamet2.exe deleted successfully. File C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\Anwendungsdaten\8f924053.exe deleted successfully. File C:\WINDOWS\system32\8f924053.exe deleted successfully. File C:\WINDOWS\system32\maxd641.exe deleted successfully. File C:\WINDOWS\system32\vx.tll deleted successfully. File C:\WINDOWS\system32\dlh9jkdq7.exe deleted successfully. File C:\WINDOWS\system32\dlh9jkdq6.exe deleted successfully. File C:\WINDOWS\system32\dlh9jkdq5.exe deleted successfully. File C:\WINDOWS\system32\dlh9jkdq2.exe deleted successfully. File C:\WINDOWS\system32\dlh9jkdq8.exe deleted successfully. File C:\WINDOWS\system32\kernels8.exe deleted successfully. Could not open file C:\WINDOWS\system32\slx.exe???????????????????p for deletion Deletion of file C:\WINDOWS\system32\slx.exe???????????????????p failed! Could not process line: C:\WINDOWS\system32\slx.exe???????????????????p Status: 0xc0000033 File C:\WINDOWS\system32\ypxysovg.txt deleted successfully. File C:\WINDOWS\desktop.html deleted successfully. File C:\WINDOWS\xpupdate.exe not found! Deletion of file C:\WINDOWS\xpupdate.exe failed! Could not process line: C:\WINDOWS\xpupdate.exe Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bravesentry deleted successfully. Completed script processing. ******************* Finished! Terminate. Hier Hijack: Logfile of HijackThis v1.99.1 Scan saved at 14:55:53, on 16.07.2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\PestPatrol\PPControl.exe C:\Programme\PestPatrol\PPMemCheck.exe C:\Programme\PestPatrol\CookiePatrol.exe C:\Programme\Wsr\WinsysRsr.exe C:\Programme\Browser MOUSE\mouse32a.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\Muiltmedia keyboard utility\1.3\KbdAp32A.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe C:\Programme\ICQLite\ICQLite.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Dokumente und Einstellungen\NoName\Desktop\sonstiger poomist\hijackthis_199\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.no-empathy.de.vu/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll F2 - REG:system.ini: Shell=explorer.exe "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00003.exe" O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: Steganos Internet Anonym - {00000000-5736-4205-0008-f7ed0776fb27} - c:\programme\steganos internet anonym 2006\sia2006iep.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programme\PestPatrol\PPControl.exe O4 - HKLM\..\Run: [PPMemCheck] C:\Programme\PestPatrol\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] C:\Programme\PestPatrol\CookiePatrol.exe O4 - HKLM\..\Run: [WinsysRsr] C:\Programme\Wsr\WinsysRsr.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Browser MOUSE\mouse32a.exe O4 - HKLM\..\Run: [FLMK08KB] C:\Programme\Muiltmedia keyboard utility\1.3\MMKEYBD.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [TrafMonitor] C:\Programme\TrafMeter\trafmonitor.exe /logon O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Programme\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MediaFace Integration] C:\Programme\Fellowes\MediaFACE 4.0\SetHook.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RAMDrive] "C:\Programme\FarStone\GameDrive\VHD\RDTask.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [isbmyiye] C:\bqonysvp.bat O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\testtestt.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKCU\..\Run: [Steam] "h:\games\steam\steam.exe" -silent O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Download with TrueDownloader! - C:\Programme\TrueDownloader\TrueDownloader.htm O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: concept/design's onlineTV - {20D62373-FA7E-433E-B7B1-CD84A1A158AE} - C:\Programme\onlineTV\onlineTV.exe O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O10 - Broken Internet access because of LSP provider 'xfire_lsp_10406.dll' missing O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/153c388f13eae9268814/netzip/RdxIE601_de.cab O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://de.encarta.msn.com/encnet/external/MSSurVid.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab O16 - DPF: {D7A4D8FB-83F0-40E5-954F-88F48D15AE96} (ICQVideoWindow Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab O20 - Winlogon Notify: artm_newreg - C:\Dokumente und Einstellungen\All Users\Dokumente\Settings\artm_new.dll O20 - Winlogon Notify: satau320 - satau320.dll (file missing) O23 - Service: Workstation NetLogon Service ( 11F#`I) - Unknown owner - C:\WINDOWS\winmx.exe (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: COM+-Systemanwendung (COMSysApp) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\System32\dllhost.exe (file missing) sooooooooo und die 4 logs: Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\WINDOWS\system32 16.07.2006 14:25 4.608 taskdir.dll 16.07.2006 13:08 7.644 slx.exe???????????????????p 04.07.2006 19:45 2.206 wpa.dbl 28.05.2006 19:18 0 nvapps.xml 16.04.2006 02:51 21.840 SIntfNT.dll 16.04.2006 02:51 17.212 SIntf32.dll 16.04.2006 02:51 12.067 SIntf16.dll 26.03.2006 13:31 380.350 perfh009.dat 26.03.2006 13:31 52.764 perfc009.dat 26.03.2006 13:31 391.000 perfh007.dat 26.03.2006 13:31 63.580 perfc007.dat 26.03.2006 13:31 897.954 PerfStringBackup.INI 25.03.2006 23:51 7.006 jupdate-1.5.0_06-b05.log 18.01.2006 14:05 57.344 avsda.dll Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\DOKUME~1\NoName\LOKALE~1\Temp 12.08.2006 18:13 46.080 ~e5d141.tmp 12.08.2006 17:54 939 jupdate1.5.0.xml 16.07.2006 14:52 49.152 ~DF60B6.tmp 16.07.2006 14:52 32.768 ~DF3379.tmp 16.07.2006 14:52 16.384 ~DFCB4C.tmp 16.07.2006 14:51 32.768 ~DFB102.tmp 16.07.2006 14:35 6.380 jusched.log 16.07.2006 14:26 0 WER9D.tmp 16.07.2006 14:26 0 WER9C.tmp 16.07.2006 14:26 0 WER9B.tmp 16.07.2006 14:26 0 WER9A.tmp 16.07.2006 14:26 0 WER99.tmp 16.07.2006 14:26 0 WER98.tmp 16.07.2006 14:26 0 WER97.tmp 16.07.2006 14:26 0 WER96.tmp 16.07.2006 14:26 0 WER95.tmp 16.07.2006 14:26 0 WER94.tmp 16.07.2006 14:26 0 WER93.tmp 16.07.2006 14:26 0 WER92.tmp 16.07.2006 14:26 0 WER91.tmp 16.07.2006 14:26 0 WER90.tmp 16.07.2006 14:26 0 WER8F.tmp 16.07.2006 14:26 0 WER8E.tmp 16.07.2006 14:26 0 WER8D.tmp 16.07.2006 14:26 0 WER8C.tmp 16.07.2006 14:26 0 WER8B.tmp 16.07.2006 14:26 0 WER8A.tmp 16.07.2006 14:26 0 WER89.tmp 16.07.2006 14:26 0 WER88.tmp 16.07.2006 14:26 0 WER87.tmp 16.07.2006 14:26 0 WER86.tmp 16.07.2006 14:26 0 WER85.tmp 16.07.2006 14:26 0 WER84.tmp 16.07.2006 14:26 0 WER83.tmp 16.07.2006 14:26 0 WER82.tmp 16.07.2006 14:26 0 WER81.tmp 16.07.2006 14:26 0 WER80.tmp 16.07.2006 14:26 0 WER7F.tmp 16.07.2006 14:26 0 WER7E.tmp 16.07.2006 14:26 32.768 ~DFC972.tmp 16.07.2006 14:26 0 WER7D.tmp 16.07.2006 14:26 0 WER7C.tmp 16.07.2006 14:26 0 WER7B.tmp 16.07.2006 14:26 0 WER7A.tmp 16.07.2006 14:26 0 WER79.tmp 16.07.2006 14:26 0 WER78.tmp 16.07.2006 14:26 0 WER77.tmp 16.07.2006 14:26 0 WER76.tmp 16.07.2006 14:26 0 WER75.tmp 16.07.2006 14:26 0 WER74.tmp 16.07.2006 14:26 0 WER73.tmp 16.07.2006 14:26 0 WER72.tmp 16.07.2006 14:26 0 WER71.tmp 16.07.2006 14:26 0 WER70.tmp 16.07.2006 14:26 0 WER6F.tmp 16.07.2006 14:26 0 WER6E.tmp 16.07.2006 14:26 0 WER6D.tmp 16.07.2006 14:26 0 WER6C.tmp 16.07.2006 14:26 0 WER6A.tmp 16.07.2006 14:26 0 WER6B.tmp 16.07.2006 14:26 0 WER69.tmp 16.07.2006 14:26 0 WER68.tmp 16.07.2006 14:26 0 WER67.tmp 16.07.2006 14:26 0 WER65.tmp 16.07.2006 14:26 0 WER66.tmp 16.07.2006 14:26 0 WER64.tmp 16.07.2006 14:26 0 WER63.tmp 16.07.2006 14:26 0 WER62.tmp 16.07.2006 14:26 0 WER61.tmp 16.07.2006 14:26 0 WER60.tmp 16.07.2006 14:26 0 WER5F.tmp 16.07.2006 14:26 0 WER5E.tmp 16.07.2006 14:26 0 WER5D.tmp 16.07.2006 14:26 0 WER5C.tmp 16.07.2006 14:26 0 WER5B.tmp 16.07.2006 14:26 0 WER5A.tmp 16.07.2006 14:26 0 WER59.tmp 16.07.2006 14:26 0 WER57.tmp 16.07.2006 14:26 0 WER58.tmp 16.07.2006 14:26 0 WER56.tmp 16.07.2006 14:26 0 WER55.tmp 16.07.2006 14:26 0 WER54.tmp 16.07.2006 14:26 0 WER53.tmp 16.07.2006 14:26 0 WER52.tmp 16.07.2006 14:26 0 WER51.tmp 16.07.2006 14:26 0 WER50.tmp 16.07.2006 14:26 0 WER4F.tmp 16.07.2006 14:26 0 WER4D.tmp 16.07.2006 14:26 0 WER4E.tmp 16.07.2006 14:26 0 WER4C.tmp 16.07.2006 14:26 0 WER4B.tmp 16.07.2006 14:26 0 WER4A.tmp 16.07.2006 14:26 0 WER49.tmp 16.07.2006 14:26 0 WER48.tmp 16.07.2006 14:26 0 WER47.tmp 16.07.2006 14:26 0 WER46.tmp 16.07.2006 14:26 0 WER45.tmp 16.07.2006 14:26 0 WER44.tmp 16.07.2006 14:26 0 WER43.tmp 16.07.2006 14:26 0 WER42.tmp 16.07.2006 14:26 0 WER41.tmp 16.07.2006 14:26 0 WER40.tmp 16.07.2006 14:26 0 WER3F.tmp 16.07.2006 14:26 0 WER3E.tmp 16.07.2006 14:26 0 WER3D.tmp 16.07.2006 14:26 0 WER3C.tmp 16.07.2006 14:26 0 WER3B.tmp 16.07.2006 14:26 0 WER3A.tmp 16.07.2006 14:26 0 WER39.tmp 16.07.2006 14:26 0 WER38.tmp 16.07.2006 14:26 0 WER37.tmp 16.07.2006 14:26 0 WER36.tmp 16.07.2006 14:26 0 WER35.tmp 16.07.2006 14:26 0 WER34.tmp 16.07.2006 14:26 0 WER33.tmp 16.07.2006 14:26 0 WER32.tmp 16.07.2006 14:26 0 WER31.tmp 16.07.2006 14:26 0 WER30.tmp 16.07.2006 14:26 0 WER2F.tmp 16.07.2006 14:26 0 WER2E.tmp 16.07.2006 14:26 0 WER2D.tmp 16.07.2006 14:26 0 WER2C.tmp 16.07.2006 14:26 0 WER2B.tmp 16.07.2006 14:26 0 WER2A.tmp 16.07.2006 14:26 0 WER29.tmp 16.07.2006 14:26 0 WER28.tmp 16.07.2006 14:26 0 WER27.tmp 16.07.2006 14:26 0 WER26.tmp 16.07.2006 14:26 0 WER25.tmp 16.07.2006 14:26 0 WER24.tmp 16.07.2006 14:26 0 WER23.tmp 16.07.2006 14:26 0 WER22.tmp 16.07.2006 14:26 0 WER21.tmp 16.07.2006 14:26 0 WER20.tmp 16.07.2006 14:26 0 WER1F.tmp 16.07.2006 14:26 0 WER1E.tmp 16.07.2006 14:26 0 WER1D.tmp 16.07.2006 14:26 0 WER1C.tmp 16.07.2006 14:26 0 WER1B.tmp 16.07.2006 14:26 0 WER1A.tmp 16.07.2006 14:26 0 WER19.tmp 16.07.2006 14:26 0 WER18.tmp 16.07.2006 14:26 0 WER17.tmp 16.07.2006 14:26 0 WER16.tmp 16.07.2006 14:26 0 WER14.tmp 16.07.2006 14:26 0 WER15.tmp 16.07.2006 14:26 0 WER13.tmp 16.07.2006 14:26 0 WER12.tmp 16.07.2006 14:26 0 WER11.tmp 16.07.2006 14:26 0 WER10.tmp 16.07.2006 14:26 0 WERF.tmp 16.07.2006 14:26 0 WERE.tmp 16.07.2006 14:26 0 WERD.tmp 16.07.2006 14:26 0 WERC.tmp 16.07.2006 14:26 0 WERB.tmp 16.07.2006 14:26 0 WERA.tmp 16.07.2006 14:26 0 WER9.tmp 16.07.2006 14:26 0 WER8.tmp 16.07.2006 14:26 0 WER7.tmp 16.07.2006 14:26 0 WER6.tmp 16.07.2006 14:26 0 WER5.tmp 16.07.2006 14:26 0 WER4.tmp 16.07.2006 14:25 16.384 ~DFE591.tmp 16.07.2006 14:25 49.152 ~DFB8AC.tmp 16.07.2006 13:25 16.384 Perflib_Perfdata_10c4.dat 16.07.2006 13:10 3.072 25.tmp3072.exe 16.07.2006 13:07 416 java_install_reg.log 16.07.2006 11:50 32.768 ~DFE5A9.tmp 16.07.2006 11:50 16.384 ~DF541F.tmp 15.07.2006 12:44 32.768 ~DFCE8C.tmp 15.07.2006 12:44 16.384 ~DFCAAD.tmp 14.07.2006 16:44 32.768 ~DF1122.tmp 14.07.2006 16:44 16.384 ~DF70BF.tmp 14.07.2006 16:44 49.152 ~DF1B7E.tmp 13.07.2006 23:27 32.768 ~DFD302.tmp 13.07.2006 23:26 16.384 ~DFC4B7.tmp 13.07.2006 20:50 0 EPSLog.txt 13.07.2006 17:24 16.384 Perflib_Perfdata_650.dat 13.07.2006 13:23 49.152 ~DF4ACF.tmp 13.07.2006 13:23 32.768 ~DFD9EC.tmp 13.07.2006 13:23 16.384 ~DFC530.tmp 13.07.2006 09:39 32.768 ~DFB18E.tmp 13.07.2006 09:39 16.384 ~DF42AC.tmp 13.07.2006 09:39 49.152 ~DF13A7.tmp 12.07.2006 17:44 32.768 ~DFB466.tmp 12.07.2006 17:44 16.384 ~DF411F.tmp 11.07.2006 19:48 32.768 ~DFAA27.tmp 11.07.2006 19:48 16.384 ~DF54B4.tmp 11.07.2006 12:35 32.768 ~DFB133.tmp 11.07.2006 12:35 16.384 ~DF5671.tmp 10.07.2006 21:19 32.768 ~DFC845.tmp 10.07.2006 21:19 16.384 ~DF63FF.tmp 10.07.2006 20:40 32.768 ~DFDC26.tmp 10.07.2006 20:40 16.384 ~DF8BC4.tmp 10.07.2006 20:34 32.768 ~DFD4C5.tmp 10.07.2006 20:34 16.384 ~DFC8EE.tmp 10.07.2006 20:30 32.768 ~DF77E0.tmp 10.07.2006 20:29 16.384 ~DF94AC.tmp 10.07.2006 20:29 49.152 ~DF691B.tmp 10.07.2006 20:13 32.768 ~DFADC4.tmp 10.07.2006 20:13 16.384 ~DF46B2.tmp 10.07.2006 20:05 16.384 ~DFF67B.tmp 10.07.2006 20:03 61.440 32b1c9.mst 10.07.2006 19:56 32.768 ~DFF3CD.tmp 10.07.2006 19:16 464 MSI77b58.LOG 10.07.2006 19:15 61.952 8ad22.mst 10.07.2006 19:08 32.768 ~DFF3BD.tmp 10.07.2006 19:08 16.384 ~DF80E.tmp 10.07.2006 19:02 1.250 ~17.tmp 10.07.2006 19:00 110.950 MSIA.tmp 10.07.2006 18:59 58.909.184 35f52b.msi 10.07.2006 18:59 61.952 35f52c.mst 10.07.2006 18:04 49.152 ~DF7408.tmp 10.07.2006 18:04 32.768 ~DFF9A2.tmp 10.07.2006 18:03 16.384 ~DFED.tmp 10.07.2006 00:04 32.768 ~DF80FA.tmp 10.07.2006 00:03 16.384 ~DF404D.tmp 10.07.2006 00:03 49.152 ~DF161D.tmp 09.07.2006 23:57 32.768 ~DFB564.tmp 09.07.2006 23:57 16.384 ~DFBF23.tmp 09.07.2006 23:49 32.768 ~DF9451.tmp 09.07.2006 23:49 16.384 ~DF3B4B.tmp 09.07.2006 23:49 49.152 ~DF3C3.tmp 09.07.2006 01:08 32.768 ~DFBD3E.tmp 09.07.2006 01:08 16.384 ~DFBD75.tmp 08.07.2006 19:54 16.384 Perflib_Perfdata_640.dat 08.07.2006 19:52 49.152 ~DF45C5.tmp 08.07.2006 19:52 32.768 ~DFC58F.tmp 08.07.2006 19:52 16.384 ~DFBEC2.tmp 08.07.2006 15:54 49.152 ~DF400F.tmp 08.07.2006 15:54 32.768 ~DFE19C.tmp 08.07.2006 15:53 16.384 ~DFC244.tmp 08.07.2006 13:53 16.384 ~DF9004.tmp 08.07.2006 13:53 512 ~DF7AB2.tmp 08.07.2006 13:53 16.384 ~DF7AA7.tmp 08.07.2006 13:48 16.384 ~DFBD14.tmp 08.07.2006 13:44 49.152 ~DF39EF.tmp 08.07.2006 13:44 32.768 ~DFC0F5.tmp 08.07.2006 13:44 16.384 ~DFC2D9.tmp 07.07.2006 16:33 49.152 ~DF334B.tmp 07.07.2006 16:33 32.768 ~DFDBA5.tmp 07.07.2006 16:33 16.384 ~DFC250.tmp 07.07.2006 16:00 717 control.xml 07.07.2006 15:42 49.152 ~DF4F15.tmp 07.07.2006 15:42 32.768 ~DFD3CF.tmp 07.07.2006 15:42 16.384 ~DFC272.tmp 07.07.2006 13:30 32.768 ~DF8493.tmp 07.07.2006 13:30 16.384 ~DF3BCE.tmp 07.07.2006 13:30 49.152 ~DF11C0.tmp 06.07.2006 13:43 32.768 ~DFB4DE.tmp 06.07.2006 13:43 16.384 ~DF4494.tmp 05.07.2006 14:07 32.768 ~DFA55A.tmp 05.07.2006 14:07 16.384 ~DF3025.tmp 05.07.2006 01:32 32.768 ~DFDAFA.tmp 05.07.2006 01:32 16.384 ~DFC1C5.tmp 05.07.2006 01:29 72.192 ~e5.0001 05.07.2006 01:25 49.152 ~DFB2FA.tmp 05.07.2006 01:25 32.768 ~DFDE1B.tmp 05.07.2006 01:25 16.384 ~DFC2A3.tmp 04.07.2006 19:46 16.384 ~DFCB3.tmp 04.07.2006 19:46 16.384 ~DFE1E7.tmp 04.07.2006 19:46 49.152 ~DF54E0.tmp 04.07.2006 19:46 32.768 ~DFE394.tmp 04.07.2006 19:45 16.384 ~DFC572.tmp 03.07.2006 23:35 2 Twain001.Mtx 03.07.2006 23:35 0 TWAIN.LOG 03.07.2006 21:49 16.384 Perflib_Perfdata_638.dat 03.07.2006 18:31 16.384 ~DF35D0.tmp 03.07.2006 16:15 49.152 ~DFB6DB.tmp 03.07.2006 16:14 32.768 ~DFDCFA.tmp 03.07.2006 16:14 16.384 ~DFC070.tmp 03.07.2006 16:01 512 ~DFB68E.tmp 03.07.2006 16:01 512 ~DFB675.tmp 03.07.2006 16:01 16.384 ~DFB66A.tmp 03.07.2006 16:01 16.384 ~DFB683.tmp 03.07.2006 16:01 512 ~DFB65C.tmp 03.07.2006 16:01 16.384 ~DFB62D.tmp 03.07.2006 16:01 512 ~DFB63A.tmp 03.07.2006 16:01 16.384 ~DFB650.tmp 03.07.2006 16:01 16.384 ~DF8B5A.tmp 03.07.2006 16:01 16.384 ~DF7910.tmp 03.07.2006 16:01 512 ~DF791B.tmp 03.07.2006 14:37 49.152 ~DFB6C5.tmp 03.07.2006 14:37 32.768 ~DFDF41.tmp 03.07.2006 14:37 16.384 ~DFC15B.tmp 03.07.2006 01:03 49.152 ~DF8C14.tmp 03.07.2006 00:37 65.536 ~DFE63C.tmp 02.07.2006 20:54 0 ~nwe_temp7044.ncg 02.07.2006 20:54 3.398 pf1058942374.tmp 02.07.2006 13:29 49.152 ~DF3D6E.tmp 02.07.2006 13:29 32.768 ~DFD0E7.tmp 02.07.2006 13:29 16.384 ~DFBE77.tmp 29.06.2006 16:46 32.768 ~DFD35A.tmp 29.06.2006 10:12 16.384 ~DF68B.tmp 29.06.2006 10:12 512 ~DF696.tmp 29.06.2006 10:11 32.768 ~DFD560.tmp 28.06.2006 10:22 49.152 ~DF3381.tmp 28.06.2006 00:32 32.768 ~DFE067.tmp 28.06.2006 00:31 16.384 ~DFBE79.tmp 27.06.2006 19:41 32.768 ~DFF548.tmp 26.06.2006 16:09 49.152 ~DF270D.tmp 25.06.2006 11:27 32.768 ~DFDC48.tmp 25.06.2006 11:26 16.384 ~DFBEDF.tmp 24.06.2006 16:55 16.384 ~DFC1AF.tmp 24.06.2006 16:25 16.384 ~DF6ECB.tmp 24.06.2006 16:25 16.384 ~DF6EE7.tmp 24.06.2006 16:25 16.384 ~DF6E99.tmp 24.06.2006 16:25 16.384 ~DF6EB2.tmp 24.06.2006 16:23 16.384 ~DFD177.tmp 24.06.2006 16:23 16.384 ~DFD190.tmp 24.06.2006 16:23 16.384 ~DFD15E.tmp 24.06.2006 16:23 16.384 ~DFD145.tmp 24.06.2006 12:02 49.152 ~DF19CC.tmp 23.06.2006 08:39 49.152 ~DF226B.tmp 23.06.2006 08:39 32.768 ~DFC1D1.tmp 22.06.2006 18:47 16.384 ~DFBFCE.tmp 22.06.2006 00:53 16.384 ~DFD200.tmp 21.06.2006 23:39 16.384 ~DFE46D.tmp 21.06.2006 22:56 16.384 ~DF352F.tmp 21.06.2006 22:56 16.384 ~DF29A7.tmp 21.06.2006 21:43 41.351 pf1067364879.tmp 21.06.2006 21:04 59.964 ~fad052.tmp 21.06.2006 16:07 32.768 ~DFFC2.tmp 21.06.2006 16:07 16.384 ~DFECFF.tmp 21.06.2006 15:57 16.384 ~DFFBA5.tmp 21.06.2006 15:56 32.768 ~DFD149.tmp 21.06.2006 15:56 16.384 ~DFBEA7.tmp 21.06.2006 14:52 16.384 ~DF821.tmp 21.06.2006 14:51 49.152 ~DF34CA.tmp 20.06.2006 01:20 16.384 ~DFDD2.tmp 20.06.2006 01:20 16.384 ~DFFAB6.tmp 20.06.2006 01:19 49.152 ~DF42D4.tmp 19.06.2006 17:56 16.384 ~DFEE99.tmp 19.06.2006 17:05 16.384 ~DFD673.tmp 19.06.2006 11:31 49.152 ~DF4DC5.tmp 18.06.2006 18:14 49.152 ~DFC4B8.tmp 07.05.2006 19:12 32.855 ICQRT.dll Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\WINDOWS 16.07.2006 14:53 0 0.log 16.07.2006 14:53 159 wiadebug.log 16.07.2006 14:52 50 wiaservc.log 16.07.2006 14:52 2.048 bootstat.dat 16.07.2006 14:51 32.334 SchedLgU.Txt 16.07.2006 14:08 5.466 ModemLog_Kommunikationskabel zwischen zwei Computern.txt 13.07.2006 17:30 711 M3JPEG.INI 11.07.2006 20:37 54.156 QTFont.qfn 10.07.2006 21:31 173.054 Windows Update.log 10.07.2006 21:30 679.378 setupapi.log 10.07.2006 21:11 400 ODBC.INI 08.07.2006 16:17 60.416 ALCFDRTM.VER 08.07.2006 14:08 1.374 setupact.log 07.07.2006 16:00 446.812 wmsetup.log 05.07.2006 01:33 341.442 DirectX.log 02.07.2006 20:58 216 muma2003.INI 02.07.2006 19:59 1.409 QTFont.for 23.06.2006 19:08 2.399 eReg.dat 18.06.2006 18:11 1.750.984 ntbtlog.txt 18.06.2006 03:20 1.167 win.ini 18.06.2006 03:20 332 system.ini 04.06.2006 17:17 0 musicmaker.INI 26.03.2006 16:41 606.848 flashax.exe Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\ 16.07.2006 14:58 0 sys.txt 16.07.2006 14:57 12.935 system.txt 16.07.2006 14:57 16.735 systemtemp.txt 16.07.2006 14:56 113.899 system32.txt 16.07.2006 14:52 13.270 avenger.txt 16.07.2006 14:52 805.306.368 pagefile.sys 16.07.2006 14:13 60.441 files.txt 18.06.2006 13:05 3.253 DirDPF.txt 18.06.2006 13:05 2 DirDPFCns.txt 18.06.2006 03:20 194 boot.ini 11.04.2006 17:20 15.542 GF_Excpt.txt 09.04.2006 16:31 1 DXOkay.bin ---------------------------------------------- werd jetz erst nochmal zu meiner Ma ins Krankenhaus.. antworte also erst n bissl spter.. Dieser Beitrag wurde am 16.07.2006 um 15:08 Uhr von Porlzum editiert.
|
|
|
||
16.07.2006, 15:33
Ehrenmitglied
Beiträge: 29434 |
#54
0.
wende CleanUp an + Rechner neustarten http://virus-protect.org/cleanup.html 1. LSPfix http://www.spychecker.com/program/lspfix.html - hake an: "I know what Im doing"--Remove - und loesche die lsp.dll (eventuell musst du die dll von links nach rechts bringen) 2. Den folgenden Text in den Editor (Start - Zubehr - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. Die Datei "fixme.reg" auf dem Desktop doppelklicken und der Registry mit "ja" oder "yes" beifgen Zitat REGEDIT4Avenger: Zitat Files to delete:gruene Ampel, PC neustarten, poste den report ** fixe mit dem HijackThis: Zitat F2 - REG:system.ini: Shell=explorer.exe "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00003.exe"PC neustarten ** wende smitfraud.fix an und poste den report von Option 1 und 2 (lasse auch die Registry mitreinigen ) http://virus-protect.org/artikel/tools/smitfrautfix.html Download Registry Search by Bobbi Flekman http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) satau320 in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. gleiches mit : 11F#`I MS Software Shadow Copy Provider Workstation NetLogon Service BraveSentry COM+-Systemanwendung COMSysApp ------------------------------------------------------------------- ** Start > Ausfuehren --> reinschreiben --> cmd.exe und ok. kopiere rein und poste alles, was im Texteditor erscheint dir /s /a "c:\slx.exe???????????????????p*.*" > c:\find.txt & start notepad c:\find.txt dir /s /a "c:\slx.exe*.*" > c:\find.txt & start notepad c:\find.txt ---------------------------------------------------------------------- ** Text in den Texteditor kopieren abspeichern (Gebe bei Dateityp "Alle Dateien" an) als look.bat und dann diese bat doppeltklicken Zitat cd\wahrscheinlich wird wieder alles bisherige miterscheinen, kopiere nur den task-Report ab ! __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
16.07.2006, 22:34
Member
Beiträge: 56 |
#55
avenger log:
Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\uckrkheh ******************* Script file located at: \??\C:\oqbsmrxc.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\bqonysvp.bat not found! Deletion of file C:\bqonysvp.bat failed! Could not process line: C:\bqonysvp.bat Status: 0xc0000034 File C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\tmp3072.exe not found! Deletion of file C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\tmp3072.exe failed! Could not process line: C:\Dokumente und Einstellungen\NoName\Lokale Einstellungen\tmp3072.exe Status: 0xc0000034 Could not open file C:\Programme\Windows\WinUpdate.exe for deletion Deletion of file C:\Programme\Windows\WinUpdate.exe failed! Could not process line: C:\Programme\Windows\WinUpdate.exe Status: 0xc000003a File C:\WINDOWS\System32\msgsple.dll deleted successfully. File C:\Dokumente und Einstellungen\All Users\Dokumente\Settings\artm_new.dll deleted successfully. File C:\WINDOWS\System32\taskdir.exe not found! Deletion of file C:\WINDOWS\System32\taskdir.exe failed! Could not process line: C:\WINDOWS\System32\taskdir.exe Status: 0xc0000034 File C:\WINDOWS\System32\testtestt.exe not found! Deletion of file C:\WINDOWS\System32\testtestt.exe failed! Could not process line: C:\WINDOWS\System32\testtestt.exe Status: 0xc0000034 File C:\WINDOWS\system32\taskdir.dll deleted successfully. Could not open file C:\WINDOWS\system32\slx.exe???????????????????p for deletion Deletion of file C:\WINDOWS\system32\slx.exe???????????????????p failed! Could not process line: C:\WINDOWS\system32\slx.exe???????????????????p Status: 0xc0000033 File C:\WINDOWS\system32\slx.exe not found! Deletion of file C:\WINDOWS\system32\slx.exe failed! Could not process line: C:\WINDOWS\system32\slx.exe Status: 0xc0000034 File C:\WINDOWS\System32\mscdaux.dll not found! Deletion of file C:\WINDOWS\System32\mscdaux.dll failed! Could not process line: C:\WINDOWS\System32\mscdaux.dll Status: 0xc0000034 File C:\WINDOWS\System32\satau320.dll not found! Deletion of file C:\WINDOWS\System32\satau320.dll failed! Could not process line: C:\WINDOWS\System32\satau320.dll Status: 0xc0000034 File C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00003.exe deleted successfully. File C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00003.dll not found! Deletion of file C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00003.dll failed! Could not process line: C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00003.dll Status: 0xc0000034 File C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00002.dll not found! Deletion of file C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00002.dll failed! Could not process line: C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00002.dll Status: 0xc0000034 File C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00002.exe not found! Deletion of file C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00002.exe failed! Could not process line: C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00002.exe Status: 0xc0000034 File C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00004.dll deleted successfully. File C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00004.exe not found! Deletion of file C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00004.exe failed! Could not process line: C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00004.exe Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. smitfraudfix logs: 1: SmitFraudFix v2.72 Scan done at 22:45:11,89, 16.07.2006 Run from C:\Dokumente und Einstellungen\NoName\Desktop\sonstiger poomist\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in normal mode C:\ C:\WINDOWS C:\WINDOWS\system C:\WINDOWS\Web C:\WINDOWS\system32 C:\Dokumente und Einstellungen\NoName\Application Data Start Menu C:\DOKUME~1\NoName\STARTM~1\PROGRA~1\BraveSentry FOUND ! C:\DOKUME~1\NoName\FAVORI~1 Desktop C:\DOKUME~1\NoName\Desktop\BraveSentry.lnk FOUND ! C:\Programme Corrupted keys Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll Scanning wininet.dll infection End die 2: SmitFraudFix v2.72 Scan done at 22:50:47,98, 16.07.2006 Run from C:\Dokumente und Einstellungen\NoName\Desktop\sonstiger poomist\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in safe mode Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll Killing process Generic Renos Fix GenericRenosFix by S!Ri Deleting infected files C:\DOKUME~1\NoName\Desktop\BraveSentry.lnk Deleted C:\DOKUME~1\NoName\STARTM~1\PROGRA~1\BraveSentry Deleted Deleting Temp Files Registry Cleaning Registry Cleaning done. After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll End Regsearch: - REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman 2005 ; Version: 2.0.1.0 ; Results at 16.07.2006 23:02:21 for strings: ; 'satau320' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... - REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman 2005 ; Version: 2.0.1.0 ; Results at 16.07.2006 23:04:29 for strings: ; '11f#`i' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000] "Service"=" 11F#`I" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ 11F#`I] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ 11F#`I\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ 11F#`I\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000] "Service"=" 11F#`I" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ 11F#`I] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ 11F#`I\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000] "Service"=" 11F#`I" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ 11F#`I] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ 11F#`I\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ 11F#`I\Enum] ; End Of The Log... - REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman 2005 ; Version: 2.0.1.0 ; Results at 16.07.2006 23:06:15 for strings: ; 'ms software shadow copy provider' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SwPrv] "DisplayName"="MS Software Shadow Copy Provider" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}] @="MS Software Shadow Copy provider 1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SwPrv] "DisplayName"="MS Software Shadow Copy Provider" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}] @="MS Software Shadow Copy provider 1.0" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SwPrv] "DisplayName"="MS Software Shadow Copy Provider" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}] @="MS Software Shadow Copy provider 1.0" ; End Of The Log... - REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman 2005 ; Version: 2.0.1.0 ; Results at 16.07.2006 23:07:52 for strings: ; 'workstation netlogon service' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000] "DeviceDesc"="Workstation NetLogon Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ 11F#`I] "DisplayName"="Workstation NetLogon Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000] "DeviceDesc"="Workstation NetLogon Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ 11F#`I] "DisplayName"="Workstation NetLogon Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000] "DeviceDesc"="Workstation NetLogon Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ 11F#`I] "DisplayName"="Workstation NetLogon Service" ; End Of The Log... - REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman 2005 ; Version: 2.0.1.0 ; Results at 16.07.2006 23:09:29 for strings: ; 'bravesentry' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_USERS\S-1-5-21-117609710-1935655697-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\\Program Files\\BraveSentry\\BraveSentry.exe"="BraveSentry" ; End Of The Log... - REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman 2005 ; Version: 2.0.1.0 ; Results at 16.07.2006 23:11:11 for strings: ; 'com+-systemanwendung' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_COMSYSAPP\0000] "DeviceDesc"="COM+-Systemanwendung" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\COMSysApp] "DisplayName"="COM+-Systemanwendung" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_COMSYSAPP\0000] "DeviceDesc"="COM+-Systemanwendung" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\COMSysApp] "DisplayName"="COM+-Systemanwendung" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_COMSYSAPP\0000] "DeviceDesc"="COM+-Systemanwendung" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\COMSysApp] "DisplayName"="COM+-Systemanwendung" ; End Of The Log... - REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman 2005 ; Version: 2.0.1.0 ; Results at 16.07.2006 23:12:49 for strings: ; 'comsysapp' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_COMSYSAPP] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_COMSYSAPP\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_COMSYSAPP\0000] "Service"="COMSysApp" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\COMSysApp] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\COMSysApp\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\COMSysApp\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\COMSysApp\Enum] "0"="Root\\LEGACY_COMSYSAPP\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_COMSYSAPP] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_COMSYSAPP\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_COMSYSAPP\0000] "Service"="COMSysApp" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\COMSysApp] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\COMSysApp\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_COMSYSAPP] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_COMSYSAPP\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_COMSYSAPP\0000] "Service"="COMSysApp" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\COMSysApp] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\COMSysApp\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\COMSysApp\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\COMSysApp\Enum] "0"="Root\\LEGACY_COMSYSAPP\\0000" ; End Of The Log... ------------------------------------------------------- find.txt teil1 : Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von c:\WINDOWS\system32 16.07.2006 13:08 7.644 slx.exe???????????????????p 1 Datei(en) 7.644 Bytes Anzahl der angezeigten Dateien: 1 Datei(en) 7.644 Bytes 0 Verzeichnis(se), 927.420.416 Bytes frei und teil 2: Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von c:\WINDOWS\system32 16.07.2006 13:08 7.644 slx.exe???????????????????p 1 Datei(en) 7.644 Bytes Anzahl der angezeigten Dateien: 1 Datei(en) 7.644 Bytes 0 Verzeichnis(se), 927.420.416 Bytes frei (irgendwie das gleiche.. naja..) letzter teil folgt: die look.bat hat folgendes gebracht - Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\WINDOWS\tasks 23.08.2001 14:00 65 desktop.ini 16.07.2006 22:57 6 SA.DAT 2 Datei(en) 71 Bytes 0 Verzeichnis(se), 927.416.320 Bytes frei Dieser Beitrag wurde am 16.07.2006 um 23:29 Uhr von Porlzum editiert.
|
|
|
||
16.07.2006, 23:56
Ehrenmitglied
Beiträge: 29434 |
#56
Avenger:
Zitat registry keys to delete:poste den report ------------------------------------------------------------------------------------------------------- Pocket KillBox http://virus-protect.org/killbox.html Options: "Delete on Reboot" und "Single File"--> anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nchste rein, erst beim letzten auf "yes" reinkopieren: ............ Zitat c:\WINDOWS\system32\slx.exe???????????????????pPC neustarten ** poste die 4 logs von datfindbat noch mal. ** Gehe in die registry Start - Ausfuehren - regedit hkey_current_user\software\microsoft\windows\currentversion\internet settings\zonemap\intranetname="1"--> loeschen hkey_current_user\software\microsoft\windows\currentversion\internet settings\zonemap\uncasintranet="1"--> loeschen hkey_current_user\software\microsoft\windows\currentversion\internet settings\zonemap\proxybypass="1" --> loeschen PC neustarten ** scanne mit panda und poste den scanreport http://virus-protect.org/onlinescan.html + das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
17.07.2006, 15:07
Member
Beiträge: 56 |
#57
Logfile of The Avenger version 1, by Swandog46
Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\tdnabhuk ******************* Script file located at: \??\C:\WINDOWS\qqffxpsi.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ 11F#`I deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ 11F#`I deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY__11F*00DF*00E4*0006#*00B7*00BA*00C4*00D6`I\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\11F#`I not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\11F#`I failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\11F#`I Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. hmm.. bei der Killbox gabs irgend ne fehlermeldung (siehe anhang error.jpg) die 4 logs: Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\WINDOWS\system32 16.07.2006 13:08 7.644 slx.exe???????????????????p 04.07.2006 19:45 2.206 wpa.dbl 28.05.2006 19:18 0 nvapps.xml 16.04.2006 02:51 21.840 SIntfNT.dll 16.04.2006 02:51 17.212 SIntf32.dll 16.04.2006 02:51 12.067 SIntf16.dll Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\DOKUME~1\NoName\LOKALE~1\Temp 17.07.2006 15:13 16.384 ~DF26C4.tmp 17.07.2006 15:13 512 ~DFF78.tmp 17.07.2006 15:13 16.384 ~DFDBD.tmp 17.07.2006 15:13 49.152 ~DF2F70.tmp 17.07.2006 15:13 32.768 ~DFD202.tmp 17.07.2006 15:13 16.384 ~DFBFF3.tmp 17.07.2006 15:08 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}2488.html 17.07.2006 15:05 16.384 ~DFF57.tmp 17.07.2006 15:05 16.384 ~DFF70.tmp 17.07.2006 15:05 16.384 ~DFF3D.tmp 17.07.2006 15:05 16.384 ~DFF24.tmp 17.07.2006 15:05 16.384 ~DFFDD2.tmp 17.07.2006 15:05 16.384 ~DFE72B.tmp 17.07.2006 15:04 49.152 ~DF2F69.tmp 17.07.2006 15:04 32.768 ~DFCCFE.tmp 17.07.2006 15:04 16.384 ~DFC889.tmp 17.07.2006 15:02 16.384 ~DF1F21.tmp 17.07.2006 15:02 16.384 ~DF1EEF.tmp 17.07.2006 15:02 16.384 ~DF1F08.tmp 17.07.2006 15:02 16.384 ~DF1ED6.tmp 17.07.2006 15:00 16.384 ~DF4589.tmp 17.07.2006 15:00 16.384 ~DF4570.tmp 17.07.2006 15:00 16.384 ~DF4557.tmp 17.07.2006 15:00 16.384 ~DF453E.tmp 17.07.2006 15:00 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}20793.html 17.07.2006 14:56 408 jusched.log 17.07.2006 14:49 16.384 ~DFCAA4.tmp 17.07.2006 14:49 16.384 ~DFB59C.tmp 17.07.2006 14:46 49.152 ~DF427D.tmp 17.07.2006 14:46 32.768 ~DFC5FC.tmp 17.07.2006 14:46 16.384 ~DFBE63.tmp 16.07.2006 22:57 49.152 ~DFE4AA.tmp 16.07.2006 22:57 32.768 ~DF87DE.tmp 16.07.2006 22:57 16.384 ~DFC0E1.tmp 16.07.2006 22:54 49.152 ~DF23A8.tmp 16.07.2006 22:54 32.768 ~DFD45A.tmp 16.07.2006 22:53 16.384 ~DFBD41.tmp 16.07.2006 22:50 32.768 ~DFF4D1.tmp 16.07.2006 22:50 16.384 ~DFADD9.tmp 39 Datei(en) 838.465 Bytes 0 Verzeichnis(se), 918.286.336 Bytes frei Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\WINDOWS 17.07.2006 15:13 0 0.log 17.07.2006 15:13 159 wiadebug.log 17.07.2006 15:13 50 wiaservc.log 17.07.2006 15:12 2.048 bootstat.dat 17.07.2006 15:11 32.550 SchedLgU.Txt 16.07.2006 22:52 1.554 setupact.log 16.07.2006 22:49 1.847.514 ntbtlog.txt 16.07.2006 14:08 5.466 ModemLog_Kommunikationskabel zwischen zwei Computern.txt 13.07.2006 17:30 711 M3JPEG.INI 11.07.2006 20:37 54.156 QTFont.qfn 10.07.2006 21:31 173.054 Windows Update.log 10.07.2006 21:30 679.378 setupapi.log 10.07.2006 21:11 400 ODBC.INI 08.07.2006 16:17 60.416 ALCFDRTM.VER 07.07.2006 16:00 446.812 wmsetup.log 05.07.2006 01:33 341.442 DirectX.log 02.07.2006 20:58 216 muma2003.INI 02.07.2006 19:59 1.409 QTFont.for 23.06.2006 19:08 2.399 eReg.dat 18.06.2006 03:20 1.167 win.ini 18.06.2006 03:20 332 system.ini 04.06.2006 17:17 0 musicmaker.INI 26.03.2006 16:41 606.848 flashax.exe Datentrger in Laufwerk C: ist WinXP Volumeseriennummer: 7C9C-2979 Verzeichnis von C:\ 17.07.2006 15:15 0 sys.txt 17.07.2006 15:15 12.935 system.txt 17.07.2006 15:14 2.238 systemtemp.txt 17.07.2006 15:14 113.801 system32.txt 17.07.2006 15:12 805.306.368 pagefile.sys 17.07.2006 15:04 3.428 avenger.txt 17.07.2006 15:02 1.080 rabnykld.bat 17.07.2006 15:02 126.976 zip.exe 17.07.2006 15:02 736 avexport.bat 16.07.2006 23:29 313 look.txt 16.07.2006 23:25 377 find.txt 16.07.2006 22:51 1.020 rapport.txt 16.07.2006 14:13 60.441 files.txt 18.06.2006 13:05 3.253 DirDPF.txt 18.06.2006 13:05 2 DirDPFCns.txt 18.06.2006 03:20 194 boot.ini 11.04.2006 17:20 15.542 GF_Excpt.txt 09.04.2006 16:31 1 DXOkay.bin .... Anhang: error.JPG Dieser Beitrag wurde am 17.07.2006 um 15:15 Uhr von Porlzum editiert.
|
|
|
||
17.07.2006, 15:29
Ehrenmitglied
Beiträge: 29434 |
#58
1.
gehe in den abgesicherten Modus und versuche, egal wie...das hier zu loeschen: Verzeichnis von C:\WINDOWS\system32 16.07.2006 13:08 7.644 slx.exe???????????????????p dann poste noch mal das erste log von datfindbat, zum Ueberpruefen. 2. scanne mit dr.web und poste den scanreport http://virus-protect.org/cureit.html 3. Registry Search kopiere rein: satau325 poste, was erscheint 4. loesche C:\Dokumente und Einstellungen\NoName\Anwendungsdaten 16.07.2006 13:08 1.512.877 Install.dat 23.08.2005 00:14 <DIR> Internet Download Accelerator 5. desinstalliere- loesche: Verzeichnis von C:\Programme 18.06.2006 19:44 <DIR> Save __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
17.07.2006, 15:45
Member
Beiträge: 56 |
#59
geht klar..
hoffe das gleich panda fertig is, dann werd ich die log reinfeuern und danach die 5 schritte abarbeiten.. hmm.. panda hat zieeemlich viel gefunden.. |
|
|
||
17.07.2006, 15:52
Ehrenmitglied
Beiträge: 29434 |
#60
vielleicht bekommen wir die Kiste endlich mal sauber
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
hmm.. bei dem link seh ich irgendwie nich so durch.. es sieht nur rellativ gefhrlich aus und irgendwie ziemlich viel..hmm..
wie soll ich anfangen?
Edit:
das komische ist ja, dass ich lediglich auf offiziellen Seiten einiger Bands gesurft habe.. irgendwie kann ich mir das null erklren, wie sowas zustande kommen kann.. -.- ..