Testthread - zum testen, posten, zwischenspeichern - nicht zur Unterhaltung

#0
13.07.2008, 16:11
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#31 wenn malwarebytes dann immer noch nicht funktionieren sollte, lasse dieses log hier posten
http://virus-protect.org/lsa.html

dann muessen wir zusehen, dass wir das manuell rauskriegen, ohne schlimmes anzurichten

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0C:\WINDOWS\system32\geBQjJDW\0\0
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
08.08.2008, 15:08
...neu hier

Beiträge: 1
#32 hallo ich hab mal ne frage zum game warrock und zwar installiert der bei launcher wo di updates sind dise datei nicht : - System\pb\pbag.dll


was kann ich da machen ? kann mir da einer helfen?
Seitenanfang Seitenende
08.08.2008, 17:05
Moderator
Avatar joschi

Beiträge: 6466
#33 Achtung! Dieser Thread dient Testzwecken....siehe oben

Foren, die sich mit warrock beschäftigen, gibt es genügend. Dort kann Dir vermutlich am besten weitergeholfen werden.
http://www.google.de/search?hl=de&q=forum+warrock&btnG=Suche&meta=lr%3Dlang_de
__________
Durchsuchen --> Aussuchen --> Untersuchen
Seitenanfang Seitenende
18.08.2008, 20:05
Moderator

Beiträge: 5694
#34 >> http://board.protecus.de/t34578.htm

>>
CCleaner anwenden
http://www.virus-protect.org/ccleaner.html


>>

Zitat

KILLALL::

Registry::
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
Seitenanfang Seitenende
18.08.2008, 22:51
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#35 das muss nicht raus..und wenn es raus sollte, müsste man ein [-HKEY_CLASSES_ROOT
vor die Einträge setzen ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
19.08.2008, 07:44
Moderator

Beiträge: 5694
#36 Ach so;)

Danke Dir Sabina ;)
Seitenanfang Seitenende
25.08.2008, 11:51
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#37 ja, seufz..bei mir hat es auch alles weggefegt.... doof, dass man immer erst alles testen muss ;)
http://virus-protect.org/artikel/tools/toolscleaner.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
28.08.2008, 02:52
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#38 Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: yyyy-MM-dd

958.48 Mb Total Physical Memory | 367.41 Mb Available Physical Memory | 38.33% Memory free
2.26 Gb Paging File | 1.88 Gb Available in Paging File | 83.09% Paging File free
Paging file location(s): C:\pagefile.sys 1437 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 113.67 Gb Total Space | 95.52 Gb Free Space | 84.03% Space Free | Partition Type: FAT32
Drive D: | 115.26 Gb Total Space | 114.70 Gb Free Space | 99.52% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name:
Current User Name: Arnold
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

===== Processes - Non-Microsoft Only =====

[03-02-2005 11:18 AM | 00,065,536 | ---- | M] () - C:\WINDOWS\System32\WLTRYSVC.EXE
[02-07-2005 01:07 PM | 00,819,315 | ---- | M] (U.S. Robotics Corporation) - C:\WINDOWS\System32\bcmwltry.exe
[09-22-2005 04:42 PM | 00,090,112 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\SOUNDMAN.EXE
[11-02-2004 08:24 PM | 00,032,768 | ---- | M] (Cyberlink Corp.) - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[12-04-2007 11:03 PM | 00,036,640 | ---- | M] () - C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
[06-10-2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[11-16-2005 05:00 PM | 00,397,312 | ---- | M] (acer Inc.) - C:\Acer\Empowering Technology\eRecovery\Monitor.exe
[06-10-2008 02:00 PM | 00,501,080 | ---- | M] (Doctor Web, Ltd.) - C:\Program Files\DrWeb\spiderml.exe
[05-05-2008 03:37 PM | 00,283,888 | ---- | M] (Doctor Web, Ltd.) - C:\Program Files\DrWeb\DRWEBSCD.EXE
[07-08-2008 05:12 PM | 00,230,936 | ---- | M] (Doctor Web, Ltd.) - C:\PROGRA~1\DrWeb\spiderui.exe
[07-31-2008 02:46 PM | 00,380,536 | ---- | M] (Emsi Software GmbH) - C:\Program Files\a-squared Free\a2service.exe
[09-21-2005 01:46 PM | 00,438,272 | ---- | M] (Acer Inc.) - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
[05-16-2008 02:01 PM | 00,159,812 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe
[05-22-2008 07:35 AM | 00,345,376 | ---- | M] () - C:\Program Files\SiteAdvisor\6261\SAService.exe
[07-08-2008 05:12 PM | 00,226,840 | ---- | M] (Doctor Web, Ltd.) - C:\PROGRA~1\DrWeb\spidernt.exe

===== Win32 Services - Non-Microsoft Only =====

(a2free) a-squared Free Service [Auto | Running]
[07-31-2008 02:46 PM | 00,380,536 | ---- | M] (Emsi Software GmbH) - C:\Program Files\a-squared Free\a2service.exe

(Acer Media Server) Acer Media Server [Auto | Running]
[09-21-2005 01:46 PM | 00,438,272 | ---- | M] (Acer Inc.) - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe

(dmadmin) Logical Disk Manager Administrative-service [On_Demand | Stopped]
[04-14-2008 07:02 PM | 00,225,280 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\System32\dmadmin.exe

(NVSvc) NVIDIA Display Driver Service [Auto | Running]
[05-16-2008 02:01 PM | 00,159,812 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe

(SiteAdvisor Service) SiteAdvisor-service [Auto | Running]
[05-22-2008 07:35 AM | 00,345,376 | ---- | M] () - C:\Program Files\SiteAdvisor\6261\SAService.exe

(SPIDERNT) SpIDer Guard for Windows [Auto | Running]
[07-08-2008 05:12 PM | 00,226,840 | ---- | M] (Doctor Web, Ltd.) - C:\PROGRA~1\DrWeb\spidernt.exe

(wltrysvc) U.S. Robotics Wireless LAN Service [Auto | Running]
[03-02-2005 11:18 AM | 00,065,536 | ---- | M] () - C:\WINDOWS\System32\WLTRYSVC.EXE

===== Driver Services - Non-Microsoft Only =====

(AegisP) AEGIS Protocol (IEEE 802.1x) v3.2.0.3 [Auto | Running]
[03-17-2007 02:21 PM | 00,017,801 | ---- | M] (Meetinghouse Data Communications) - C:\WINDOWS\system32\DRIVERS\AegisP.sys

(Afc) PPdus ASPI Shell [On_Demand | Running]
[02-23-2005 02:58 PM | 00,011,776 | ---- | M] (Arcsoft, Inc.) - C:\WINDOWS\system32\drivers\Afc.sys

(ALCXWDM) Service for Realtek AC97 Audio (WDM) [On_Demand | Running]
[09-22-2005 04:34 PM | 03,727,680 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS

(AmdK8) Stuurprogramma voor AMD-processor [System | Running]
[03-09-2005 03:53 PM | 00,043,008 | ---- | M] (Advanced Micro Devices) - C:\WINDOWS\system32\DRIVERS\AmdK8.sys

(BCM43XX) U.S. Robotics Wireless MAXg Adapter [On_Demand | Running]
[12-22-2004 02:32 AM | 00,369,024 | ---- | M] (Broadcom Corporation) - C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

(CO_Mon) CO_Mon [On_Demand | Stopped]
[04-06-2007 05:29 PM | 00,028,672 | ---- | M] () - C:\WINDOWS\system32\Drivers\CO_Mon.sys

(dmboot) dmboot [Disabled | Stopped]
[04-14-2008 06:40 PM | 00,800,000 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\System32\drivers\dmboot.sys

(dmio) dmio [Disabled | Stopped]
[04-14-2008 06:40 PM | 00,153,856 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\System32\drivers\dmio.sys

(dmload) dmload [Disabled | Stopped]
[08-04-2004 05:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\System32\drivers\dmload.sys

(gmer) gmer [On_Demand | Stopped]
[08-18-2008 10:07 PM | 00,085,969 | ---- | M] (GMER) - C:\WINDOWS\System32\DRIVERS\gmer.sys

(hitmanpro3) Hitman Pro 3 Support Driver [On_Demand | Stopped]
File not found - C:\WINDOWS\system32\drivers\hitmanpro3.sys

(mbr) mbr [On_Demand | Stopped]
File not found - C:\DOCUME~1\Arnold\LOCALS~1\Temp\mbr.sys

(NTIDrvr) Upper Class Filter Driver [On_Demand | Running]
[01-27-2005 09:24 AM | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) - C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys

(nv) nv [On_Demand | Running]
[05-16-2008 02:01 PM | 06,557,408 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

(NVENETFD) NVIDIA nForce Networking Controller Driver [On_Demand | Running]
[07-29-2005 05:11 PM | 00,034,048 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

(nvnetbus) NVIDIA Network Bus Enumerator [On_Demand | Running]
[07-29-2005 05:11 PM | 00,012,928 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

(PCASp50) PCASp50 NDIS Protocol Driver [On_Demand | Stopped]
[09-07-2004 04:42 PM | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) - C:\WINDOWS\System32\Drivers\PCASp50.sys

(Ptilink) Stuurprogramma voor Directe parallelle verbinding [On_Demand | Running]
[08-04-2004 05:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\DRIVERS\ptilink.sys

(SASKUTIL) SASKUTIL [System | Stopped]
File not found - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[11-13-2007 11:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\DRIVERS\secdrv.sys

(SIS163u) TL-WN320G 1.0 USB WLAN Adapter Driver [On_Demand | Stopped]
[11-29-2004 12:19 PM | 00,167,424 | ---- | M] (SiS Corporation) - C:\WINDOWS\system32\DRIVERS\sis163u.sys

(SPIDER) SpIDer Guard File System Monitor [Auto | Running]
[07-08-2008 05:12 PM | 00,341,784 | ---- | M] (Doctor Web, Ltd.) - C:\PROGRA~1\DrWeb\spider.sys

(TMPassthruMP) TMPassthruMP [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\DRIVERS\TMPassthru.sys

(UBHelper) UBHelper [System | Running]
[12-17-2004 05:14 PM | 00,013,952 | ---- | M] () - C:\WINDOWS\System32\drivers\UBHelper.sys

(int15.sys) int15.sys [Auto | Running]
[01-13-2005 02:46 PM | 00,069,632 | ---- | M] () - C:\Acer\Empowering Technology\eRecovery\int15.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrWebScheduler" = "C:\Program Files\DrWeb\DRWEBSCD.EXE" [05-05-2008 03:37 PM | 00,283,888 | ---- | M] (Doctor Web, Ltd.)
"LaunchApp" = Alaunch [06-23-2005 01:36 AM | 00,520,192 | ---- | M] (Acer Inc.)
"NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [05-16-2008 02:01 PM | 13,529,088 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [05-16-2008 02:01 PM | 00,086,016 | ---- | M] (NVIDIA Corporation)
"nwiz" = nwiz.exe /install [05-16-2008 02:01 PM | 01,630,208 | ---- | M] ()
"RemoteControl" = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11-02-2004 08:24 PM | 00,032,768 | ---- | M] (Cyberlink Corp.)
"SiteAdvisor" = "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [12-04-2007 11:03 PM | 00,036,640 | ---- | M] ()
"SoundMan" = SOUNDMAN.EXE [09-22-2005 04:42 PM | 00,090,112 | ---- | M] (Realtek Semiconductor Corp.)
"SpIDerMail" = "C:\Program Files\DrWeb\spiderml.exe" [06-10-2008 02:00 PM | 00,501,080 | ---- | M] (Doctor Web, Ltd.)
"SpIDerNT" = C:\PROGRA~1\DrWeb\spiderui.exe /agent [07-08-2008 05:12 PM | 00,230,936 | ---- | M] (Doctor Web, Ltd.)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06-10-2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]
HKLM CLSID: (Reg Error: Value does not exist or could not be read.) - [05-16-2008 06:49 PM | 00,927,008 | ---- | M] () C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06-10-2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}]
HKLM CLSID: (Reg Error: Value does not exist or could not be read.) - [08-19-2008 06:11 PM | 03,493,888 | ---- | M] (Cooliris Inc.) C:\Program Files\PicLensIE\PicLens.dll
HKCU CLSID: (Reg Error: Value does not exist or could not be read.) - [08-19-2008 06:11 PM | 03,493,888 | ---- | M] (Cooliris Inc.) C:\Program Files\PicLensIE\PicLens.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{0BF43445-2F28-4351-9252-17FE6E806AA0}"
HKLM CLSID: (McAfee SiteAdvisor) - [05-16-2008 06:49 PM | 00,927,008 | ---- | M] () C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun" = 67108863
"NoDriveTypeAutoRun" = 255
"NoDrives" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"undockwithoutlogon" = 1
"SynchronousMachineGroupPolicy" = 0
"SynchronousUserGroupPolicy" = 0
"shutdownwithoutlogon" = 1
"HideLegacyLogonScripts" = 0
"HideLogoffScripts" = 0
"RunLogonScriptSync" = 1
"RunStartupScriptSync" = 0
"HideStartupScripts" = 0
"DisableRegistryTools" = 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives" = 0
"NoDriveTypeAutoRun" = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts" = 0
"HideLogoffScripts" = 0
"RunLogonScriptSync" = 1
"RunStartupScriptSync" = 0
"HideStartupScripts" = 0
"DisableRegistryTools" = 0

===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "Mijn huidige introductiepagina"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [04-13-2008 08:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04-14-2008 07:03 PM | 00,142,336 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [05-21-2008 04:37 AM | 12,844,576 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [04-13-2008 08:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04-14-2008 07:03 PM | 00,142,336 | ---- | M] (Microsoft Corporation)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [04-14-2008 07:02 PM | 01,037,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\Explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [04-14-2008 07:03 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [04-14-2008 07:03 PM | 00,515,072 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04-14-2008 07:02 PM | 08,508,416 | ---- | M] (Microsoft Corporation) C:\WINDOWS\System32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [04-14-2008 07:03 PM | 00,304,640 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"DllName" = File not found

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandFrom]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandTo]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
"SBCSSvc" = 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 2
"services" = 0
"startup" = 2

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{72633B32-2161-4387-969D-D0E6D161DCEC}]
Servers: | Description: U.S. Robotics Wireless MAXg PCI Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{C4E6EE3E-90D3-4498-BAA2-8EAFCAE67B1B}]
Servers: | Description: NVIDIA nForce Networking Controller

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{F6201F9D-D2C6-4318-8DF4-42471388C246}]
Servers: | Description: 1394-netwerkkaart

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== Autorun Files on Drives =====

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[01-27-2005 09:24 AM | 00,000,050 | ---- | M] () C:\AUTOEXEC.BAT [ FAT32 ]

===== MountPoints2 =====

===== Hosts File =====

HOSTS File = (736 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



[Files/Folders - Created Within 30 days]
[08-09-2008 01:22 AM | ---D | C] - C:\MSNCleaner
[08-22-2008 12:34 PM | 00,000,074 | ---- | C] () - C:\bootdelete.lst
[08-27-2008 07:23 PM | 00,066,048 | ---- | C] () - C:\mbr.exe
[08-23-2008 01:08 PM | 00,005,248 | ---- | C] (Acer Laboratories Inc.) - C:\WINDOWS\System32\dllcache\aliide.sys
[08-23-2008 01:08 PM | 00,009,472 | ---- | C] () - C:\WINDOWS\System32\dllcache\ativmdcd.sys
[08-23-2008 01:08 PM | 00,010,240 | ---- | C] () - C:\WINDOWS\System32\dllcache\atipcxxx.sys
[08-23-2008 01:08 PM | 00,010,880 | ---- | C] (Aureal, Inc.) - C:\WINDOWS\System32\dllcache\admjoy.sys
[08-23-2008 01:08 PM | 00,014,848 | ---- | C] (Advanced System Products, Inc.) - C:\WINDOWS\System32\dllcache\asc3550.sys
[08-23-2008 01:08 PM | 00,016,969 | ---- | C] (AmbiCom, Inc.) - C:\WINDOWS\System32\dllcache\amb8002.sys
[08-23-2008 01:08 PM | 00,017,152 | ---- | C] () - C:\WINDOWS\System32\dllcache\atitunep.sys
[08-23-2008 01:08 PM | 00,017,152 | ---- | C] () - C:\WINDOWS\System32\dllcache\atitvsnd.sys
[08-23-2008 01:08 PM | 00,019,456 | ---- | C] () - C:\WINDOWS\System32\dllcache\ativttxx.sys
[08-23-2008 01:08 PM | 00,020,160 | ---- | C] (ADMtek Incorporated) - C:\WINDOWS\System32\dllcache\adm8511.sys
[08-23-2008 01:08 PM | 00,023,552 | ---- | C] () - C:\WINDOWS\System32\dllcache\atixbar.sys
[08-23-2008 01:08 PM | 00,026,496 | ---- | C] (Advanced System Products, Inc.) - C:\WINDOWS\System32\dllcache\asc.sys
[08-23-2008 01:08 PM | 00,026,624 | ---- | C] () - C:\WINDOWS\System32\dllcache\ativxbar.sys
[08-23-2008 01:08 PM | 00,026,624 | ---- | C] (Acer Laboratories Inc.) - C:\WINDOWS\System32\dllcache\alifir.sys
[08-23-2008 01:08 PM | 00,026,880 | ---- | C] () - C:\WINDOWS\System32\dllcache\atirtsnd.sys
[08-23-2008 01:08 PM | 00,027,678 | ---- | C] (Acer Laboratories Inc.) - C:\WINDOWS\System32\dllcache\ali5261.sys
[08-23-2008 01:08 PM | 00,036,224 | ---- | C] (ADMtek Incorporated.) - C:\WINDOWS\System32\dllcache\an983.sys
[08-23-2008 01:08 PM | 00,046,112 | ---- | C] (Adaptec, Inc ) - C:\WINDOWS\System32\dllcache\adptsf50.sys
[08-23-2008 01:08 PM | 00,046,464 | ---- | C] () - C:\WINDOWS\System32\dllcache\atibt829.sys
[08-23-2008 01:08 PM | 00,049,920 | ---- | C] () - C:\WINDOWS\System32\dllcache\atirtcap.sys
[08-23-2008 01:08 PM | 00,061,952 | ---- | C] (Kleurenflatbedscanner) - C:\WINDOWS\System32\dllcache\acerscad.dll
[08-23-2008 01:08 PM | 00,070,784 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\dllcache\atiragem.sys
[08-23-2008 01:08 PM | 00,075,392 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\dllcache\atimpae.sys
[08-23-2008 01:08 PM | 00,077,824 | ---- | C] (ATI Technologies, Inc.) - C:\WINDOWS\System32\dllcache\ati.sys
[08-23-2008 01:08 PM | 00,084,480 | ---- | C] (VIA Technologies, Inc.) - C:\WINDOWS\System32\dllcache\ac97via.sys
[08-23-2008 01:08 PM | 00,096,256 | ---- | C] (Intel Corporation) - C:\WINDOWS\System32\dllcache\ac97intc.sys
[08-23-2008 01:08 PM | 00,097,354 | ---- | C] (Bay Networks, Inc.) - C:\WINDOWS\System32\dllcache\aspndis3.sys
[08-23-2008 01:08 PM | 00,098,304 | ---- | C] (Aureal Semiconductor) - C:\WINDOWS\System32\dllcache\a3d.dll
[08-23-2008 01:08 PM | 00,104,832 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\dllcache\atiraged.dll
[08-23-2008 01:08 PM | 00,137,216 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\dllcache\atidrae.dll
[08-23-2008 01:08 PM | 00,148,352 | ---- | C] (3dfx Interactive, Inc.) - C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[08-23-2008 01:08 PM | 00,231,552 | ---- | C] (Acer Laboratories Inc.) - C:\WINDOWS\System32\dllcache\ac97ali.sys
[08-23-2008 01:08 PM | 00,268,160 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\dllcache\atidvai.dll
[08-23-2008 01:08 PM | 00,281,728 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\dllcache\atimtai.sys
[08-23-2008 01:08 PM | 00,289,920 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\dllcache\atimpab.sys
[08-23-2008 01:08 PM | 00,297,728 | ---- | C] (Silicon Integrated Systems Corp.) - C:\WINDOWS\System32\dllcache\ac97sis.sys
[08-23-2008 01:08 PM | 00,382,592 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\dllcache\atidrab.dll
[08-23-2008 01:08 PM | 00,462,848 | ---- | C] (Aureal Inc.) - C:\WINDOWS\System32\dllcache\a3dapi.dll
[08-23-2008 01:08 PM | 00,553,984 | ---- | C] (Aureal, Inc.) - C:\WINDOWS\System32\dllcache\adm8820.sys
[08-23-2008 01:08 PM | 00,584,448 | ---- | C] (Aureal, Inc.) - C:\WINDOWS\System32\dllcache\adm8810.sys
[08-23-2008 01:08 PM | 00,689,216 | ---- | C] (3dfx Interactive, Inc.) - C:\WINDOWS\System32\dllcache\3dfxvs.dll
[08-23-2008 01:08 PM | 00,747,392 | ---- | C] (Aureal, Inc.) - C:\WINDOWS\System32\dllcache\adm8830.sys
[08-23-2008 01:08 PM | 00,762,780 | ---- | C] (3Com, Inc.) - C:\WINDOWS\System32\dllcache\3cwmcru.sys
[08-23-2008 01:09 PM | 00,036,992 | ---- | C] (Aztech Systems Ltd) - C:\WINDOWS\System32\dllcache\aztw2320.sys
[08-23-2008 01:09 PM | 00,037,568 | ---- | C] (AVM GmbH) - C:\WINDOWS\System32\dllcache\avmwan.sys
[08-23-2008 01:09 PM | 00,087,552 | ---- | C] (AVM GmbH) - C:\WINDOWS\System32\dllcache\avmcoxp.dll
[08-23-2008 01:09 PM | 00,089,952 | ---- | C] (AVM GmbH) - C:\WINDOWS\System32\dllcache\b1cbase.sys
[08-23-2008 01:09 PM | 00,097,376 | ---- | C] (Broadcom Corporation) - C:\WINDOWS\System32\dllcache\b57xp32.sys
[08-23-2008 01:09 PM | 00,144,384 | ---- | C] (AVM GmbH) - C:\WINDOWS\System32\dllcache\avmenum.dll
[08-15-2008 09:10 PM | 00,017,144 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08-15-2008 09:10 PM | 00,038,472 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08-18-2008 10:07 PM | 00,085,969 | ---- | C] (GMER) - C:\WINDOWS\System32\drivers\gmer.sys
[08-24-2008 09:10 PM | 00,142,096 | ---- | C] (Trend Micro Inc.) - C:\WINDOWS\System32\drivers\tmcomm.sys
[08-25-2008 05:55 PM | 00,008,704 | ---- | C] () - C:\WINDOWS\System32\drivers\hbiyccngaleq.sys
[08-01-2008 03:58 PM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[08-01-2008 03:58 PM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[08-01-2008 03:58 PM | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[08-01-2008 11:55 PM | 00,027,136 | ---- | C] () - C:\WINDOWS\System32\PCWizard.cpl
[08-10-2008 12:17 PM | 00,073,728 | ---- | C] () - C:\WINDOWS\System32\Vrazace.dll
[08-10-2008 12:17 PM | 00,139,264 | ---- | C] () - C:\WINDOWS\System32\hspylib.dll
[08-10-2008 12:17 PM | 00,159,744 | ---- | C] () - C:\WINDOWS\System32\Vrazrar.dll
[07-31-2008 08:53 PM | ---D | C] - C:\WINDOWS\BDOSCAN8
[08-02-2008 12:30 AM | 00,008,192 | -HS- | C] () - C:\WINDOWS\Thumbs.db
[08-05-2008 03:54 PM | 00,304,128 | ---- | C] (InstallShield Software Corporation) - C:\WINDOWS\IsUninst.exe
[08-08-2008 07:36 PM | 00,000,657 | ---- | C] () - C:\WINDOWS\squashim.bat
[08-18-2008 10:07 PM | 00,000,080 | ---- | C] () - C:\WINDOWS\gmer_uninstall.cmd
[08-18-2008 10:07 PM | 00,000,297 | ---- | C] () - C:\WINDOWS\gmer.ini
[08-18-2008 10:07 PM | 00,884,736 | ---- | C] () - C:\WINDOWS\gmer.dll
[08-20-2008 10:26 PM | 00,000,001 | ---- | C] () - C:\WINDOWS\AR.DAT
[08-23-2008 08:07 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\ESET
[08-23-2008 08:08 PM | ---D | C] - C:\Documents and Settings\Arnold\Application Data\ESET
[08-23-2008 09:26 PM | ---D | C] - C:\Documents and Settings\Arnold\Application Data\InstallShield
[08-02-2008 12:03 AM | ---D | C] - C:\Documents and Settings\Arnold\Local Settings\Application Data\TouchStoneSoftware
[08-22-2008 09:35 PM | 02,149,376 | ---- | C] () - C:\Documents and Settings\Arnold\Local Settings\Application Data\cooliris-win-iemin-release-1.8.0.4272.msi
[07-29-2008 11:38 PM | 00,010,397 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\Muziek.docx
[07-30-2008 12:45 AM | 00,011,850 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\Photobucket.docx
[07-30-2008 12:46 AM | 00,113,473 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\Downloads1-NL.docx
[07-30-2008 12:47 AM | 00,020,340 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\Intercosmos1.xlsx
[07-30-2008 12:48 AM | 00,015,113 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\Intercosmos2.xlsx
[07-30-2008 12:51 AM | 00,017,199 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\Whois*******.xlsx
[07-30-2008 12:54 AM | 00,010,758 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\MSN Bug.docx
[07-30-2008 12:54 AM | 00,210,685 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\Multi-AV.docx
[08-01-2008 12:23 AM | 00,015,609 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\911.docx
[08-03-2008 10:26 AM | 00,011,932 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\tijdelijke internetbestanden.docx
[08-03-2008 11:56 AM | 00,012,852 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\USB Infectie.docx
[08-04-2008 03:39 PM | 00,122,953 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\LachjeKrom.docx
[08-04-2008 06:01 PM | 00,011,005 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\Argus1.docx
[08-05-2008 02:03 AM | 00,009,997 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\Email Video.docx
[08-07-2008 08:10 PM | 00,010,277 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\quote.docx
[08-07-2008 08:47 PM | 00,011,129 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\Kaspersky AVP.docx
[08-08-2008 01:09 PM | 00,000,162 | -H-- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\~$ Downloads3-DE.docx
[08-08-2008 06:35 AM | 00,031,173 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\AA A Hijack This 3-DE.docx
[08-08-2008 09:42 PM | 00,012,968 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\softdeluxe.docx
[08-09-2008 02:43 AM | 00,034,152 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\AA A Anfang 3-DE.docx
[08-09-2008 10:57 AM | 00,020,505 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\Online Viren Scanner.docx
[08-11-2008 03:31 PM | 00,011,655 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\virussen.docx
[08-12-2008 10:28 AM | 00,010,428 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\Ziggo.docx
[08-13-2008 03:35 PM | 00,035,251 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\AA CID popup3-DE.docx
[08-15-2008 10:17 AM | 00,009,495 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\MP3.xlsx
[08-21-2008 08:02 AM | 00,013,755 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\MBR Rootkitscanner.docx
[08-23-2008 01:55 PM | 00,010,418 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\tool.docx
[08-23-2008 09:11 AM | 00,005,933 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\Emsi Software User Account Password.eml
[08-23-2008 09:38 PM | 00,012,551 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\Eset.docx
[08-23-2008 12:24 PM | ---D | C] - C:\Documents and Settings\Arnold\Mijn documenten\a-squared Free
[08-24-2008 11:12 AM | 00,013,234 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\ComputerIdee.docx
[08-25-2008 06:28 PM | 00,013,631 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\*******.docx
[08-27-2008 06:13 PM | 00,152,040 | ---- | C] () - C:\Documents and Settings\Arnold\Mijn documenten\AA AntiVirus 2008.docx
[08-15-2008 09:10 PM | 00,000,604 | ---- | C] () - C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[08-23-2008 09:26 PM | 00,001,425 | ---- | C] () - C:\Documents and Settings\All Users\Bureaublad\Scanner Dr.Web.lnk
[08-23-2008 12:24 PM | 00,000,556 | ---- | C] () - C:\Documents and Settings\All Users\Bureaublad\a-squared Free.lnk
[08-01-2008 05:52 PM | 00,147,456 | ---- | C] () - C:\Documents and Settings\Arnold\Bureaublad\zoek.exe
[08-07-2008 11:32 PM | 00,000,634 | ---- | C] () - C:\Documents and Settings\Arnold\Bureaublad\filelist.zip
[08-09-2008 01:22 AM | 00,169,092 | ---- | C] () - C:\Documents and Settings\Arnold\Bureaublad\MsnCleaner_eng.zip
[08-23-2008 01:31 AM | 00,000,605 | ---- | C] () - C:\Documents and Settings\Arnold\Bureaublad\HostsXpert.exe.lnk
[08-25-2008 02:45 PM | 00,452,608 | ---- | C] () - C:\Documents and Settings\Arnold\Bureaublad\ToolsCleaner2.exe
[08-25-2008 08:48 PM | 00,001,456 | ---- | C] () - C:\Documents and Settings\Arnold\Bureaublad\CCleaner.lnk
[08-27-2008 12:31 AM | 00,000,563 | ---- | C] () - C:\Documents and Settings\Arnold\Bureaublad\Hijack This v2.0.2.lnk
[08-01-2008 03:57 PM | ---D | C] - C:\Program Files\Java
[08-01-2008 11:55 PM | ---D | C] - C:\Program Files\PC Wizard 2008
[08-04-2008 10:01 AM | ---D | C] - C:\Program Files\roguescanfix
[08-15-2008 09:10 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[08-23-2008 12:24 PM | ---D | C] - C:\Program Files\a-squared Free
[08-25-2008 03:47 PM | 00,598,816 | ---- | C] (Trend Micro Inc ) - C:\Program Files\hijackthissetupv2.0.2.exe
[08-25-2008 03:47 PM | ---D | C] - C:\Program Files\Hijack This
[08-25-2008 08:48 PM | ---D | C] - C:\Program Files\CCleaner
[08-27-2008 08:08 PM | ---D | C] - C:\Program Files\EsetOnlineScanner

[Files/Folders - Modified Within 30 days]
[08-09-2008 01:22 AM | ---D | M] - C:\MSNCleaner
[08-22-2008 12:34 PM | 00,000,074 | ---- | M] () - C:\bootdelete.lst
[08-27-2008 07:23 PM | 00,066,048 | ---- | M] () - C:\mbr.exe
[08-27-2008 10:37 PM | 10,051,13344 | -HS- | M] () - C:\hiberfil.sys
[08-07-2008 08:51 PM | 00,000,032 | -HS- | M] () - C:\WINDOWS\System32\drivers\fidbox.dat
[08-07-2008 08:51 PM | 00,000,032 | -HS- | M] () - C:\WINDOWS\System32\drivers\fidbox.idx
[08-17-2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08-17-2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08-18-2008 10:07 PM | 00,085,969 | ---- | M] (GMER) - C:\WINDOWS\System32\drivers\gmer.sys
[08-24-2008 09:10 PM | 00,142,096 | ---- | M] (Trend Micro Inc.) - C:\WINDOWS\System32\drivers\tmcomm.sys
[08-25-2008 05:55 PM | 00,008,704 | ---- | M] () - C:\WINDOWS\System32\drivers\hbiyccngaleq.sys
[08-10-2008 12:17 PM | 00,073,728 | ---- | M] () - C:\WINDOWS\System32\Vrazace.dll
[08-10-2008 12:17 PM | 00,139,264 | ---- | M] () - C:\WINDOWS\System32\hspylib.dll
[08-10-2008 12:17 PM | 00,159,744 | ---- | M] () - C:\WINDOWS\System32\Vrazrar.dll
[08-23-2008 09:27 PM | 00,077,824 | ---- | M] (Doctor Web, Ltd.) - C:\WINDOWS\System32\DRWEBSP.DLL
[08-27-2008 10:37 PM | 00,000,682 | ---- | M] () - C:\WINDOWS\System32\eRLog.ini
[08-27-2008 10:37 PM | 00,001,158 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08-27-2008 10:37 PM | 00,176,362 | ---- | M] () - C:\WINDOWS\System32\nvapps.xml
[07-31-2008 08:53 PM | ---D | M] - C:\WINDOWS\BDOSCAN8
[08-02-2008 12:30 AM | 00,008,192 | -HS- | M] () - C:\WINDOWS\Thumbs.db
[08-08-2008 01:29 PM | 00,000,958 | ---- | M] () - C:\WINDOWS\win.ini
[08-08-2008 07:36 PM | 00,000,657 | ---- | M] () - C:\WINDOWS\squashim.bat
[08-18-2008 10:07 PM | 00,000,080 | ---- | M] () - C:\WINDOWS\gmer_uninstall.cmd
[08-18-2008 10:07 PM | 00,884,736 | ---- | M] () - C:\WINDOWS\gmer.dll
[08-18-2008 10:15 PM | 00,000,297 | ---- | M] () - C:\WINDOWS\gmer.ini
[08-20-2008 10:26 PM | 00,000,001 | ---- | M] () - C:\WINDOWS\AR.DAT
[08-27-2008 08:54 AM | 00,000,227 | ---- | M] () - C:\WINDOWS\system.ini
[08-27-2008 10:37 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08-27-2008 10:37 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08-27-2008 10:40 PM | 00,000,330 | -H-- | M] () - C:\WINDOWS\tasks\MP Scheduled Scan.job
[08-23-2008 08:08 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\ESET
[08-23-2008 08:08 PM | ---D | M] - C:\Documents and Settings\Arnold\Application Data\ESET
[08-23-2008 09:26 PM | ---D | M] - C:\Documents and Settings\Arnold\Application Data\InstallShield
[08-02-2008 12:03 AM | ---D | M] - C:\Documents and Settings\Arnold\Local Settings\Application Data\TouchStoneSoftware
[08-23-2008 09:37 PM | 02,149,376 | ---- | M] () - C:\Documents and Settings\Arnold\Local Settings\Application Data\cooliris-win-iemin-release-1.8.0.4272.msi
[07-30-2008 01:19 AM | 00,113,473 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\Downloads1-NL.docx
[07-30-2008 12:45 AM | 00,011,850 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\Photobucket.docx
[07-30-2008 12:47 AM | 00,020,340 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\Intercosmos1.xlsx
[07-30-2008 12:48 AM | 00,015,113 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\Intercosmos2.xlsx
[07-30-2008 12:51 AM | 00,017,199 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\???????????.xlsx
[07-30-2008 12:54 AM | 00,010,758 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\MSN Bug.docx
[07-30-2008 12:54 AM | 00,210,685 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\Multi-AV.docx
[08-01-2008 08:26 PM | 00,029,485 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\AA CF Script.docx
[08-01-2008 12:15 AM | 00,010,397 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\Muziek.docx
[08-02-2008 05:28 PM | 00,032,072 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\Postbank.docx
[08-02-2008 10:04 PM | 00,010,928 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\Oplichting.docx
[08-03-2008 10:26 AM | 00,011,932 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\tijdelijke internetbestanden.docx
[08-03-2008 10:32 PM | 00,018,944 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\Map1.xls
[08-03-2008 11:56 AM | 00,012,852 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\USB Infectie.docx
[08-04-2008 05:44 PM | 00,010,242 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\Wachtwoorden.docx
[08-04-2008 06:01 PM | 00,011,005 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\Argus1.docx
[08-05-2008 01:05 AM | 00,122,953 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\LachjeKrom.docx
[08-05-2008 02:03 AM | 00,009,997 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\Email Video.docx
[08-07-2008 08:10 PM | 00,010,277 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\quote.docx
[08-07-2008 09:12 PM | 00,011,129 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\Kaspersky AVP.docx
[08-08-2008 01:09 PM | 00,000,162 | -H-- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\~$ Downloads3-DE.docx
[08-10-2008 12:30 PM | 00,020,505 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\Online Viren Scanner.docx
[08-12-2008 10:28 AM | 00,010,428 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\Ziggo.docx
[08-13-2008 07:15 PM | 00,035,251 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\AA CID popup3-DE.docx
[08-16-2008 12:58 AM | 00,009,495 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\MP3.xlsx
[08-22-2008 09:58 PM | 00,011,655 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\virussen.docx
[08-23-2008 01:55 PM | 00,010,418 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\tool.docx
[08-23-2008 09:11 AM | 00,005,933 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\Emsi Software User Account Password.eml
[08-23-2008 09:38 PM | 00,012,551 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\Eset.docx
[08-23-2008 12:24 PM | ---D | M] - C:\Documents and Settings\Arnold\Mijn documenten\a-squared Free
[08-23-2008 12:45 AM | 00,035,140 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\AA ComputerIdee.docx
[08-24-2008 12:36 PM | 00,013,234 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\ComputerIdee.docx
[08-25-2008 03:28 PM | 00,013,755 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\MBR Rootkitscanner.docx
[08-25-2008 05:09 PM | 00,015,609 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\911.docx
[08-25-2008 07:05 PM | 00,013,631 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\*******.docx
[08-25-2008 10:26 AM | 00,026,173 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\AA CFScript.docx
[08-26-2008 01:03 AM | 00,031,009 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\*************.docx
[08-26-2008 01:24 PM | 00,012,968 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\softdeluxe.docx
[08-26-2008 09:46 PM | 00,031,173 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\AA A Hijack This 3-DE.docx
[08-26-2008 12:22 PM | 00,018,393 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\AA Avenger NL.docx
[08-27-2008 01:38 PM | 00,034,152 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\AA A Anfang 3-DE.docx
[08-27-2008 04:59 PM | 00,035,192 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\AA ComputerIdee2.docx
[08-27-2008 06:26 PM | 00,152,040 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\AA AntiVirus 2008.docx
[08-27-2008 08:24 PM | 00,045,348 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\AA Prikpagina.docx
[08-27-2008 11:58 AM | 00,151,481 | ---- | M] () - C:\Documents and Settings\Arnold\Mijn documenten\AA Downloads3-DE.docx
[08-15-2008 09:10 PM | 00,000,604 | ---- | M] () - C:\Documents and Settings\All Users\Bureaublad\Malwarebytes' Anti-Malware.lnk
[08-23-2008 09:27 PM | 00,001,425 | ---- | M] () - C:\Documents and Settings\All Users\Bureaublad\Scanner Dr.Web.lnk
[08-23-2008 12:24 PM | 00,000,556 | ---- | M] () - C:\Documents and Settings\All Users\Bureaublad\a-squared Free.lnk
[08-01-2008 05:52 PM | 00,147,456 | ---- | M] () - C:\Documents and Settings\Arnold\Bureaublad\zoek.exe
[08-07-2008 11:32 PM | 00,000,634 | ---- | M] () - C:\Documents and Settings\Arnold\Bureaublad\filelist.zip
[08-09-2008 01:22 AM | 00,169,092 | ---- | M] () - C:\Documents and Settings\Arnold\Bureaublad\MsnCleaner_eng.zip
[08-23-2008 01:31 AM | 00,000,605 | ---- | M] () - C:\Documents and Settings\Arnold\Bureaublad\HostsXpert.exe.lnk
[08-25-2008 02:45 PM | 00,452,608 | ---- | M] () - C:\Documents and Settings\Arnold\Bureaublad\ToolsCleaner2.exe
[08-25-2008 08:48 PM | 00,001,456 | ---- | M] () - C:\Documents and Settings\Arnold\Bureaublad\CCleaner.lnk
[08-27-2008 12:31 AM | 00,000,563 | ---- | M] () - C:\Documents and Settings\Arnold\Bureaublad\Hijack This v2.0.2.lnk

< End of report >
__________
MfG Argus
Seitenanfang Seitenende
28.08.2008, 15:21
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#39 was ist das ?
irgendwas, von mir ? (von meiner HP ? )
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
05.09.2008, 01:06
Moderator

Beiträge: 5694
#40 >> http://board.protecus.de/t34719.htm <<


>>
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern

Zitat

KILLALL::

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\29c5d73c]
[-HKEY_LOCAL_MACHINE\SYSTEM\controlset002\Services\29c5d73c]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\29c5d73c]
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"000"=-

Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden.

cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen

danach: Combofix noch einmal anwenden

>>
poste das Neue Log von Combofix
Seitenanfang Seitenende
08.10.2008, 19:12
Moderator

Beiträge: 5694
#41 http://board.protecus.de/t35037.htm


>>
wende Flash_Disinfector an - der Stick muss eingestöpselt sein - infizierten Stick mit FlashDis. "behandeln"
http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
computer-and-not-opening-fix/de/

>>
http://virus-protect.org/zip/antivbs.zip


>>

Zitat

KILLALL:

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ecb48aa-8299-11dd-a68f-0022151219c0}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b996c0c1-8305-11dd-a690-0015afa64934}]

File::
C:\WINDOWS\system32\four2one.vbs
C:\WINDOWS\system32\Fortuna.dll
C:\WINDOWS\system32\google.htm
C:\google.htm
C:\WINDOWS\system32\explorer.vbs
>>
Lade bitte sdfix, wende es im abgesicherten Modus an + poste hier den Report, der nach Neustart erscheint
http://virus-protect.org/artikel/tools/sdfix.html
Dieser Beitrag wurde am 08.10.2008 um 19:17 Uhr von Tonstudio editiert.
Seitenanfang Seitenende
09.10.2008, 14:27
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#42 ich hatte den beitrag schon bearbeitet, glaube ich.
über Fortuna.dll und explorer.vbs + die google.html war ich mir nicht sicher....
Also erst mal drin lassen, dann eventuell mit virustotal die explorer.vbs prüfen lassen.
Aber wenn alles gut geht, holt
http://virus-protect.org/zip/antivbs.zip alles raus ;)
dann hatte ich noch dr.web verlinkt ...mal sehen, was der noch findet...
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
09.10.2008, 14:34
Moderator

Beiträge: 5694
#43 Ach so ;)
Ich ging davon aus, da alle zur genau gleichen Zeit geladen wurden ;)

Dann war ich aber mit den Programmen auf der richtigen Spur ;)
Seitenanfang Seitenende
09.10.2008, 16:27
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#44 2008-09-19 11:16 . 2008-08-10 19:33 18,858 -rahs---- C:\WINDOWS\system32\four2one.vbs
2008-09-19 11:16 . 2008-09-19 11:16 18,858 -rahs---- C:\WINDOWS\system32\Fortuna.dll
2008-09-19 11:16 . 2008-09-19 11:16 1,600 -rahs---- C:\WINDOWS\system32\google.htm
2008-09-19 11:16 . 2008-09-19 11:16 1,600 -rahs---- C:\google.htm
2008-09-19 11:16 . 2008-09-19 11:16 416 -rahs---- C:\WINDOWS\system32\explorer.vbs


ja..stimmt, alles (fast)gleichzeitig geladen ....
am besten, wir warten mal ab und schauen, wie das nächste Log von Combofix ausschaut ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
14.10.2008, 04:50
Moderator

Beiträge: 5694
#45 http://board.protecus.de/t35081.htm


>>
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gib an "Alle Dateien" - Speichern


Zitat

KILLALL::

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E4053B-FD23-448B-842F-793DD49AA53C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E01D0ACE-25AC-4353-87EF-6CB2B368E3C7}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"qrbgltos"=-
"ngwstxfd"=-

File::
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\grfxbanoros.dll
C:\WINDOWS\qrbgltos.dll
C:\WINDOWS\ngwstxfd.dll
C:\WINDOWS\rosqxvmn.dll
C:\WINDOWS\lomxeqsn.exe
C:\Dokumente und Einstellungen\Kev\index.exe
C:\ctfmon.exe
C:\525.bat


Folders::
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mdahybsh
C:\WINDOWS\system32\EV02
Man sollte jetzt auf dem Desktop diese Datei cfscript.txt finden.

cfscript.txt und mit der rechten Maustaste auf das Symbol von Combofix ziehen



danach: Combofix noch einmal anwenden

>>
poste das Neue Log von Combofix
Dieser Beitrag wurde am 14.10.2008 um 04:54 Uhr von Tonstudio editiert.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: