Home » Viren, Trojaner & Malware Forum » Warning yor computer is might infected!!! » Themenansicht

Warning yor computer is might infected!!!
#0
12.06.2006, 18:13
Melker
...neu hier

Beiträge: 5
#1 Hy Leute, da ich gesehen habe, das ihr hier sehr hilfsbereit seid, würde ich euch bitten mir auch zu helfen, ich habe seit gestern dieses antivirusquake und das habe ich auch erfolgreich wieder gelöscht bekommen, aber ich habe immernoch diese meldung in der task leiste.

Hier mein Hijachthislog:
Logfile of HijackThis v1.99.1
Scan saved at 18:12:30, on 12.06.2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\AGEIA Technologies\TrayIcon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\Xfire\Xfire.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Admin\LOKALE~1\Temp\Rar$EX00.125\KillBox.exe
C:\Programme\OpenOffice.org 2.0\program\soffice.exe
C:\Programme\OpenOffice.org 2.0\program\soffice.BIN
C:\Dokumente und Einstellungen\Admin\Desktop\es_awne.exe
C:\DOKUME~1\Admin\LOKALE~1\Temp\is-0O6CV.tmp\is-L5TSF.tmp
C:\Programme\eScan\scaninst.exe
C:\PROGRA~1\eScan\TRAYSSER.EXE
C:\PROGRA~1\eScan\TRAYICOS.EXE
C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE
C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWAgent.exe
C:\PROGRA~1\eScan\mwavscan.com
C:\PROGRA~1\eScan\kavss.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Admin\LOKALE~1\Temp\Rar$EX00.797\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Programme\Alcohol Soft\Alcohol 120% Toolbar\cab.in.work.temp.dll
O4 - HKLM\..\Run: [LiveMonitor] C:\Programme\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Programme\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Programme\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Programme\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScan Updater] C:\PROGRA~1\eScan\TRAYICOS.EXE /App
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\programme\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Xfire.lnk = C:\Programme\Xfire\Xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148498055499
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe

falls ihr noch irgendwelche daten braucht edinfach melden.
Seitenanfang Seitenende
12.06.2006, 18:26
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
12.06.2006, 18:32
Melker
...neu hier

Themenstarter

Beiträge: 5
#3 Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: C057-D5C0

Verzeichnis von C:\WINDOWS\system32

12.06.2006 18:11 7.798 eInstall.dat
12.06.2006 17:52 30 brss01a.ini
12.06.2006 17:52 184 brsvc01a.bsi
12.06.2006 17:12 176.128 hzclqhc.dll
12.06.2006 12:34 1.985.152 kernel1.exe
12.06.2006 12:29 2.019.584 KERNEL.TMP
12.06.2006 12:14 8.464 sporder.dll
11.06.2006 16:45 2.256 wpa.dbl
11.06.2006 15:02 311.604 perfh009.dat
11.06.2006 15:02 39.992 perfc009.dat
11.06.2006 15:02 316.594 perfh007.dat
11.06.2006 15:02 48.156 perfc007.dat
11.06.2006 15:02 723.744 PerfStringBackup.INI
11.06.2006 14:20 0 asfiles.txt
11.06.2006 14:17 2.550 Uninstall.ico
11.06.2006 14:17 1.406 Help.ico
11.06.2006 14:17 30.590 pavas.ico
08.06.2006 09:53 21.840 SIntfNT.dll
08.06.2006 09:53 17.212 SIntf32.dll
08.06.2006 09:53 12.067 SIntf16.dll
02.06.2006 14:26 184.320 miccyhook.dll
29.05.2006 17:33 98.304 CmdLineExt.dll
28.05.2006 13:50 101.440 FNTCACHE.DAT
04.05.2006 19:40 499.712 msvcp71.dll
04.05.2006 19:40 348.160 msvcr71.dll
03.05.2006 21:26 5.818.784 MRT.exe
03.05.2006 19:45 7.006 jupdate-1.5.0_06-b05.log
02.05.2006 18:28 34.064 lhacm.acm
02.05.2006 17:21 0 h323log.txt
02.05.2006 16:29 25.065 wmpscheme.xml
02.05.2006 16:27 280 $winnt$.inf
02.05.2006 16:25 2.951 CONFIG.NT
02.05.2006 16:25 488 logonui.exe.manifest
02.05.2006 16:25 488 WindowsLogon.manifest
02.05.2006 16:25 749 cdplayer.exe.manifest
02.05.2006 16:25 749 ncpa.cpl.manifest
02.05.2006 16:25 749 nwc.cpl.manifest
02.05.2006 16:25 749 wuaucpl.cpl.manifest
02.05.2006 16:25 749 sapi.cpl.manifest
02.05.2006 16:23 21.740 emptyregdb.dat
27.04.2006 17:49 288.417 SrchSTS.exe
06.04.2006 10:54 73.728 asuninst.exe
03.04.2006 10:59 128 xposer.cfg
03.04.2006 10:59 128 asinst.cfg
22.03.2006 05:56 257.536 ati2dvag.dll
22.03.2006 05:50 114.688 atipdlxx.dll
22.03.2006 05:50 77.824 Oemdspif.dll
22.03.2006 05:50 26.112 Ati2mdxx.exe
22.03.2006 05:50 41.984 ati2edxx.dll
22.03.2006 05:50 61.440 ati2evxx.dll
22.03.2006 05:48 405.504 ati2evxx.exe
22.03.2006 05:48 53.248 ATIDDC.DLL
22.03.2006 05:42 307.200 atiiiexx.dll
22.03.2006 05:40 2.662.688 ati3duag.dll
22.03.2006 05:33 1.130.752 ativvaxx.dll
22.03.2006 05:33 6.684.672 atioglx1.dll
22.03.2006 05:24 5.025.792 atioglxx.dll
22.03.2006 05:18 151.552 atikvmag.dll
22.03.2006 05:17 17.408 atitvo32.dll
22.03.2006 05:12 258.048 ati2cqag.dll
22.03.2006 04:38 286.720 ATIDEMGR.dll
20.03.2006 21:43 372.736 PhysX.cpl
20.03.2006 21:43 580 PhysX.cpl.manifest
20.03.2006 21:43 45.056 AgCPanelTraditionalChinese.dll
20.03.2006 21:43 45.056 AgCPanelSwedish.dll
20.03.2006 21:43 45.056 AgCPanelSpanish.dll
20.03.2006 21:43 45.056 AgCPanelSimplifiedChinese.dll
20.03.2006 21:43 45.056 AgCPanelPortugese.dll
20.03.2006 21:43 45.056 AgCPanelKorean.dll
20.03.2006 21:43 45.056 AgCPanelJapanese.dll
20.03.2006 21:43 45.056 AgCPanelGerman.dll
20.03.2006 21:43 45.056 AgCPanelFrench.dll
17.03.2006 15:37 520.192 ati2sgag.exe
03.03.2006 04:47 106.496 atinppt2.ax

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: C057-D5C0

Verzeichnis von C:\DOKUME~1\Admin\LOKALE~1\Temp

12.06.2006 17:57 204 jusched.log
12.06.2006 17:48 2.244 browserview-e97da8.htm
2 Datei(en) 2.448 Bytes
0 Verzeichnis(se), 7.836.692.480 Bytes frei

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: C057-D5C0

Verzeichnis von C:\WINDOWS

12.06.2006 18:49 1.034 BRMFBIDI.INI
12.06.2006 18:49 50 wiaservc.log
12.06.2006 18:49 707 wiadebug.log
12.06.2006 18:14 12.506 ESCAN.LOG
12.06.2006 18:14 2.938 win.ini
12.06.2006 18:14 18 escan.dbf
12.06.2006 18:13 589 MAILINST.LOG
12.06.2006 18:13 35.796 WSSPORD.DAT
12.06.2006 18:11 807 frights.log
12.06.2006 18:06 217 INST_TSP.LOG
12.06.2006 18:06 172.544 winsbak2.reg
12.06.2006 18:06 20.696 winsbak.reg
12.06.2006 18:06 291 system.ini
12.06.2006 18:00 460 BRWMARK.INI
12.06.2006 17:53 872.032 WindowsUpdate.log
12.06.2006 17:53 930.248 setupapi.log
12.06.2006 17:52 27 BRPP2KA.INI
12.06.2006 17:48 0 0.log
12.06.2006 17:47 2.048 bootstat.dat
12.06.2006 17:45 241.372 ntbtlog.txt
12.06.2006 17:44 176.262 setupact.log
12.06.2006 17:34 32.604 SchedLgU.Txt
12.06.2006 12:17 183.296 NDNuninstall7_22.exe
12.06.2006 12:14 50.688 NDNuninstall6_38.exe
11.06.2006 19:21 1.420.322 ReturnKing.scr
11.06.2006 19:16 1.189 INSTALL.LOG
11.06.2006 15:02 37 r007
08.06.2006 23:53 29.154 scunin.dat
08.06.2006 23:53 967 ScUnin.pif
08.06.2006 23:53 69.632 ScUnin.exe
08.06.2006 07:53 15.821 DIIUnin.dat
08.06.2006 07:53 2.829 DIIUnin.pif
08.06.2006 07:53 102.400 DIIUnin.exe
29.05.2006 17:30 1.544 DIFx.log
29.05.2006 15:08 427.948 DirectX.log
28.05.2006 14:24 754 WORDPAD.INI
24.05.2006 22:43 30.364 xpsp1hfm.log
24.05.2006 22:43 16.260 iis6.log
24.05.2006 22:43 48.975 comsetup.log
24.05.2006 22:43 1.374 imsins.log
24.05.2006 22:43 34.808 KB828741.log
24.05.2006 22:43 27.878 ntdtcsetup.log
24.05.2006 22:43 45.885 tsoc.log
24.05.2006 22:43 4.457 ocmsn.log
24.05.2006 22:43 5.733 msgsocm.log
24.05.2006 22:43 52.497 ocgen.log
24.05.2006 22:43 110.493 FaxSetup.log
24.05.2006 22:42 1.374 imsins.BAK
24.05.2006 22:42 29.176 KB835732.log
24.05.2006 22:42 21.412 Q329834.log
24.05.2006 22:42 30.474 KB823559.log
24.05.2006 22:41 21.053 Q329048.log
24.05.2006 22:41 19.547 KB834707-IE6-20040929.115007.log
24.05.2006 22:41 22.211 Q810577.log
24.05.2006 22:40 19.792 Q810833.log
24.05.2006 22:40 16.543 Q811630.log
24.05.2006 22:39 15.332 Q815021.log
24.05.2006 22:39 14.663 Q329441.log
24.05.2006 22:38 14.374 Q817606.log
24.05.2006 22:38 11.556 Q329170.log
24.05.2006 22:37 2.075 Q329115.log
24.05.2006 22:37 1.713 Q329390.log
24.05.2006 22:36 1.649 Q323255.log
24.05.2006 21:23 6.241 KB842773.log
24.05.2006 19:07 632 CoD.INI
17.05.2006 19:44 770.004 setuplog.txt
07.05.2006 16:51 3.126 mozver.dat
07.05.2006 08:20 1.192 Windows Update.log
06.05.2006 10:35 24.083 wmsetup.log
06.05.2006 10:35 316.640 WMSysPr9.prx
05.05.2006 16:17 167 wininit.ini
03.05.2006 18:28 0 nsreg.dat
02.05.2006 17:20 0 Sti_Trace.log
02.05.2006 17:18 1.348 regopt.log
02.05.2006 17:17 0 setuperr.log
02.05.2006 16:50 1.562 ATIWDM.LOG
02.05.2006 16:50 1.253 ATICIM.INI
02.05.2006 16:29 820 OEWABLog.txt
02.05.2006 16:28 8.192 REGLOCS.OLD
02.05.2006 16:25 0 control.ini
02.05.2006 16:25 299.552 WMSysPrx.prx
02.05.2006 16:25 4.161 ODBCINST.INI
02.05.2006 16:25 749 WindowsShell.Manifest
02.05.2006 16:23 37 vbaddin.ini
02.05.2006 16:23 36 vb.ini
02.05.2006 16:23 128 DtcInstall.log
02.05.2006 16:23 1.060 sessmgr.setup.log

12.06.2006 18:54 0 sys.txt
12.06.2006 18:54 6.836 system.txt
12.06.2006 18:54 352 systemtemp.txt
12.06.2006 18:54 87.797 system32.txt
12.06.2006 18:15 3 AVPCallback.log
12.06.2006 18:13 0 23990098.$$$
12.06.2006 17:47 805.306.368 pagefile.sys
12.06.2006 17:44 3.170 smitfiles.txt
12.06.2006 17:24 1.846 rapport.txt
12.06.2006 12:33 194 boot.ini
10.06.2006 15:08 600 winscp.RND
08.06.2006 08:58 600 PUTTY.RND
07.06.2006 16:02 197.380 Documentation.html
07.06.2006 15:40 2.333 plugins.ini
05.06.2006 13:14 1.659 gameinfo.txt
04.06.2006 20:01 7.017 UWC3.cfg
04.06.2006 18:04 139.264 sasm.exe
04.06.2006 18:04 102.912 compile.exe
04.06.2006 18:04 77.824 amxxpc.exe
02.05.2006 16:25 0 MSDOS.SYS
02.05.2006 16:25 0 IO.SYS
02.05.2006 16:25 0 CONFIG.SYS
02.05.2006 16:25 0 AUTOEXEC.BAT
02.05.2006 16:21 194 BOOT.BKK

sry wegen der pm habs erst spät geblickt
Dieser Beitrag wurde am 12.06.2006 um 18:54 Uhr von Melker editiert.
Seitenanfang Seitenende
13.06.2006, 02:21
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 Melker

1.
poste das log vom Silentrunner, damit ich den reg-eintrag der neuen dll kenne
http://virus-protect.org/silentrunner.html

2.
loesche mit der killbox:
http://virus-protect.org/killbox.html

C:\WINDOWS\system32\hzclqhc.dll

----------------------------------------------------------------------

P.S. ...die WindowsUpdates solltest du machen.....


«
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
13.06.2006, 12:22
Melker
...neu hier

Themenstarter

Beiträge: 5
#5 also hier mal das log:
"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS]
"Steam" = ""c:\programme\valve\steam\steam.exe" -silent" ["Valve Corporation"]
"SUPERAntiSpyware" = "C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" ["SUPERAntiSpyware.com"]
"STYLEXP" = "C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide" [empty string]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"LiveMonitor" = "C:\Programme\MSI\Live Update 3\LMonitor.exe" [empty string]
"AudioDeck" = "C:\Programme\VIAudioi\SBADeck\ADeck.exe 1" ["VIA Technologies, Inc."]
"SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"PtiuPbmd" = "Rundll32.exe ptipbm.dll,SetWriteBack" [MS]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"AGEIA PhysX SysTray" = "C:\Programme\AGEIA Technologies\TrayIcon.exe" [null data]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"MailScan Dispatcher" = ""C:\Programme\eScan\LAUNCH.EXE"" ["MicroWorld Technologies Inc."]
"eScan Updater" = "C:\PROGRA~1\eScan\TRAYICOS.EXE /App" ["MicroWorld Technologies Inc."]
"eScan Monitor" = "C:\PROGRA~1\eScan\AVPMWrap.EXE" ["MicroWorld Technologies Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~3\axshlex.dll" ["Alcohol Soft Development Team"]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
INFECTION WARNING! "{8dc1f789-e073-4363-b40d-07376bc5ecc5}" = "articulation"
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\hzclqhc.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided)
-> {HKLM...CLSID} = "SABShellExecuteHook Class"
\InProcServer32\(Default) = "C:\Programme\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! SASWinLogon\DLLName = "C:\Programme\SUPERAntiSpyware\SASWINLO.dll" ["SUPERAntiSpyware.com"]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
öhm, und als ich dat mit der killbox gemacht habe, war das ding schon weg.

ps:woher weißt du das alles?
Seitenanfang Seitenende
13.06.2006, 13:10
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 o.k. ich habe die reg erweitert:

spyfalcon.zip -> http://virus-protect.org/zip/spyfalcon.zip -> entpacken auf dem Desktop -> spyfalcon.reg -> doppeltklicken und der registry beifuegen.

poste das neue log vom Silentrunner und das erste log von datfindbat zur ueberpruefung

p.s. kommen noch popups ??

-----------

zu deiner Frage: "gesammelte Werke) ;)
http://virus-protect.org/artikel/spyware/spywarequake.html
http://virus-protect.org/artikel/spyware/spyfalcon.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
13.06.2006, 17:06
Melker
...neu hier

Themenstarter

Beiträge: 5
#7 AAAAAAAAAAAlso, in dem ersten link wo du mir da gegeben hast war ich auch, aber ich hatte damit den sch*** desktopspam nicht wegbekommen, aber egal ^^

hier das SL Log:

"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS]
"Steam" = ""c:\programme\valve\steam\steam.exe" -silent" ["Valve Corporation"]
"SUPERAntiSpyware" = "C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" ["SUPERAntiSpyware.com"]
"STYLEXP" = "C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide" [empty string]

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"ICQ Lite" = "C:\Programme\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"LiveMonitor" = "C:\Programme\MSI\Live Update 3\LMonitor.exe" [empty string]
"AudioDeck" = "C:\Programme\VIAudioi\SBADeck\ADeck.exe 1" ["VIA Technologies, Inc."]
"SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"PtiuPbmd" = "Rundll32.exe ptipbm.dll,SetWriteBack" [MS]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"AGEIA PhysX SysTray" = "C:\Programme\AGEIA Technologies\TrayIcon.exe" [null data]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"MailScan Dispatcher" = ""C:\Programme\eScan\LAUNCH.EXE"" ["MicroWorld Technologies Inc."]
"eScan Updater" = "C:\PROGRA~1\eScan\TRAYICOS.EXE /App" ["MicroWorld Technologies Inc."]
"eScan Monitor" = "C:\PROGRA~1\eScan\AVPMWrap.EXE" ["MicroWorld Technologies Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~3\axshlex.dll" ["Alcohol Soft Development Team"]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided)
-> {HKLM...CLSID} = "SABShellExecuteHook Class"
\InProcServer32\(Default) = "C:\Programme\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! SASWinLogon\DLLName = "C:\Programme\SUPERAntiSpyware\SASWINLO.dll" ["SUPERAntiSpyware.com"]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Programme\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\RESOUR~1\SCREEN~1\SKYROC~1.SCR" (Skyrocket.scr) [null data]


Startup items in "Admin" & "All Users" startup folders:
-------------------------------------------------------

C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\Autostart
"Xfire" -> shortcut to: "C:\Programme\Xfire\Xfire.exe" ["Xfire Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mwtsp.dll ["MicroWorld Technologies Inc."], 01 - 28, 57
%SystemRoot%\system32\mswsock.dll [MS], 29 - 31, 34 - 56
%SystemRoot%\system32\rsvpsp.dll [MS], 32 - 33


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{1CE4EE89-2D5C-4361-AF3B-D902AB545381}"
-> {HKLM...CLSID} = "Alcohol Soft - Alcohol 120% Toolbar"
\InProcServer32\(Default) = "C:\Programme\Alcohol Soft\Alcohol 120% Toolbar\cab.in.work.temp.dll" ["IE Toolbar"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{1CE4EE89-2D5C-4361-AF3B-D902AB545381}" = (no title provided)
-> {HKLM...CLSID} = "Alcohol Soft - Alcohol 120% Toolbar"
\InProcServer32\(Default) = "C:\Programme\Alcohol Soft\Alcohol 120% Toolbar\cab.in.work.temp.dll" ["IE Toolbar"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
BrSplService, Brother XP spl Service, "C:\WINDOWS\System32\brsvc01a.exe" ["brother Industries Ltd"]
eScan Monitor Service, KAVMonitorService, "C:\PROGRA~1\eScan\avpm.exe /service" ["Kaspersky Labs."]
eScan Server-Updater, eScan-trayicos, "C:\PROGRA~1\eScan\TRAYSSER.EXE" ["MicroWorld Technologies Inc."]
Kerio Personal Firewall 4, KPF4, "C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe" ["Kerio Technologies"]
MWAgent, MWAgent, "C:\Programme\Gemeinsame Dateien\MicroWorld\Agent\MWASER.EXE" ["MicroWorld Technologies Inc."]
StarWind iSCSI Service, StarWindService, "C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]
StyleXPService, StyleXPService, ""C:\Programme\TGTSoft\StyleXP\StyleXPService.exe"" [empty string]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 210 seconds, including 2 seconds for message boxes)



und da das Datfind Log:

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: C057-D5C0

Verzeichnis von C:\WINDOWS\system32

13.06.2006 16:53 664 d3d9caps.dat
13.06.2006 16:53 552 d3d8caps.dat
12.06.2006 18:11 7.798 eInstall.dat
12.06.2006 17:52 30 brss01a.ini
12.06.2006 17:52 184 brsvc01a.bsi
12.06.2006 12:34 1.985.152 kernel1.exe
12.06.2006 12:29 2.019.584 KERNEL.TMP
12.06.2006 12:14 8.464 sporder.dll
11.06.2006 16:45 2.256 wpa.dbl
11.06.2006 15:02 39.992 perfc009.dat
11.06.2006 15:02 311.604 perfh009.dat
11.06.2006 15:02 48.156 perfc007.dat
11.06.2006 15:02 316.594 perfh007.dat
11.06.2006 15:02 723.744 PerfStringBackup.INI
11.06.2006 14:20 0 asfiles.txt
11.06.2006 14:17 2.550 Uninstall.ico
11.06.2006 14:17 1.406 Help.ico
11.06.2006 14:17 30.590 pavas.ico
08.06.2006 09:53 21.840 SIntfNT.dll
08.06.2006 09:53 17.212 SIntf32.dll
08.06.2006 09:53 12.067 SIntf16.dll
02.06.2006 14:26 184.320 miccyhook.dll
29.05.2006 17:33 98.304 CmdLineExt.dll
28.05.2006 13:50 101.440 FNTCACHE.DAT
04.05.2006 19:40 499.712 msvcp71.dll
04.05.2006 19:40 348.160 msvcr71.dll
03.05.2006 21:26 5.818.784 MRT.exe
03.05.2006 19:45 7.006 jupdate-1.5.0_06-b05.log
02.05.2006 18:28 34.064 lhacm.acm
02.05.2006 17:21 0 h323log.txt
02.05.2006 16:29 25.065 wmpscheme.xml
02.05.2006 16:27 280 $winnt$.inf
02.05.2006 16:25 2.951 CONFIG.NT
02.05.2006 16:25 488 logonui.exe.manifest
02.05.2006 16:25 488 WindowsLogon.manifest
02.05.2006 16:25 749 cdplayer.exe.manifest
02.05.2006 16:25 749 ncpa.cpl.manifest
02.05.2006 16:25 749 nwc.cpl.manifest
02.05.2006 16:25 749 wuaucpl.cpl.manifest
02.05.2006 16:25 749 sapi.cpl.manifest
02.05.2006 16:23 21.740 emptyregdb.dat
27.04.2006 17:49 288.417 SrchSTS.exe
06.04.2006 10:54 73.728 asuninst.exe
03.04.2006 10:59 128 xposer.cfg
03.04.2006 10:59 128 asinst.cfg
22.03.2006 05:56 257.536 ati2dvag.dll
22.03.2006 05:50 114.688 atipdlxx.dll
22.03.2006 05:50 77.824 Oemdspif.dll
22.03.2006 05:50 26.112 Ati2mdxx.exe
22.03.2006 05:50 41.984 ati2edxx.dll
22.03.2006 05:50 61.440 ati2evxx.dll
22.03.2006 05:48 405.504 ati2evxx.exe
22.03.2006 05:48 53.248 ATIDDC.DLL
22.03.2006 05:42 307.200 atiiiexx.dll
22.03.2006 05:40 2.662.688 ati3duag.dll
22.03.2006 05:33 1.130.752 ativvaxx.dll
22.03.2006 05:33 6.684.672 atioglx1.dll
22.03.2006 05:24 5.025.792 atioglxx.dll
22.03.2006 05:18 151.552 atikvmag.dll
22.03.2006 05:17 17.408 atitvo32.dll
22.03.2006 05:12 258.048 ati2cqag.dll
22.03.2006 04:38 286.720 ATIDEMGR.dll
20.03.2006 21:43 372.736 PhysX.cpl
20.03.2006 21:43 580 PhysX.cpl.manifest
20.03.2006 21:43 45.056 AgCPanelTraditionalChinese.dll
20.03.2006 21:43 45.056 AgCPanelSwedish.dll
20.03.2006 21:43 45.056 AgCPanelSpanish.dll
20.03.2006 21:43 45.056 AgCPanelSimplifiedChinese.dll
20.03.2006 21:43 45.056 AgCPanelPortugese.dll
20.03.2006 21:43 45.056 AgCPanelKorean.dll
20.03.2006 21:43 45.056 AgCPanelJapanese.dll
20.03.2006 21:43 45.056 AgCPanelGerman.dll
20.03.2006 21:43 45.056 AgCPanelFrench.dll
17.03.2006 15:37 520.192 ati2sgag.exe
03.03.2006 04:47 106.496 atinppt2.ax
01.03.2006 14:13 550.120 LegitCheckControl.dll

und wenn das alle "Befehle" (nich Pöse Gemeint) von dir waren danken ich und mein rechner dir von ganzem CPU und Herzen
Seitenanfang Seitenende
13.06.2006, 17:20
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 es ist (hier) alles wieder o.k.
bei dir auch ? kommen noch popups ?
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
13.06.2006, 17:24
Melker
...neu hier

Themenstarter

Beiträge: 5
#9 also bei mir kommt nix mehr Danke Vielmals
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1