Home » Viren, Trojaner & Malware Forum » Ich habe einen Trojaner und bekomme ihn einfach nicht weg » Themenansicht
Ich habe einen Trojaner und bekomme ihn einfach nicht weg |
||
|---|---|---|
| #0
| ||
|
04.08.2006, 08:55
Member
Beiträge: 30 |
||
 
|
|
|
|
04.08.2006, 14:28
Ehrenmitglied
 Beiträge: 29434 |
#2
LaBi
gleich formatieren, oder versuchen zu reinigen ????  Selten sehe ich so einen verseuchten Rechner........... du scheinst auf alles zu klicken, was da blinkt im Internet, ohne an die Konsequenzen zu denken. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
04.08.2006, 18:35
Member
Themenstarter Beiträge: 30 |
#3
Wie meinst du das mit reinigen gibt es da ein bestimmtes Programm für???Ich hab noch weitere Trojaner TR/Dldr.Adload.DB.32 TR/Click.526 TR/Dldr.DNSChan.R.5 TR/Puper.BX
Ich habe noch mal neu gescannt hat sich was geändert???? Logfile of HijackThis v1.99.1 Scan saved at 20:33:07, on 04.08.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\Medion Info Display\MdionLCM.exe C:\WINDOWS\system32\CmUCReye.exe C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe C:\Programme\Home Cinema\PowerCinema\PCMService.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\Logitech\G-series Software\LGDCore.exe C:\Programme\Logitech\G-series Software\LCDMon.exe C:\Programme\Mouse Driver\4DMAIN.EXE C:\Programme\QuickTime\qttask.exe C:\Programme\Logitech\G-series Software\Applets\LCDMedia.exe C:\Programme\Logitech\G-series Software\Applets\LCDClock.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\WINDOWS\System32\svchost.exe C:\programme\steam\steam.exe D:\Xfire\Xfire.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Programme\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Programme\SPYWAREfighter\spfprc.exe C:\Programme\SPYWAREfighter\Spywarefighter.exe C:\Programme\WinAce\WinAce.exe C:\DOKUME~1\Labi\LOKALE~1\Temp\~AceTemp\hijackthis[1]\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mafia-inc.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/ R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\privat\icq\ICQToolbar\toolbaru.dll R3 - URLSearchHook: (no name) - {63B089D3-D988-C1A6-7A34-90A654DEBA54} - utsgmon.dll (file missing) O1 - Hosts: localhost 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\privat\icq\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MedionVFD] "C:\Programme\Medion Info Display\MdionLCM.exe" O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [InstantOn] "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c " O4 - HKLM\..\Run: [ICQ Lite] "C:\privat\icq\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programme\Logitech\G-series Software\LCDMon.exe" O4 - HKLM\..\Run: [WheelMouse] C:\Programme\Mouse Driver\4DMAIN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [outlook] C:\Programme\outlook\outlook.exe /auto O4 - HKLM\..\Run: [winlog] winlog.exe O4 - HKLM\..\Run: [defender] C:\\dfndrff_7.exe O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_7.exe O4 - HKLM\..\Run: [rjx68c31] RUNDLL32.EXE w0943c5d.dll,n 00268c2f0000000a0943c5d O4 - HKLM\..\Run: [newname] C:\\nwnmff_7.exe O4 - HKLM\..\Run: [keybdll] qwe.exe O4 - HKLM\..\Run: [panel_its] 34763.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [spywarefighterguard] C:\Programme\SPYWAREfighter\spfprc.exe O4 - HKLM\..\RunServices: [winlog] winlog.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AOLMIcon] C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent O4 - HKCU\..\Run: [KillAndClean] "C:\Programme\KillAndClean\KillAndClean.exe" O4 - HKCU\..\Run: [Preliminary] StatusCheck.exe O4 - HKCU\..\Run: [Shaitan1678] jopplerg.exe O4 - HKCU\..\Run: [ATLIEHELPER] InpriseMon.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\privat\icq\ICQLite\ICQLite.exe -trayboot O4 - Startup: Xfire.lnk = D:\Xfire\Xfire.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\privat\icq\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\privat\icq\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\privat\icq\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: MedionShop - {A461BF3E-96B0-488F-9ACA-202335DDCC4B} - http://www.medionshop.de/ (file missing) (HKCU) O12 - Plugin for .wav: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128778405937 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149435882234 O17 - HKLM\System\CCS\Services\Tcpip\..\{00852C37-75B2-4F10-A1C4-FE30AA4AE44D}: NameServer = 85.255.116.130,85.255.112.20 O17 - HKLM\System\CCS\Services\Tcpip\..\{6C5A9B24-33AF-4734-9C09-656696CFE8F3}: NameServer = 85.255.116.130,85.255.112.20 O17 - HKLM\System\CCS\Services\Tcpip\..\{E3764FDF-9821-4B18-8DE2-3CAB94F5D08D}: NameServer = 85.255.116.130,85.255.112.20 O17 - HKLM\System\CCS\Services\Tcpip\..\{E95E35F4-9C2C-4D71-B3F7-B37DBCCA9AC7}: NameServer = 85.255.116.130,85.255.112.20 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.130 85.255.112.20 O17 - HKLM\System\CS1\Services\Tcpip\..\{00852C37-75B2-4F10-A1C4-FE30AA4AE44D}: NameServer = 85.255.116.130,85.255.112.20 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.130 85.255.112.20 O17 - HKLM\System\CS2\Services\Tcpip\..\{00852C37-75B2-4F10-A1C4-FE30AA4AE44D}: NameServer = 85.255.116.130,85.255.112.20 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.130 85.255.112.20 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe mfg LaBi __________ mfg LaBi Dieser Beitrag wurde am 04.08.2006 um 20:53 Uhr von LaBi editiert.
|
|
|
|
|
|
|
04.08.2006, 20:54
Ehrenmitglied
Beiträge: 29434 |
#4
nun gut, du willst reinigen ???
0 . wende die bfu an http://virus-protect.org/artikel/bfu/alcanshorty.html 1. stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html 2. Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html 3. poste das log http://virus-protect.org/artikel/tools/combofix.html 4. poste das log http://www.f-secure.com/blacklight/ starte die Datei, nimm die Lizenzbestimmung an und waehle scan, wenn es mit dem Scan fertig ist, druecke next und danach close. Nun befindet sich im selben Ordner von Blacklight eine FSB*.TXT Datei __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
05.08.2006, 09:40
Member
Themenstarter Beiträge: 30 |
#5
bfu:
BFU v1.00.9 Windows XP SP2 (WinNT 5.01.2600 SP2) Script started at 09:17:28, on 05.08.2006 Option Unload Explorer: Yes Failed: DllUnregister C:\WINDOWS\DH.dll|1 (file not found) Failed: ServiceStop Network Monitor (service not found) Failed: ServiceStop cmdService (service not found) Failed: ServiceDisable Network Monitor (service not found) Failed: ServiceDisable cmdService (service not found) Failed: ServiceDelete Network Monitor (service not found) Failed: ServiceDelete cmdService (service not found) Failed: RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (key not found) Failed: RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (key not found) Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found) Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations|LowRiskFileTypes (key not found) Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found) Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU1 (key not found) Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU2 (key not found) Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|services32 (key not found) Option pause between commands: 300 ms Option pause between commands: 50 ms Failed: FolderDelete C:\Programme\MsConfigs (folder not found) Failed: FolderDelete C:\Programme\winupdates (folder not found) Failed: FolderDelete C:\Programme\winupdate (folder not found) Failed: FolderDelete C:\Programme\winsupdater (folder not found) Failed: FolderDelete C:\Programme\MsUpdate (folder not found) Failed: FolderDelete C:\Programme\MsMovies (folder not found) Failed: FolderDelete C:\Programme\wmplayer (folder not found) Failed: FolderDelete C:\Programme\outlook (folder not found) Failed: FileDelete C:\Programme\Common Files\Windows\mc-*-*.exe (operation failed) Failed: FileDelete C:\Programme\Common Files\Download\mc-*-*.exe (operation failed) Failed: FileDelete C:\DOKUME~1\Labi\LOKALE~1\Temp\Perflib_Perfdata_c1c.dat (operation failed) Failed: FileDelete C:\DOKUME~1\Labi\LOKALE~1\Temp\~DFC347.tmp (operation failed) Failed: FileDelete C:\WINDOWS\Temp\CLML_AGENT_LOG1.txt (operation failed) Failed: FileDelete C:\WINDOWS\Temp\sqlite_rcHdBDEPHx24uGH (operation failed) Failed: FolderDelete C:\Dokumente und Einstellungen\Labi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5007LX0P (operation failed) Failed: FolderDelete C:\Dokumente und Einstellungen\Labi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OT2Z8XAJ (operation failed) Failed: FolderDelete C:\Programme\Maxifiles (folder not found) Failed: FolderDelete C:\Programme\DNS (folder not found) Failed: FolderDelete C:\Programme\EQAdvice (folder not found) Failed: FolderDelete C:\Programme\FCAdvice (folder not found) Failed: FolderDelete C:\Programme\Common Files\FreeProd1 (folder not found) Failed: FolderDelete C:\Programme\Common Files\FreeProd2 (folder not found) Failed: FolderDelete C:\Programme\Common Files\InetGet (folder not found) Failed: FolderDelete C:\Programme\Common Files\InetGet2 (folder not found) Failed: FolderDelete C:\Programme\Common Files\svchostsys (folder not found) Failed: FolderDelete C:\Programme\Common Files\simtest (folder not found) Failed: FolderDelete C:\Programme\Common Files\misc001 (folder not found) Failed: FolderDelete C:\Programme\InetGet2 (folder not found) Failed: FolderDelete C:\Programme\Common Files\VCClient (folder not found) Failed: FolderDelete C:\Programme\Network Monitor (folder not found) Failed: FolderDelete C:\WINDOWS\inet20001 (folder not found) Failed: FolderDelete C:\Programme\Update06 (folder not found) Failed: FolderDelete C:\Programme\Update03 (folder not found) Failed: FolderDelete C:\Programme\Update04 (folder not found) Failed: FolderDelete C:\Programme\Update08 (folder not found) Failed: FolderDelete C:\Programme\W-Update (folder not found) Failed: FolderDelete C:\Programme\Yazzle Sudoku (folder not found) Failed: FolderDelete C:\Programme\Cas (folder not found) Failed: FolderDelete C:\Programme\CasStub (folder not found) Failed: FolderDelete C:\Programme\Cas2Stub (folder not found) Failed: FolderDelete C:\Programme\ipwins (folder not found) Failed: FolderDelete C:\temp (folder not found) Failed: FolderDelete C:\WINDOWS\mdrive (folder not found) Failed: FolderDelete C:\Programme\PECarlin (folder not found) Failed: FolderDelete C:\Programme\AXVenore (folder not found) Failed: FolderDelete C:\Programme\SDVita (folder not found) Failed: FolderDelete C:\Programme\EQBranch (folder not found) Failed: FolderDelete C:\Programme\EQArticle (folder not found) Failed: FolderCreate C:\bintheredunthat (folder already exists) Failed: FileMove C:\WINDOWS\win*-*.exe|C:\bintheredunthat (source file not found) Script completed. Clean up: CleanUp! started on 08/05/06 09:20:11. ... C:\Dokumente und Einstellungen\Labi\Cookies\labi@prosieben[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@protecus[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@pr[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@pubadmin.softonic[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@putfile[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@qksrv[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@questionmarket[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@rafaello.net-m[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@rambler[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@rapidshare[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@ravenriley[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@rdx-info[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@realarcade[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@realmedia[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@real[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@revenue[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@reviewcentre[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@revsci[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@rp-online[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@rtm[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@runescape[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@sapphicerotica[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@scholar.google[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@sc[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@sea.search.msn[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@search.msn[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@searchportal.information[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@secure.skype[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@server.iad.liveperson[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@serviceswitching[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@serving-sys[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@servlet[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@sex.18pl[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@sexlist[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@sextracker[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@shaving172[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@shemale.spotbrokers[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@shopping[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@shortnews.stern[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@sim.jamba[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@skype[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@softonic.de.intellitxt[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@softonic[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@spaces.msn[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@sport.rtl[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@sport1[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@sport1[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@ssl.hurra[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@stat.dealtime[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@stat.onestat[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@statcounter[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@stats1.reliablestats[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@statse.webtrendslive[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@stern[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@store.lucasarts[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@store.softwareonline[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@st[10].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@st[11].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@st[12].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@st[14].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@st[15].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@st[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@st[3].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@st[4].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@st[5].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@st[6].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@st[7].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@st[8].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@st[9].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@suche.web[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@sunporno.axelsfun[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@superglam[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@superworldsearch[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@support.microsoft[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@survey[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@swdns2.edata-server[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@systemdoctor[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@t-online[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@t1[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@t1[3].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@tacoda[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@targetnet[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@tdstats[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@teen-hot[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@teen-porn[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@teenloveonline[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@teensexmovs[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@teensss[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@teentreasures.smut[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@thefightclubelite.siteboard[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@thefreedictionary[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@toplist[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@top[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@totalsupercuties[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@toteme[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@tour.sapphicerotica[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@tradedoubler[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@trafficcenter[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@tribalfusion[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@tripod.lycos[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@tripod.lycos[3].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@tripod[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@turk-top[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@turkish.free-sexxx[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@turkishporn[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@turnier.freenet[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@tv2[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@uimserv[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@upbabe[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@uyeler.mynet[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@vaginafree[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@valueclick[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@vip.rtl[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@vodafone[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@weborama[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@web[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@welt[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@wemfbox[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@wieonline[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@winfixer[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@witze-welt[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@world-adultsex[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.18list[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.18pl[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.1und1[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.2xfun[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.3pic[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.4cheaters[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.adnet-plus[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.adobe[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.adultnetsurprise[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.alphaload[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.amateurcurves[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.amysgirls[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.answers[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.aristogirls[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.avira[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.baerlinonline[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.bbv-net[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.bestpornstardb[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.betandwin[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.bilfen-kizlari[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.burstnet[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.bz-berlin[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.castingcouchteens[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.chefkoch[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.chip[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.codec-download[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.computerbase[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.download[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.dream-pornstars[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.easypic[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.eltern[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.et-scene[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.etracker[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.fahiselisesi[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.fatpenguinmedia[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.finalteens[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.fleshlight[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.free-gall[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.free-pics-gallery[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.freecount[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.freegonzo[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.freenet[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.galaxy-news[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.galleryrotator[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.gallview[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.gamestar[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.globaladvertisingservices[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.gonzo-movies[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.gq-magazin[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.grafikkarten[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.hijackthis-forum[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.hintergrundbilder[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.hitvar[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.iphpbb[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.jmmcclan[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.jpc[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.king[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.kostenlos[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.lanasbigboobs[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.ligalive[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.  ittle[2].txt - deletedC:\Dokumente und Einstellungen\Labi\Cookies\labi@www.majorpervert[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.maxpornmovies[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.miniclip[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.misco[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.monstersgame[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.mrbigdickshotchicks[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.msn[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.msn[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.n24[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.nudistic[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.nvidia[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.pcwelt[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.penisbot[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.petardas[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.pichunter[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.pinkteenpussy[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.playboy[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.porn365[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.porno34[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.puntogiovanieuropa.po[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.realarcade[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.rp-online[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.rtl[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.ruteens[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.sat1[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.sex19[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.sexmekani[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.sexyyounggirls[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.softonic[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.sony[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.spiegel[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.stopzilla[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.sueddeutsche[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.sweet-girls[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.sweetschoolgirls[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.systemdoctor[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.teenbabes[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.teenboat[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.teeniesxxx[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.teens-mania[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.teens[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.thongdreams[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.thumbgoody[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.triplexfactory[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.trojaner-board[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.unibet-tools[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.vodafone[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.welt[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.windows-beratung[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.winfixer[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.x-ho[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.xxx-teens-xxx[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www.zanox-affiliate[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www2.meegos[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@www2.oncomputer.t-online[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@xfire[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@xf[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@xf[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@xml.bravenetmedianetwork[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@xpuss[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@xxxcounter[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@yadro[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@yahoo[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@your-porn[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@yousendit[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@youtube[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@zedo[2].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@zscript[1].txt - deleted C:\Dokumente und Einstellungen\Labi\Cookies\labi@_mov[1].txt - deleted C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\Administrator\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\Administrator\Cookies\index.dat - deleted C:\WINDOWS\Prefetch\4DMAIN.EXE-33BC5A76.pf - deleted C:\WINDOWS\Prefetch\ALCANSHORTY_EN(2).EXE-2B5B7423.pf - deleted C:\WINDOWS\Prefetch\ALCANSHORTY_EN.EXE-2C3F50D0.pf - deleted C:\WINDOWS\Prefetch\ALCMTR.EXE-235F9538.pf - deleted C:\WINDOWS\Prefetch\ANTIVIR_WORKSTATION_WIN7U_DE_-2F344484.pf - deleted C:\WINDOWS\Prefetch\AU_.EXE-1A5CE164.pf - deleted C:\WINDOWS\Prefetch\AVCENTER.EXE-37584419.pf - deleted C:\WINDOWS\Prefetch\AVCONFIG.EXE-3B8B9C26.pf - deleted C:\WINDOWS\Prefetch\AVGNT.EXE-36CA4640.pf - deleted C:\WINDOWS\Prefetch\AVGUARD.EXE-3490B18B.pf - deleted C:\WINDOWS\Prefetch\AVNOTIFY.EXE-22AE9451.pf - deleted C:\WINDOWS\Prefetch\BFU.EXE-0D45E288.pf - deleted C:\WINDOWS\Prefetch\CBS.EXE-05C70479.pf - deleted C:\WINDOWS\Prefetch\CLEANUP.EXE-3438663A.pf - deleted C:\WINDOWS\Prefetch\CLEANUP452.EXE-10FB5B19.pf - deleted C:\WINDOWS\Prefetch\CLIENT.EXE-18B23669.pf - deleted C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf - deleted C:\WINDOWS\Prefetch\COMBOFIX.EXE-33ACCA94.pf - deleted C:\WINDOWS\Prefetch\CONTROL.EXE-013DBFB5.pf - deleted C:\WINDOWS\Prefetch\CSRSS.EXE-12B63473.pf - deleted C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf - deleted C:\WINDOWS\Prefetch\DOWNLOAD.EXE-0DBCA186.pf - deleted C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf - deleted C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf - deleted C:\WINDOWS\Prefetch\EVO.EXE-1A3D367D.pf - deleted C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf - deleted C:\WINDOWS\Prefetch\FIND.EXE-39BA054E.pf - deleted C:\WINDOWS\Prefetch\FINDSTR.EXE-29CCA663.pf - deleted C:\WINDOWS\Prefetch\FIREFOX.EXE-17EE503B.pf - deleted C:\WINDOWS\Prefetch\FIREFOX.EXE-1D57670A.pf - deleted C:\WINDOWS\Prefetch\FKN.EXE-006CD40C.pf - deleted C:\WINDOWS\Prefetch\GC.EXE-387037EE.pf - deleted C:\WINDOWS\Prefetch\GLB5.TMP-21AD02CA.pf - deleted C:\WINDOWS\Prefetch\GLB9.TMP-011C003D.pf - deleted C:\WINDOWS\Prefetch\GUARDGUI.EXE-1BD45C30.pf - deleted C:\WINDOWS\Prefetch\HH.EXE-2D1A70B3.pf - deleted C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-1BDCD75F.pf - deleted C:\WINDOWS\Prefetch\HL2.EXE-226D367B.pf - deleted C:\WINDOWS\Prefetch\ICQLITE.EXE-12731ACD.pf - deleted C:\WINDOWS\Prefetch\IEXPLORE.EXE-2CA9778D.pf - deleted C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf - deleted C:\WINDOWS\Prefetch\IMJPMIG.EXE-03882F7A.pf - deleted C:\WINDOWS\Prefetch\IMSCINST.EXE-009A1717.pf - deleted C:\WINDOWS\Prefetch\IPCONFIG.EXE-2395F30B.pf - deleted C:\WINDOWS\Prefetch\IS-66BAC.TMP-34BCAA5F.pf - deleted C:\WINDOWS\Prefetch\Layout.ini - deleted C:\WINDOWS\Prefetch\LCDCLOCK.EXE-1155CDC3.pf - deleted C:\WINDOWS\Prefetch\LCDMEDIA.EXE-178A8013.pf - deleted C:\WINDOWS\Prefetch\LCDMON.EXE-17AD6AB6.pf - deleted C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf - deleted C:\WINDOWS\Prefetch\MDIONLCM.EXE-25E1ADEE.pf - deleted C:\WINDOWS\Prefetch\MMC.EXE-22FA564C.pf - deleted C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf - deleted C:\WINDOWS\Prefetch\NEROCHECK.EXE-092C6DFA.pf - deleted C:\WINDOWS\Prefetch\NET.EXE-01A53C2F.pf - deleted C:\WINDOWS\Prefetch\NET1.EXE-029B9DB4.pf - deleted C:\WINDOWS\Prefetch\NETUPDATE.EXE-0B20CDA5.pf - deleted C:\WINDOWS\Prefetch\NIRCMD.EXE-22AC7776.pf - deleted C:\WINDOWS\Prefetch\NIRCMD.EXE-374E8EB6.pf - deleted C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf - deleted C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted C:\WINDOWS\Prefetch\NTVDM.EXE-1A10A423.pf - deleted C:\WINDOWS\Prefetch\NWIZ.EXE-2D0F9FBC.pf - deleted C:\WINDOWS\Prefetch\ORDER.EXE-2C74FB2D.pf - deleted C:\WINDOWS\Prefetch\OUTLOOK.EXE-22C5790A.pf - deleted C:\WINDOWS\Prefetch\PCMSERVICE.EXE-005CA5B8.pf - deleted C:\WINDOWS\Prefetch\PDVDSERV.EXE-1C2AA5ED.pf - deleted C:\WINDOWS\Prefetch\PREUPD.EXE-358AA1C1.pf - deleted C:\WINDOWS\Prefetch\REALSCHED.EXE-0A2A7558.pf - deleted C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf - deleted C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-1340EF7F.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-15F0CD76.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-1831A4F3.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-1BC55A4F.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-29C5A060.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-2A94BB85.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-2A96CBB1.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-2E5AF1D7.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-35A483DA.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-415F88EC.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf - deleted C:\WINDOWS\Prefetch\SCHED.EXE-236A886F.pf - deleted C:\WINDOWS\Prefetch\SDHELP.EXE-00535571.pf - deleted C:\WINDOWS\Prefetch\SDSETUP[1].EXE-082559ED.pf - deleted C:\WINDOWS\Prefetch\SET44.TMP-21617A0B.pf - deleted C:\WINDOWS\Prefetch\SETUP.EXE-12BD2899.pf - deleted C:\WINDOWS\Prefetch\SETUP.EXE-393E66AE.pf - deleted C:\WINDOWS\Prefetch\SETUP.EXE-3A480539.pf - deleted C:\WINDOWS\Prefetch\SKYPE.EXE-21F19BC8.pf - deleted C:\WINDOWS\Prefetch\SNDVOL32.EXE-383480B7.pf - deleted C:\WINDOWS\Prefetch\SPFPRC.EXE-11BC8BC4.pf - deleted C:\WINDOWS\Prefetch\SPYWAREFIGHTER.EXE-037C1FE9.pf - deleted C:\WINDOWS\Prefetch\SPYWAREFIGHTER[1].EXE-3111CEA6.pf - deleted C:\WINDOWS\Prefetch\SSMARQUE.SCR-0BA7BB1E.pf - deleted C:\WINDOWS\Prefetch\STEAM.EXE-25824B4E.pf - deleted C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf - deleted C:\WINDOWS\Prefetch\SWDOCTOR.EXE-13B584DD.pf - deleted C:\WINDOWS\Prefetch\SWREG.EXE-298CB0F2.pf - deleted C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf - deleted C:\WINDOWS\Prefetch\UNINST.EXE-3B1D782B.pf - deleted C:\WINDOWS\Prefetch\UNINSTALL.EXE-106ED93F.pf - deleted C:\WINDOWS\Prefetch\UNINSTALL.EXE-35BF553C.pf - deleted C:\WINDOWS\Prefetch\UNZIP.EXE-2188C3E8.pf - deleted C:\WINDOWS\Prefetch\UP060803.EXE-2311E2B5.pf - deleted C:\WINDOWS\Prefetch\UPDATE.EXE-0C3CBDEF.pf - deleted C:\WINDOWS\Prefetch\UPDATE.EXE-0EEAC4EC.pf - deleted C:\WINDOWS\Prefetch\UPDATE.EXE-13D57D76.pf - deleted C:\WINDOWS\Prefetch\UPGRADE.EXE-0296008A.pf - deleted C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf - deleted C:\WINDOWS\Prefetch\WINACE.EXE-0E352790.pf - deleted C:\WINDOWS\Prefetch\WINLOGON.EXE-32C57D49.pf - deleted C:\WINDOWS\Prefetch\WINNT32.EXE-07CE5394.pf - deleted C:\WINDOWS\Prefetch\WINWORD.EXE-259486DA.pf - deleted C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf - deleted C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf - deleted C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf - deleted C:\WINDOWS\Prefetch\X10NETS.EXE-1320D74F.pf - deleted C:\WINDOWS\Prefetch\XFIRE.EXE-399BF578.pf - deleted C:\WINDOWS\Prefetch\XFIRE_EXCEPTION.EXE-0DD7010E.pf - deleted C:\WINDOWS\Prefetch\XPICLEANUP.EXE-3306B804.pf - deleted C:\WINDOWS\Prefetch\ZAUNINST.EXE-0EAAF720.pf - deleted C:\WINDOWS\Prefetch\ZAUNINST.EXE-35B67285.pf - deleted C:\WINDOWS\Prefetch\_REGDLL.TMP-1D08B7BE.pf - deleted C:\WINDOWS\Prefetch\{AFB90859-D358-4ECA-8B8E-FEC8-19FB4ACD.pf - deleted 'Run MRU' list - removed from the registry. 'Doc Find Spec MRU' list - removed from the registry. 'FindComputerMRU' list - removed from the registry. 'ComputerNameMRU' list - removed from the registry. 'ContainingTextMRU' list - removed from the registry. 'FilesNamedMRU' list - removed from the registry. Search Assistant MRU list - removed from the registry. Explorer Open/Save MRU list - removed from the registry. Explorer Last Visited MRU list - removed from the registry. Paint Recent File List - removed from the registry. WordPad Recent File List - removed from the registry. Telnet's MRU list - removed from the registry. Windows Media Player Recent File List - removed from the registry. WinZip Extract MRU list - removed from the registry. WinZip File MRU list - removed from the registry. CleanUp! 4.5.2 recovered 270.8 MB of disk space from 19121 files. CleanUp! finished on 08/05/06 09:21:22. Schritt 3: Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: F845-9504 Verzeichnis von C:\WINDOWS\system32 05.08.2006 09:02 41.237 nvapps.xml 05.08.2006 08:57 4.505 ikhcore.log 04.08.2006 19:50 57.384 avsda.dll 03.08.2006 13:55 1.324 d3d9caps.dat 02.08.2006 16:11 278.045 {844116EE-E1C0-4F31-8849-3F1751AE1878}.exe 02.08.2006 16:11 705 {4B917288-760A-43B9-8C27-50271833CF36}.exe 02.08.2006 16:11 8.329 {657C0512-AFD4-4C79-BB24-D61E0D5B9E58}.exe 02.08.2006 09:12 4.212 zllictbl.dat 01.08.2006 21:47 1.511.424 Flash8.ocx 01.08.2006 12:17 1.064 rjx68c31.sys 01.08.2006 12:17 687.592 atmtd.dll 01.08.2006 12:17 687.592 atmtd.dll._ 01.08.2006 08:28 267.008 FNTCACHE.DAT 31.07.2006 21:35 2.206 wpa.dbl 21.07.2006 18:55 127.578 tsuninst.exe 12.07.2006 16:41 43.520 CmdLineExt03.dll 23.06.2006 20:44 52.403 kspydoc.log 23.06.2006 20:39 0 Sweeper.cfg 23.06.2006 19:49 381.828 perfh009.dat 23.06.2006 19:49 64.650 perfc007.dat 23.06.2006 19:49 53.572 perfc009.dat 23.06.2006 19:49 392.842 perfh007.dat 23.06.2006 19:49 902.476 PerfStringBackup.INI 22.06.2006 21:50 552 d3d8caps.dat 18.06.2006 16:08 98.304 CmdLineExt.dll 16.06.2006 14:34 48.936 sirenacm.dll 04.06.2006 16:50 1.186 $winnt$.inf 17.05.2006 11:23 579.888 LegitCheckControl.dll 03.04.2006 11:40 14.048 spmsg.dll 15.03.2006 15:00 542.195 CmboPls1.ocx Schritt3: Start Time= 05.08.2006 9:29:39,59 Running from: C:\Dokumente und Einstellungen\Labi\Desktop QuickScan did not find any signs of infected files (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-08-04 20:52:16 ( .D... ) "C:\Programme\CleanUp!" 2006-08-04 20:18:12 ( .D... ) "C:\Programme\Gemeinsame Dateien\Application" 2006-08-04 20:17:52 ( .D... ) "C:\Programme\SPYWAREfighter" 2006-08-04 20:10:28 ( .D... ) "C:\Dokumente und Einstellungen\Labi\Anwendungsdaten\PC Tools" 2006-08-04 19:50:08 57384 ( A.... ) "C:\WINDOWS\system32\avsda.dll" 2006-08-04 19:47:42 ( .D... ) "C:\Programme\AntiVir PersonalEdition Classic" 2006-08-03 13:45:38 ( .D... ) "C:\Dokumente und Einstellungen\Labi\Anwendungsdaten\Registry Cleaner" 2006-08-02 18:31:58 ( .D... ) "C:\Programme\Spyware Doctor" 2006-08-02 18:22:12 ( .D... ) "C:\Dokumente und Einstellungen\Labi\Anwendungsdaten\STOPzilla!" 2006-08-02 18:21:22 ( .D... ) "C:\Programme\STOPzilla!" 2006-08-02 18:21:22 ( .D... ) "C:\Programme\Gemeinsame Dateien\STOPzilla!" 2006-08-02 16:11:56 278045 ( A.... ) "C:\WINDOWS\system32\{844116EE-E1C0-4F31-8849-3F1751AE1878}.exe" 2006-08-02 16:11:56 705 ( A.... ) "C:\WINDOWS\system32\{4B917288-760A-43B9-8C27-50271833CF36}.exe" 2006-08-02 16:11:50 8329 ( A.... ) "C:\WINDOWS\system32\{657C0512-AFD4-4C79-BB24-D61E0D5B9E58}.exe" 2006-08-01 20:12:18 ( .D... ) "C:\Programme\Mozilla Firefox" 2006-08-01 20:12:18 ( .D... ) "C:\Dokumente und Einstellungen\Labi\Anwendungsdaten\Mozilla" 2006-08-01 12:17:46 1064 ( A.... ) "C:\WINDOWS\system32\rjx68c31.sys" 2006-08-01 12:17:46 1064 ( A.... ) "C:\WINDOWS\system32\rjx68c31.sys" 2006-08-01 12:17:26 687592 ( A.... ) "C:\WINDOWS\system32\atmtd.dll" 2006-08-01 12:16:36 ( .D... ) "C:\Programme\Gemeinsame Dateien\{F8459504-0BB7-1031-1007-050922050031}" 2006-07-31 22:06:26 ( .D... ) "C:\Programme\Starforge Studios" 2006-07-21 18:55:38 127578 ( A.... ) "C:\WINDOWS\system32\tsuninst.exe" 2006-07-12 16:41:54 43520 ( A.... ) "C:\WINDOWS\system32\CmdLineExt03.dll" 2006-07-05 21:20:38 ( .D... ) "C:\Dokumente und Einstellungen\Labi\Anwendungsdaten\AdobeUM" 2006-07-04 19:05:42 774144 ( A.... ) "C:\Programme\RngInterstitial.dll" 2006-07-02 11:42:38 73728 ( A.... ) "C:\WINDOWS\ALCFDRTM.EXE" 2006-07-02 09:47:38 ( .D... ) "C:\Programme\Yahoo!" 2006-06-30 19:53:58 ( .D... ) "C:\Programme\Gemeinsame Dateien\Totem Shared" 2006-06-24 08:38:36 ( .D... ) "C:\Programme\Logitech" 2006-06-23 20:37:00 ( .D... ) "C:\Programme\WinAce" 2006-06-21 15:29:30 ( .D... ) "C:\Programme\Steam" 2006-06-18 16:09:20 ( .D... ) "C:\Dokumente und Einstellungen\Labi\Anwendungsdaten\Petroglyph" 2006-06-18 16:08:10 98304 ( A.... ) "C:\WINDOWS\system32\CmdLineExt.dll" 2006-06-16 14:34:44 48936 ( A.... ) "C:\WINDOWS\system32\sirenacm.dll" 2006-06-13 18:21:02 ( .D... ) "C:\Programme\Incomplete" 2006-06-13 17:22:28 ( .D... ) "C:\Programme\RF Wireless Mouse" 2006-06-12 18:15:56 ( .D... ) "C:\Dokumente und Einstellungen\Labi\Anwendungsdaten\ICQLite" 2006-06-07 21:30:56 ( .D... ) "C:\Programme\Mouse Driver" 2006-06-05 18:42:52 ( .D... ) "C:\Programme\LucasArts" 2006-06-05 14:25:10 ( .D... ) "C:\Dokumente und Einstellungen\Labi\Anwendungsdaten\Sun" 2006-06-04 19:41:12 1141760 ( A.... ) "C:\WINDOWS\FussballSchoner.scr" (((((((((((((((((((((((((((((((((((((( Files Created - Last 30days ))))))))))))))))))))))))))))))))))))))))))) 2006-08-04 19:47 57.384 C:\WINDOWS\system32\avsda.dll 2006-08-03 14:18 1.072.156.672 C:\hiberfil.sys 2006-08-02 16:11 8.329 C:\WINDOWS\system32\{657C0512-AFD4-4C79-BB24-D61E0D5B9E58}.exe 2006-08-02 16:11 705 C:\WINDOWS\system32\{4B917288-760A-43B9-8C27-50271833CF36}.exe 2006-08-02 16:11 278.045 C:\WINDOWS\system32\{844116EE-E1C0-4F31-8849-3F1751AE1878}.exe 2006-08-01 12:17 687.592 C:\WINDOWS\system32\atmtd.dll 2006-08-01 12:17 127.578 C:\WINDOWS\system32\tsuninst.exe 2006-08-01 12:17 1.064 C:\WINDOWS\system32\rjx68c31.sys 2006-07-31 22:06 36.352 C:\WINDOWS\system32\RCHTXDE.DLL 2006-07-31 22:06 22.528 C:\WINDOWS\system32\WBCustomizer.dll 2006-07-31 22:06 16.896 C:\WINDOWS\system32\WINSKDE.DLL 2006-07-31 22:06 143.360 C:\WINDOWS\system32\vbuzip10.dll 2006-07-02 11:42 73.728 C:\WINDOWS\ALCFDRTM.EXE 2006-06-23 20:38 86.016 C:\WINDOWS\system32\nvmctray.dll 2006-06-23 20:38 86.016 C:\WINDOWS\system32\nvapi.dll 2006-06-23 20:38 81.920 C:\WINDOWS\system32\nvwddi.dll 2006-06-23 20:38 7.307.264 C:\WINDOWS\system32\nvcpl.dll 2006-06-23 20:38 573.440 C:\WINDOWS\system32\nvhwvid.dll 2006-06-23 20:38 5.394.432 C:\WINDOWS\system32\nvoglnt.dll 2006-06-23 20:38 466.944 C:\WINDOWS\system32\nvshell.dll 2006-06-23 20:38 45.056 C:\WINDOWS\system32\nvmccsrs.dll 2006-06-23 20:38 442.368 C:\WINDOWS\system32\nvappbar.exe 2006-06-23 20:38 425.984 C:\WINDOWS\system32\keystone.exe 2006-06-23 20:38 35.328 C:\WINDOWS\system32\nvcodins.dll 2006-06-23 20:38 35.328 C:\WINDOWS\system32\nvcod.dll 2006-06-23 20:38 335.872 C:\WINDOWS\system32\nvwrses.dll 2006-06-23 20:38 335.872 C:\WINDOWS\system32\nvwrsel.dll 2006-06-23 20:38 327.680 C:\WINDOWS\system32\nvwrsfr.dll 2006-06-23 20:38 327.680 C:\WINDOWS\system32\nvwrsesm.dll 2006-06-23 20:38 323.584 C:\WINDOWS\system32\nvwrspt.dll 2006-06-23 20:38 323.584 C:\WINDOWS\system32\nvwrsit.dll 2006-06-23 20:38 319.488 C:\WINDOWS\system32\nvwrsptb.dll 2006-06-23 20:38 319.488 C:\WINDOWS\system32\nvwrsnl.dll 2006-06-23 20:38 319.488 C:\WINDOWS\system32\nvrshe.dll 2006-06-23 20:38 319.488 C:\WINDOWS\system32\nvrsar.dll 2006-06-23 20:38 315.392 C:\WINDOWS\system32\nvwrsru.dll 2006-06-23 20:38 315.392 C:\WINDOWS\system32\nvwrshu.dll 2006-06-23 20:38 311.296 C:\WINDOWS\system32\nvwrsde.dll 2006-06-23 20:38 303.104 C:\WINDOWS\system32\nvwrstr.dll 2006-06-23 20:38 303.104 C:\WINDOWS\system32\nvwrssl.dll 2006-06-23 20:38 303.104 C:\WINDOWS\system32\nvwrsfi.dll 2006-06-23 20:38 299.008 C:\WINDOWS\system32\nvwrssk.dll 2006-06-23 20:38 299.008 C:\WINDOWS\system32\nvwrsno.dll 2006-06-23 20:38 294.912 C:\WINDOWS\system32\nvwrssv.dll 2006-06-23 20:38 294.912 C:\WINDOWS\system32\nvwrspl.dll 2006-06-23 20:38 294.912 C:\WINDOWS\system32\nvwrsda.dll 2006-06-23 20:38 286.720 C:\WINDOWS\system32\nvwrseng.dll 2006-06-23 20:38 286.720 C:\WINDOWS\system32\nvwrscs.dll 2006-06-23 20:38 286.720 C:\WINDOWS\system32\nvnt4cpl.dll 2006-06-23 20:38 282.624 C:\WINDOWS\system32\nvwrsar.dll 2006-06-23 20:38 278.528 C:\WINDOWS\system32\nvwrshe.dll 2006-06-23 20:38 278.528 C:\WINDOWS\system32\nvrsfr.dll 2006-06-23 20:38 274.432 C:\WINDOWS\system32\nvrsit.dll 2006-06-23 20:38 274.432 C:\WINDOWS\system32\nvrses.dll 2006-06-23 20:38 274.432 C:\WINDOWS\system32\nvrsel.dll 2006-06-23 20:38 270.336 C:\WINDOWS\system32\nvrsde.dll 2006-06-23 20:38 266.240 C:\WINDOWS\system32\nvrspt.dll 2006-06-23 20:38 266.240 C:\WINDOWS\system32\nvrsnl.dll 2006-06-23 20:38 266.240 C:\WINDOWS\system32\nvrsesm.dll 2006-06-23 20:38 262.144 C:\WINDOWS\system32\nvrsru.dll 2006-06-23 20:38 262.144 C:\WINDOWS\system32\nvrsptb.dll 2006-06-23 20:38 258.048 C:\WINDOWS\system32\nvrsja.dll 2006-06-23 20:38 253.952 C:\WINDOWS\system32\nvrsko.dll 2006-06-23 20:38 253.952 C:\WINDOWS\system32\nvrshu.dll 2006-06-23 20:38 249.856 C:\WINDOWS\system32\nvrstr.dll 2006-06-23 20:38 249.856 C:\WINDOWS\system32\nvrssl.dll 2006-06-23 20:38 249.856 C:\WINDOWS\system32\nvrssk.dll 2006-06-23 20:38 249.856 C:\WINDOWS\system32\nvrspl.dll 2006-06-23 20:38 249.856 C:\WINDOWS\system32\nvrsno.dll 2006-06-23 20:38 245.760 C:\WINDOWS\system32\nvrssv.dll 2006-06-23 20:38 245.760 C:\WINDOWS\system32\nvrsda.dll 2006-06-23 20:38 241.664 C:\WINDOWS\system32\nvrsfi.dll 2006-06-23 20:38 241.664 C:\WINDOWS\system32\nvrseng.dll 2006-06-23 20:38 241.664 C:\WINDOWS\system32\nvrscs.dll 2006-06-23 20:38 229.376 C:\WINDOWS\system32\nvmccs.dll 2006-06-23 20:38 217.088 C:\WINDOWS\system32\nvrszhc.dll 2006-06-23 20:38 212.992 C:\WINDOWS\system32\nvwrsja.dll 2006-06-23 20:38 196.608 C:\WINDOWS\system32\nvwrsko.dll 2006-06-23 20:38 180.224 C:\WINDOWS\system32\NVUNINST.EXE 2006-06-23 20:38 180.224 C:\WINDOWS\system32\nvudisp.exe 2006-06-23 20:38 167.936 C:\WINDOWS\system32\nvwrszht.dll 2006-06-23 20:38 163.840 C:\WINDOWS\system32\nvwrszhc.dll 2006-06-23 20:38 147.456 C:\WINDOWS\system32\nvcolor.exe 2006-06-23 20:38 131.139 C:\WINDOWS\system32\nvsvc32.exe 2006-06-23 20:38 118.784 C:\WINDOWS\system32\nvrszht.dll 2006-06-23 20:38 1.662.976 C:\WINDOWS\system32\nvwdmcpl.dll 2006-06-23 20:38 1.519.616 C:\WINDOWS\system32\nwiz.exe 2006-06-23 20:38 1.466.368 C:\WINDOWS\system32\nview.dll 2006-06-23 20:38 1.339.392 C:\WINDOWS\system32\nvdspsch.exe 2006-06-23 20:38 1.019.904 C:\WINDOWS\system32\nvwimg.dll 2006-06-21 16:26 61.136 C:\WINDOWS\system32\xinput9_1_0.dll 2006-06-21 16:26 2.337.488 C:\WINDOWS\system32\d3dx9_25.dll 2006-06-21 16:26 2.323.664 C:\WINDOWS\system32\d3dx9_28.dll 2006-06-21 16:26 2.297.552 C:\WINDOWS\system32\d3dx9_26.dll 2006-06-21 16:26 2.222.800 C:\WINDOWS\system32\d3dx9_24.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC" "RTHDCPL"="RTHDCPL.EXE" "Alcmtr"="ALCMTR.EXE" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "MedionVFD"="\"C:\\Programme\\Medion Info Display\\MdionLCM.exe\"" "CmUCRRun"="C:\\WINDOWS\\system32\\CmUCReye.exe" "RemoteControl"="\"C:\\Programme\\Home Cinema\\PowerDVD\\PDVDServ.exe\"" "PCMService"="\"C:\\Programme\\Home Cinema\\PowerCinema\\PCMService.exe\"" "InstantOn"="\"C:\\Programme\\CyberLink\\PowerCinema Linux\\ion_install.exe /c \"" "ICQ Lite"="\"C:\\privat\\icq\\ICQLite\\ICQLite.exe\" -minimize" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" @="" "Launch LGDCore"="\"C:\\Programme\\Logitech\\G-series Software\\LGDCore.exe\" /SHOWHIDE" "Launch LCDMon"="\"C:\\Programme\\Logitech\\G-series Software\\LCDMon.exe\"" "WheelMouse"="C:\\Programme\\Mouse Driver\\4DMAIN.EXE" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "rjx68c31"="RUNDLL32.EXE w0943c5d.dll,n 00268c2f0000000a0943c5d" "keybdll"="qwe.exe" "panel_its"="34763.exe" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "spywarefighterguard"="C:\\Programme\\SPYWAREfighter\\spfprc.exe" "spywarefighterguard"="C:\\Programme\\SPYWAREfighter\\spfprc.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "AOLMIcon"="C:\\Programme\\Gemeinsame Dateien\\AOLSHARE\\AOLMIcon.exe" "MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" "Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "KillAndClean"="\"C:\\Programme\\KillAndClean\\KillAndClean.exe\"" "Preliminary"="StatusCheck.exe" "Shaitan1678"="jopplerg.exe" "ATLIEHELPER"="InpriseMon.exe" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000000 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" "Spyware Doctor"="" [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" "Spyware Doctor"="" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" Contents of the 'Scheduled Tasks' folder Completion time: 05.08.2006 9:34:55,65 ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt ComboFix.2006-08-04.100000.txt ComboFix.2006-08-05.092939.txt Schritt 4: Binary Date Build Checksums blbeta.exe 28-Jun-2006 2.2.1042 MD5 db47d826692bdd66a1ae99a933148951 SHA-1 5113143de09893c93e15fe08bfb699a684a8df1d blbeta.exe 20-Jun-2006 2.2.1041 MD5 ff55fcc4ca62c087916d8728846b3b96 SHA-1 d7adfd9fcde24ea09d18e36c8f4465bd3c72f452 blbeta.exe 30-May-2006 2.2.1037 MD5 9f89a6cf52c691afe382b6e73d1c1a63 SHA-1 2ae5bc410b75ebcf73182f418c890ab71e8d68d1 blbeta.exe 25-Apr-2006 2.2.1036 MD5 76ee43355236a70eec4c5dc223c9be92 SHA-1 ec8aa8f29f05b2cef0ebf6c1badc172b38f0ad82 blbeta.exe 3-Apr-2006 2.2.1035 MD5 8fbd7ed4c41ccd98c3734295d6b2f0e8 SHA-1 7f28149a319292982b870359556d321cfab4d060 blbeta.exe 28-Feb-2006 2.2.1031 MD5 d7183d8059fc2b617e9b0be89f5495a2 SHA-1 e8e397d380aeb2d85a5b78ca188222decb09066b blbeta.exe 17-Feb-2006 2.2.1030 MD5 662d3f502ddf21ae0a8b10478e56d29e SHA-1 35ff592ea6fdf90786eff28b3cb9114d1945ca8a blbeta.exe 14-Dec-2005 2.2.1015 MD5 f84d6dccfa756c6ccdc1bd90c4290a09 SHA-1 f445b4f0531dd4dea1f6b44f3be1c5ccc4e51361 blbeta.exe 7-Dec-2005 2.2.1014 MD5 1226cd22dd5eb7f15068a9ad7307fc61 SHA-1 8128bdb0ebcb2a259343816d06fe27132d79bf06 blbeta.exe 2-Nov-2005 2.2.1007 MD5 f43e936f6e389710470d0915ed7781a8 SHA-1 17f1f4e1fa18ff822b5b5a707f361b55bc276225 blbeta.exe 24-Oct-2005 2.2.1006 MD5 2ca367fc69b81f28d3b996c6861a9884 SHA-1 2282b7698fda7989b3f1ea99d9c65e1f29a45b39 blbeta.exe 5-Oct-2005 2.1.1019 MD5 45e2aac28808eec11c64c8737ef88afe SHA-1 68227d4a0d059ad7f2de339f91c7b0d7577e0a05 blbeta.exe 26-Sep-2005 2.1.1018 MD5 08440fffe4a03c03e8203bdb737c4c5d SHA-1 93e90116794565bd3c38ab97b86d83cab1b45291 blbeta.exe 11-Aug-2005 2.1.1013 MD5 36cf2517be059f96e6120c49223662a9 SHA-1 4b26d2c768af65c115675fc15566a06950e16b95 blbeta.exe 15-Jul-2005 2.1.1012 MD5 a60ac654afc5cdcbd16ee680b60556cb SHA-1 4bc9d0e885236a8f56bdb4b547685bc3735da00f blbeta.exe 30-Jun-2005 2.1.1010 MD5 5e5e0bf677ef736548890897c453593e SHA-1 4d65091e400d3a737198b9d321df1a0bd7cc16d6 Ich hoffe das hilft. mfg LaBi __________ mfg LaBi |
|
|
|
|
|
|
05.08.2006, 14:04
Ehrenmitglied
Beiträge: 29434 |
#6
1.
die datfindbat hat 4 logs, poste noch die restlichen 3 1.Log Verzeichnis von C:\WINDOWS\system32 2.Log Verzeichnis von C:\DOKUME~1\Username\LOKALE~1\Temp 3.Log Verzeichnis von C:\WINDOWS 4.Log Verzeichnis von C:\ 2. Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint Zitat cd\3. Download FixWareout http://downloads.subratam.org/Fixwareout.exe Fixwareout.exe --> next --> Install --> Run fixit --> Finish / der PC wird neustarten --> C:\fixwareout\report.txt -> hier posten 4. poste das log http://www.f-secure.com/blacklight/ starte die Datei, nimm die Lizenzbestimmung an und waehle scan, wenn es mit dem Scan fertig ist, druecke next und danach close. Nun befindet sich im selben Ordner von Blacklight eine FSB*.TXT Datei ----------------------------------------------------------------------------------------- ist fuer mich.............beachte es nicht (noch nicht....) Zitat HKEY_CURRENT_USER\Software\KillAndClean Zitat R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com« Zitat C:\Programme\Gemeinsame Dateien\{F8459504-0BB7-1031-1007-050922050031}« __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
05.08.2006, 14:11
Member
Themenstarter Beiträge: 30 |
#7
datFind:
Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: F845-9504 Verzeichnis von C:\DOKUME~1\Labi\LOKALE~1\Temp 05.08.2006 14:05 240 datFind.zip 05.08.2006 14:00 12.470 browserview-4068b54.htm 05.08.2006 14:00 12.470 browserview-4964834.htm 05.08.2006 13:26 0 is14.tmp 05.08.2006 09:48 16.384 Perflib_Perfdata_a38.dat 01.08.2006 15:05 121 DFC5A2B2.TMP 23.01.2006 15:36 429 datFind.bat 15.07.2001 13:15 3.428.115 LittleCS.CAB 15.07.2001 13:14 4.977 SETUP.LST 15.03.2000 00:00 142.848 setup.exe 10 Datei(en) 3.618.054 Bytes 0 Verzeichnis(se), 112.092.831.744 Bytes frei Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: F845-9504 Verzeichnis von C:\WINDOWS 05.08.2006 13:21 159 wiadebug.log 05.08.2006 13:21 50 wiaservc.log 05.08.2006 13:19 253.952 Setup1.exe 05.08.2006 13:19 74.752 ST6UNST.EXE 05.08.2006 09:48 0 0.log 05.08.2006 09:48 4.238 ModemLog_Creatix V.92 Data Fax Modem.txt 05.08.2006 09:48 1.136.685 WindowsUpdate.log 05.08.2006 09:47 2.048 bootstat.dat 05.08.2006 09:46 32.564 SchedLgU.Txt 05.08.2006 09:35 288 setupact.log 04.08.2006 20:14 106 drwatson.log 04.08.2006 20:01 416 WINNT32.LOG 04.08.2006 20:00 675 DHCPUPG.LOG 04.08.2006 19:43 0 setuperr.log 04.08.2006 09:08 2.904 mozver.dat 03.08.2006 14:15 146.894 ntbtlog.txt 02.08.2006 16:29 46.398 iis6.log 02.08.2006 16:29 105.402 comsetup.log 02.08.2006 16:29 63.579 ntdtcsetup.log 02.08.2006 16:29 1.891 imsins.log 02.08.2006 16:29 16.388 ocmsn.log 02.08.2006 16:29 122.808 tsoc.log 02.08.2006 16:29 157.074 ocgen.log 02.08.2006 16:29 15.066 msgsocm.log 02.08.2006 16:29 304.174 FaxSetup.log 02.08.2006 16:28 1.060.195 setupapi.log 02.08.2006 15:32 4.456 rdt.ini 02.08.2006 15:32 6.400 balloon.wav 01.08.2006 12:17 40 teller2.chk 01.08.2006 12:04 116 NeroDigital.ini 01.08.2006 11:50 78.915 wmsetup.log 11.07.2006 15:58 10 popcinfo.dat 02.07.2006 11:42 73.728 ALCFDRTM.EXE 22.06.2006 21:55 1.917 imsins.BAK 22.06.2006 21:44 0 LCDMedia.INI 21.06.2006 16:26 64.706 DirectX.log 21.06.2006 16:26 264 DXError.log 18.06.2006 21:41 361 SIERRA.INI 08.06.2006 15:25 50 cdplayer.ini 05.06.2006 16:53 8.192 Thumbs.db 05.06.2006 11:47 459 wmsetup10.log 04.06.2006 19:41 1.141.760 FussballSchoner.scr 04.06.2006 19:41 32 brassi.dat 04.06.2006 19:09 307.682 eis_adler_1280x1024.jpg 04.06.2006 17:48 5.488 WGA.log 04.06.2006 17:07 400 ODBC.INI 04.06.2006 17:06 573 win.ini 04.06.2006 17:06 573 win.tmp 04.06.2006 16:58 4 msoffice.ini 04.06.2006 16:51 4.360 COM+.log 04.06.2006 16:50 2.209 OEWABLog.txt 04.06.2006 16:50 1.089.355 setuplog.txt 04.06.2006 16:48 6.341 sessmgr.setup.log 04.06.2006 16:48 641 DtcInstall.log 04.06.2006 16:48 4.164 regopt.log 16.10.2005 16:35 61 smscfg.ini Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: F845-9504 Verzeichnis von C:\ 05.08.2006 14:06 0 sys.txt 05.08.2006 14:06 8.989 system.txt 05.08.2006 14:05 756 systemtemp.txt 05.08.2006 14:05 106.897 system32.txt 05.08.2006 14:02 9.507 files.txt 05.08.2006 09:47 1.072.156.672 hiberfil.sys 05.08.2006 09:47 1.610.612.736 pagefile.sys 05.08.2006 09:34 14.261 ComboFix.txt 04.08.2006 10:00 100 ComboFix.2006-08-05.092939.txt 04.08.2006 09:04 85 ComboFix.2006-08-04.100000.txt 04.06.2006 16:49 211 boot.ini 31.10.2005 17:56 700.416 StubInstaller.exe 12.10.2005 08:54 1.620 IPH.PH 09.10.2005 14:46 50 AUTOEXEC.BAT 08.10.2005 22:57 0 MSDOS.SYS 08.10.2005 22:57 0 IO.SYS 08.10.2005 22:57 0 CONFIG.SYS 04.08.2004 14:00 4.952 bootfont.bin 04.08.2004 14:00 47.564 NTDETECT.COM 04.08.2004 14:00 251.184 ntldr 20 Datei(en) 2.683.916.000 Bytes 0 Verzeichnis(se), 112.092.815.360 Bytes frei Editor: Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: F845-9504 Verzeichnis von C:\Programme\Gemeinsame Dateien\Totem Shared 30.06.2006 20:36 <DIR> . 30.06.2006 20:36 <DIR> .. 30.06.2006 19:54 <DIR> Update 0 Datei(en) 0 Bytes 3 Verzeichnis(se), 112.093.229.056 Bytes frei Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: F845-9504 Verzeichnis von C:\Programme Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: F845-9504 Verzeichnis von C:\Programme\Gemeinsame Dateien\{F8459504-0BB7-1031-1007-050922050031} 02.08.2006 18:24 <DIR> . 02.08.2006 18:24 <DIR> .. 05.07.2006 10:44 2.560 services.dll 1 Datei(en) 2.560 Bytes 2 Verzeichnis(se), 112.093.224.960 Bytes frei Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: F845-9504 Verzeichnis von C:\Program Files Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: F845-9504 Verzeichnis von C:\Dokumente und Einstellungen\Labi\Lokale Einstellungen\Temp 05.08.2006 13:54 <DIR> . 05.08.2006 13:54 <DIR> .. 05.08.2006 14:00 12.470 browserview-4068b54.htm 05.08.2006 14:00 12.470 browserview-4964834.htm 01.08.2006 15:05 121 DFC5A2B2.TMP 05.08.2006 13:26 0 is14.tmp 15.07.2001 13:15 3.428.115 LittleCS.CAB 05.08.2006 09:48 16.384 Perflib_Perfdata_a38.dat 15.03.2000 00:00 142.848 setup.exe 15.07.2001 13:14 4.977 SETUP.LST 05.08.2006 13:26 <DIR> spfdata 8 Datei(en) 3.617.385 Bytes 3 Verzeichnis(se), 112.093.224.960 Bytes frei Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: F845-9504 Verzeichnis von C:\WINDOWS\Temp 05.08.2006 13:10 <DIR> . 05.08.2006 13:10 <DIR> .. 05.08.2006 09:47 0 CLML_AGENT_LOG1.txt 05.08.2006 13:13 <DIR> GCMediaTemp 05.08.2006 09:47 2.048 sqlite_eErkLgngiXJ0x3l 05.08.2006 09:48 0 T30DebugLogFile.txt 3 Datei(en) 2.048 Bytes 3 Verzeichnis(se), 112.093.224.960 Bytes frei Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: F845-9504 Verzeichnis von C:\Temp 05.08.2006 09:48 <DIR> . 05.08.2006 09:48 <DIR> .. 0 Datei(en) 0 Bytes 2 Verzeichnis(se), 112.093.224.960 Bytes frei Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: F845-9504 Verzeichnis von C:\Programme 05.08.2006 13:26 <DIR> . 05.08.2006 13:26 <DIR> .. 09.10.2005 12:43 <DIR> Adobe 12.10.2005 08:39 <DIR> Ahead 04.06.2006 17:09 <DIR> ALDI Sued Foto Service 04.08.2006 19:51 <DIR> AntiVir PersonalEdition Classic 23.06.2006 19:43 <DIR> C-Media USB2.0 Card Reader 22.10.2005 14:19 <DIR> Common Files 04.06.2006 16:59 <DIR> CyberLink 12.10.2005 08:39 <DIR> DivX 09.10.2005 14:33 <DIR> Encarta 05.08.2006 13:26 <DIR> Gemeinsame Dateien 11.07.2006 12:58 <DIR> Google 08.10.2005 15:59 <DIR> HighMAT CD Writing Wizard 22.10.2005 14:23 <DIR> Home Cinema 20.06.2006 20:20 <DIR> Incomplete 08.10.2005 15:24 <DIR> Intel 16.10.2005 13:57 <DIR> Internet Explorer 09.10.2005 12:28 <DIR> Learn2.com 09.10.2005 14:49 <DIR> Letstrade 05.08.2006 13:54 <DIR> Little CS 24.06.2006 08:38 <DIR> Logitech 05.06.2006 18:42 <DIR> LucasArts 12.10.2005 11:47 <DIR> MEDION 12.10.2005 08:50 <DIR> Medion Info Display 08.10.2005 16:00 <DIR> Messenger 09.10.2005 14:37 <DIR> Microsoft AutoRoute 08.10.2005 22:58 <DIR> microsoft frontpage 04.06.2006 17:06 <DIR> Microsoft Office 04.06.2006 17:01 <DIR> Microsoft Works 09.10.2005 14:23 <DIR> Microsoft Works Suite 2006 24.06.2006 08:40 <DIR> Mouse Driver 08.10.2005 22:56 <DIR> Movie Maker 05.08.2006 10:39 <DIR> Mozilla Firefox 08.10.2005 22:55 <DIR> MSN 08.10.2005 22:55 <DIR> MSN Gaming Zone 08.07.2006 13:01 <DIR> MSN Messenger 09.10.2005 14:46 <DIR> muvee Technologies 08.10.2005 22:56 <DIR> NetMeeting 09.10.2005 19:13 <DIR> NVIDIA Demo Kiosk 16.10.2005 14:03 <DIR> OfficeUpdate11 08.10.2005 22:55 <DIR> Online Services 08.10.2005 22:56 <DIR> Online-Dienste 08.10.2005 16:01 <DIR> Outlook Express 09.10.2005 11:23 <DIR> QuickTime 09.10.2005 11:53 <DIR> RALINK 04.07.2006 19:05 <DIR> Real 09.10.2005 11:27 <DIR> Realtek 22.06.2006 21:39 <DIR> RF Wireless Mouse 04.07.2006 19:05 774.144 RngInterstitial.dll 09.10.2005 14:44 <DIR> Skype 31.07.2006 22:06 <DIR> Starforge Studios 04.08.2006 20:37 <DIR> Steam 03.08.2006 08:03 <DIR> STOPzilla! 09.10.2005 12:28 <DIR> Viewpoint 23.06.2006 20:37 <DIR> WinAce 09.10.2005 11:11 <DIR> Windows Media Connect 04.06.2006 16:59 <DIR> Windows Media Player 08.10.2005 22:55 <DIR> Windows NT 09.10.2005 14:49 <DIR> WISO 23.06.2006 19:41 <DIR> X10 Hardware 08.10.2005 22:58 <DIR> xerox 02.08.2006 17:04 <DIR> Yahoo! 1 Datei(en) 774.144 Bytes 62 Verzeichnis(se), 112.093.220.864 Bytes frei Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: F845-9504 Verzeichnis von C:\Dokumente und Einstellungen\Labi\Lokale Einstellungen\Anwendungsdaten 05.07.2006 21:20 <DIR> Adobe 09.10.2005 18:45 <DIR> Ahead 31.07.2006 22:06 <DIR> ApplicationHistory 24.06.2006 19:04 15.360 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 31.07.2006 22:06 137 fusioncache.dat 01.08.2006 09:38 85.448 GDIPFONTCACHEV1.DAT 07.06.2006 21:28 <DIR> Logitech 02.08.2006 16:20 <DIR> Microsoft 01.08.2006 20:12 <DIR> Mozilla 04.06.2006 18:27 <DIR> PowerCinema 09.10.2005 12:33 <DIR> WMTools Downloaded Files 09.10.2005 11:24 <DIR> {3248F0A6-6813-11D6-A77B-00B0D0150040} 3 Datei(en) 100.945 Bytes 9 Verzeichnis(se), 112.093.220.864 Bytes frei Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: F845-9504 Verzeichnis von C:\Dokumente und Einstellungen\Labi\Anwendungsdaten 04.08.2006 20:10 <DIR> . 04.08.2006 20:10 <DIR> .. 09.10.2005 12:49 <DIR> Adobe 05.07.2006 21:20 <DIR> AdobeUM 04.06.2006 16:58 <DIR> AOL 04.06.2006 18:25 <DIR> CyberLink 12.06.2006 18:18 <DIR> ICQLite 08.10.2005 22:58 <DIR> Identities 27.04.2006 16:02 5 kc.tmp 09.10.2005 11:21 <DIR> Macromedia 12.10.2005 11:47 <DIR> MAGIX 01.08.2006 20:12 <DIR> Mozilla 18.06.2006 16:09 <DIR> Petroglyph 09.10.2005 11:26 <DIR> Real 03.08.2006 13:45 <DIR> Registry Cleaner 05.08.2006 09:48 <DIR> Skype 02.08.2006 18:22 <DIR> STOPzilla! 05.06.2006 14:25 <DIR> Sun 04.06.2006 20:17 <DIR> Xfire 09.10.2005 12:28 <DIR> You've Got Pictures Screensaver 1 Datei(en) 5 Bytes 19 Verzeichnis(se), 112.093.220.864 Bytes frei Datentr„ger in Laufwerk C: ist BOOT Volumeseriennummer: F845-9504 Verzeichnis von C:\Programme\Gemeinsame Dateien 05.08.2006 13:26 <DIR> . 05.08.2006 13:26 <DIR> .. 09.10.2005 12:42 <DIR> Adobe 09.10.2005 14:39 <DIR> Ahead 04.06.2006 16:59 <DIR> aol 09.10.2005 14:49 <DIR> Buhl Data Service 09.10.2005 14:49 <DIR> DataDesign 04.06.2006 17:06 <DIR> Designer 08.10.2005 22:56 <DIR> Dienste 12.10.2005 08:50 <DIR> InstallShield 09.10.2005 14:41 <DIR> LightScribe 09.10.2005 14:56 <DIR> MAGIX Shared 02.08.2006 17:20 <DIR> Microsoft Shared 08.10.2005 22:56 <DIR> MSSoap 09.10.2005 14:46 <DIR> muvee Technologies 09.10.2005 14:40 <DIR> Nero 09.10.2005 12:28 <DIR> Nullsoft 04.06.2006 17:06 <DIR> ODBC 04.07.2006 19:05 <DIR> Real 08.10.2005 23:52 <DIR> SpeechEngines 03.08.2006 08:03 <DIR> STOPzilla! 04.06.2006 17:06 <DIR> System 30.06.2006 20:36 <DIR> Totem Shared 09.10.2005 11:25 <DIR> xing shared 02.08.2006 18:24 <DIR> {F8459504-0BB7-1031-1007-050922050031} 0 Datei(en) 0 Bytes 25 Verzeichnis(se), 112.093.216.768 Bytes frei __________ mfg LaBi |
|
|
|
|
|
|
05.08.2006, 14:23
Ehrenmitglied
Beiträge: 29434 |
#8
Download FixWareout
http://downloads.subratam.org/Fixwareout.exe Fixwareout.exe --> next --> Install --> Run fixit --> Finish / der PC wird neustarten --> C:\fixwareout\report.txt -> hier posten poste das log http://www.f-secure.com/blacklight/ starte die Datei, nimm die Lizenzbestimmung an und waehle scan, wenn es mit dem Scan fertig ist, druecke next und danach close. Nun befindet sich im selben Ordner von Blacklight eine FSB*.TXT Datei __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
05.08.2006, 14:36
Member
Themenstarter Beiträge: 30 |
#9
Fixwareout ver 1.003
Last edited 07/1/2006 Post this report in the forums please Reg Entries that were deleted HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4436D516F384-8B69-6044-CA42-E0468798{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B8A9FDA65A57-CA7A-B444-536A-C29DA33C{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3C382F7CEB57-25C8-F524-5D7D-BD8AFD2C{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}426241B22BE7-67FA-F8A4-F9FF-2C92CD77{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}05B5C9F7B420-74CA-DE74-715C-89CB2C7F{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BFD17C4CC766-11C9-7374-32A0-625A6C65{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9CFE113DF39C-D98A-9FC4-A6B1-23A39BC6{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5BCDA5BA7D07-428A-9004-8148-C91D4A3D{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EA8AC98A98F2-CC7A-5284-312D-CC002E80{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}641530BB5871-BFCB-7AE4-16B9-8FA838D6{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F53A222FFB22-CEFB-51D4-3987-0891E181{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AEC3DF252969-241B-1BA4-F295-BF8B4916{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}146F1D521EFC-72B9-CF84-592A-3BAD82B3{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7EF21E32EE7B-05B9-7744-44B1-A5AD3387{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}035B9FE19A04-077B-9664-E8AF-5CFA80A5{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}113A9BA971CA-D84B-AA04-599E-04C490E5{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}65FBD6EC9024-34E8-DDD4-9B12-97A9F792{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}00D7E2F927D1-F768-0B24-24B7-9CDA2AAE{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1F15D93BCC32-8329-7124-CC3B-DA326643{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7CD7FFF02417-9E8A-6404-4383-5180760D{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}12186AFD4ECE-062A-F494-0DBC-EA9C1B66{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}923396D31E80-9668-CC44-DEDB-A00093C9{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AFD932002B2B-56BA-9C64-48CC-41E2557E{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}383EB01CA939-CC28-CF44-995C-75C3F61B{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9B11CD54A885-7F78-4044-B986-3A95F035{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2949E6B9510A-0768-B254-30B1-3013655E{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}53D8500B8BEF-A348-3814-3486-BB3BBF79{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CB12A5B7315B-D10A-8054-273D-28605A1F{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9D064F08DCA6-D8BB-2684-DA8A-DBBF76CB{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A2E64BEF96DA-1DEA-29F4-7852-7FFBBF39{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}453BB3480566-550B-2404-12F5-32F99BFD{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}55E3CB9E23CB-77BA-0394-628B-53373E21{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E86F4FE0A839-7ABB-9D34-0282-5A517236{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A885B8F10BF9-0709-8424-DF55-64D2D107{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C54735FCBEB3-DD69-2424-9540-0276EE0D{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}40570C5D043B-A5C8-4824-E43D-7438B0EF{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2D847B18A4B5-2D28-F164-CF4B-F3C981DD{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2B11CD76EAEB-8BFB-5C34-ACC7-54A734F6{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E4C36CE71768-0F98-2214-F1E2-062D8F52{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BCE3BE99BBE1-409A-CAF4-5C5C-0F1CBBCF{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}22CB45A6645F-403B-6274-CF85-FBE40378{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C160A4BA0B94-B168-8EE4-703C-C1862AFF{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}32EA74A95C72-324B-7944-FE93-FEB190DB{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4EF2B8F536CF-8DB8-7CD4-57C4-18FD943A{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9CA21376092D-0808-B9E4-4BBE-9A1F2A4B{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}40A3A1484617-53D9-4F54-78E2-01595F1C{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BDF2466DC5D3-1448-9EF4-AECA-C5E44F5E{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3936733D9752-C3DB-23F4-0143-02E9A651{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}472483DE8A00-E209-6B94-39F8-7ECFDAF9{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}21A783912C4B-F179-0BE4-0CC6-4FC3A849{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}23BEAD79376F-35FB-9E24-08CB-CD38E980{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6DD4B127533F-F37B-2004-890C-A6C5F332{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6EB088DB0888-009A-EC34-1C97-216D0E76{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D84059AA9F8D-606B-D0F4-5A17-9329E05B{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C3F354D4EF5B-D418-8FE4-8366-52828C13{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}22A4DF59B551-F7C9-A2F4-A7FC-1533A5EF{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4BE2398F7CC0-3618-C7D4-BD78-A715BB53{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B44F04CF7479-09A9-5054-6CBE-C6DED37B{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D9E6B78348F4-D908-3924-26DC-10E00FE9{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DF13770B6968-D53A-7C34-F456-82BB7830{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E72D6F61E94A-4668-8694-AD07-C2553EDF{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}06CDE6A146EA-65BB-9784-7811-F806726C{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}44C00A0956F1-6579-92B4-38EA-DC1634AB{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0B7A47172696-CEA8-5D04-453E-00083AA9{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D02906149563-626A-D5C4-578F-3F6C60CA{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3C21AEC68863-AE79-D584-9A15-7499AD40{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}10DEF51F8F2A-1E5A-92D4-6BAC-1F98D2BB{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5DDA4380FC0A-0E98-7984-AEA2-32F30E84{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AE46B42F4B15-C36B-3DF4-807C-1BDDFC55{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E2130C62ACEE-C85A-4414-4541-992FBDA4{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9B79E5BE27DB-DC69-62A4-A71E-0A8F4BC2{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A86FDB55D978-937B-4CE4-367E-700BD5FA{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FFA4C7078C28-6299-3C04-FB70-DB87C81B{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B8B339C98154-2D49-4704-0F2A-4B781538{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5DB30B72C6DF-F8D9-A334-F8D0-AF77B3BF{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C890236C2A14-CECB-F474-34BE-7AE4AC45{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0D111971104B-EA8B-0DC4-A997-A19DE725{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0D0D0D6A4B1D-75D8-8124-806F-ACD74060{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}844ADA15FDD5-4A8A-3BF4-1EEC-3D545680{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2C7CB38BB8A4-BD3B-F494-FD99-5E97E9A4{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1B8177616379-FFEA-3894-FA40-1A256C38{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A3EA4C60B016-5358-8614-F164-EC2A61B1{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}44BBF279F6C2-91DA-AC24-6FDB-F20C5915{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8E367DC14470-173A-F024-C527-C4383F4C{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A92A19C161A8-24C9-8AC4-8C77-D960EE66{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CAFDC109BE59-B47A-A254-4E08-6CA2BF2D{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CEEBD9239B41-F1DA-A2C4-F80E-D053E94E{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}92CBDCCEA79F-E09A-2084-3578-AC95C315{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}26667BBFF8FD-543A-9BB4-7555-D69DAFBC{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4C7E2F1FEF01-C35A-0504-506A-2178F24E{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5AC8B9902943-E438-4D94-FE5F-C4DAAAA7{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4085F4DCA39C-4B58-20B4-7B9F-09C42460{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2F6266EDB55D-B748-BE84-7576-1C5C50DB{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D11943E9EB56-E56A-52B4-3B15-91890FCB{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}72A0826E7F85-BAF9-5294-302E-88DBB0DC{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4836DC639162-55AB-42D4-6A04-2826C2BA{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A9086FE6ABCB-B53B-BD24-3767-1E23CBB7{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}27779F126997-FA58-6F34-D68D-4753B0DD{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1F1FA57B6065-244A-3F24-FF71-2C672A2D{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5F38D295B38E-5F1A-CBE4-2DD6-062C3506{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4613E7D6D0BF-9A3B-7F74-22CB-ADCF2AB5{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9998E9AC1FAD-DD88-4FB4-13B6-53B8530D{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}061FCA6E7F61-8ED8-5984-9305-2CDEECEC{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5B139BA82808-E9A8-CFE4-BD67-FAD8B271{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}74567178BD07-72EA-AEA4-809F-7D092186{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}435AD1CAEB7D-A1DA-D794-913B-28870852{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D6A5B045DD84-F228-F8B4-9870-4428A813{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EF17A64F0E07-BA09-AC34-B6E0-24FD63C1{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}04692A02737E-6349-7454-B1FF-15A1DF2F{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}707F1B3D72C3-CA2A-4CE4-22E0-0DBD278A{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CB0E5F54E6A9-6E6B-AD14-0AEB-5CB4A197{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7363594D8C76-412B-00D4-AD8B-24F52EEA{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AFDEE51487DF-088B-53A4-48CD-C732F3B7{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AB9E2E60B6C1-237B-7F44-DEE4-D2D49BC8{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}226FBED984F4-4A3A-BD94-BA3D-A1EB17D7{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}46C1AD2EE458-AA8A-1E54-533A-8B4B20F3{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E9B7A2058CEF-E8B8-ACE4-853D-95809BFA{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\uwpmd HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\owt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ypszr HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\onisacputes HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno ... Random Runs removed from HKLM "dmpwu.exe"=- ... PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. Example ipsec6.exe is legitimate »»»»» Search by size and names... »»»»» Misc files Schritt2: 08/05/06 14:35:20 [Info]: BlackLight Engine 1.0.42 initialized 08/05/06 14:35:20 [Info]: OS: 5.1 build 2600 (Service Pack 2) 08/05/06 14:35:20 [Note]: 7019 4 08/05/06 14:35:20 [Note]: 7005 0 08/05/06 14:35:22 [Note]: 7006 0 08/05/06 14:35:22 [Note]: 7011 1828 08/05/06 14:35:22 [Note]: 7026 0 08/05/06 14:35:22 [Note]: 7026 0 08/05/06 14:35:25 [Note]: FSRAW library version 1.7.1019 08/05/06 14:37:52 [Note]: 7007 0 __________ mfg LaBi Dieser Beitrag wurde am 05.08.2006 um 14:43 Uhr von LaBi editiert.
|
|
|
|
|
|
|
05.08.2006, 14:39
Ehrenmitglied
Beiträge: 29434 |
#10
poste das log
http://www.f-secure.com/blacklight/ starte die Datei, nimm die Lizenzbestimmung an und waehle scan, wenn es mit dem Scan fertig ist, druecke next und danach close. Nun befindet sich im selben Ordner von Blacklight eine FSB*.TXT Datei __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
05.08.2006, 14:48
Member
Themenstarter Beiträge: 30 |
||
|
|
|
|
|
05.08.2006, 15:21
Ehrenmitglied
Beiträge: 29434 |
#12
0.
spyfalcon.zip -> http://virus-protect.org/zip/spyfalcon.zip -> entpacken auf dem Desktop -> spyfalcon.reg ->doppeltklicken und der Registry mit "ja/yes" beifügen 1. Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein: Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** poste das log vom Avenger, was erscheint ** öffne das HijackThis -- Button "scan" -- vor die -Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.comPC neustarten ** Bei Netzwerk/Eigenschaften des Internetprotokolls steht denn IP und DNS automatisch beziehen. -> anhaken ** Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. ** Hoster.zip http://www.funkytoad.com/download/hoster.zip Press 'Restore Original Hosts' and press 'OK' Exit Program. ** loeschen; C:\Programme\Gemeinsame Dateien\{F8459504-0BB7-1031-1007-050922050031} C:\Programme\Gemeinsame Dateien\Totem Shared ** F-Secure Online Scanner Next Generation Beta http://support.f-secure.com/enu/home/ols3.shtml 1. Klicke den Link: "F-Secure Online Scanner Next Generation Beta". 2. Du wirst aufgefordert werden, ein ActiveX-Control zu installieren 3. Installiere diese ActiveX-Komponente 4. Lies die Anleitung und klicke: "Accept" 5. Klicke "Full System Scan" 6. klicke "Show report" - kopiere den Scanreport + das neue Log vom HijackThis posten __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
05.08.2006, 16:26
Member
Themenstarter Beiträge: 30 |
#13
//////////////////////////////////////////
Avenger Pre-Processor log ////////////////////////////////////////// Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 0 Line: HKEY_CURRENT_USER\Software\KillAndClean Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 0 Line: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{BF69DF00-2734-477F-8257-27CD04F88779} ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\dckjckfw ******************* Script file located at: \??\C:\WINDOWS\fmmbtrhw.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\Dokumente und Einstellungen\All Users\Favoriten\Download Free Spyware Remover.url not found! Deletion of file C:\Dokumente und Einstellungen\All Users\Favoriten\Download Free Spyware Remover.url failed! Could not process line: C:\Dokumente und Einstellungen\All Users\Favoriten\Download Free Spyware Remover.url Status: 0xc0000034 File C:\Dokumente und Einstellungen\All Users\Favoriten\NEW VIAGRA at Half Price!.url not found! Deletion of file C:\Dokumente und Einstellungen\All Users\Favoriten\NEW VIAGRA at Half Price!.url failed! Could not process line: C:\Dokumente und Einstellungen\All Users\Favoriten\NEW VIAGRA at Half Price!.url Status: 0xc0000034 File C:\Dokumente und Einstellungen\All Users\Favoriten\Order CIALIS online without leaving home..url not found! Deletion of file C:\Dokumente und Einstellungen\All Users\Favoriten\Order CIALIS online without leaving home..url failed! Could not process line: C:\Dokumente und Einstellungen\All Users\Favoriten\Order CIALIS online without leaving home..url Status: 0xc0000034 File C:\Dokumente und Einstellungen\All Users\Favoriten\PC protection in under 2 minutes!.url not found! Deletion of file C:\Dokumente und Einstellungen\All Users\Favoriten\PC protection in under 2 minutes!.url failed! Could not process line: C:\Dokumente und Einstellungen\All Users\Favoriten\PC protection in under 2 minutes!.url Status: 0xc0000034 Could not open file C:\Dokumente und Einstellungen\All Users\Favoriten\*** Dating - Real Girls For Real ***.url for deletion Deletion of file C:\Dokumente und Einstellungen\All Users\Favoriten\*** Dating - Real Girls For Real ***.url failed! Could not process line: C:\Dokumente und Einstellungen\All Users\Favoriten\*** Dating - Real Girls For Real ***.url Status: 0xc0000033 File C:\Dokumente und Einstellungen\All Users\Favoriten\Stop PopUps On Your Computer.url not found! Deletion of file C:\Dokumente und Einstellungen\All Users\Favoriten\Stop PopUps On Your Computer.url failed! Could not process line: C:\Dokumente und Einstellungen\All Users\Favoriten\Stop PopUps On Your Computer.url Status: 0xc0000034 File C:\Dokumente und Einstellungen\All Users\Favoriten\VIAGRA at incredible low price. Bonus Pills!.url not found! Deletion of file C:\Dokumente und Einstellungen\All Users\Favoriten\VIAGRA at incredible low price. Bonus Pills!.url failed! Could not process line: C:\Dokumente und Einstellungen\All Users\Favoriten\VIAGRA at incredible low price. Bonus Pills!.url Status: 0xc0000034 File C:\Dokumente und Einstellungen\Labi\Anwendungsdaten\kc.tmp not found! Deletion of file C:\Dokumente und Einstellungen\Labi\Anwendungsdaten\kc.tmp failed! Could not process line: C:\Dokumente und Einstellungen\Labi\Anwendungsdaten\kc.tmp Status: 0xc0000034 File C:\Dokumente und Einstellungen\Labi\Lokale Einstellungen\Temp\setup.exe not found! Deletion of file C:\Dokumente und Einstellungen\Labi\Lokale Einstellungen\Temp\setup.exe failed! Could not process line: C:\Dokumente und Einstellungen\Labi\Lokale Einstellungen\Temp\setup.exe Status: 0xc0000034 File C:\WINDOWS\system32\{844116EE-E1C0-4F31-8849-3F1751AE1878}.exe not found! Deletion of file C:\WINDOWS\system32\{844116EE-E1C0-4F31-8849-3F1751AE1878}.exe failed! Could not process line: C:\WINDOWS\system32\{844116EE-E1C0-4F31-8849-3F1751AE1878}.exe Status: 0xc0000034 File C:\WINDOWS\system32\{4B917288-760A-43B9-8C27-50271833CF36}.exe not found! Deletion of file C:\WINDOWS\system32\{4B917288-760A-43B9-8C27-50271833CF36}.exe failed! Could not process line: C:\WINDOWS\system32\{4B917288-760A-43B9-8C27-50271833CF36}.exe Status: 0xc0000034 File C:\WINDOWS\system32\{657C0512-AFD4-4C79-BB24-D61E0D5B9E58}.exe not found! Deletion of file C:\WINDOWS\system32\{657C0512-AFD4-4C79-BB24-D61E0D5B9E58}.exe failed! Could not process line: C:\WINDOWS\system32\{657C0512-AFD4-4C79-BB24-D61E0D5B9E58}.exe Status: 0xc0000034 File C:\WINDOWS\system32\dmpwu.exe not found! Deletion of file C:\WINDOWS\system32\dmpwu.exe failed! Could not process line: C:\WINDOWS\system32\dmpwu.exe Status: 0xc0000034 File C:\WINDOWS\system32\cvmpt.exe not found! Deletion of file C:\WINDOWS\system32\cvmpt.exe failed! Could not process line: C:\WINDOWS\system32\cvmpt.exe Status: 0xc0000034 File C:\WINDOWS\system32\w0943c5d.dll not found! Deletion of file C:\WINDOWS\system32\w0943c5d.dll failed! Could not process line: C:\WINDOWS\system32\w0943c5d.dll Status: 0xc0000034 File C:\WINDOWS\system32\rjx68c31.sys not found! Deletion of file C:\WINDOWS\system32\rjx68c31.sys failed! Could not process line: C:\WINDOWS\system32\rjx68c31.sys Status: 0xc0000034 File C:\WINDOWS\system32\rjx68c31.dll not found! Deletion of file C:\WINDOWS\system32\rjx68c31.dll failed! Could not process line: C:\WINDOWS\system32\rjx68c31.dll Status: 0xc0000034 File C:\WINDOWS\system32\atmtd.dll not found! Deletion of file C:\WINDOWS\system32\atmtd.dll failed! Could not process line: C:\WINDOWS\system32\atmtd.dll Status: 0xc0000034 File C:\WINDOWS\system32\atmtd.dll._ not found! Deletion of file C:\WINDOWS\system32\atmtd.dll._ failed! Could not process line: C:\WINDOWS\system32\atmtd.dll._ Status: 0xc0000034 File C:\WINDOWS\system32\tsuninst.exe not found! Deletion of file C:\WINDOWS\system32\tsuninst.exe failed! Could not process line: C:\WINDOWS\system32\tsuninst.exe Status: 0xc0000034 Could not open file C:\Programme\KillAndClean\KillAndClean.exe for deletion Deletion of file C:\Programme\KillAndClean\KillAndClean.exe failed! Could not process line: C:\Programme\KillAndClean\KillAndClean.exe Status: 0xc000003a File C:\WINDOWS\rdt.ini not found! Deletion of file C:\WINDOWS\rdt.ini failed! Could not process line: C:\WINDOWS\rdt.ini Status: 0xc0000034 File C:\WINDOWS\balloon.wav not found! Deletion of file C:\WINDOWS\balloon.wav failed! Could not process line: C:\WINDOWS\balloon.wav Status: 0xc0000034 File C:\WINDOWS\teller2.chk not found! Deletion of file C:\WINDOWS\teller2.chk failed! Could not process line: C:\WINDOWS\teller2.chk Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. Scanning Report Saturday, August 05, 2006 15:46:20 - 16:15:16 Computer name: NAME-EA04B8400D Scanning type: Scan system for viruses, rootkits, spyware Target: C:\ D:\ E:\ Result: 71 malware found CoolWebSearch (spyware) * System (Disinfected) Possible Browser Hijack attempt (spyware) * System (Disinfected) Tracking Cookie (spyware) * System (Disinfected) * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System * System W32/Agent.GWI (virus) * C:\WINDOWS\SYSTEM32\{F7C2BC98-C517-47ED-AC47-024B7F9C5B50}.EXE Windows (spyware) * System (Disinfected) Statistics Scanned: * Files: 20102 * System: 15435 * Not scanned: 5 Actions: * Disinfected: 4 * Renamed: 0 * Deleted: 0 * None: 67 * Submitted: 0 Files not scanned: * C:\HIBERFIL.SYS * C:\PAGEFILE.SYS * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT * C:\PROGRAMME\SKYPE\PHONE\UNINS000.EXE * C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\MUVEE TECHNOLOGIES\030625\0237\0192\VALUES Options Scanning engines: * F-Secure AVP: 6.0.171, 2006-08-04 * F-Secure Libra: 2.4.1, 2006-08-02 * F-Secure Orion: 1.2.37, 2006-08-04 * F-Secure Blacklight: 1.0.31, 0000-00-00 * F-Secure Pegasus: 1.19.0, 2006-06-05 * F-Secure Draco: 1.0.35, 0259-24-212 Scanning options: * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX * Use Advanced heuristics Logfile of HijackThis v1.99.1 Scan saved at 16:21:34, on 05.08.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\CyberLink\Shared Files\RichVideo.exe C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Programme\WinAce\WinAce.exe C:\DOKUME~1\Labi\LOKALE~1\Temp\~AceTemp\hijackthis(2)\HijackThis.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe __________ mfg LaBi Dieser Beitrag wurde am 05.08.2006 um 16:33 Uhr von LaBi editiert.
|
|
|
|
|
|
|
05.08.2006, 16:31
Ehrenmitglied
Beiträge: 29434 |
#14
+
Frage: warum hast mit dem HijackThis du ALLES aus 04 rausgefixt ? nun musst du beim Antivirus wieder den Guard aktivieren........... ich hatte doch genau geschrieben, was zu fixen ist............ nicht alles waren Viren, vieles sind wichtige proggies auf deinem Rechner, die nun eventuell nicht mehr funktionieren.-------------- scanne noch mal, bis nichts mehr angezeigt wird F-Secure Online Scanner Next Generation Beta _______ du kannst dann noch scannen mit:Panda und Bitdefender/Online http://virus-protect.org/onlinescan.html +poste die reporte __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
05.08.2006, 16:41
Member
Themenstarter Beiträge: 30 |
#15
Panda:
Incident Status Location Adware:adware/cws Not disinfected c:\dokumente und einstellungen\all users\favoriten\Online Chat With Nude Girls.url Potentially unwanted tool:application/regclean32 Not disinfected C:\Dokumente und Einstellungen\Labi\Anwendungsdaten\Registry Cleaner Adware:adware/dollarrevenue Not disinfected Windows Registry Potentially unwanted tool:application/kill&clean Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{BF69DF00-2734-477F-8257-27CD04F88779} Adware:adware/commad Not disinfected Windows Registry Virus:Trj/Ruins.MB Disinfected C:\avenger\backup-05.08.2006-16.28.46,98.zip[avenger/dmpwu.exe] Adware:Adware/RazeSpyware Not disinfected C:\avenger\backup-05.08.2006-16.28.46,98.zip[avenger/{657C0512-AFD4-4C79-BB24-D61E0D5B9E58}.exe] Spyware:Cookie/Zedo Not disinfected C:\Dokumente und Einstellungen\Labi\Anwendungsdaten\Mozilla\Firefox\Profiles\qd573wp6.default\cookies.txt[.c5.zedo.com/] Not disinfected C:\Dokumente und Einstellungen\Labi\Cookies\labi@winfixer[2].txt Spyware:Cookie/Yadro Not disinfected C:\Dokumente und Einstellungen\Labi\Cookies\labi@yadro[1].txt Virus:Trj/Ruins.MB Disinfected C:\WINDOWS\system32\dmcac.exe Virus:Trj/Ruins.MB Disinfected C:\WINDOWS\system32\dmpoq.exe Virus:Trj/Ruins.MB Disinfected C:\WINDOWS\system32\dmyrl.exe Adware:Adware/CommAd Not disinfected C:\WINDOWS\TGFiaQ\asappsrv.dll Adware:Adware/CommAd Not disinfected C:\WINDOWS\TGFiaQ\n3I2uk.vbs DAs ist der erste: Scanning Report Saturday, August 05, 2006 16:36:50 - 17:07:04 Computer name: NAME-EA04B8400D Scanning type: Scan system for viruses, rootkits, spyware Target: C:\ D:\ E:\ Result: 3 malware found Tracking Cookie (spyware) * System (Disinfected) * System * System Statistics Scanned: * Files: 20238 * System: 4690 * Not scanned: 4 Actions: * Disinfected: 1 * Renamed: 0 * Deleted: 0 * None: 2 * Submitted: 0 Files not scanned: * C:\HIBERFIL.SYS * C:\PAGEFILE.SYS * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT * C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\MUVEE TECHNOLOGIES\030625\0237\0192\VALUES Options Scanning engines: * F-Secure AVP: 6.0.171, 2006-08-04 * F-Secure Libra: 2.4.1, 2006-08-02 * F-Secure Orion: 1.2.37, 2006-08-04 * F-Secure Blacklight: 1.0.31, 0000-00-00 * F-Secure Pegasus: 1.19.0, 2006-06-05 * F-Secure Draco: 1.0.35, 2006-08-03 Scanning options: * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX * Use Advanced heuristics Copyright © 1998-2006 Product support |Send virus sample to F-Secure F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability. __________ mfg LaBi Dieser Beitrag wurde am 05.08.2006 um 17:21 Uhr von LaBi editiert.
|
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Logfile of HijackThis v1.99.1
Scan saved at 08:56:49, on 04.08.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Medion Info Display\MdionLCM.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Logitech\G-series Software\LGDCore.exe
C:\Programme\Logitech\G-series Software\LCDMon.exe
C:\Programme\Mouse Driver\4DMAIN.EXE
C:\Programme\QuickTime\qttask.exe
C:\kybrdff_7.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Programme\Logitech\G-series Software\Applets\LCDClock.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Internet Explorer\iexplore.exe
D:\Xfire\Xfire.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\WinAce\WinAce.exe
C:\Programme\WinAce\WinAce.exe
C:\DOKUME~1\Labi\LOKALE~1\Temp\~AceTemp\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mafia-inc.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\privat\icq\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: (no name) - {63B089D3-D988-C1A6-7A34-90A654DEBA54} - utsgmon.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\privat\icq\ICQToolbar\toolbaru.dll
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MedionVFD] "C:\Programme\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [ICQ Lite] "C:\privat\icq\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programme\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Programme\Mouse Driver\4DMAIN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [outlook] C:\Programme\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_7.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_7.exe
O4 - HKLM\..\Run: [rjx68c31] RUNDLL32.EXE w0943c5d.dll,n 00268c2f0000000a0943c5d
O4 - HKLM\..\Run: [newname] C:\\nwnmff_7.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [keybdll] qwe.exe
O4 - HKLM\..\Run: [panel_its] 34763.exe
O4 - HKLM\..\Run: [cvmpt.exe] C:\WINDOWS\system32\cvmpt.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOLMIcon] C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent
O4 - HKCU\..\Run: [KillAndClean] "C:\Programme\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [Preliminary] StatusCheck.exe
O4 - HKCU\..\Run: [Shaitan1678] jopplerg.exe
O4 - HKCU\..\Run: [ATLIEHELPER] InpriseMon.exe
O4 - Startup: Xfire.lnk = D:\Xfire\Xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\privat\icq\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\privat\icq\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\privat\icq\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {A461BF3E-96B0-488F-9ACA-202335DDCC4B} - http://www.medionshop.de/ (file missing) (HKCU)
O12 - Plugin for .wav: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128778405937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149435882234
O17 - HKLM\System\CCS\Services\Tcpip\..\{00852C37-75B2-4F10-A1C4-FE30AA4AE44D}: NameServer = 85.255.116.130,85.255.112.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C5A9B24-33AF-4734-9C09-656696CFE8F3}: NameServer = 85.255.116.130,85.255.112.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3764FDF-9821-4B18-8DE2-3CAB94F5D08D}: NameServer = 85.255.116.130,85.255.112.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{E95E35F4-9C2C-4D71-B3F7-B37DBCCA9AC7}: NameServer = 85.255.116.130,85.255.112.20
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.130 85.255.112.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{00852C37-75B2-4F10-A1C4-FE30AA4AE44D}: NameServer = 85.255.116.130,85.255.112.20
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.130 85.255.112.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{00852C37-75B2-4F10-A1C4-FE30AA4AE44D}: NameServer = 85.255.116.130,85.255.112.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.130 85.255.112.20
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
__________
mfg
LaBi