Home » Viren, Trojaner & Malware Forum » Recht penetranter "Windows...Alert"+Popups+Antispyware *seufz* » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2 3 4

Antworten

Recht penetranter "Windows...Alert"+Popups+Antispyware seufz

Thema ist geschlossen!

08.08.2006, 19:39

Thecriss

Member

Beiträge: 29

#1 Hi zusammen...
erstmal, ein super Forum hier,hat mir schon viel Hilfestellung bei so manchem Problem gegeben;) Doch nun hats mich auch mit dem "windows ... alert" Trojaner,oder was immer das auch für ein Müll ist,erwischt:(
Bin leider Amateur auf dem Gebiet PC,also wenn Hilfestellung,dann bitte laaangsam ;)))
Hab mal nach den Anweisungen von "Neue Beiträge erstellen" angefangen:
1. ...................

Logfile of HijackThis v1.99.1
Scan saved at 19:10:58, on 08.08.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\smartdrv.exe
C:\WINDOWS\system32\officescan.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\Programme\Microsoft Works\WkDStore.exe
C:\Dokumente und Einstellungen\Dodge\Lokale Einstellungen\Temp\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: office_pnl.office_panel - {B53455DB-5527-4041-AC41-F86E6947AA47} - C:\WINDOWS\system32\office_pnl.dll
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) - http://-Web.Washer-/ie_add
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesde.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programme\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {84FAA847-1400-4400-BC93-D338EF03127B} - http://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Yahoo! Mensch - http://download.games.yahoo.com/games/clients/y/mat3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {14325268-79E0-4D2A-89A4-FFFC6E22741E} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_3_EN_XP.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {5C3A9EA6-4068-46B8-8B5A-692FB10607B1} (IntDialerData Class) - http://www.grupox.com/perf/DialerData.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1012_EN_XP.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp07.photoprintit.de/microsite/1119/defaults/activex/ImageUploader3.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E389B76-1702-43B0-8FFF-07046F351EFA}: NameServer = 217.237.151.161 217.237.150.188
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

2. ..................
Done ;)

3. ..................
Start Time= 08.08.2006 19:17:46,45
Running from: C:\Programme\Mozilla Firefox

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-08-08 19:14:50 3730 ( A.... ) "C:\Dokumente und Einstellungen\Dodge\Anwendungsdaten\wklnhst.dat"
2006-08-08 19:02:54 ( .D... ) "C:\Programme\CleanUp!"
2006-08-08 17:38:56 29952 ( A.... ) "C:\WINDOWS\system32\a.exe"
2006-08-08 17:38:56 25088 ( A.... ) "C:\WINDOWS\system32\questmod.dll"
2006-08-08 17:38:56 24576 ( A.... ) "C:\WINDOWS\system32\udpmod.dll"
2006-08-08 17:38:56 23296 ( A.... ) "C:\WINDOWS\system32\bridge.dll"
2006-08-08 17:38:56 22528 ( A.... ) "C:\WINDOWS\system32\jao.dll"
2006-08-08 17:38:54 27904 ( A.... ) "C:\WINDOWS\susp.exe"
2006-08-08 17:38:54 25600 ( A.... ) "C:\WINDOWS\Pynix.dll"
2006-08-08 17:38:54 24320 ( A.... ) "C:\WINDOWS\dlmax.dll"
2006-08-08 17:38:54 24064 ( A.... ) "C:\WINDOWS\system32\runsrv32.dll"
2006-08-08 17:38:54 22784 ( A.... ) "C:\WINDOWS\system32\txfdb32.dll"
2006-08-08 17:38:54 16640 ( A.... ) "C:\WINDOWS\system32\runsrv32.exe"
2006-08-08 17:38:54 13824 ( A.... ) "C:\WINDOWS\ZServ.dll"
2006-08-08 17:38:54 10240 ( A.... ) "C:\WINDOWS\BTGrab.dll"
2006-08-08 17:38:52 32256 ( A.... ) "C:\WINDOWS\alxie328.dll"
2006-08-08 17:38:52 24832 ( A.... ) "C:\WINDOWS\alxtb1.dll"
2006-08-08 17:38:52 16384 ( A.... ) "C:\WINDOWS\alexaie.dll"
2006-08-08 17:38:52 15360 ( A.... ) "C:\WINDOWS\system32\tcpservice2.exe"
2006-08-08 17:38:52 11776 ( A.... ) "C:\WINDOWS\system32\dailytoolbar.dll"
2006-08-08 17:38:52 11520 ( A.... ) "C:\WINDOWS\system32\alxres.dll"
2006-08-08 17:38:52 8448 ( A.... ) "C:\WINDOWS\system32\wstart.dll"
2006-08-08 17:18:52 ( .D... ) "C:\Dokumente und Einstellungen\Dodge\Anwendungsdaten\Lavasoft"
2006-08-08 16:52:58 8 ( A.... ) "C:\WINDOWS\system32\smaexp32.dll"
2006-08-08 16:48:22 17920 ( A.... ) "C:\WINDOWS\system32fab.exe"
2006-08-08 16:48:22 17920 ( A.... ) "C:\WINDOWS\system32\winblsrv.dll"
2006-08-08 16:48:18 94208 ( A.... ) "C:\WINDOWS\system32\officescan.exe"
2006-08-08 16:48:04 26624 ( A.... ) "C:\WINDOWS\system32\office_pnl.dll"
2006-08-08 16:48:00 11268 ( A.... ) "C:\WINDOWS\system32\smartdrv.exe"
2006-08-08 16:47:56 9220 ( A.... ) "C:\WINDOWS\system32\qruyzwci.exe"
2006-08-06 16:13:46 7425 ( A.... ) "C:\WINDOWS\system32\aepnktmx.exe"
2006-07-26 23:51:42 7466 ( A.... ) "C:\WINDOWS\system32\kwluwcsv.exe"
2006-07-19 10:53:14 7712 ( A.... ) "C:\WINDOWS\system32\ogkfmahr.exe"
2006-07-16 20:28:00 7712 ( A.... ) "C:\WINDOWS\system32\vugqxhgx.exe"
2006-07-09 10:33:12 7184 ( A.... ) "C:\WINDOWS\system32\hynhzzxt.exe"
2006-07-05 15:32:52 8704 ( A.... ) "C:\WINDOWS\system32\ghhzdffo.exe"
2006-07-02 10:20:46 7184 ( A.... ) "C:\WINDOWS\system32\jvckfvvq.exe"
2006-06-24 19:39:14 7240 ( A.... ) "C:\WINDOWS\system32\lryewfcl.exe"
2006-06-16 16:50:02 25992 ( A.... ) "C:\WINDOWS\system32\pgdfgsvc.exe"
2006-06-15 23:55:04 778240 ( A.... ) "C:\WINDOWS\system32\divx_xx0c.dll"
2006-06-15 23:55:04 778240 ( A.... ) "C:\WINDOWS\system32\divx_xx07.dll"
2006-06-15 23:55:04 761856 ( A.... ) "C:\WINDOWS\system32\divx_xx11.dll"
2006-06-15 23:55:04 620180 ( A.... ) "C:\WINDOWS\system32\DivX.dll"
2006-06-14 19:49:08 118784 ( A.... ) "C:\WINDOWS\system32\DivXCodecUpdateChecker.exe"
2006-06-12 21:22:08 520192 ( A.... ) "C:\WINDOWS\system32\DivXsm.exe"
2006-06-10 10:52:02 7666 ( A.... ) "C:\WINDOWS\system32\quzqyyti.exe"
2006-06-08 14:03:18 962 ( A.... ) "C:\WINDOWS\system32\users32.exe"
2006-06-08 14:03:14 8704 ( A.... ) "C:\WINDOWS\system32\sphuhmdl.exe"
2006-05-25 00:48:04 109568 ( ..... ) "C:\WINDOWS\system32\pxinsi64.exe"
2006-05-25 00:48:04 108544 ( ..... ) "C:\WINDOWS\system32\pxcpyi64.exe"
2006-05-25 00:47:12 3596288 ( A.... ) "C:\WINDOWS\system32\qt-dx331.dll"
2006-05-25 00:46:52 53248 ( A.... ) "C:\WINDOWS\system32\dpuGUI10.dll"
2006-05-25 00:46:44 593920 ( A.... ) "C:\WINDOWS\system32\dpuGUI11.dll"
2006-05-25 00:46:44 344064 ( A.... ) "C:\WINDOWS\system32\dpus11.dll"
2006-05-25 00:46:44 294912 ( A.... ) "C:\WINDOWS\system32\dpu11.dll"
2006-05-25 00:46:44 294912 ( A.... ) "C:\WINDOWS\system32\dpu10.dll"
2006-05-25 00:46:44 200704 ( A.... ) "C:\WINDOWS\system32\dtu100.dll"
2006-05-25 00:46:44 90112 ( A.... ) "C:\WINDOWS\system32\dpl100.dll"
2006-05-25 00:46:44 57344 ( A.... ) "C:\WINDOWS\system32\dpv11.dll"
2006-05-25 00:43:44 1044480 ( A.... ) "C:\WINDOWS\system32\libdivx.dll"
2006-05-25 00:43:44 200704 ( A.... ) "C:\WINDOWS\system32\ssldivx.dll"
2006-05-25 00:43:40 245408 ( A.... ) "C:\WINDOWS\system32\unicows.dll"
2006-05-20 16:49:08 501760 ( A.... ) "C:\WINDOWS\system32\Deutz Engine.scr"
2006-05-20 16:49:08 501760 ( A.... ) "C:\WINDOWS\system32\Deutz Engine.exe"
2006-05-19 15:09:50 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 15:09:50 112128 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 15:09:50 95744 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"
2006-01-17 22:39:58 4786 ( A.... ) "C:\Programme\audiograbber.ini"
2005-12-23 22:30:30 877910 ( A.... ) "C:\Programme\DVDDecrypter_3.5.4.0.zip"
2005-12-17 18:07:50 247 ( A.... ) "C:\Programme\default.m3u"
2005-10-16 18:01:24 817543 ( A.... ) "C:\Programme\Line-In.pdf"
2005-07-01 12:55:40 242915 ( A.... ) "C:\Programme\German.hlp"
2005-07-01 12:55:40 242915 ( A.... ) "C:\Programme\Audiograbber.hlp"
2005-06-29 20:48:56 11776 ( A.... ) "C:\Programme\vorbisfile.dll"
2005-06-29 20:48:44 64000 ( A.... ) "C:\Programme\vorbisenc.dll"
2005-06-29 20:48:14 138240 ( A.... ) "C:\Programme\vorbis.dll"
2005-06-29 20:47:40 9216 ( A.... ) "C:\Programme\ogg.dll"
2005-06-23 17:47:26 178412 ( A.... ) "C:\Programme\Erste_Schritte.pdf"
2005-06-22 14:13:18 1865 ( A.... ) "C:\Programme\german.cnt"
2005-06-22 14:13:18 1865 ( A.... ) "C:\Programme\audiograbber.cnt"
2005-05-16 18:41:56 5097960 ( A.... ) "C:\Programme\Firefox Setup 1.0.4.exe"
2005-05-16 08:20:42 760 ( A.... ) "C:\Programme\audiograbber.apr"
2005-04-12 15:00:30 386 ( A.... ) "C:\Programme\Auto.Nam"
2004-11-20 10:03:40 780048 ( A.... ) "C:\Programme\SetupDVDDecrypter_3[1].2.3.0.zip"
2004-10-20 00:28:02 2080768 ( ..... ) "C:\Programme\setupGTX.exe"
2004-10-14 05:15:22 870912 ( ..... ) "C:\Programme\iview392.exe"
2004-09-01 15:36:12 2244943 ( A.... ) "C:\Programme\animake.zip"
2004-09-01 15:27:08 2348119 ( ..... ) "C:\Programme\animake.exe"
2004-07-25 05:13:34 139937 ( A.... ) "C:\Programme\cwshredder.zip"
2004-07-18 03:19:06 2150574 ( A.... ) "C:\Programme\aaw6181.exe (Virenscan).exe"
2004-06-30 13:37:50 4100420 ( A.... ) "C:\Programme\p2p30110.exe"
2004-06-30 13:36:46 17939 ( A.... ) "C:\Programme\WinXP_Ordering.zip"
2004-06-30 13:35:44 777140 ( A.... ) "C:\Programme\anleitung_kalibrierung.zip"
2004-05-08 15:06:46 5246408 ( A.... ) "C:\Programme\SetupDl.exe"
2004-05-08 14:40:58 1008192 ( A.... ) "C:\Programme\mmssetup.exe"
2004-05-03 20:21:08 2715928 ( A.... ) "C:\Programme\WindowsXP-KB835732-x86-DEU.EXE"
2004-05-01 00:04:32 6351504 ( A.... ) "C:\Programme\zalarm.exe"
2004-04-30 23:51:32 1584605 ( A.... ) "C:\Programme\ps_radio.exe"
2004-04-30 23:48:02 4911314 ( A.... ) "C:\Programme\20040429-018-i32.exe"
2004-04-23 21:33:58 1950272 ( A.... ) "C:\Programme\ppviewer.exe"
2004-02-09 05:48:52 899072 ( A.... ) "C:\Programme\audiograbber.exe"
2004-01-25 23:40:06 77824 ( A.... ) "C:\Programme\Schlecker-Foto2.exe"
2004-01-25 23:38:48 77824 ( A.... ) "C:\Programme\Schlecker-Foto.exe"
2003-12-23 16:22:54 3342073 ( A.... ) "C:\Programme\DVDx_2_1.zip"
2003-12-22 03:04:58 3225 ( A.... ) "C:\Programme\ASPICHK.TXT"
2003-12-22 02:56:24 812282 ( A.... ) "C:\Programme\FlasKMPEG_0594.exe"
2003-12-22 02:34:54 115200 ( A.... ) "C:\Programme\aspichk.exe"
2003-08-14 19:13:12 40960 ( A.... ) "C:\Programme\Uninstall_PCM.exe"
2003-02-09 12:04:00 46092 ( A.... ) "C:\Programme\French.lng"
2003-02-08 18:56:00 44863 ( A.... ) "C:\Programme\German.lng"
2002-01-03 22:50:10 155648 ( A.... ) "C:\Programme\WMA8Connect.dll"
2001-12-21 00:15:16 43771 ( A.... ) "C:\Programme\Italian.lng"
2001-12-20 15:11:30 42533 ( A.... ) "C:\Programme\Spanish.lng"
2000-06-27 19:18:48 995328 ( A.... ) "C:\Programme\FlasKMPEG.exe"
2000-06-13 03:04:52 690176 ( A.... ) "C:\Programme\mpeg.cm.flask"
2000-05-06 17:33:48 102400 ( A.... ) "C:\Programme\aviout.cm.flask"
2000-01-16 01:01:02 36352 ( A.... ) "C:\Programme\ag12full.dll"
1995-10-18 17:18:50 18321 ( A.... ) "C:\Programme\copying"

(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))

2006-08-08 17:38 8.448 C:\WINDOWS\system32\wstart.dll
2006-08-08 17:38 32.256 C:\WINDOWS\alxie328.dll
2006-08-08 17:38 29.952 C:\WINDOWS\system32\a.exe
2006-08-08 17:38 27.904 C:\WINDOWS\susp.exe
2006-08-08 17:38 25.600 C:\WINDOWS\Pynix.dll
2006-08-08 17:38 25.088 C:\WINDOWS\system32\questmod.dll
2006-08-08 17:38 24.832 C:\WINDOWS\alxtb1.dll
2006-08-08 17:38 24.576 C:\WINDOWS\system32\udpmod.dll
2006-08-08 17:38 24.320 C:\WINDOWS\dlmax.dll
2006-08-08 17:38 24.064 C:\WINDOWS\system32\runsrv32.dll
2006-08-08 17:38 23.296 C:\WINDOWS\system32\bridge.dll
2006-08-08 17:38 22.784 C:\WINDOWS\system32\txfdb32.dll
2006-08-08 17:38 22.528 C:\WINDOWS\system32\jao.dll
2006-08-08 17:38 16.640 C:\WINDOWS\system32\runsrv32.exe
2006-08-08 17:38 16.384 C:\WINDOWS\alexaie.dll
2006-08-08 17:38 15.360 C:\WINDOWS\system32\tcpservice2.exe
2006-08-08 17:38 13.824 C:\WINDOWS\ZServ.dll
2006-08-08 17:38 11.776 C:\WINDOWS\system32\dailytoolbar.dll
2006-08-08 17:38 11.520 C:\WINDOWS\system32\alxres.dll
2006-08-08 17:38 10.240 C:\WINDOWS\BTGrab.dll
2006-08-08 16:52 8 C:\WINDOWS\system32\smaexp32.dll
2006-08-08 16:48 94.208 C:\WINDOWS\system32\officescan.exe
2006-08-08 16:48 17.920 C:\WINDOWS\system32fab.exe
2006-08-08 16:48 17.920 C:\WINDOWS\system32\winblsrv.dll
2006-08-08 16:47 9.220 C:\WINDOWS\system32\qruyzwci.exe
2006-08-08 16:47 26.624 C:\WINDOWS\system32\office_pnl.dll
2006-08-08 16:47 11.268 C:\WINDOWS\system32\smartdrv.exe
2006-08-06 16:13 7.425 C:\WINDOWS\system32\aepnktmx.exe
2006-07-26 23:51 7.466 C:\WINDOWS\system32\kwluwcsv.exe
2006-07-19 10:53 7.712 C:\WINDOWS\system32\ogkfmahr.exe
2006-07-16 20:27 7.712 C:\WINDOWS\system32\vugqxhgx.exe
2006-07-09 10:33 7.184 C:\WINDOWS\system32\hynhzzxt.exe
2006-07-05 15:32 8.704 C:\WINDOWS\system32\ghhzdffo.exe
2006-07-02 10:20 7.184 C:\WINDOWS\system32\jvckfvvq.exe
2006-06-25 17:02 109.568 C:\WINDOWS\system32\pxinsi64.exe
2006-06-25 17:02 108.544 C:\WINDOWS\system32\pxcpyi64.exe
2006-06-24 19:39 7.240 C:\WINDOWS\system32\lryewfcl.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"Microsoft Works Update Detection"="C:\\Programme\\Gemeinsame Dateien\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe"
"LogitechVideoRepair"="C:\\Programme\\Logitech\\Video\\ISStart.exe"
"LogitechVideoTray"="C:\\Programme\\Logitech\\Video\\LogiTray.exe"
"LogitechGalleryRepair"="C:\\Programme\\Logitech\\Video\\ISStart.exe"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"AVGCtrl"="\"C:\\Programme\\AVPersonal\\AVGNT.EXE\" /min"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -minimize"
"Transponder"="C:\\WINDOWS\\system32\\susp.exe"
"Adware.Srv32"="C:\\WINDOWS\\system32\\runsrv32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LDM"="C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\Srv32 spool service]
"Adware.Srv32"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\Srv32 spool service]
"Adware.Srv32"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PcSync"="C:\\Programme\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"PhonostarAgent"="C:\\Programme\\phonostar\\ps_agent.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Kontrollfeld für die kabellose Tastatur.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Kontrollfeld für die kabellose Tastatur.lnk"
"backup"="C:\\WINDOWS\\pss\\Kontrollfeld für die kabellose Tastatur.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\CNYHKey.exe "
"item"="Kontrollfeld für die kabellose Tastatur"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^PrecisionTime.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\PrecisionTime.lnk"
"backup"="C:\\WINDOWS\\pss\\PrecisionTime.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Programme\\PrecisionTime\\PrecisionTime.exe "
"item"="PrecisionTime"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntivirusRegistration]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EzAntivirusRegistrationCheck"
"hkey"="HKLM"
"command"="C:\\Programme\\Excid.com Aps\\eTrust Antivirus Registration\\EzAntivirusRegistrationCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mHotkey"
"hkey"="HKLM"
"command"="mHotkey.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RunDll32 cmicnfg"
"hkey"="HKLM"
"command"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dit"
"hkey"="HKLM"
"command"="Dit.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="C:\\Programme\\iTunes\\iTunesHelper.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxbkbmgr"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PCMService"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Medion Home Cinema XL II\\PowerCinema\\PCMService.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSTA.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PRISMSTA"
"hkey"="HKLM"
"command"="PRISMSTA.EXE START"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realmon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe -s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-DSL SpeedMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpeedMgr"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\T-DSLS~1\\SpeedMgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DataLayer"="C:\\Programme\\Gemeinsame Dateien\\PCSuite\\DataLayer\\DataLayer.exe"
"PCSuiteTrayApplication"="C:\\Programme\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -onlytray"

Contents of the 'Scheduled Tasks' folder

Completion time: 08.08.2006 19:18:00,51
ComboFix ver 06.07.15/29 - This logfile is located at C:\ComboFix.txt

4.1..............
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\WINDOWS\system32

08.08.2006 19:17 51.814 perfc009.dat
08.08.2006 19:17 376.016 perfh009.dat
08.08.2006 19:17 62.578 perfc007.dat
08.08.2006 19:17 386.338 perfh007.dat
08.08.2006 19:17 886.752 PerfStringBackup.INI
08.08.2006 17:38 24.576 udpmod.dll
08.08.2006 17:38 25.088 questmod.dll
08.08.2006 17:38 22.528 jao.dll
08.08.2006 17:38 23.296 bridge.dll
08.08.2006 17:38 29.952 a.exe
08.08.2006 17:38 16.640 runsrv32.exe
08.08.2006 17:38 22.784 txfdb32.dll
08.08.2006 17:38 24.064 runsrv32.dll
08.08.2006 17:38 8.448 wstart.dll
08.08.2006 17:38 15.360 tcpservice2.exe
08.08.2006 17:38 11.776 dailytoolbar.dll
08.08.2006 17:38 11.520 alxres.dll
08.08.2006 16:53 0 lrf.dat
08.08.2006 16:53 8 winlogon.ini
08.08.2006 16:52 6.444 mshtml32.tdb
08.08.2006 16:52 8 smaexp32.dll
08.08.2006 16:48 17.920 winblsrv.dll
08.08.2006 16:48 94.208 officescan.exe
08.08.2006 16:48 26.624 office_pnl.dll
08.08.2006 16:47 11.268 smartdrv.exe
08.08.2006 16:47 9.220 qruyzwci.exe
06.08.2006 16:13 7.425 aepnktmx.exe
06.08.2006 15:39 2.206 wpa.dbl
26.07.2006 23:51 7.466 kwluwcsv.exe
23.07.2006 15:12 252 lvcoinst.log
19.07.2006 10:53 7.712 ogkfmahr.exe
16.07.2006 20:27 7.712 vugqxhgx.exe
09.07.2006 10:33 7.184 hynhzzxt.exe
07.07.2006 03:21 6.757.792 MRT.exe
05.07.2006 15:32 8.704 ghhzdffo.exe
02.07.2006 10:20 7.184 jvckfvvq.exe
24.06.2006 19:39 7.240 lryewfcl.exe
16.06.2006 16:50 25.992 pgdfgsvc.exe
15.06.2006 23:55 778.240 divx_xx07.dll
15.06.2006 23:55 778.240 divx_xx0c.dll
15.06.2006 23:55 761.856 divx_xx11.dll
15.06.2006 23:55 620.180 DivX.dll
14.06.2006 19:49 118.784 DivXCodecUpdateChecker.exe
13.06.2006 23:36 700.416 divxdec.ax
12.06.2006 21:22 520.192 DivXsm.exe
12.06.2006 21:22 4.276 divxsm.tlb
12.06.2006 21:22 10.863 dsm_ja.qm
12.06.2006 21:22 15.507 dsm_de.qm
12.06.2006 21:22 15.299 dsm_fr.qm
10.06.2006 10:52 7.666 quzqyyti.exe
08.06.2006 14:03 962 users32.exe
08.06.2006 14:03 8.704 sphuhmdl.exe
01.06.2006 20:47 163.840 jgdw400.dll
01.06.2006 20:47 27.648 jgpl400.dll
29.05.2006 17:30 1.494.016 shdocvw.dll
25.05.2006 00:48 421.888 pxdrv.dll
25.05.2006 00:48 108.544 pxcpyi64.exe
25.05.2006 00:48 109.568 pxinsi64.exe
25.05.2006 00:48 172.032 pxmas.dll
25.05.2006 00:48 372.736 px.dll
25.05.2006 00:48 56.832 pxcpya64.exe
25.05.2006 00:48 61.440 pxhpinst.exe
25.05.2006 00:48 56.320 pxinsa64.exe
25.05.2006 00:48 339.968 pxwave.dll
25.05.2006 00:48 28.672 vxblock.dll
25.05.2006 00:47 3.596.288 qt-dx331.dll
25.05.2006 00:46 53.248 dpuGUI10.dll
25.05.2006 00:46 90.112 dpl100.dll
25.05.2006 00:46 593.920 dpuGUI11.dll
25.05.2006 00:46 200.704 dtu100.dll
25.05.2006 00:46 344.064 dpus11.dll
25.05.2006 00:46 57.344 dpv11.dll
25.05.2006 00:46 294.912 dpu10.dll
25.05.2006 00:46 294.912 dpu11.dll
25.05.2006 00:43 352.401 DivXMedia.ax
25.05.2006 00:43 1.044.480 libdivx.dll
25.05.2006 00:43 200.704 ssldivx.dll
25.05.2006 00:43 245.408 unicows.dll
20.05.2006 16:49 228 Deutz Engine.log
20.05.2006 16:49 501.760 Deutz Engine.exe
20.05.2006 16:49 501.760 Deutz Engine.scr
20.05.2006 16:49 1.350 Deutz Engine.ssp
20.05.2006 16:49 15.310.852 Deutz Engine.002
20.05.2006 16:49 29.493.252 Deutz Engine.001
20.05.2006 16:49 0 Deutz Engine.mda
19.05.2006 17:09 3.073.536 mshtml.dll
19.05.2006 15:09 148.480 dnsapi.dll
19.05.2006 15:09 95.744 iphlpapi.dll
19.05.2006 15:09 112.128 dhcpcsvc.dll
18.05.2006 07:36 450.560 jscript.dll
14.05.2006 10:48 181.248 rasmans.dll
11.05.2006 10:57 27.136 xpsp3res.dll
10.05.2006 07:23 664.064 wininet.dll
10.05.2006 07:22 615.936 urlmon.dll
10.05.2006 07:22 474.624 shlwapi.dll
10.05.2006 07:22 146.432 msrating.dll
10.05.2006 07:22 39.424 pngfilt.dll
10.05.2006 07:22 448.512 mshtmled.dll
10.05.2006 07:22 532.480 mstime.dll
10.05.2006 07:22 96.768 inseng.dll
10.05.2006 07:22 16.384 jsproxy.dll
10.05.2006 07:22 251.392 iepeers.dll
10.05.2006 07:22 357.888 dxtmsft.dll
10.05.2006 07:22 1.056.256 danim.dll
10.05.2006 07:22 205.312 dxtrans.dll
10.05.2006 07:22 55.808 extmgr.dll
10.05.2006 07:22 152.064 cdfview.dll
10.05.2006 07:22 1.022.976 browseui.dll

4.2.............
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\DOKUME~1\Dodge\LOKALE~1\Temp

08.08.2006 19:25 240 datFind-3.zip
08.08.2006 19:24 240 datFind-2.zip
08.08.2006 19:24 240 datFind-1.zip
08.08.2006 19:23 206 jusched.log
08.08.2006 19:19 49.152 ~DF8DB6.tmp
08.08.2006 19:19 240 datFind.zip
28.06.2004 19:42 24.576 IadHide4.dll
7 Datei(en) 74.894 Bytes
0 Verzeichnis(se), 14.302.482.432 Bytes frei

4.3 ................
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\WINDOWS

08.08.2006 19:19 1.775.626 WindowsUpdate.log
08.08.2006 19:18 227.384 setupact.log
08.08.2006 19:13 0 0.log
08.08.2006 19:13 3.922 ModemLog_Creatix V.9X DSP Data Fax Modem.txt
08.08.2006 19:13 159 wiadebug.log
08.08.2006 19:13 50 wiaservc.log
08.08.2006 19:13 2.048 bootstat.dat
08.08.2006 19:12 32.622 SchedLgU.Txt
08.08.2006 19:11 6.147 infected.gif
08.08.2006 17:43 1.791 win_logo.gif
08.08.2006 17:38 24.320 dlmax.dll
08.08.2006 17:38 25.600 Pynix.dll
08.08.2006 17:38 10.240 BTGrab.dll
08.08.2006 17:38 13.824 ZServ.dll
08.08.2006 17:38 27.904 susp.exe
08.08.2006 17:38 24.832 alxtb1.dll
08.08.2006 17:38 32.256 alxie328.dll
08.08.2006 17:38 16.384 alexaie.dll
08.08.2006 16:48 17.920 system32fab.exe
06.08.2006 12:25 72 bg_bg.gif
06.08.2006 12:24 1.014 yellow_warning_ico.gif
06.08.2006 12:24 3.031 spyware_detected.gif
06.08.2006 12:24 1.743 safe_and_trusted.gif
06.08.2006 12:24 1.743 remove_spyware_header.gif
06.08.2006 12:24 1.472 red_warning_ico.gif
06.08.2006 12:24 12.192 product_box.gif
06.08.2006 12:24 151 navibar_corner_right.gif
06.08.2006 12:24 150 navibar_corner_left.gif
06.08.2006 12:24 53 navibar_bg.gif
06.08.2006 12:24 3.390 logo.gif
06.08.2006 12:24 46 infected_top_bg.gif
06.08.2006 12:24 3.877 icon_warning_big.gif
06.08.2006 12:24 15.618 free_scan_red_btn.gif
06.08.2006 12:24 3.968 download_product.gif
06.08.2006 12:24 1.230 download.gif
06.08.2006 12:24 64 close_ico.gif
06.08.2006 12:24 2.359 click_for_free_scan.gif
06.08.2006 12:24 867 buy_now.gif
06.08.2006 12:24 4.970 big_red_x.gif
30.07.2006 18:08 338 lexstat.ini
27.07.2006 00:38 127.535 wmsetup.log
23.07.2006 15:12 9.801 setupapi.log
21.07.2006 21:21 202 NeroDigital.ini
15.07.2006 23:51 147.542 iis6.log
15.07.2006 23:51 50.445 ocmsn.log
15.07.2006 23:51 1.374 imsins.log
15.07.2006 23:51 420.243 tsoc.log
15.07.2006 23:51 339.977 comsetup.log
15.07.2006 23:51 218.298 ntdtcsetup.log
15.07.2006 23:51 12.745 KB916595.log
15.07.2006 23:51 629.789 ocgen.log
15.07.2006 23:51 55.620 msgsocm.log
15.07.2006 23:51 1.010.278 FaxSetup.log
14.07.2006 13:12 1.374 imsins.BAK
14.07.2006 13:12 11.940 KB917159.log
14.07.2006 13:12 12.561 KB914388.log
14.07.2006 13:12 39.258 updspapi.log
17.06.2006 03:10 33.264 spupdsvc.log
17.06.2006 03:02 12.531 KB917734.log
17.06.2006 03:02 1.054.919 setupapi.log.0.old
17.06.2006 03:01 14.774 KB918439.log
17.06.2006 03:01 15.133 KB917344.log
17.06.2006 03:01 14.909 KB917953.log
17.06.2006 03:01 14.886 KB911280.log
17.06.2006 03:01 18.104 KB916281.log
17.06.2006 03:00 11.521 KB914389.log
25.05.2006 01:39 0 msds.dat
19.05.2006 16:46 121 GEARInstall.log
11.05.2006 23:57 11.702 KB913580.log

4.4 .......................
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\

08.08.2006 19:30 0 sys.txt
08.08.2006 19:29 18.000 windows.txt
08.08.2006 19:28 18.000 system.txt
08.08.2006 19:26 584 systemtemp.txt
08.08.2006 19:25 109.023 system32.txt
08.08.2006 19:18 22.136 ComboFix.txt
08.08.2006 19:13 536.399.872 hiberfil.sys
08.08.2006 19:13 805.306.368 pagefile.sys
06.08.2006 12:27 0 uniq

----------------------------------------------------
Naja,die üblichen Popups gehen auf:
"WARNING!SPYWARE DETECTD."
" BTgrab.dll is infected with dangerous spyware or adware!"
bzw.
"alxres.dll"
bzw.
"alxie328"

Wenn ich draufklicke komme ich über den Explorer (obwohl ich nur den Firefox benutze) auf die Homepage von "Antispyware" usw.
Vorgestern konnte ich weder die Firewall wieder aktivieren noch einen Screenshot der Popups machen.Nach einer Systemrückstellung,ging die Firewall wieder. Auch das Problem war scheinbar beseitigt,also gestern kams nicht einmal.
Erst heute wieder und ich war am Haare raufen;)
Erst durch das Forum hier wieder hab ich gefunden das es doch was böseres ist.

Vielleicht hat mir jemand paar Tips die ich noch versuchen könnte,ausser mein Antivir,Lavasoft-Scanner oder so Free-zeugs halt;) Bin da echt Laie drin,daher kein Plan wie die alle heissen ;)

Für Tips wär ich sehr dankbar;)
Chris

---------------------------------------------------------------------------
EDIT:
Hab grad noch des housecall65 drüberlaufen lassen.
Wurde gefunden:
-TROJ_DLOADER.DOG
-TROJ_AGENT.OJ
-TROJ_DLOADER.CFS
-TROJ_SMALL.AYU
-TROJ_SMALL.BZM
-TROJ_DLOADER.BGT
-TROJ_DLOADER.BIA
-TROJ_FAKEALRT.T
-ADWARE_ALEXA
-ADWARE_GAIN
-ADWARE_PLAYTECH
-ADWARE_CDT
-DIALER_LIVESERVICE
-DIALER_QUESTMOD
-ADWARE_ABETTERINTERNET
-ADWARE_LOP
-DIALER_TIBS
-ADWARE_POPSSTOP
-ADWARE_BHO_WSTART
-ADWARE_DAILYBAR
-SPYWARE_TRAK_BRISS
-TSPY_WINTRIM.AJ
-DIALER_MAROSINVERSIONES
-TSPY_WINTRIM.A
-TSPY_WINTRIM.BC
-HACKINGTOOLS_CAIN
-TSPY_BLACKSTONE
-ADWARE_TFACTORY
-TSPY_RENOS
-HTTP-COOKIES

Habe die gefundenen Infektionen gesäubert bzw. gelöscht.
Hoffe das hilft weiter ;)

Dieser Beitrag wurde am 08.08.2006 um 22:33 Uhr von Thecriss editiert.

09.08.2006, 00:46

Sabina

Ehrenmitglied

Beiträge: 29434

#2 1.
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:

Zitat

Files to delete:

C:\WINDOWS\system32\udpmod.dll
C:\WINDOWS\system32\questmod.dll
C:\WINDOWS\system32\jao.dll
C:\WINDOWS\system32\bridge.dll
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\runsrv32.exe
C:\WINDOWS\system32\txfdb32.dll
C:\WINDOWS\system32\runsrv32.dll
C:\WINDOWS\system32\wstart.dll
C:\WINDOWS\system32\tcpservice2.exe
C:\WINDOWS\system32\dailytoolbar.dll
C:\WINDOWS\system32\alxres.dll
C:\WINDOWS\system32\lrf.dat
C:\WINDOWS\system32\winlogon.ini
C:\WINDOWS\system32\mshtml32.tdb
C:\WINDOWS\system32\smaexp32.dll
C:\WINDOWS\system32\winblsrv.dll
C:\WINDOWS\system32\officescan.exe
C:\WINDOWS\system32\office_pnl.dll
C:\WINDOWS\system32\smartdrv.exe
C:\WINDOWS\system32\qruyzwci.exe
C:\WINDOWS\system32\aepnktmx.exe
C:\WINDOWS\system32\kwluwcsv.exe
C:\WINDOWS\system32\ogkfmahr.exe
C:\WINDOWS\system32\vugqxhgx.exe
C:\WINDOWS\system32\hynhzzxt.exe
C:\WINDOWS\system32\ghhzdffo.exe
C:\WINDOWS\system32\jvckfvvq.exe
C:\WINDOWS\system32\lryewfcl.exe
C:\WINDOWS\system32\pgdfgsvc.exe
C:\WINDOWS\system32\quzqyyti.exe
C:\WINDOWS\system32\users32.exe
C:\WINDOWS\system32\sphuhmdl.exe
C:\uniq
C:\WINDOWS\infected.gif
C:\WINDOWS\win_logo.gif
C:\WINDOWS\dlmax.dll
C:\WINDOWS\Pynix.dll
C:\WINDOWS\BTGrab.dll
C:\WINDOWS\ZServ.dll
C:\WINDOWS\susp.exe
C:\WINDOWS\alxtb1.dll
C:\WINDOWS\alxie328.dll
C:\WINDOWS\alexaie.dll
C:\WINDOWS\system32\fab.exe
C:\WINDOWS\bg_bg.gif
C:\WINDOWS\yellow_warning_ico.gif
C:\WINDOWS\spyware_detected.gif
C:\WINDOWS\safe_and_trusted.gif
C:\WINDOWS\remove_spyware_header.gif
C:\WINDOWS\red_warning_ico.gif
C:\WINDOWS\product_box.gif
C:\WINDOWS\navibar_corner_right.gif
C:\WINDOWS\navibar_corner_left.gif
C:\WINDOWS\navibar_bg.gif
C:\WINDOWS\logo.gif
C:\WINDOWS\infected_top_bg.gif
C:\WINDOWS\icon_warning_big.gif
C:\WINDOWS\free_scan_red_btn.gif
C:\WINDOWS\download_product.gif
C:\WINDOWS\download.gif
C:\WINDOWS\close_ico.gif
C:\WINDOWS\click_for_free_scan.gif
C:\WINDOWS\buy_now.gif
C:\WINDOWS\big_red_x.gif

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

**
poste das log vom Avenger, was nach neustart erscheint

**
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - (no file)

O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)

O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: office_pnl.office_panel - {B53455DB-5527-4041-AC41-F86E6947AA47} - C:\WINDOWS\system32\office_pnl.dll
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)

O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe

O16 - DPF: {5C3A9EA6-4068-46B8-8B5A-692FB10607B1} (IntDialerData Class) - http://www.grupox.com/perf/DialerData.cab

PC neustarten

**
arbeite smitfraud.fix ab und poste die Reporte von Option 1 und 2
http://virus-protect.org/artikel/tools/smitfrautfix.html

**
poste noch mal die 4 logs von datfindbat + das log von combofix
__________
MfG Sabina

rund um die PC-Sicherheit

09.08.2006, 15:03

Thecriss

Member

Themenstarter

Beiträge: 29

#3 Oh,super,Danke für die schnelle Antwort/Hilfe

)

Nach dem Neustart,nach dem Avenger kam "Kein Datenträger in Laufwerk,bitte eins einlegen,blabla..." Meldung ging erst mit "Abbrechen" weg. War das gewollt?
---------------------------------------------------------------------------
Log vom Avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\fndsmigk

*******************

Script file located at: \??\C:\WINDOWS\system32\mgxbvnvj.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\udpmod.dll deleted successfully.
File C:\WINDOWS\system32\questmod.dll deleted successfully.
File C:\WINDOWS\system32\jao.dll deleted successfully.
File C:\WINDOWS\system32\bridge.dll deleted successfully.
File C:\WINDOWS\system32\a.exe deleted successfully.
File C:\WINDOWS\system32\runsrv32.exe deleted successfully.
File C:\WINDOWS\system32\txfdb32.dll deleted successfully.
File C:\WINDOWS\system32\runsrv32.dll deleted successfully.
File C:\WINDOWS\system32\wstart.dll deleted successfully.
File C:\WINDOWS\system32\tcpservice2.exe deleted successfully.
File C:\WINDOWS\system32\dailytoolbar.dll deleted successfully.
File C:\WINDOWS\system32\alxres.dll deleted successfully.
File C:\WINDOWS\system32\lrf.dat deleted successfully.
File C:\WINDOWS\system32\winlogon.ini deleted successfully.
File C:\WINDOWS\system32\mshtml32.tdb deleted successfully.
File C:\WINDOWS\system32\smaexp32.dll deleted successfully.
File C:\WINDOWS\system32\winblsrv.dll deleted successfully.
File C:\WINDOWS\system32\officescan.exe deleted successfully.
File C:\WINDOWS\system32\office_pnl.dll deleted successfully.
File C:\WINDOWS\system32\smartdrv.exe deleted successfully.
File C:\WINDOWS\system32\qruyzwci.exe deleted successfully.

File C:\WINDOWS\system32\aepnktmx.exe not found!
Deletion of file C:\WINDOWS\system32\aepnktmx.exe failed!

Could not process line:
C:\WINDOWS\system32\aepnktmx.exe
Status: 0xc0000034

File C:\WINDOWS\system32\kwluwcsv.exe deleted successfully.

File C:\WINDOWS\system32\ogkfmahr.exe not found!
Deletion of file C:\WINDOWS\system32\ogkfmahr.exe failed!

Could not process line:
C:\WINDOWS\system32\ogkfmahr.exe
Status: 0xc0000034

File C:\WINDOWS\system32\vugqxhgx.exe not found!
Deletion of file C:\WINDOWS\system32\vugqxhgx.exe failed!

Could not process line:
C:\WINDOWS\system32\vugqxhgx.exe
Status: 0xc0000034

File C:\WINDOWS\system32\hynhzzxt.exe not found!
Deletion of file C:\WINDOWS\system32\hynhzzxt.exe failed!

Could not process line:
C:\WINDOWS\system32\hynhzzxt.exe
Status: 0xc0000034

File C:\WINDOWS\system32\ghhzdffo.exe not found!
Deletion of file C:\WINDOWS\system32\ghhzdffo.exe failed!

Could not process line:
C:\WINDOWS\system32\ghhzdffo.exe
Status: 0xc0000034

File C:\WINDOWS\system32\jvckfvvq.exe not found!
Deletion of file C:\WINDOWS\system32\jvckfvvq.exe failed!

Could not process line:
C:\WINDOWS\system32\jvckfvvq.exe
Status: 0xc0000034

File C:\WINDOWS\system32\lryewfcl.exe deleted successfully.
File C:\WINDOWS\system32\pgdfgsvc.exe deleted successfully.

File C:\WINDOWS\system32\quzqyyti.exe not found!
Deletion of file C:\WINDOWS\system32\quzqyyti.exe failed!

Could not process line:
C:\WINDOWS\system32\quzqyyti.exe
Status: 0xc0000034

File C:\WINDOWS\system32\users32.exe deleted successfully.

File C:\WINDOWS\system32\sphuhmdl.exe not found!
Deletion of file C:\WINDOWS\system32\sphuhmdl.exe failed!

Could not process line:
C:\WINDOWS\system32\sphuhmdl.exe
Status: 0xc0000034

File C:\uniq deleted successfully.
File C:\WINDOWS\infected.gif deleted successfully.
File C:\WINDOWS\win_logo.gif deleted successfully.
File C:\WINDOWS\dlmax.dll deleted successfully.
File C:\WINDOWS\Pynix.dll deleted successfully.
File C:\WINDOWS\BTGrab.dll deleted successfully.
File C:\WINDOWS\ZServ.dll deleted successfully.
File C:\WINDOWS\susp.exe deleted successfully.
File C:\WINDOWS\alxtb1.dll deleted successfully.
File C:\WINDOWS\alxie328.dll deleted successfully.
File C:\WINDOWS\alexaie.dll deleted successfully.

File C:\WINDOWS\system32fab.exe not found!
Deletion of file C:\WINDOWS\system32fab.exe failed!

Could not process line:
C:\WINDOWS\system32fab.exe
Status: 0xc0000034

File C:\WINDOWS\bg_bg.gif deleted successfully.
File C:\WINDOWS\yellow_warning_ico.gif deleted successfully.
File C:\WINDOWS\spyware_detected.gif deleted successfully.
File C:\WINDOWS\safe_and_trusted.gif deleted successfully.
File C:\WINDOWS\remove_spyware_header.gif deleted successfully.
File C:\WINDOWS\red_warning_ico.gif deleted successfully.
File C:\WINDOWS\product_box.gif deleted successfully.
File C:\WINDOWS\navibar_corner_right.gif deleted successfully.
File C:\WINDOWS\navibar_corner_left.gif deleted successfully.
File C:\WINDOWS\navibar_bg.gif deleted successfully.
File C:\WINDOWS\logo.gif deleted successfully.
File C:\WINDOWS\infected_top_bg.gif deleted successfully.
File C:\WINDOWS\icon_warning_big.gif deleted successfully.
File C:\WINDOWS\free_scan_red_btn.gif deleted successfully.
File C:\WINDOWS\download_product.gif deleted successfully.
File C:\WINDOWS\download.gif deleted successfully.
File C:\WINDOWS\close_ico.gif deleted successfully.
File C:\WINDOWS\click_for_free_scan.gif deleted successfully.
File C:\WINDOWS\buy_now.gif deleted successfully.
File C:\WINDOWS\big_red_x.gif deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

---------------------------------------------------------------------------

Dieser Beitrag wurde am 09.08.2006 um 15:24 Uhr von Thecriss editiert.

09.08.2006, 15:07

Sabina

Ehrenmitglied

Beiträge: 29434

#4 o.k. nun arbeite alles weitere ab ud poste die logs
__________
MfG Sabina

rund um die PC-Sicherheit

09.08.2006, 15:25

Thecriss

Member

Themenstarter

Beiträge: 29

#5 *g* Ja,moment,ich speichers hier immer gleich,wegen PC-Neustart

Beim Hijackthis waren weniger Zeilen zum ankreuzen als in deiner Liste...

Reporte von smitfraud.fix :

09.08.2006, 15:36

Sabina

Ehrenmitglied

Beiträge: 29434

#6 meine Liste beinhaltet, was ich sehe

Du suchst dann raus, was noch da ist ,)
__________
MfG Sabina

rund um die PC-Sicherheit

09.08.2006, 15:54

Thecriss

Member

Themenstarter

Beiträge: 29

#7 Hm,ich speicher die .zip von smitfraud.fix aufm Desktop und als Ordner,aber im Abgesicherten Modus ist die Datei nicht mehr vorhanden.Auch nichts über die Suche zu finden.Und auf Odner in Dokumente/einstellungen wurde Zugriff verwehrt,dort ist es drin.
Mach ich was falsch?

Dieser Beitrag wurde am 09.08.2006 um 18:35 Uhr von Thecriss editiert.

10.08.2006, 10:27

Sabina

Ehrenmitglied

Beiträge: 29434

#8 dann fuehre das proggie im Normalmodus aus

__________
MfG Sabina

rund um die PC-Sicherheit

10.08.2006, 17:22

Thecriss

Member

Themenstarter

Beiträge: 29

#9 *grumml*
Auch im normalen Modus gehts nicht.
Nachm Neustart klicke ich eine "2",dann hör ich wie der PC arbeitet,aber es kommt kein Feld oder so wo ich die franz.Frage beantworten kann.Hab smitfraud in paar Möglichkeiten gespeichert/verschoben,aber geht trotzdem nicht.

Ich mach jetzt erst nochmal die 4 logs von datfindbat + das log von combofix

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\WINDOWS\system32

10.08.2006 17:17 376.016 perfh009.dat
10.08.2006 17:17 51.814 perfc009.dat
10.08.2006 17:17 62.578 perfc007.dat
10.08.2006 17:17 386.338 perfh007.dat
10.08.2006 17:17 886.752 PerfStringBackup.INI
06.08.2006 15:39 2.206 wpa.dbl
23.07.2006 15:12 252 lvcoinst.log
14.07.2006 17:38 332.288 netapi32.dll
07.07.2006 03:21 6.757.792 MRT.exe
15.06.2006 23:55 778.240 divx_xx07.dll
15.06.2006 23:55 778.240 divx_xx0c.dll
15.06.2006 23:55 761.856 divx_xx11.dll
15.06.2006 23:55 620.180 DivX.dll
14.06.2006 19:49 118.784 DivXCodecUpdateChecker.exe
13.06.2006 23:36 700.416 divxdec.ax
12.06.2006 21:22 4.276 divxsm.tlb
12.06.2006 21:22 520.192 DivXsm.exe
12.06.2006 21:22 15.507 dsm_de.qm
12.06.2006 21:22 10.863 dsm_ja.qm
12.06.2006 21:22 15.299 dsm_fr.qm
01.06.2006 20:47 27.648 jgpl400.dll
01.06.2006 20:47 163.840 jgdw400.dll
29.05.2006 17:30 1.494.016 shdocvw.dll
25.05.2006 00:48 421.888 pxdrv.dll
25.05.2006 00:48 108.544 pxcpyi64.exe
25.05.2006 00:48 109.568 pxinsi64.exe
25.05.2006 00:48 172.032 pxmas.dll
25.05.2006 00:48 372.736 px.dll
25.05.2006 00:48 56.832 pxcpya64.exe
25.05.2006 00:48 61.440 pxhpinst.exe
25.05.2006 00:48 56.320 pxinsa64.exe
25.05.2006 00:48 339.968 pxwave.dll
25.05.2006 00:48 28.672 vxblock.dll
25.05.2006 00:47 3.596.288 qt-dx331.dll
25.05.2006 00:46 53.248 dpuGUI10.dll
25.05.2006 00:46 90.112 dpl100.dll
25.05.2006 00:46 593.920 dpuGUI11.dll
25.05.2006 00:46 200.704 dtu100.dll
25.05.2006 00:46 344.064 dpus11.dll
25.05.2006 00:46 57.344 dpv11.dll
25.05.2006 00:46 294.912 dpu11.dll
25.05.2006 00:46 294.912 dpu10.dll
25.05.2006 00:43 352.401 DivXMedia.ax
25.05.2006 00:43 1.044.480 libdivx.dll
25.05.2006 00:43 200.704 ssldivx.dll
25.05.2006 00:43 245.408 unicows.dll
20.05.2006 16:49 228 Deutz Engine.log
20.05.2006 16:49 501.760 Deutz Engine.exe
20.05.2006 16:49 501.760 Deutz Engine.scr
20.05.2006 16:49 1.350 Deutz Engine.ssp
20.05.2006 16:49 15.310.852 Deutz Engine.002
20.05.2006 16:49 29.493.252 Deutz Engine.001
20.05.2006 16:49 0 Deutz Engine.mda
19.05.2006 17:09 3.073.536 mshtml.dll
19.05.2006 15:09 95.744 iphlpapi.dll
19.05.2006 15:09 112.128 dhcpcsvc.dll
19.05.2006 15:09 148.480 dnsapi.dll
18.05.2006 07:36 450.560 jscript.dll
14.05.2006 10:48 181.248 rasmans.dll
11.05.2006 10:57 27.136 xpsp3res.dll
10.05.2006 07:23 664.064 wininet.dll
10.05.2006 07:22 474.624 shlwapi.dll
10.05.2006 07:22 615.936 urlmon.dll
10.05.2006 07:22 532.480 mstime.dll
10.05.2006 07:22 146.432 msrating.dll
10.05.2006 07:22 39.424 pngfilt.dll
10.05.2006 07:22 448.512 mshtmled.dll
10.05.2006 07:22 96.768 inseng.dll
10.05.2006 07:22 16.384 jsproxy.dll
10.05.2006 07:22 1.056.256 danim.dll
10.05.2006 07:22 205.312 dxtrans.dll
10.05.2006 07:22 251.392 iepeers.dll
10.05.2006 07:22 55.808 extmgr.dll
10.05.2006 07:22 357.888 dxtmsft.dll
10.05.2006 07:22 1.022.976 browseui.dll
10.05.2006 07:22 152.064 cdfview.dll
04.05.2006 17:35 65.536 QuickTimeVR.qtx
04.05.2006 17:35 49.152 QuickTime.qts

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\DOKUME~1\Dodge\LOKALE~1\Temp

10.08.2006 17:23 2.266 jusched.log
10.08.2006 17:15 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}202.html
10.08.2006 17:15 16.384 ~DF4120.tmp
10.08.2006 17:15 512 ~DF3686.tmp
10.08.2006 17:15 16.384 ~DF3679.tmp
10.08.2006 17:00 16.384 ~DF434E.tmp
10.08.2006 17:00 16.384 ~DF39B1.tmp
09.08.2006 22:01 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}31814.html
09.08.2006 21:51 16.384 ~DF8285.tmp
09.08.2006 21:51 16.384 ~DF78A7.tmp
09.08.2006 20:37 16.384 ~DF9698.tmp
09.08.2006 20:37 16.384 ~DF9662.tmp
09.08.2006 20:37 16.384 ~DF9647.tmp
09.08.2006 20:37 16.384 ~DF967D.tmp
09.08.2006 18:33 16.384 ~DFEB1E.tmp
09.08.2006 18:33 16.384 ~DFB566.tmp
09.08.2006 15:51 16.384 ~DFC53C.tmp
09.08.2006 15:51 16.384 ~DFBB03.tmp
09.08.2006 15:25 389.579 SmitfraudFix.zip
09.08.2006 14:54 127.378 avenger-1.zip
09.08.2006 14:53 127.378 avenger.zip
09.08.2006 14:50 16.384 ~DFC1A1.tmp
09.08.2006 09:26 16.384 ~DF6355.tmp
09.08.2006 09:02 832 java_install_reg.log
08.08.2006 22:06 0 xx11
08.08.2006 22:06 0 xx10
08.08.2006 22:06 0 xx9
08.08.2006 22:06 0 xx8
08.08.2006 22:06 0 xx7
08.08.2006 21:31 0 xx6
08.08.2006 21:31 0 xx5
08.08.2006 21:31 0 xx4
08.08.2006 21:31 0 xx3
08.08.2006 21:31 0 xx2
08.08.2006 20:57 49.152 ~DF68FD.tmp
08.08.2006 19:19 49.152 ~DF8DB6.tmp
28.06.2004 19:42 24.576 IadHide4.dll
37 Datei(en) 1.034.930 Bytes
0 Verzeichnis(se), 14.276.993.024 Bytes frei

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\WINDOWS

10.08.2006 17:20 2.012.508 WindowsUpdate.log
10.08.2006 17:13 0 0.log
10.08.2006 17:13 159 wiadebug.log
10.08.2006 17:13 50 wiaservc.log
10.08.2006 17:13 3.922 ModemLog_Creatix V.9X DSP Data Fax Modem.txt
10.08.2006 17:13 2.048 bootstat.dat
10.08.2006 17:11 1.207.264 ntbtlog.txt
10.08.2006 17:10 32.622 SchedLgU.Txt
09.08.2006 21:51 5.084 KB920683.log
09.08.2006 09:27 148.519 iis6.log
09.08.2006 09:27 342.030 comsetup.log
09.08.2006 09:27 219.545 ntdtcsetup.log
09.08.2006 09:27 422.602 tsoc.log
09.08.2006 09:27 1.355 imsins.log
09.08.2006 09:27 50.787 ocmsn.log
09.08.2006 09:27 11.131 KB921883.log
09.08.2006 09:27 632.705 ocgen.log
09.08.2006 09:27 55.929 msgsocm.log
09.08.2006 09:27 1.016.437 FaxSetup.log
09.08.2006 09:27 11.243 setupapi.log
09.08.2006 09:27 39.611 updspapi.log
08.08.2006 19:18 227.384 setupact.log
30.07.2006 18:08 338 lexstat.ini
27.07.2006 00:38 127.535 wmsetup.log
21.07.2006 21:21 202 NeroDigital.ini
15.07.2006 23:51 1.374 imsins.BAK
15.07.2006 23:51 12.745 KB916595.log
14.07.2006 13:12 11.940 KB917159.log
14.07.2006 13:12 12.561 KB914388.log
17.06.2006 03:10 33.264 spupdsvc.log
17.06.2006 03:02 12.531 KB917734.log
17.06.2006 03:02 1.054.919 setupapi.log.0.old
17.06.2006 03:01 14.774 KB918439.log
17.06.2006 03:01 15.133 KB917344.log
17.06.2006 03:01 14.909 KB917953.log
17.06.2006 03:01 14.886 KB911280.log
17.06.2006 03:01 18.104 KB916281.log
17.06.2006 03:00 11.521 KB914389.log
25.05.2006 01:39 0 msds.dat
19.05.2006 16:46 121 GEARInstall.log
11.05.2006 23:57 11.702 KB913580.log

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\

10.08.2006 17:28 0 sys.txt
10.08.2006 17:27 16.454 windows.txt
10.08.2006 17:27 16.454 system.txt
10.08.2006 17:27 2.082 temp.txt
10.08.2006 17:26 2.082 systemtemp.txt
10.08.2006 17:25 107.530 system32.txt
10.08.2006 17:18 1.226 rapport.txt
10.08.2006 17:13 536.399.872 hiberfil.sys
10.08.2006 17:13 805.306.368 pagefile.sys
09.08.2006 14:56 10.862 avenger.txt
08.08.2006 19:30 1.313 c.txt
08.08.2006 19:18 22.136 ComboFix.txt
23.05.2005 18:01 1.120 INSTALL.LOG
02.05.2005 21:27 231 boot.ini
28.08.2004 00:41 47.564 NTDETECT.COM
28.08.2004 00:41 251.184 ntldr
08.05.2004 14:25 6.892 LgDSetup.log
08.05.2004 14:20 183 LogiSetup.log
24.11.2003 21:26 4.236 TDSLCheck.txt
20.09.2003 19:12 499 IPH.PH
20.09.2003 16:50 0 CONFIG.SYS
20.09.2003 16:50 0 IO.SYS
20.09.2003 16:50 0 MSDOS.SYS
20.09.2003 16:50 0 AUTOEXEC.BAT
29.08.2002 14:00 4.952 bootfont.bin
24.05.2001 12:59 162.304 UNWISE.EXE
26 Datei(en) 1.342.365.544 Bytes
0 Verzeichnis(se), 14.277.300.224 Bytes frei

------------------------------------------------------------

Start Time= 10.08.2006 17:31:28,35
Running from: C:\Dokumente und Einstellungen\Dodge\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-08-08 19:32:44 3876 ( A.... ) "C:\Dokumente und Einstellungen\Dodge\Anwendungsdaten\wklnhst.dat"
2006-08-08 19:02:54 ( .D... ) "C:\Programme\CleanUp!"
2006-08-08 17:18:52 ( .D... ) "C:\Dokumente und Einstellungen\Dodge\Anwendungsdaten\Lavasoft"
2006-07-14 17:38:52 332288 ( A.... ) "C:\WINDOWS\system32\netapi32.dll"
2006-06-15 23:55:04 778240 ( A.... ) "C:\WINDOWS\system32\divx_xx0c.dll"
2006-06-15 23:55:04 778240 ( A.... ) "C:\WINDOWS\system32\divx_xx07.dll"
2006-06-15 23:55:04 761856 ( A.... ) "C:\WINDOWS\system32\divx_xx11.dll"
2006-06-15 23:55:04 620180 ( A.... ) "C:\WINDOWS\system32\DivX.dll"
2006-06-14 19:49:08 118784 ( A.... ) "C:\WINDOWS\system32\DivXCodecUpdateChecker.exe"
2006-06-12 21:22:08 520192 ( A.... ) "C:\WINDOWS\system32\DivXsm.exe"
2006-05-25 00:48:04 109568 ( ..... ) "C:\WINDOWS\system32\pxinsi64.exe"
2006-05-25 00:48:04 108544 ( ..... ) "C:\WINDOWS\system32\pxcpyi64.exe"
2006-05-25 00:47:12 3596288 ( A.... ) "C:\WINDOWS\system32\qt-dx331.dll"
2006-05-25 00:46:52 53248 ( A.... ) "C:\WINDOWS\system32\dpuGUI10.dll"
2006-05-25 00:46:44 593920 ( A.... ) "C:\WINDOWS\system32\dpuGUI11.dll"
2006-05-25 00:46:44 344064 ( A.... ) "C:\WINDOWS\system32\dpus11.dll"
2006-05-25 00:46:44 294912 ( A.... ) "C:\WINDOWS\system32\dpu11.dll"
2006-05-25 00:46:44 294912 ( A.... ) "C:\WINDOWS\system32\dpu10.dll"
2006-05-25 00:46:44 200704 ( A.... ) "C:\WINDOWS\system32\dtu100.dll"
2006-05-25 00:46:44 90112 ( A.... ) "C:\WINDOWS\system32\dpl100.dll"
2006-05-25 00:46:44 57344 ( A.... ) "C:\WINDOWS\system32\dpv11.dll"
2006-05-25 00:43:44 1044480 ( A.... ) "C:\WINDOWS\system32\libdivx.dll"
2006-05-25 00:43:44 200704 ( A.... ) "C:\WINDOWS\system32\ssldivx.dll"
2006-05-25 00:43:40 245408 ( A.... ) "C:\WINDOWS\system32\unicows.dll"
2006-05-20 16:49:08 501760 ( A.... ) "C:\WINDOWS\system32\Deutz Engine.scr"
2006-05-20 16:49:08 501760 ( A.... ) "C:\WINDOWS\system32\Deutz Engine.exe"
2006-05-19 15:09:50 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 15:09:50 112128 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 15:09:50 95744 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"
2006-01-17 22:39:58 4786 ( A.... ) "C:\Programme\audiograbber.ini"
2005-12-23 22:30:30 877910 ( A.... ) "C:\Programme\DVDDecrypter_3.5.4.0.zip"
2005-12-17 18:07:50 247 ( A.... ) "C:\Programme\default.m3u"
2005-10-16 18:01:24 817543 ( A.... ) "C:\Programme\Line-In.pdf"
2005-07-01 12:55:40 242915 ( A.... ) "C:\Programme\German.hlp"
2005-07-01 12:55:40 242915 ( A.... ) "C:\Programme\Audiograbber.hlp"
2005-06-29 20:48:56 11776 ( A.... ) "C:\Programme\vorbisfile.dll"
2005-06-29 20:48:44 64000 ( A.... ) "C:\Programme\vorbisenc.dll"
2005-06-29 20:48:14 138240 ( A.... ) "C:\Programme\vorbis.dll"
2005-06-29 20:47:40 9216 ( A.... ) "C:\Programme\ogg.dll"
2005-06-23 17:47:26 178412 ( A.... ) "C:\Programme\Erste_Schritte.pdf"
2005-06-22 14:13:18 1865 ( A.... ) "C:\Programme\german.cnt"
2005-06-22 14:13:18 1865 ( A.... ) "C:\Programme\audiograbber.cnt"
2005-05-16 18:41:56 5097960 ( A.... ) "C:\Programme\Firefox Setup 1.0.4.exe"
2005-05-16 08:20:42 760 ( A.... ) "C:\Programme\audiograbber.apr"
2005-04-12 15:00:30 386 ( A.... ) "C:\Programme\Auto.Nam"
2004-11-20 10:03:40 780048 ( A.... ) "C:\Programme\SetupDVDDecrypter_3[1].2.3.0.zip"
2004-10-20 00:28:02 2080768 ( ..... ) "C:\Programme\setupGTX.exe"
2004-10-14 05:15:22 870912 ( ..... ) "C:\Programme\iview392.exe"
2004-09-01 15:36:12 2244943 ( A.... ) "C:\Programme\animake.zip"
2004-09-01 15:27:08 2348119 ( ..... ) "C:\Programme\animake.exe"
2004-07-25 05:13:34 139937 ( A.... ) "C:\Programme\cwshredder.zip"
2004-07-18 03:19:06 2150574 ( A.... ) "C:\Programme\aaw6181.exe (Virenscan).exe"
2004-06-30 13:37:50 4100420 ( A.... ) "C:\Programme\p2p30110.exe"
2004-06-30 13:36:46 17939 ( A.... ) "C:\Programme\WinXP_Ordering.zip"
2004-06-30 13:35:44 777140 ( A.... ) "C:\Programme\anleitung_kalibrierung.zip"
2004-05-08 15:06:46 5246408 ( A.... ) "C:\Programme\SetupDl.exe"
2004-05-08 14:40:58 1008192 ( A.... ) "C:\Programme\mmssetup.exe"
2004-05-03 20:21:08 2715928 ( A.... ) "C:\Programme\WindowsXP-KB835732-x86-DEU.EXE"
2004-05-01 00:04:32 6351504 ( A.... ) "C:\Programme\zalarm.exe"
2004-04-30 23:51:32 1584605 ( A.... ) "C:\Programme\ps_radio.exe"
2004-04-30 23:48:02 4911314 ( A.... ) "C:\Programme\20040429-018-i32.exe"
2004-04-23 21:33:58 1950272 ( A.... ) "C:\Programme\ppviewer.exe"
2004-02-09 05:48:52 899072 ( A.... ) "C:\Programme\audiograbber.exe"
2004-01-25 23:40:06 77824 ( A.... ) "C:\Programme\Schlecker-Foto2.exe"
2004-01-25 23:38:48 77824 ( A.... ) "C:\Programme\Schlecker-Foto.exe"
2003-12-23 16:22:54 3342073 ( A.... ) "C:\Programme\DVDx_2_1.zip"
2003-12-22 03:04:58 3225 ( A.... ) "C:\Programme\ASPICHK.TXT"
2003-12-22 02:56:24 812282 ( A.... ) "C:\Programme\FlasKMPEG_0594.exe"
2003-12-22 02:34:54 115200 ( A.... ) "C:\Programme\aspichk.exe"
2003-08-14 19:13:12 40960 ( A.... ) "C:\Programme\Uninstall_PCM.exe"
2003-02-09 12:04:00 46092 ( A.... ) "C:\Programme\French.lng"
2003-02-08 18:56:00 44863 ( A.... ) "C:\Programme\German.lng"
2002-01-03 22:50:10 155648 ( A.... ) "C:\Programme\WMA8Connect.dll"
2001-12-21 00:15:16 43771 ( A.... ) "C:\Programme\Italian.lng"
2001-12-20 15:11:30 42533 ( A.... ) "C:\Programme\Spanish.lng"
2000-06-27 19:18:48 995328 ( A.... ) "C:\Programme\FlasKMPEG.exe"
2000-06-13 03:04:52 690176 ( A.... ) "C:\Programme\mpeg.cm.flask"
2000-05-06 17:33:48 102400 ( A.... ) "C:\Programme\aviout.cm.flask"
2000-01-16 01:01:02 36352 ( A.... ) "C:\Programme\ag12full.dll"
1995-10-18 17:18:50 18321 ( A.... ) "C:\Programme\copying"

(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))

2006-08-10 17:17 53.248 C:\WINDOWS\system32\Process.exe
2006-08-10 17:17 42.496 C:\WINDOWS\system32\swreg.exe
2006-08-10 17:17 40.960 C:\WINDOWS\system32\swsc.exe
2006-08-10 17:17 288.417 C:\WINDOWS\system32\SrchSTS.exe
2006-08-10 17:13 536.399.872 C:\hiberfil.sys

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"Microsoft Works Update Detection"="C:\\Programme\\Gemeinsame Dateien\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe"
"LogitechVideoRepair"="C:\\Programme\\Logitech\\Video\\ISStart.exe"
"LogitechVideoTray"="C:\\Programme\\Logitech\\Video\\LogiTray.exe"
"LogitechGalleryRepair"="C:\\Programme\\Logitech\\Video\\ISStart.exe"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"AVGCtrl"="\"C:\\Programme\\AVPersonal\\AVGNT.EXE\" /min"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -minimize"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LDM"="C:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PcSync"="C:\\Programme\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"PhonostarAgent"="C:\\Programme\\phonostar\\ps_agent.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Kontrollfeld für die kabellose Tastatur.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Kontrollfeld für die kabellose Tastatur.lnk"
"backup"="C:\\WINDOWS\\pss\\Kontrollfeld für die kabellose Tastatur.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\CNYHKey.exe "
"item"="Kontrollfeld für die kabellose Tastatur"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^PrecisionTime.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\PrecisionTime.lnk"
"backup"="C:\\WINDOWS\\pss\\PrecisionTime.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Programme\\PrecisionTime\\PrecisionTime.exe "
"item"="PrecisionTime"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntivirusRegistration]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EzAntivirusRegistrationCheck"
"hkey"="HKLM"
"command"="C:\\Programme\\Excid.com Aps\\eTrust Antivirus Registration\\EzAntivirusRegistrationCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mHotkey"
"hkey"="HKLM"
"command"="mHotkey.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RunDll32 cmicnfg"
"hkey"="HKLM"
"command"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dit"
"hkey"="HKLM"
"command"="Dit.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="C:\\Programme\\iTunes\\iTunesHelper.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxbkbmgr"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PCMService"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Medion Home Cinema XL II\\PowerCinema\\PCMService.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSTA.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PRISMSTA"
"hkey"="HKLM"
"command"="PRISMSTA.EXE START"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realmon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe -s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T-DSL SpeedMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpeedMgr"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\T-DSLS~1\\SpeedMgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DataLayer"="C:\\Programme\\Gemeinsame Dateien\\PCSuite\\DataLayer\\DataLayer.exe"
"PCSuiteTrayApplication"="C:\\Programme\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -onlytray"

Contents of the 'Scheduled Tasks' folder

Completion time: 10.08.2006 17:31:40,20
ComboFix ver 06.07.15/29 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-08-10.173128.txt

Dieser Beitrag wurde am 10.08.2006 um 17:32 Uhr von Thecriss editiert.

10.08.2006, 17:59

Sabina

Ehrenmitglied

Beiträge: 29434

#10 1.
deinstalliere - loesche:
C:\\Programme\PrecisionTime

2.
scanne mit kaspersky und panda und poste die reporte
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

10.08.2006, 19:34

Thecriss

Member

Themenstarter

Beiträge: 29

#11 PrecisionTime (Backupdatei) über die Suche NUR in C:\WINDOWS gefunden. ->gelöscht.

Kaspersky will nicht laufen.Ich bin mit Admin angemeldet und hab die mittlere Sicherheitsstufe drin,so wie erforderlich von Kaspersky.Trotzdem installiert er nicht die Steuerelemente (oder sowas).

Versuche jetzt mit Panda.

btw.Gestern und heute kam kein einziges Alert...-Popup mehr

Incident Status Location

Dialer:dialer.b Not disinfected c:\windows\system32\EGDHTML_1024.dll
Adware:adware/ist.istbar Not disinfected c:\windows\downloaded program files\istactivex.inf
Dialer:dialer.yc Not disinfected c:\windows\downloaded program files\NSupd9x.inf
Adware:adware/gator Not disinfected c:\programme\gemeinsame dateien\CMEII
Adware:adware/ncase Not disinfected c:\programme\180Solutions
Adware:adware/savenow Not disinfected c:\programme\Save
Adware:adware/ist.sidefind Not disinfected c:\programme\SideFind
Adware:adware/whenusearch Not disinfected c:\programme\WhenUSearch
Virus:Trj/Alanchum.BW Disinfected C:\avenger\backup.zip[avenger/kwluwcsv.exe]
Virus:Trj/Lager.BH Disinfected C:\avenger\backup.zip[avenger/lryewfcl.exe]
Adware:Adware/SpySheriff Not disinfected C:\avenger\backup.zip[avenger/officescan.exe]
Adware:Adware/SpySheriff Not disinfected C:\avenger\backup.zip[avenger/office_pnl.dll]
Virus:Trj/Downloader.JVS Disinfected C:\avenger\backup.zip[avenger/qruyzwci.exe]
Adware:Adware/SpySheriff Not disinfected C:\avenger\backup.zip[avenger/smartdrv.exe]
Adware:Adware/SpySheriff Not disinfected C:\avenger\backup.zip[avenger/winblsrv.dll]
Spyware:Cookie/Falkag Not disinfected C:\Dokumente und Einstellungen\Dodge\Anwendungsdaten\Mozilla\Firefox\Profiles\4blcq61b.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Falkag Not disinfected C:\Dokumente und Einstellungen\Dodge\Anwendungsdaten\Mozilla\Firefox\Profiles\4blcq61b.default\cookies.txt[as1.falkag.de/]
Spyware:Cookie/Advertising Not disinfected Not disinfected C:\Dokumente und Einstellungen\Dodge\Eigene Dateien\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Dokumente und Einstellungen\Dodge\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\4blcq61b.default\Cache\633285D9d01[SmitfraudFix/Process.exe]
Dialer

ialer.YC Not disinfected C:\WINDOWS\inf\nsupd9x.inf
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe

Dieser Beitrag wurde am 10.08.2006 um 20:47 Uhr von Thecriss editiert.

10.08.2006, 23:48

Sabina

Ehrenmitglied

Beiträge: 29434

#12 Thecriss

1.
Avenger

Zitat

Files to delete:

c:\windows\system32\EGDHTML_1024.dll
c:\windows\downloaded program files\istactivex.inf
c:\windows\inf\nsupd9x.inf
c:\windows\downloaded program files\NSupd9x.inf

2.
deinstallieren - loeschen:

c:\programme\gemeinsame dateien\CMEII
c:\programme\180Solutions
c:\programme\Save
c:\programme\SideFind
c:\programme\WhenUSearch
C:\avenger\backup.zip

3.
scanne mit Counterspy, stelle nach dem scan alles auf "remove" und poste den report
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit

11.08.2006, 20:58

Thecriss

Member

Themenstarter

Beiträge: 29

#13 Hier noch der Avenger-Log,falls du ihn brauchst:
1.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\wabtkdac

*******************

Script file located at: \??\C:\WINDOWS\mklscbvf.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File c:\windows\system32\EGDHTML_1024.dll deleted successfully.
File c:\windows\downloaded program files\istactivex.inf deleted successfully.
File c:\windows\inf\nsupd9x.inf deleted successfully.
File c:\windows\downloaded program files\NSupd9x.inf deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

---------------------------------------------
2. ->done

3.

Spyware Scan Details
Start Date: 11.08.2006 17:36:45
End Date: 11.08.2006 18:03:17
Total Time: 26 mins 32 secs

Detected spyware

Claria.Gator.eWallet Adware (General) more information...
Details: Claria's Gator eWallet is an ad supported program that can automatically fill in passwords and other form-elements on Web pages.
Status: Deleted

Claria.GAIN.CommonElements Adware (General) more information...
Details: Claria's GAIN network consists of several applications inlcuding Gator eWallet, GotSmiley, ScreenSeenes, WebSecureAlert, DashBar, Weatherscope, Date Manager and Precision Time.
Status: Deleted

Infected files detected
c:\dokumente und einstellungen\all users\startmenü\programme\gain publishing\gain publishing web site.url

IST.ISTbar Hijacker more information...
Details: ISTbar is an Internet Explorer Hijacker, which modifies your homepages and searches without a user’s consent using an Internet Explorer toolbar.
Status: Deleted

Infected files detected
c:\programme\istbar\home.bmp
c:\programme\istbar\navmain.bmp
c:\programme\istbar\search.bmp
c:\programme\istbar\version_xml.php
c:\programme\istbar\xml_istbar.php

EGroup Sex Dialer Porn Dialer more information...
Details: EGroup Sex Dialer is a program that changes your modem's dial-up settings and attempts to connect to a premium or international phone number to access adult material.
Status: Deleted

Infected files detected
c:\windows\downloaded program files\liveservice.inf

StripPlayer Porn Dialer more information...
Details: StripPlayer is downloader for a premium-rate phone dialer providing access to the porn site strip-player.com.
Status: Deleted

Infected files detected
c:\windows\tmlpcert2005

AdwareSheriff Rogue Security Program more information...
Status: Deleted

Infected files detected
C:\Dokumente und Einstellungen\Dodge\Lokale Einstellungen\Anwendungsdaten\AntispywareSoldier\DB\explorer_dg.list
C:\Dokumente und Einstellungen\Dodge\Lokale Einstellungen\Anwendungsdaten\AntispywareSoldier\DB\rgmisc_rg.list
C:\Dokumente und Einstellungen\Dodge\Lokale Einstellungen\Anwendungsdaten\AntispywareSoldier\DB\tracks.db

Regfreeze Rogue Security Program more information...
Details: Regfreeze is a program that purports to scan for and repair errors in the Windows registy.
Status: Deleted

Infected files detected
C:\Dokumente und Einstellungen\Dodge\Lokale Einstellungen\Anwendungsdaten\AntispywareSoldier\DB\hijack.places

WhenU.WhenUSearch Low Risk Adware more information...
Details: WhenU.WhenUSearch is a desktop search toolbar that displays links to advertised offers in response to users' surfing behavior and opens paid search results when users perform searches through the toolbar's search mechanism.
Status: Deleted

Infected files detected
C:\RECYCLER\S-1-5-21-268589332-4242579586-737221297-1008\Dc19\Content~\splash.html

KaZaA P2P Program more information...
Details: KaZaA is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\Kazaa
HKEY_CURRENT_USER\Software\Kazaa\Advanced MaxSearchResult 200
HKEY_CURRENT_USER\Software\Kazaa\Advanced SuperNode 1
HKEY_CURRENT_USER\Software\Kazaa\InstantMessaging IgnoreAll 0
HKEY_CURRENT_USER\Software\Kazaa\InstantMessaging IgnoredUsers
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\AudioWidth 1 158
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\AudioWidth 2 76
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\AudioWidth 3 76
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\AudioWidth 4 60
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\AudioWidth 5 82
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\AudioWidth 6 64
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\AudioWidth 7 50
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\AudioWidth 8 80
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\AudioWidth 9 64
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\AudioWidth 10 180
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\AudioWidth 0 151
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\ColumnOrder AudioRecommendations 0,1,2,
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\ColumnOrder DocumentRecommendations
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\ColumnOrder ImageRecommendations
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\ColumnOrder OtherRecommendations
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\ColumnOrder VideoRecommendations
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\ColumnOrder All 0,1,2,3,4,5,6,
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\ColumnSortStates1 AudioRecommendations 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\ColumnSortStates1 DocumentRecommendations 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\ColumnSortStates1 ImageRecommendations 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\ColumnSortStates1 OtherRecommendations 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\ColumnSortStates1 VideoRecommendations 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\ColumnSortStates1 All 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\ColumnSortStates2 AudioRecommendations 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\ColumnSortStates2 DocumentRecommendations 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\ColumnSortStates2 ImageRecommendations 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\ColumnSortStates2 OtherRecommendations 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\ColumnSortStates2 VideoRecommendations 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\ColumnSortStates2 All 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\ColumnWidths AudioRecommendations 200,200,200,
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\ColumnWidths DocumentRecommendations
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\ColumnWidths ImageRecommendations
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\ColumnWidths OtherRecommendations
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\ColumnWidths VideoRecommendations
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\ColumnWidths All 70,70,70,70,70,70,70,
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\CombinedSortedColumns AudioRecommendations -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\CombinedSortedColumns DocumentRecommendations -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\CombinedSortedColumns ImageRecommendations -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\CombinedSortedColumns OtherRecommendations -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\CombinedSortedColumns VideoRecommendations -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\CombinedSortedColumns All -1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\Download Width 0 122
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\Download Width 1 91
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\Download Width 2 91
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\Download Width 3 91
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\Download Width 4 104
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\Download Width 5 91
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\Download Width 6 122
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\Download Width 7 61
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\Download Width 8 122
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\Settings WindowPos 0,1,-32000,-32000,-1,-1,181,381,1161,989
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\Upload Width 0 122
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\Upload Width 1 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\Upload Width 2 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\Upload Width 3 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\Upload Width 4 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\Upload Width 5 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\Upload Width 6 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\Upload Width 7 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\Upload Width 8 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\VideoWidth 1 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\VideoWidth 2 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\VideoWidth 3 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\VideoWidth 4 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\VideoWidth 5 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\VideoWidth 6 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\VideoWidth 7 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\VideoWidth 8 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\VideoWidth 9 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\VideoWidth 10 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\VideoWidth 11 0
HKEY_CURRENT_USER\Software\Kazaa\KaZaA Lite\VideoWidth 0 151
HKEY_CURRENT_USER\Software\Kazaa\LocalContent DisableSharing 1
HKEY_CURRENT_USER\Software\Kazaa\LocalContent DownloadDir C:\My Music
HKEY_CURRENT_USER\Software\Kazaa\LocalContent DisableListFiles 0
HKEY_CURRENT_USER\Software\Kazaa\ResultsFilter firewall_filter 1
HKEY_CURRENT_USER\Software\Kazaa\ResultsFilter adult_filter_level 0
HKEY_CURRENT_USER\Software\Kazaa\ResultsFilter virus_filter 0
HKEY_CURRENT_USER\Software\Kazaa\ResultsFilter bogus_filter 1
HKEY_CURRENT_USER\Software\Kazaa\ResultsFilter custom_filter_phrases full-downloader, full-installer
HKEY_CURRENT_USER\Software\Kazaa\Search 0 ty¾mŽñ
HKEY_CURRENT_USER\Software\Kazaa\Search 1 sqÿcŸà]kU€Â»
HKEY_CURRENT_USER\Software\Kazaa\Search 2 J>–cžàn
HKEY_CURRENT_USER\Software\Kazaa\Settings HideBonzi 1
HKEY_CURRENT_USER\Software\Kazaa\Settings UseCount 0
HKEY_CURRENT_USER\Software\Kazaa\Settings WarnIgnore 0
HKEY_CURRENT_USER\Software\Kazaa\Settings Date 7-25-2002
HKEY_CURRENT_USER\Software\Kazaa\SOCKS Enabled 0
HKEY_CURRENT_USER\Software\Kazaa\Transfer ConcurrentDownloads 3
HKEY_CURRENT_USER\Software\Kazaa\Transfer ConcurrentUploads 2
HKEY_CURRENT_USER\Software\Kazaa\Transfer DlDir0
HKEY_CURRENT_USER\Software\Kazaa\Transfer UploadBandwidth 0
HKEY_CURRENT_USER\Software\Kazaa\Transfer NoUploadLimitWhenIDle 0
HKEY_CURRENT_USER\Software\Kazaa\Transfer DlDir1
HKEY_CURRENT_USER\Software\Kazaa\Transfer DlDir2 C:\My Music
HKEY_CURRENT_USER\Software\Kazaa\Transfer CacheHost 0
HKEY_CURRENT_USER\Software\Kazaa\Transfer CachePort 0
HKEY_CURRENT_USER\Software\Kazaa\Transfer CacheDiscoveryTime 1076094391
HKEY_CURRENT_USER\Software\Kazaa\UserDetails AutoConnected 0
HKEY_CURRENT_USER\Software\Kazaa\UserDetails PromptBeforeInstalling 0
HKEY_CURRENT_USER\Software\Kazaa\UserDetails Email xx@hotmail.com
HKEY_CURRENT_USER\Software\Kazaa\UserDetails Newsletter 0
HKEY_CURRENT_USER\Software\Kazaa\UserDetails UserName xxxx
HKEY_CURRENT_USER\Software\Kazaa\UserDetails Password e882b72bccfc2ad578c27b0d9b472a14
HKEY_CURRENT_USER\Software\Kazaa\UserDetails PasswordLength 6
HKEY_CURRENT_USER\Software\Kazaa\UserDetails UserDetailsSent 0
HKEY_CURRENT_USER\Software\Kazaa\UserDetails CountryCode DE
HKEY_CURRENT_USER\Software\Kazaa LimitBitrate 0
HKEY_CURRENT_USER\Software\Kazaa LastSearchHash

AntiLeech Plugin Adware (General) more information...
Details: Plugin is an Ad-Ware software which enables the broadcasting of advertisements, and execution of e-commerce and other internet related services on the user-interface of the software.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\AntiLeech.ALIE.1
HKEY_CLASSES_ROOT\AntiLeech.ALIE.1\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\AntiLeech.ALIE.1 Anti-Leech Plug-in
HKEY_CLASSES_ROOT\AntiLeech.ALIE
HKEY_CLASSES_ROOT\AntiLeech.ALIE\CLSID {056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\AntiLeech.ALIE\CurVer AntiLeech.ALIE.1
HKEY_CLASSES_ROOT\AntiLeech.ALIE Anti-Leech Plug-in
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\ProgID AntiLeech.ALIE.1
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\TypeLib {056738E1-E15C-11D6-B876-0050BF5D85C7}
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7}\VersionIndependentProgID AntiLeech.ALIE
HKEY_CLASSES_ROOT\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7} Anti-Leech Plug-in

Instant Access Porn Dialer more information...
Details: InstantAccess is a dialer that gives a user access to premium services of a third-party Web site, by dialing a high cost numbers using a modem.
Status: Deleted

Infected files detected
C:\WINDOWS\Downloaded Program Files\EGAUTH.inf

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CEFB7B49-9652-464F-8AFD-A577C0500F39}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CEFB7B49-9652-464F-8AFD-A577C0500F39}\Contains\Files C:\WINDOWS\System32\eglivecam.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CEFB7B49-9652-464F-8AFD-A577C0500F39}\Contains\Files C:\WINDOWS\System32\P2ECOM.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CEFB7B49-9652-464F-8AFD-A577C0500F39}\DownloadInformation CODEBASE http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1012_EN_XP.cab
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CEFB7B49-9652-464F-8AFD-A577C0500F39}\DownloadInformation INF C:\WINDOWS\Downloaded Program Files\EGAUTH.inf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CEFB7B49-9652-464F-8AFD-A577C0500F39}\InstalledVersion 1,0,1,2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CEFB7B49-9652-464F-8AFD-A577C0500F39}\InstalledVersion LastModified Fri, 30 Apr 2004 14:26:23 GMT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CEFB7B49-9652-464F-8AFD-A577C0500F39} SystemComponent 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CEFB7B49-9652-464F-8AFD-A577C0500F39} Installer MSICD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1EB17D1C-141D-4D9D-91CB-24D99215851D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1EB17D1C-141D-4D9D-91CB-24D99215851D}\Contains\Files C:\WINDOWS\System32\netia32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1EB17D1C-141D-4D9D-91CB-24D99215851D}\DownloadInformation CODEBASE http://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1EB17D1C-141D-4D9D-91CB-24D99215851D}\DownloadInformation INF C:\WINDOWS\Downloaded Program Files\netia32.inf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1EB17D1C-141D-4D9D-91CB-24D99215851D}\InstalledVersion 0,0,0,1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1EB17D1C-141D-4D9D-91CB-24D99215851D}\InstalledVersion LastModified Wed, 28 Apr 2004 07:47:24 GMT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1EB17D1C-141D-4D9D-91CB-24D99215851D} SystemComponent 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1EB17D1C-141D-4D9D-91CB-24D99215851D} Installer MSICD

Transponder TPS108 Browser Plug-in more information...
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\software\software\tps108

ICOO Loader Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\dodge\cookies\dodge@icoonet[2].txt

11.08.2006, 22:47

Sabina

Ehrenmitglied

Beiträge: 29434

#14 Thecriss

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als
neu .bat
mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die neu.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\WINDOWS\Downloaded Program Files" >>files.txt
dir "C:\Dokumente und Einstellungen\Dodge\Lokale Einstellungen\Anwendungsdaten\AntispywareSoldier\DB" >>files.txt
dir "C:\Dokumente und Einstellungen\Dodge\Lokale Einstellungen\Anwendungsdaten\AntispywareSoldier" >>files.txt
dir "C:\Dokumente und Einstellungen\Dodge\Lokale Einstellungen\Anwendungsdaten" >>files.txt
dir "C:\Programme\Gemeinsame Dateien\CMEII" >>files.txt
dir "C:\Programme\Gemeinsame Dateien" >>files.txt
dir "C:\Programme\180Solutions" >>files.txt
dir "C:\Programme\Save" >>files.txt
dir "C:\Programme\SideFind" >>files.txt
dir "C:\Programme\WhenUSearch" >>files.txt
dir "C:\Programme\istbar" >>files.txt
dir "C:\Programme" >>files.txt
notepad files.txt

__________
MfG Sabina

rund um die PC-Sicherheit

11.08.2006, 22:58

Thecriss

Member

Themenstarter

Beiträge: 29

#15 Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\WINDOWS\Downloaded Program Files

11.04.2006 17:10 135.168 asinst.dll
03.04.2006 11:00 537 asinst.inf
14.10.1997 18:52 697 DirectAnimation Java Classes.osd
03.09.2003 09:09 1.003.520 EPScontrol.dll
03.09.2003 09:06 530 EPScontrol.inf
16.06.2004 17:03 355.955 ICQVideoControl.dll
08.06.2004 12:26 268 ICQVideoControl.inf
25.11.2004 10:37 337 ImageUploader_3.inf
25.11.2004 10:37 1.701.000 ImageUploader_3.ocx
25.08.2003 18:12 1.096 iuctl.inf
15.03.2002 15:18 348.160 kdu_v32r.dll
20.01.2000 15:25 1.162 Microsoft XML Parser for Java.osd
22.08.2003 21:10 226 opuc.inf
04.09.2003 15:14 3.759 swflash.inf
08.10.2002 13:34 529 UplApp.inf
24.03.2004 18:17 1.777 xscan.inf
24.03.2004 18:22 435.712 xscan53.ocx
27.05.2003 19:24 233.472 yacscom.dll
25.05.2003 15:47 233 yacscom.inf
28.09.2001 16:24 651 Yahoo! Chat.osd
08.08.2002 15:56 536 Yahoo! Checkers.osd
19.09.2003 17:41 534 Yahoo! Fleet.osd
03.06.2003 15:18 538 Yahoo! Graffiti.osd
16.05.2003 03:37 534 Yahoo! Mensch.osd
21.07.2004 16:04 534 Yahoo! Pool 2.osd
26.01.2004 18:42 856 yinst.inf
26.01.2004 18:40 133.120 yinsthelper.dll
08.10.2002 13:37 204.800 yuplapp.dll
08.10.2002 13:36 253.952 ywcupl.dll
29 Datei(en) 4.820.193 Bytes
0 Verzeichnis(se), 14.086.836.224 Bytes frei
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\Dokumente und Einstellungen\Dodge\Lokale Einstellungen\Anwendungsdaten\AntispywareSoldier\DB

11.08.2006 20:58 <DIR> .
11.08.2006 20:58 <DIR> ..
06.08.2006 13:47 878 adesktop_dg.list
06.08.2006 13:47 633 fg_files.list
06.08.2006 13:47 332 fg_folders.list
15.03.2006 16:46 1.535 hijack.patterns
06.08.2006 13:47 369 ie_dg.list
06.08.2006 13:47 2.701 ie_rg.list
27.07.2006 20:23 22.320 known.db
06.08.2006 13:47 813 rgexplorer_rg.list
06.08.2006 13:47 908 runcu_sg.list
06.08.2006 13:47 714 runlm_sg.list
06.08.2006 13:10 <DIR> snapshots
27.07.2006 20:23 235.296 spyware.db
06.08.2006 13:47 801 system_dg.list
12 Datei(en) 267.300 Bytes
3 Verzeichnis(se), 14.086.836.224 Bytes frei
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\Dokumente und Einstellungen\Dodge\Lokale Einstellungen\Anwendungsdaten\AntispywareSoldier

06.08.2006 15:37 <DIR> .
06.08.2006 15:37 <DIR> ..
11.08.2006 20:58 <DIR> DB
06.08.2006 13:10 <DIR> Logs
06.08.2006 13:47 <DIR> Settings
0 Datei(en) 0 Bytes
5 Verzeichnis(se), 14.086.836.224 Bytes frei
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\Dokumente und Einstellungen\Dodge\Lokale Einstellungen\Anwendungsdaten

17.12.2005 17:57 <DIR> Adobe
29.10.2004 12:57 <DIR> Ahead
06.08.2006 15:37 <DIR> AntispywareSoldier
11.06.2006 22:20 <DIR> Apple Computer
11.11.2005 22:35 <DIR> ApplicationHistory
10.07.2006 11:14 231.424 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
25.11.2003 18:38 138 fusioncache.dat
03.09.2005 16:12 75.424 GDIPFONTCACHEV1.DAT
25.05.2006 01:41 <DIR> Help
24.11.2003 18:43 <DIR> Identities
24.06.2006 00:37 <DIR> Microsoft
03.12.2005 19:13 <DIR> Mozilla
05.01.2004 02:02 <DIR> Nokia
27.03.2005 02:34 <DIR> Powercinema
11.08.2006 17:33 <DIR> Sunbelt Software
20.09.2003 17:38 <DIR> WMTools Downloaded Files
3 Datei(en) 306.986 Bytes
13 Verzeichnis(se), 14.086.832.128 Bytes frei
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\Programme\Gemeinsame Dateien

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\Programme\Gemeinsame Dateien

11.08.2006 17:26 <DIR> .
11.08.2006 17:26 <DIR> ..
26.03.2004 16:32 <DIR> Adobe
03.12.2004 11:30 <DIR> Ahead
20.09.2003 19:11 <DIR> aol
07.08.2005 19:17 <DIR> Buhl Data Service
20.09.2003 20:01 <DIR> Designer
20.09.2003 16:48 <DIR> Dienste
19.12.2003 01:35 <DIR> DirectX
08.05.2004 14:25 <DIR> FotoWire
29.07.2004 15:26 <DIR> GMT
14.07.2005 15:40 <DIR> InstallShield
03.01.2005 14:53 <DIR> Java
02.06.2004 00:17 <DIR> lnpuppra
08.05.2004 14:22 <DIR> Logitech
23.11.2003 11:39 <DIR> MGI Shared
13.10.2004 10:51 <DIR> Microsoft Shared
20.09.2003 16:48 <DIR> MSSoap
13.08.2005 14:57 <DIR> Nokia
20.09.2003 17:45 <DIR> ODBC
13.08.2005 14:57 <DIR> PCSuite
26.09.2003 14:53 <DIR> Real
20.09.2003 17:45 <DIR> SpeechEngines
29.04.2006 11:35 <DIR> System
26.09.2003 14:53 <DIR> xing shared
0 Datei(en) 0 Bytes
25 Verzeichnis(se), 14.086.832.128 Bytes frei
Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\Programme

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\Programme

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\Programme

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\Programme

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\Programme

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: 882C-5933

Verzeichnis von C:\Programme

11.08.2006 20:58 <DIR> .
11.08.2006 20:58 <DIR> ..
30.04.2004 23:48 4.911.314 20040429-018-i32.exe
18.07.2004 03:19 2.150.574 aaw6181.exe (Virenscan).exe
23.11.2003 15:12 <DIR> ABBYY FineReader 5.0 Sprint
17.12.2005 17:50 <DIR> Adobe
16.01.2000 01:01 36.352 ag12full.dll
12.02.2006 01:52 <DIR> Ahead
01.09.2004 15:36 <DIR> Animake
01.09.2004 15:27 2.348.119 animake.exe
01.09.2004 15:36 2.244.943 animake.zip
30.06.2004 13:35 777.140 anleitung_kalibrierung.zip
22.12.2003 02:34 115.200 aspichk.exe
22.12.2003 03:04 3.225 ASPICHK.TXT
20.09.2003 17:11 <DIR> ATI Technologies
17.12.2005 18:27 <DIR> audiograbber
16.05.2005 08:20 760 audiograbber.apr
22.06.2005 14:13 1.865 audiograbber.cnt
09.02.2004 05:48 899.072 audiograbber.exe
01.07.2005 12:55 242.915 Audiograbber.hlp
17.01.2006 22:39 4.786 audiograbber.ini
12.04.2005 15:00 386 Auto.Nam
07.08.2005 18:36 <DIR> AVIcodec
07.08.2005 15:55 <DIR> Avid FatalErrorReports
06.05.2000 17:33 102.400 aviout.cm.flask
10.08.2006 22:01 <DIR> AVPersonal
07.08.2005 16:04 <DIR> BPS
20.09.2003 17:33 <DIR> C-Media 3D Audio
22.12.2004 18:31 <DIR> CA
28.01.2006 01:24 <DIR> CASIO
01.09.2004 15:34 <DIR> cbild
08.08.2006 19:02 <DIR> CleanUp!
07.12.2005 19:01 <DIR> CloneDVD
22.09.2003 22:57 <DIR> Common Files
18.10.1995 17:18 18.321 copying
25.07.2004 05:13 139.937 cwshredder.zip
02.10.2003 17:46 <DIR> CyberLink
17.12.2005 18:07 247 default.m3u
25.06.2006 17:02 <DIR> DivX
22.12.2003 02:58 <DIR> Docs
29.04.2006 10:08 <DIR> dscdisk
23.12.2005 22:32 <DIR> DVD Decrypter
23.12.2005 22:30 877.910 DVDDecrypter_3.5.4.0.zip
08.02.2005 02:03 <DIR> DVDx
23.12.2003 16:22 3.342.073 DVDx_2_1.zip
19.12.2003 01:20 <DIR> EA Games
21.09.2005 01:31 <DIR> Elaborate Bytes
06.08.2006 12:50 <DIR> eMule
23.06.2005 17:47 178.412 Erste_Schritte.pdf
11.11.2005 22:34 <DIR> Excid.com Aps
16.05.2005 18:41 5.097.960 Firefox Setup 1.0.4.exe
08.02.2005 02:03 <DIR> FlaskMPEG
27.06.2000 19:18 995.328 FlasKMPEG.exe
22.12.2003 02:56 812.282 FlasKMPEG_0594.exe
09.02.2003 12:04 46.092 French.lng
11.08.2006 17:26 <DIR> Gemeinsame Dateien
22.06.2005 14:13 1.865 german.cnt
01.07.2005 12:55 242.915 German.hlp
08.02.2003 18:56 44.863 German.lng
01.10.2005 18:06 <DIR> GoldWaveDemo
04.12.2005 17:53 <DIR> Google
10.12.2003 00:06 <DIR> ICQ
10.08.2006 20:57 <DIR> ICQLite
29.04.2006 10:08 <DIR> ICQToolbar
20.09.2003 17:09 <DIR> Intel
10.08.2006 20:57 <DIR> Internet Explorer
19.05.2006 16:46 <DIR> iPod
29.03.2006 15:03 <DIR> IrfanView
21.12.2001 00:15 43.771 Italian.lng
10.08.2006 20:57 <DIR> iTunes
14.10.2004 05:15 870.912 iview392.exe
27.02.2006 15:41 <DIR> Java
08.08.2006 17:18 <DIR> Lavasoft
10.08.2006 20:58 <DIR> Lexmark X1100 Series
16.10.2005 18:01 817.543 Line-In.pdf
06.06.2006 18:57 <DIR> Logitech
02.10.2003 17:47 <DIR> Medion Home Cinema XL II
22.09.2003 21:55 <DIR> Medion Tools
10.02.2005 17:33 <DIR> Messenger
23.11.2003 11:39 <DIR> MGI
20.09.2003 20:04 <DIR> Microsoft AutoRoute
20.09.2003 20:11 <DIR> Microsoft Encarta
20.09.2003 16:50 <DIR> microsoft frontpage
23.04.2004 21:34 <DIR> Microsoft Office
20.09.2003 20:10 <DIR> Microsoft Picture It! 9
20.09.2003 20:01 <DIR> Microsoft Visual Studio
20.09.2003 20:02 <DIR> Microsoft Works
20.09.2003 19:56 <DIR> Microsoft Works Suite 2004
08.05.2004 14:40 1.008.192 mmssetup.exe
28.08.2004 00:48 <DIR> Movie Maker
11.08.2006 21:59 <DIR> Mozilla Firefox
08.02.2005 02:03 <DIR> MPEG Mediator
13.06.2000 03:04 690.176 mpeg.cm.flask
26.11.2004 21:52 <DIR> MSN
20.09.2003 16:48 <DIR> MSN Gaming Zone
01.04.2006 17:50 <DIR> MSN Messenger
22.09.2003 23:00 <DIR> MUSICMATCH
28.08.2004 00:44 <DIR> NetMeeting
13.08.2005 14:58 <DIR> Nokia
20.09.2003 19:12 <DIR> Nullsoft
13.10.2004 10:49 <DIR> OfficeUpdate11
29.06.2005 20:47 9.216 ogg.dll
20.09.2003 16:48 <DIR> Online Services
20.09.2003 16:49 <DIR> Online-Dienste
29.04.2006 11:35 <DIR> Outlook Express
30.06.2004 13:37 4.100.420 p2p30110.exe
12.03.2006 23:23 <DIR> phonostar
22.09.2003 21:26 <DIR> Pinnacle
13.10.2004 21:00 <DIR> Pivot Stickfigure Animator
30.06.2004 13:38 <DIR> Pixelnet
23.04.2004 21:33 1.950.272 ppviewer.exe
30.04.2004 23:51 1.584.605 ps_radio.exe
10.08.2006 21:03 <DIR> QuickTime
20.09.2003 19:11 <DIR> Real
20.10.2004 00:39 <DIR> SC-Data
07.08.2005 19:17 <DIR> Sceneo
25.01.2004 23:38 77.824 Schlecker-Foto.exe
25.01.2004 23:40 77.824 Schlecker-Foto2.exe
08.05.2004 15:06 5.246.408 SetupDl.exe
20.11.2004 10:03 780.048 SetupDVDDecrypter_3[1].2.3.0.zip
20.10.2004 00:28 2.080.768 setupGTX.exe
20.12.2001 15:11 42.533 Spanish.lng
11.08.2006 17:32 <DIR> Sunbelt Software
10.08.2006 21:03 <DIR> TuneUp Utilities 2004
14.08.2003 19:13 40.960 Uninstall_PCM.exe
01.10.2003 21:50 <DIR> USB Wireless Keyboard Driver Ver1.24M
29.04.2006 10:08 <DIR> USBToolbox
20.09.2003 19:12 <DIR> Viewpoint
29.06.2005 20:48 138.240 vorbis.dll
29.06.2005 20:48 64.000 vorbisenc.dll
29.06.2005 20:48 11.776 vorbisfile.dll
19.01.2006 19:11 <DIR> WebWasher
20.09.2003 16:56 <DIR> Windows Journal Viewer
04.04.2006 13:21 <DIR> Windows Media Player
28.08.2004 00:44 <DIR> Windows NT
03.05.2004 20:21 2.715.928 WindowsXP-KB835732-x86-DEU.EXE
08.02.2005 02:00 <DIR> WinMPG Video Convert
30.06.2004 13:36 17.939 WinXP_Ordering.zip
03.01.2002 22:50 155.648 WMA8Connect.dll
27.09.2003 12:38 <DIR> X10 Hardware
20.09.2003 16:50 <DIR> xerox
08.02.2005 02:03 <DIR> XMPEG 4.2a
03.10.2005 13:15 <DIR> Yahoo!
01.05.2004 00:04 6.351.504 zalarm.exe
02.12.2003 01:43 <DIR> Zone Labs
51 Datei(en) 54.513.763 Bytes
94 Verzeichnis(se), 14.086.815.744 Bytes frei

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2 3 4