nach Virus, pc sehr langsam, temp wer8 |
||
---|---|---|
#0
| ||
07.09.2006, 17:40
...neu hier
Beiträge: 7 |
||
|
||
09.09.2006, 00:06
Ehrenmitglied
Beiträge: 29434 |
#2
Carmen79
Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat Files to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** poste das log vom avenger, was nach neustart erscheint ** Hijackthis http://computercops.biz/zx/Merijn/hijackthis.zip http://virus-protect.org/hjtkurz.html Lade/entpacke HijackThis in einem Ordner --> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" ** poste dieses log http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
09.09.2006, 22:29
...neu hier
Themenstarter Beiträge: 7 |
#3
Hallo, erstmal vielen Dank für die schnelle Antwort :-)
Habe The Avenger durchgeführt, nur leider nach dem Neustart das Log einfach weggeklickt. Habe alles nochmal durchgeführt, dabei kam das dann bei raus :-( : Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\bxvsoxtr ******************* Script file located at: xopktnio Could not open script file! Error Could not open script file! Status: 0xc000003b Abort! So hier sind dann noch die Daten vom hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 22:32:41, on 09.09.2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\RunDll32.exe C:\Programme\HP\HP Software Update\HPWuSchd2.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Gemeinsame Dateien\AOL\1157655685\ee\AOLSoftware.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\CursorXP\CursorXP.exe C:\Programme\RocketDock\RocketDock.exe C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe C:\Programme\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Dokumente und Einstellungen\CarmenK\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.de/e60/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.de/e60/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von AOL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AOLDialer] REM C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [QuickTime Task] REM "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NeroCheck] REM C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [DataLayer] REM C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] REM C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE O4 - HKLM\..\Run: [CheckDiskOnce] chkdisk.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1157655685\ee\AOLSoftware.exe O4 - HKLM\..\Run: [IPHSend] C:\Programme\Gemeinsame Dateien\AOL\IPHSend\IPHSend.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] REM "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CursorXP] C:\Programme\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [AutoStart-Manager 2006] REM "C:\Programme\Tools&More\Autostart-Manager\AutoStart-Manager.exe" /AUTOSTART O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/ O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Dieser Beitrag wurde am 09.09.2006 um 22:34 Uhr von Carmen79 editiert.
|
|
|
||
09.09.2006, 22:34
Ehrenmitglied
Beiträge: 29434 |
#4
versuche es solange, bis es klappt.
dann poste die anderen zwei logs (siehe oben) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
10.09.2006, 18:08
...neu hier
Themenstarter Beiträge: 7 |
#5
sorry, das verstehe ich jetzt nicht. Ich habe doch schon zwei logs gepostet... Ich führe gerade Combofix durch, der auch schon ein trojanisches Pferd gefunden hat. Nun aber meine Frage: Ist es normal das Combofix nach ca. 3 Stunden immer noch nicht fertig ist???
|
|
|
||
10.09.2006, 18:24
Ehrenmitglied
Beiträge: 29434 |
#6
loesche diese Dateien mit der Killbox
http://virus-protect.org/killbox.html Options: "Delete on Reboot" und "Single File"--> anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes" reinkopieren: ..... C:\WINDOWS\system32\mlfcache.dat C:\WINDOWS\jptc.dat C:\WINDOWS\bqlecp.dat C:\WINDOWS\keyboard1.dat C:\WINDOWS\teller2.chk C:\Dokumente und Einstellungen\CarmenK\Lokale Einstellungen\Temp\STS7.tmp C:\Dokumente und Einstellungen\CarmenK\Lokale Einstellungen\Temp\MAR3.tmp C:\Dokumente und Einstellungen\CarmenK\Lokale Einstellungen\Temp\STS5.tmp C:\Dokumente und Einstellungen\CarmenK\Lokale Einstellungen\Temp\MAR2.tmp pC neustarten ** dann wende noch mal Combofix an und poste das log __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
10.09.2006, 19:42
Member
Beiträge: 11 |
#7
Insgesamt 21 Viren!!! Hilfe!!!
hi, mein PC ist seit letzter Zeit sehr langsam geworden, nach einer Analyse bei Symantec, hat sich herausgestellt, dass ich 21 Viren drauf habe!!! einige davon habe ich oben aufgeschrieben! Was tun? bitte, helfen! Hijack LogFile: Logfile of HijackThis v1.99.1 Scan saved at 4:26:44 PM, on 9/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\System32\SCardSvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\DTV\RemoteControl.exe C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HPQ\Shared\hpqwmi.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Documents and Settings\DeyanPC\Desktop\hijack\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0 \Distillr\Acrotray.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [DTVRemote] "C:\Program Files\DTV\RemoteControl.exe" O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6 \LaunchApplication.exe -onlytray O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10 \OSA.EXE O4 - Global Startup: MSWin.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2 \Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://locator.cdn.imageservr.com O16 - DPF: {00000000-0000-0000-0000-100000000003} - http://code.trasferimento.biz/l/a3ad1d8edc539b47a7e227b1feea490d_35.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37900.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326 O20 - AppInit_DLLs: "", svchost.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1 \Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1 \Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1 \avgemc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32 \ZoneLabs\vsmon.exe ComboFix Log: DeyanPC - 06-09-10 16:43:08.10 ComboFix 06.09.07 - Running from: C:\Documents and Settings\DeyanPC\Desktop\cleanup Microsoft Windows XP [Version 5.1.2600] (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\QooBox\Purity\WINDOWS\system32\STEM32~1 ((((((((((((((((((((((((((((((( Files Created from 2006-08-10 to 2006-09-10 )))))))))))))))))))))))))))))))))) 2006-09-10 16:26 106,516 --a------ C:\WINDOWS\system32\skjwytpj.dll 2006-09-10 16:25 1,132,505 ---hs---- C:\WINDOWS\system32\llnmp.bak1 2006-09-10 11:14 106,516 --a------ C:\WINDOWS\system32\dadcqcan.dll 2006-09-09 10:36 106,516 --a------ C:\WINDOWS\system32\atnwbond.dll 2006-09-07 12:27 106,516 --a------ C:\WINDOWS\system32\oiyjknwi.dll 2006-09-05 23:26 106,516 --a------ C:\WINDOWS\system32\omdwkoqo.dll 2006-09-04 20:48 106,516 --a------ C:\WINDOWS\system32\lttchjyn.dll 2006-09-03 12:26 102,420 --a------ C:\WINDOWS\system32\erwpditm.dll 2006-09-02 12:25 102,420 --a------ C:\WINDOWS\system32\ioqofpom.dll 2006-08-26 04:54 13,844 --a------ C:\WINDOWS\system32\pppyrcrm.exe 2006-08-24 22:26 13,844 --a------ C:\WINDOWS\system32\rkrthmga.exe 2006-08-22 00:18 13,844 --a------ C:\WINDOWS\system32\ywvqfkvo.exe 2006-08-16 02:50 2,580 --a------ C:\WINDOWS\system32\pyeytrqk.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-09-10 16:32 -------- d-------- C:\Program Files\CleanUp! 2006-09-10 15:10 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys 2006-09-10 13:06 -------- d-------- C:\Documents and Settings\DeyanPC\Application Data\Skype 2006-09-10 11:14 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys 2006-09-10 11:14 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys 2006-09-06 01:19 -------- d---s---- C:\Documents and Settings\DeyanPC\Application Data\Microsoft 2006-09-05 00:26 -------- d-------- C:\Program Files\Nokia 2006-09-05 00:26 -------- d-------- C:\Program Files\Common Files\PCSuite 2006-09-05 00:26 -------- d-------- C:\Program Files\Common Files\Nokia 2006-09-05 00:26 -------- d-------- C:\Program Files\Common Files 2006-09-05 00:21 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-08-25 00:00 -------- d-------- C:\Program Files\audiograbber 2006-08-24 18:26 -------- d-------- C:\Program Files\Registry Mechanic 2006-08-22 20:58 -------- d-------- C:\Documents and Settings\DeyanPC\Application Data\Sonic 2006-08-22 20:58 -------- d-------- C:\Documents and Settings\DeyanPC\Application Data\Leadertech 2006-08-21 20:00 -------- d-------- C:\Documents and Settings\DeyanPC\Application Data\Apple Computer 2006-08-16 03:02 -------- d-------- C:\Program Files\Internet Explorer 2006-07-28 01:24 -------- d-------- C:\Program Files\iTunes 2006-07-28 01:22 -------- d-------- C:\Program Files\iPod 2006-07-27 16:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-24 23:09 53624 --a------ C:\Documents and Settings\DeyanPC\Application Data\GDIPFONTCACHEV1.DAT 2006-07-21 11:24 72704 --a------ C:\WINDOWS\system32\hlink.dll 2006-07-18 00:46 -------- d-------- C:\Program Files\Winamp 2006-07-16 15:50 -------- d-------- C:\Program Files\Zone Labs 2006-07-16 13:50 -------- d-------- C:\Program Files\Grisoft 2006-07-16 13:49 -------- d-------- C:\Documents and Settings\DeyanPC\Application Data\AVG7 2006-07-16 13:48 4992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys 2006-07-16 13:48 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys 2006-07-16 13:48 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys 2006-07-14 00:46 -------- d-------- C:\Program Files\Microsoft Office 2006-07-14 00:46 -------- d-------- C:\Program Files\Common Files\Microsoft Shared 2006-07-14 00:10 -------- d-------- C:\Program Files\Microsoft ActiveSync 2006-07-14 00:09 -------- d-------- C:\Program Files\Microsoft Visual Studio 2006-07-14 00:08 -------- d-------- C:\Program Files\Common Files\System 2006-07-10 21:28 -------- d-------- C:\Documents and Settings\DeyanPC\Application Data\AdobeUM 2006-07-09 13:42 42920 --a------ C:\WINDOWS\system32\vsutil_loc0407.dll 2006-07-05 16:39 569396 --------- C:\WINDOWS\system32\pmnll.dll 2006-06-17 14:04 5875 --a------ C:\Documents and Settings\DeyanPC\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC" "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName" "SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe" "SoundMAX"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe /tray" "AGRSMMSG"="AGRSMMSG.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe" "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe" "Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe" "eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start" "UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r" "dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0\\bin\\jusched.exe" "hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe" "WatchDog"="C:\\Program Files\\InterVideo\\DVD Check\\DVDCheck.exe" "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" "Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\"" @="" "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE" "LogitechCameraAssistant"="C:\\Program Files\\Logitech\\Video\\CameraAssistant.exe" "LogitechVideo[inspector]"="C:\\Program Files\\Logitech\\Video\\InstallHelper.exe /inspect" "LogitechCameraService(E)"="C:\\WINDOWS\\system32\\ElkCtrl.exe /automation" "DTVRemote"="\"C:\\Program Files\\DTV\\RemoteControl.exe\"" "USIUDF_Eject_Monitor"="C:\\Program Files\\Common Files\\Ulead Systems\\DVD\\USISrv.exe" "HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\"" "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" "RegistryMechanic"="" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "QuickTime Task"="\"C:\\Program Files\\K-Lite Codec Pack\\QuickTime\\qttask.exe\" -atboottime" "DataLayer"="C:\\Program Files\\Common Files\\PCSuite\\DataLayer\\DataLayer.exe" "PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -onlytray" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnll Completion time: Sun 09/10/2006 16:46:10.10 ComboFix.txt datFind.bat Log files system32.txt: Volume in drive C has no label. Volume Seri*hier nicht!* Number is FC8A-D7FF Directory of C:\WINDOWS\system32 09/10/2006 16:58 1,136,435 llnmp.ini 09/10/2006 16:39 2,206 wpa.dbl 09/10/2006 16:26 106,516 skjwytpj.dll 09/10/2006 16:25 1,132,505 llnmp.bak1 09/10/2006 16:17 54,112 vsconfig.xml 09/10/2006 11:14 106,516 dadcqcan.dll 09/09/2006 22:25 143 mcrh.tmp 09/09/2006 10:36 106,516 atnwbond.dll 09/07/2006 12:27 106,516 oiyjknwi.dll 09/05/2006 23:26 106,516 omdwkoqo.dll 09/04/2006 20:48 106,516 lttchjyn.dll 09/03/2006 12:26 102,420 erwpditm.dll 09/02/2006 12:25 102,420 ioqofpom.dll 08/26/2006 04:54 13,844 pppyrcrm.exe 08/24/2006 22:26 13,844 rkrthmga.exe 08/22/2006 00:18 13,844 ywvqfkvo.exe 08/16/2006 02:50 2,580 pyeytrqk.exe 08/09/2006 22:03 8,325,544 MRT.exe 07/28/2006 14:28 3,054,080 mshtml.dll 07/27/2006 16:24 679,424 inetcomm.dll 07/26/2006 01:03 4,212 zllictbl.dat 07/25/2006 23:33 613,888 urlmon.dll 07/21/2006 11:24 72,704 hlink.dll 07/16/2006 20:34 382,260 perfh009.dat 07/16/2006 20:34 53,838 perfc009.dat 07/16/2006 20:34 441,802 PerfStringBackup.INI 07/14/2006 18:31 332,288 netapi32.dll 07/14/2006 18:25 546,304 hhctrl.ocx 07/14/2006 10:01 215,264 FNTCACHE.DAT 07/13/2006 16:33 8,453,632 shell32.dll 07/09/2006 15:38 25,605 ikhcore.log 07/09/2006 13:42 42,920 vsutil_loc0407.dll 07/09/2006 13:42 392,824 vsdatant.sys 07/09/2006 13:42 71,672 zlcommdb.dll 07/09/2006 13:42 83,960 zlcomm.dll 07/09/2006 13:42 59,384 vswmi.dll 07/09/2006 13:42 100,344 vsxml.dll 07/09/2006 13:42 440,312 vsutil.dll 07/09/2006 13:42 71,672 vsregexp.dll 07/09/2006 13:42 268,280 vspubapi.dll 07/09/2006 13:42 104,440 vsmonapi.dll 07/09/2006 13:42 157,688 vsinit.dll 07/09/2006 13:42 83,960 vsdata.dll 07/05/2006 16:39 569,396 pmnll.dll 07/05/2006 13:55 984,064 kernel32.dll 06/26/2006 20:37 148,480 dnsapi.dll 06/26/2006 20:37 8,192 rasadhlp.dll 06/23/2006 14:02 658,944 wininet.dll 06/23/2006 14:02 448,512 mshtmled.dll 06/23/2006 14:02 146,432 msrating.dll 06/23/2006 14:02 1,494,016 shdocvw.dll 06/23/2006 14:02 532,480 mstime.dll 06/23/2006 14:02 474,112 shlwapi.dll 06/23/2006 14:02 39,424 pngfilt.dll 06/23/2006 14:02 357,888 dxtmsft.dll 06/23/2006 14:02 251,392 iepeers.dll 06/23/2006 14:02 55,808 extmgr.dll 06/23/2006 14:02 205,312 dxtrans.dll 06/23/2006 14:02 16,384 jsproxy.dll 06/23/2006 14:02 1,054,208 danim.dll 06/23/2006 14:02 96,256 inseng.dll 06/23/2006 14:02 1,022,976 browseui.dll 06/23/2006 14:02 151,040 cdfview.dll 06/23/2006 11:34 24,576 xpsp3res.dll 06/22/2006 13:47 181,248 rasmans.dll 06/20/2006 23:32 796,584 libeay32_0.9.6l.dll 06/15/2006 21:27 9,689 lvcoinst.log 06/15/2006 15:20 45,292 OEMINFO.PNF 06/01/2006 21:47 27,648 jgpl400.dll 06/01/2006 21:47 163,840 jgdw400.dll 05/19/2006 15:59 94,720 iphlpapi.dll 05/19/2006 15:59 111,616 dhcpcsvc.dll 05/18/2006 08:24 450,560 jscript.dll 05/03/2006 21:05 535 mapisvc.inf 05/03/2006 10:43 23,392 nscompat.tlb 05/03/2006 10:43 16,832 amcompat.tlb 05/03/2006 10:43 656 InstallUtil.InstallLog 05/03/2006 10:41 127,075 javaws.exe 05/03/2006 10:41 49,262 jpicpl32.cpl 05/03/2006 10:41 49,245 java.exe 05/03/2006 10:41 49,247 javaw.exe 05/03/2006 10:40 1,093,632 pxsfs.dll 05/03/2006 10:40 108,544 pxcpyi64.exe 05/03/2006 10:40 104,960 pxinsi64.exe windows.txt: olume in drive C has no label. Volume Seri*hier nicht!* Number is FC8A-D7FF Directory of C:\WINDOWS 09/10/2006 16:37 1,107,279 WindowsUpdate.log 09/10/2006 16:28 900,668 setupapi.log 09/10/2006 16:17 3,638 ModemLog_Agere Systems AC'97 Modem.txt 09/10/2006 16:17 159 wiadebug.log 09/10/2006 16:17 49 wiaservc.log 09/10/2006 16:17 0 0.log 09/10/2006 16:17 2,048 bootstat.dat 09/10/2006 13:10 32,646 SchedLgU.Txt 09/09/2006 16:31 61,136 wmsetup.log 09/09/2006 14:32 54,156 QTFont.qfn 09/05/2006 00:22 19 SoundConverter.INI 09/01/2006 00:50 1,409 QTFont.for 08/25/2006 00:00 14,686 cdplayer.ini 08/24/2006 18:23 1,026,392 dp2_log.txt 08/16/2006 03:06 70,922 iis6.log 08/16/2006 03:06 1,374 imsins.log 08/16/2006 03:06 190,039 tsoc.log 08/16/2006 03:06 171,254 comsetup.log 08/16/2006 03:06 106,140 ntdtcsetup.log 08/16/2006 03:06 27,555 ocmsn.log 08/16/2006 03:06 17,334 KB920214.log 08/16/2006 03:05 24,823 msgsocm.log 08/16/2006 03:05 262,076 ocgen.log 08/16/2006 03:05 491,579 FaxSetup.log 08/16/2006 03:05 1,374 imsins.BAK 08/16/2006 03:05 17,148 KB921883.log 08/16/2006 03:05 21,529 updspapi.log 08/16/2006 03:05 16,874 KB922616.log 08/16/2006 03:05 17,321 KB921398.log 08/16/2006 03:03 20,295 KB918899.log 08/16/2006 03:02 12,683 KB920670.log 08/16/2006 03:01 12,843 KB917422.log 08/16/2006 03:01 13,189 KB920683.log 07/28/2006 01:24 357 GEARInstall.log 07/27/2006 13:27 271,029 LVEventLog.log 07/16/2006 12:57 472 setupact.log 07/15/2006 03:01 3,335 KB885884.log 07/14/2006 00:16 748 ODBC.INI 07/14/2006 00:13 628 win.ini 07/12/2006 01:02 12,535 KB917159.log 07/12/2006 01:02 13,086 KB914388.log 07/12/2006 01:01 11,304 KB916595.log 07/06/2006 22:05 0 pestpatrol5.INI 06/28/2006 03:01 15,700 KB911280.log 06/17/2006 17:38 1,830 spupdsvc.log 06/17/2006 16:18 11,919 KB917734.log 06/17/2006 16:17 14,404 KB918439.log 06/17/2006 16:17 14,787 KB917344.log 06/17/2006 16:17 14,551 KB917953.log 06/17/2006 16:17 18,165 KB916281.log 06/17/2006 16:17 12,437 KB914389.log 06/17/2006 14:09 100,724 cpeins04.dat 06/17/2006 14:04 206 HPGdiPlus.ini 06/15/2006 18:30 104,156 hpoins04.dat 06/13/2006 13:14 794 DirectX.log 06/12/2006 23:43 316,640 WMSysPr9.prx 05/21/2006 00:38 6,047 WgaNotify.log 05/10/2006 13:22 12,799 KB913580.log 05/05/2006 01:53 30,344 KB899587.log 05/05/2006 01:53 29,466 KB896422.log 05/05/2006 01:53 29,288 KB885835.log 05/05/2006 01:53 28,186 KB885836.log 05/05/2006 01:53 28,990 KB885250.log 05/05/2006 01:52 29,143 KB911927.log 05/05/2006 01:52 28,645 KB901017.log 05/05/2006 01:52 28,961 KB899591.log 05/05/2006 01:52 28,967 KB896424.log 05/05/2006 01:52 28,773 KB893756.log 05/05/2006 01:52 27,726 KB911562.log 05/05/2006 01:52 27,912 KB900485.log 05/05/2006 01:52 26,084 KB873339.log 05/05/2006 01:52 26,149 KB888113.log 05/05/2006 01:52 26,691 KB887742.log 05/05/2006 01:52 26,098 KB887472.log 05/05/2006 01:52 27,419 KB896358.log 05/05/2006 01:51 26,190 KB891781.log 05/05/2006 01:51 31,087 KB912812.log 05/05/2006 01:51 29,815 KB902400.log 05/05/2006 01:51 22,171 KB890046.log 05/05/2006 01:51 21,184 KB905414.log 05/05/2006 01:51 20,177 KB901214.log 05/05/2006 01:51 19,226 KB888302.log 05/05/2006 01:50 20,530 KB900725.log 05/05/2006 01:50 18,198 KB912919.log 05/05/2006 01:50 17,387 KB904706.log 05/05/2006 01:50 17,386 KB901190.log 05/05/2006 01:50 17,915 KB908531.log 05/05/2006 01:50 17,492 KB905749.log 05/05/2006 01:50 16,283 KB896428.log 05/05/2006 01:50 16,947 KB911567.log 05/05/2006 01:50 16,497 KB894391.log 05/05/2006 01:50 13,812 KB908519.log 05/04/2006 09:16 17,152 KB896423.log 05/04/2006 09:16 12,003 KB910437.log 05/04/2006 09:16 7,811 KB911564.log 05/04/2006 09:15 10,707 KB886185.log 05/04/2006 09:15 8,033 KB911565.log 05/04/2006 09:14 11,485 KB913446.log 05/04/2006 09:14 18,089 KB890859.log 05/04/2006 02:23 8,436 KB893803v2.log 05/04/2006 02:22 8,032 KB898461.log 05/03/2006 21:09 6,209 WINNT32.LOG 05/03/2006 21:09 564 UPGRADE.TXT 05/03/2006 10:54 458 wmsetup10.log 05/03/2006 10:49 1,446 COM+.log 05/03/2006 10:47 676 chipset.log 05/03/2006 10:41 138 wininit.ini 05/03/2006 10:40 381 xpsp1hfm.log 05/03/2006 10:35 4,976 KB885464.log 05/03/2006 10:35 4,866 KB892559.log 05/03/2006 10:35 4,324 KB888239.log 05/03/2006 10:34 4,755 KB885855.log 05/03/2006 10:34 4,557 KB884575.log 05/03/2006 10:34 3,944 KB883667.log 05/03/2006 10:32 225,413 SetupWLD.log 05/03/2006 10:29 840 SynInst.log 05/03/2006 10:29 0 setuperr.log 05/02/2006 22:48 225 DHCPUPG.LOG temp.txt: Volume in drive C has no label. Volume Seri*hier nicht!* Number is FC8A-D7FF Directory of C:\DOCUME~1\DeyanPC\LOCALS~1\Temp 09/10/2006 16:40 16,384 ~DFFB3.tmp 09/10/2006 16:37 458,931 hpodvd09.log 2 File(s) 475,315 bytes 0 Dir(s) 26,876,198,912 bytes free c.txt: Volume in drive C has no label. Volume Seri*hier nicht!* Number is FC8A-D7FF Directory of C:\ 09/10/2006 16:59 0 sys.txt 09/10/2006 16:59 8,928 system.txt 09/10/2006 16:58 320 systemtemp.txt 09/10/2006 16:58 112,126 system32.txt 09/10/2006 16:55 320 temp.txt 09/10/2006 16:46 10,118 ComboFix.txt 09/10/2006 16:17 527,880,192 hiberfil.sys 09/10/2006 16:17 792,723,456 pagefile.sys 09/10/2006 16:16 1,600 VundoFix.txt 08/16/2006 18:25 1,341,440 01.mpg 07/27/2006 13:27 2,048 TimeShift.mpg 07/16/2006 13:52 12,286,415 AVG7QT.DAT 07/09/2006 15:32 6,990 caisslog.txt 06/15/2006 20:45 1,167 _Sid.txt 05/03/2006 10:49 3,222,896 DNSP1.LOG 05/03/2006 10:48 182 guides.log 05/03/2006 10:47 90 chpst.log 05/03/2006 10:44 163 setup.log 05/03/2006 10:42 20,932 sunjava.log 05/03/2006 10:36 171 HSC.log 05/03/2006 10:35 161 esuinst.log 05/03/2006 10:35 205 sedinst2.log 05/03/2006 10:29 191 syntp.log 05/03/2006 10:29 32 ticrdbus.log 04/15/2006 10:46 0 MSDOS.SYS 04/15/2006 10:46 0 AUTOEXEC.BAT 04/15/2006 10:46 0 IO.SYS 04/15/2006 10:46 0 CONFIG.SYS 04/15/2006 10:40 211 boot.ini 08/04/2004 15:00 250,032 ntldr 08/04/2004 15:00 47,564 NTDETECT.COM 12/08/2003 13:15 28,672 hpqimgrc.resources.dll 32 File(s) 1,337,946,622 bytes 0 Dir(s) 26,876,186,624 bytes free Symantec Analyse: C:\WINDOWS\Temp\sa118.exe is infected with SpywareQuake C:\WINDOWS\Temp\winE6.tmp.exe is infected with Adware.Purityscan C:\WINDOWS\system32\ssqpqpp.dll is infected with Downloader C:\WINDOWS\system32\urqnmkj.dll is infected with Downloader C:\WINDOWS\system32\xxywuur.dll is infected with Downloader C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe is infected with WinFixer C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWA6P_0001_N91M1807NetInstaller.exe is infected with WinFixer C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UWA6P_0001_N91M1807NetInstaller.exe is infected with WinFixer C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWA6P_0001_N91M1807NetInstaller.exe is infected with WinFixer C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWA6P_0001_N91M1807NetInstaller.exe is infected with WinFixer C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWA6P_0001_N91M1807NetInstaller.exe is infected with WinFixer C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA6P_0001_N91M1807NetInstaller.exe is infected with WinFixer C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exe is infected with WinFixer C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe is infected with WinFixer C:\WINDOWS\Downloaded Program Files\CONFLICT.13\UWA6P_0001_N91M1807NetInstaller.exe is infected with WinFixer C:\WINDOWS\Downloaded Program Files\CONFLICT.12\UWA6P_0001_N91M1807NetInstaller.exe is infected with WinFixer C:\WINDOWS\Downloaded Program Files\CONFLICT.11\UWA6P_0001_N91M1807NetInstaller.exe is infected with WinFixer C:\WINDOWS\Downloaded Program Files\CONFLICT.10\UWA6P_0001_N91M1807NetInstaller.exe is infected with WinFixer C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe is infected with WinFixer C:\Documents and Settings\DeyanPC\Local Settings\Temporary Internet Files\Content.IE5\YJSRWJ4L\WinAntiVirusPro2006FreeInstall[1].cab is infected with WinFixer C:\Documents and Settings\DeyanPC\Local Settings\Temp\ICD2.tmp\UWA6P_0001_N91M1807NetInstaller.exe is infected with WinFixer Symptome: verschiedene Programme versuchen sich zu installieren, mein PC lädt sich von selbst herunter und lädt sehr langsam, meine Internet Verbindung ist extrem langsam(ich kann kaum 3 Seiten gleichzeitig öffnen). Bis sich WORD öffnet dauerts 2 Min!!! Ich habe AVG und ZONEALARM drauf, aber nichts! Würde mich sehr auf einen Rat freuen! Danke! |
|
|
||
10.09.2006, 21:17
Ehrenmitglied
Beiträge: 29434 |
#8
Deyani
avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** poste das log vom avenger, was erscheint ** Start - Programme - Zubehör - Systemprogramme - Datenträgerbereinigung - Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k. - Click:Temporäre Dateien, o.k ** öffne das HijackThis -- Button "scan" -- vor Eintrag Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O20 - AppInit_DLLs: "", svchost.dllPC neustarten ** virustotal Oben auf der Seite --> auf Durchsuchen klicken --> die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf Submit... jetzt abwarten http://www.virustotal.com/flash/index_en.html C:\WINDOWS\system32\Drivers\CO_Mon.sys poste den report « __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.09.2006, 20:31
...neu hier
Themenstarter Beiträge: 7 |
#9
Hallöchen!
Also ich habe heute nochmal mehrere Stunden den Combofix laufen lassen, aber es passiert einfach nix :-( |
|
|
||
11.09.2006, 22:59
Ehrenmitglied
Beiträge: 29434 |
#10
Carmen79
scanne, option 1 und 2 (kannst du beides im normalmodus machen) http://virus-protect.org/artikel/tools/smitfrautfix.html poste hier beide scanreporte __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
12.09.2006, 20:28
...neu hier
Themenstarter Beiträge: 7 |
#11
So, das ist der 1. log:
SmitFraudFix v2.87 Scan done at 20:18:20.23, 06-09-12 Run from C:\Dokumente und Einstellungen\CarmenK\Eigene Dateien\Programme\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\CarmenK\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\CarmenK\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Programme »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End und hier der 2.: SmitFraudFix v2.87 Scan done at 20:19:35.78, 06-09-12 Run from C:\Dokumente und Einstellungen\CarmenK\Eigene Dateien\Programme\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End ach ja und diesen log habe ich noch gefunden unter C: von Combofix CarmenK - 06-09-11 20:14:35.82 ComboFix 06.09.07 - Running from: C:\Dokumente und Einstellungen\CarmenK\Eigene Dateien\Programme Microsoft Windows XP [Version 5.1.2600] (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\NetMon ((((((((((((((((((((((((((((((( Files Created from 2006-08-09 to 2006-09-09 )))))))))))))))))))))))))))))))))) 2006-09-07 20:27 57,384 --a------ C:\WINDOWS\system32\avsda.dll 2006-09-07 20:27 57,384 --a------ C:\WINDOWS\system32\avsda.dll 2006-09-07 20:27 57,384 --a------ C:\WINDOWS\system32\avsda.dll 2006-09-07 20:27 57,384 --a------ C:\WINDOWS\system32\avsda.dll 2006-09-07 20:27 57,384 --a------ C:\WINDOWS\system32\avsda.dll 2006-09-07 20:27 57,384 --a------ C:\WINDOWS\system32\avsda.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) |
|
|
||
12.09.2006, 23:39
Ehrenmitglied
Beiträge: 29434 |
#12
Carmen79
1. lasse die combofix noch mal laufen und poste das komplette log, nicht nur die haelfte 2. scanne mit Counterspy, stelle nach dem scann alles auf "remove" und poste den scanreport http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
29.09.2006, 14:45
...neu hier
Themenstarter Beiträge: 7 |
#13
also die Combofix läuft nicht durch, selbst nicht nach 2 Tagen... aber hier der Log vom Counterspy:
Spyware Scan Details Start Date: 06-09-18 16:41:38 End Date: 06-09-18 17:05:07 Total Time: 23 mins 29 secs Detected spyware TagASaurus Adware (General) more information... Details: TagASaurus is an adware application that creates a search engine window on the desktop and may display advertising. Status: Deleted Infected files detected c:\windows\uninst2.htm c:\windows\unist1.htm RealVNC Commercial Remote Control Tool more information... Details: VNC (Virtual Network Computing) software makes it possible to view and fully-interact with one computer from any other computer or mobile device anywhere on the Internet. Status: Deleted Infected registry entries detected HKEY_CURRENT_USER\Software\ORL\VNCHooks HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\hpofxm08.exe use_GetUpdateRect 0 HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\hpofxm08.exe use_Timer 1 HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\hpofxm08.exe use_KeyPress 1 HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\hpofxm08.exe use_LButtonUp 1 HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\hpofxm08.exe use_MButtonUp 0 HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\hpofxm08.exe use_RButtonUp 0 HKEY_CURRENT_USER\Software\ORL\VNCHooks\Application_Prefs\hpofxm08.exe use_Deferral 1 Cookie: Advertising.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\carmenk\cookies\carmenk@advertising[1].txt Cookie: ATDMT.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\carmenk\cookies\carmenk@atdmt[2].txt Cookie: DoubleClick Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\carmenk\cookies\carmenk@doubleclick[1].txt Cookie: Mediaplex.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\carmenk\cookies\carmenk@mediaplex[1].txt |
|
|
||
29.09.2006, 15:54
Ehrenmitglied
Beiträge: 29434 |
#14
Carmen79
«« poste dieses log http://virus-protect.org/winpfind.html «« Hijackthis http://computercops.biz/zx/Merijn/hijackthis.zip http://virus-protect.org/hjtkurz.html Lade/entpacke HijackThis in einem Ordner --> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
01.10.2006, 13:57
...neu hier
Themenstarter Beiträge: 7 |
#15
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Logfile created on: 06-10-01 13:45:56 WinPFind v1.5.0 Folder = C:\Dokumente und Einstellungen\CarmenK\Eigene Dateien\Virus\WinPFind\WinPFind\ Microsoft Windows XP (Version = 5.1.2600) Internet Explorer (Version = 6.0.2800.1106) »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... UPX! 05-10-13 21:27:00 RHS 422400 C:\WINDOWS\x2.64.exe () Checking %System% folder... UPX! 05-10-07 19:14:52 RHS 308224 C:\WINDOWS\SYSTEM32\avisynth.dll (The Public) aspack 05-03-18 17:19:58 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation) aspack 05-05-26 15:34:52 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation) aspack 05-07-22 19:59:04 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation) aspack 05-12-05 18:09:18 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation) aspack 06-02-03 08:43:16 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll (Microsoft Corporation) PEC2 01-08-18 14:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc () UPX! 04-01-25 RHS 70656 C:\WINDOWS\SYSTEM32\i420vfw.dll (www.helixcommunity.org) WSUD 01-08-18 14:00:00 1164288 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation) WSUD 01-08-18 14:00:00 259072 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation) Umonitor 01-08-18 14:00:00 659456 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation) UPX! 06-04-27 17:49:30 288417 C:\WINDOWS\SYSTEM32\SrchSTS.exe (S!Ri) UPX! 06-08-29 19:43:54 135168 C:\WINDOWS\SYSTEM32\swreg.exe (SteelWerX) UPX! 06-01-09 10:36:06 40960 C:\WINDOWS\SYSTEM32\swsc.exe () winsync 01-08-18 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu () UPX! 05-02-28 13:16:22 RHS 240128 C:\WINDOWS\SYSTEM32\x.264.exe () UPX! 04-01-25 RHS 70656 C:\WINDOWS\SYSTEM32\yv12vfw.dll (www.helixcommunity.org) Checking %System%\Drivers folder and sub-folders... Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 06-10-01 13:41:22 S 2048 C:\WINDOWS\bootstat.dat () 06-10-01 13:42:06 H 1024 C:\WINDOWS\system32\config\default.LOG () 06-10-01 13:41:24 H 1024 C:\WINDOWS\system32\config\SAM.LOG () 06-10-01 13:42:08 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG () 06-10-01 13:46:52 H 1024 C:\WINDOWS\system32\config\software.LOG () 06-10-01 13:42:10 H 1024 C:\WINDOWS\system32\config\system.LOG () 06-10-01 13:41:24 H 6 C:\WINDOWS\Tasks\SA.DAT () Checking for CPL files... 01-08-18 14:00:00 68096 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation) 01-08-18 14:00:00 563712 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation) 01-08-18 14:00:00 133120 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation) 01-08-18 14:00:00 152064 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation) 02-08-29 09:32:28 293376 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation) 01-08-18 14:00:00 123392 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation) 02-08-29 03:41:00 208896 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation) 04-12-07 18:51:50 57344 C:\WINDOWS\SYSTEM32\LocalCOM.cpl (TOSHIBA CORPORATION) 01-08-18 14:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation) 01-08-18 14:00:00 566272 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation) 01-08-18 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation) 01-08-18 14:00:00 259072 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation) 06-04-12 04:38:46 R 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl (NVIDIA Corporation) 01-08-18 14:00:00 38400 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation) 01-08-18 14:00:00 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation) 01-08-18 14:00:00 111616 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation) 06-07-03 22:20:10 25088 C:\WINDOWS\SYSTEM32\prefscpl.cpl (RealNetworks, Inc.) 04-01-20 15:10:52 324608 C:\WINDOWS\SYSTEM32\QuickTime.cpl (Apple Computer, Inc.) 01-08-18 14:00:00 275456 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation) 01-08-18 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation) 01-08-18 14:00:00 90112 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation) 01-08-18 14:00:00 68096 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation) 01-08-18 14:00:00 563712 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation) 01-08-18 14:00:00 133120 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation) 01-08-18 14:00:00 152064 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation) 02-08-29 09:32:28 293376 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation) 01-08-18 14:00:00 123392 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation) 02-08-29 03:41:00 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation) 01-08-18 14:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation) 01-08-18 14:00:00 566272 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation) 01-08-18 14:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation) 01-08-18 14:00:00 259072 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation) 01-08-18 14:00:00 38400 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation) 01-08-18 14:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation) 01-08-18 14:00:00 111616 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation) 01-08-18 14:00:00 151552 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation) 01-08-18 14:00:00 275456 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation) 01-08-18 14:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation) 01-08-18 14:00:00 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation) Checking for Downloaded Program Files... {D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 06-07-03 22:47:14 1737 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk () 06-07-03 21:32:18 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini () 06-07-29 18:39:58 1788 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk () 06-07-03 21:58:28 H 1709 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk () Checking files in %ALLUSERSPROFILE%\Application Data folder... 06-07-03 22:12:20 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini () 06-07-29 18:51:08 722 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log () Checking files in %USERPROFILE%\Startup folder... 06-07-03 21:32:18 HS 84 C:\Dokumente und Einstellungen\CarmenK\Startmenü\Programme\Autostart\desktop.ini () Checking files in %USERPROFILE%\Application Data folder... 06-07-03 22:12:20 HS 62 C:\Dokumente und Einstellungen\CarmenK\Anwendungsdaten\desktop.ini () »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» >>> Internet Explorer Settings <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] \\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home \\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch \\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome \\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch \\Local Page - C:\windows\system32\blank.htm [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] \\Start Page - http://www.aol.de/ \\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch \\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch \\Local Page - C:\windows\system32\blank.htm [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] \\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm \\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] \\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Sucheingriff = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation) >>> BHO's <<< [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] \{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) >>> Internet Explorer Bars, Toolbars and Extensions <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] \{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation) \{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] \{30D02401-6A81-11D0-8274-00C04FD5AE38} - Search Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation) \{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation) \{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation) \{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation) \{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] \ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\System32\browseui.dll (Microsoft Corporation) \WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\System32\browseui.dll (Microsoft Corporation) \WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping] \\{c95fe080-8f5d-11d2-a20b-00aa003c157a} - 8192 = @shdoclc.dll,-864 \\NEXTID - 8195 \\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8193 = \\{B863453A-26C3-4e1f-A54D-A2CD196348E9} - 8194 = ICQ Lite [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] \{B863453A-26C3-4e1f-A54D-A2CD196348E9} - ButtonText: ICQ Lite = C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.) \{c95fe080-8f5d-11d2-a20b-00aa003c157a} - ButtonText: @shdoclc.dll,-866 = %SystemRoot%\web\related.htm \{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - ButtonText: Real.com = >>> Approved Shell Extensions (Non-Microsoft Only) <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] \\{42071714-76d4-11d1-8b24-00a0c9068ff3} - CPL-Erweiterung für Anzeigeverschiebung = deskpan.dll () \\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shellerweiterungen für die Dateikomprimierung = () \\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Kontextmenü für die Verschlüsselung = () \\{88895560-9AA2-1069-930E-00AA0030EBC8} - Erweiterung für HyperTerminal-Icons = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.) \\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskleiste und Startmenü = () \\{7A9D77BD-5403-11d2-8785-2E0420524153} - Benutzerkonten = () \\{FFB699E0-306A-11d3-8BD1-00104B6F7516} - Play on my TV helper = C:\WINDOWS\System32\nvcpl.dll (NVIDIA Corporation) \\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\System32\NVCPL.DLL (NVIDIA Corporation) \\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation) \\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation) \\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation) \\{73B24247-042E-4EF5-ADC2-42F62E6FD654} - ICQ Lite Shell Extension = C:\Programme\ICQLite\ICQLiteShell.dll () \\{40950107-FEA6-4d53-A65F-B2DCBA57DD58} - Nokia Phone Browser = C:\Programme\Nokia\Nokia PC Suite 6\PhoneBrowser.dll (Nokia) \\{FBFE7864-D495-41f0-B7DC-4BB601CC295E} - Contact View = C:\Programme\Nokia\Nokia PC Suite 6\ContactView.dll (Nokia) \\{C0C4375A-5B72-4efe-929D-3B848C3A1E91} - Message View = C:\Programme\Nokia\Nokia PC Suite 6\MessageView.dll (Nokia) \\{45AC2688-0253-4ED8-97DE-B5370FA7D48A} - Shell Extension for Malware scanning = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll (H+BEDV Datentechnik GmbH) \\{D653647D-D607-4DF6-A5B8-48D2BA195F7B} - BitDefender Antivirus v8 = () \\{A155339D-CCCD-4714-85EB-3754B804C9DF} - a-squared Free Context Menu Shell Extension = C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL (Emsi Software GmbH) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] \\{BDEADF00-C265-11d0-BCED-00A0C90AB50F} - = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL () >>> Context Menu Handlers (Non-Microsoft Only) <<< [HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers] \ICQLiteMenu - {73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll () \IPSContMenu - {EBDF1F20-C829-11D1-8233-0020AF3E97A9} = () \Shell Extension for Malware scanning - {45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll (H+BEDV Datentechnik GmbH) [HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers] \a2FreeContMenu - {A155339D-CCCD-4714-85EB-3754B804C9DF} = C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL (Emsi Software GmbH) [HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers] \ICQLiteMenu - {73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll () \IPSContMenu - {EBDF1F20-C829-11D1-8233-0020AF3E97A9} = () [HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers] \00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation) \NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\System32\NVCPL.DLL (NVIDIA Corporation) [HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers] \a2FreeContMenu - {A155339D-CCCD-4714-85EB-3754B804C9DF} = C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL (Emsi Software GmbH) \BitDefender Antivirus v8 - {D653647D-D607-4DF6-A5B8-48D2BA195F7B} = () \IPSContMenu - {EBDF1F20-C829-11D1-8233-0020AF3E97A9} = () \Shell Extension for Malware scanning - {45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programme\AntiVir PersonalEdition Classic\shlext.dll (H+BEDV Datentechnik GmbH) >>> Column Handlers (Non-Microsoft Only) <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] \{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.) >>> Registry Run Keys <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll () nwiz - C:\WINDOWS\SYSTEM32\nwiz.exe (NVIDIA Corporation) NvMediaCenter - RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll () AOLDialer - REM C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe () QuickTime Task - REM "C:\Programme\QuickTime\qttask.exe () Cmaudio - RunDll32 cmicnfg.cpl () KernelFaultCheck - () HP Software Update - C:\Programme\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.) NeroCheck - REM C:\WINDOWS\System32\NeroCheck.exe () DataLayer - REM C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE () PCSuiteTrayApplication - REM C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE () CheckDiskOnce - chkdisk.exe () avgnt - C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) HostManager - C:\Programme\Gemeinsame Dateien\AOL\1157655685\ee\AOLSoftware.exe (America Online, Inc.) IPHSend - C:\Programme\Gemeinsame Dateien\AOL\IPHSend\IPHSend.exe (America Online, Inc.) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] CTFMON.EXE - C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation) MSMSGS - REM "C:\Programme\Messenger\msmsgs.exe () CursorXP - C:\Programme\CursorXP\CursorXP.exe ( ) RocketDock - C:\Programme\RocketDock\RocketDock.exe () AutoStart-Manager 2006 - REM "C:\Programme\Tools&More\Autostart-Manager\AutoStart-Manager.exe () [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] >>> Startup Links <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup] C:\Dokumente und Einstellungen\CarmenK\Startmenü\Programme\Autostart\desktop.ini () >>> MSConfig Disabled Items <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services TSMService 3 AVKWCtl 2 AVKService 2 AOL ACS 2 Netman 3 wuauserv 2 XCOMM 2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AOL 9.0 Tray-Symbol.lnk path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AOL 9.0 Tray-Symbol.lnk backup C:\WINDOWS\pss\AOL 9.0 Tray-Symbol.lnkCommon Startup location Common Startup command C:\PROGRA~1\AOL9~1.0\aoltray.exe -check item AOL 9.0 Tray-Symbol HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Bluetooth Manager.lnk path C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk backup C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup location Common Startup command C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe item Bluetooth Manager HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ICQ Lite key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ICQLite hkey HKLM command REM "C:\Programme\ICQLite\ICQLite.exe" -minimize inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state system.ini 0 win.ini 0 bootini 0 services 2 startup 2 [All Users Startup Folder Disabled Items] [Current User Startup Folder Disabled Items] >>> User Agent Post Platform <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] >>> AppInit Dll's <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs] >>> Image File Execution Options <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] \Your Image File Name Here without a path - Debugger = ntsd -d >>> Shell Service Object Delay Load <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] \\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation) \\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation) \\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation) \\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation) >>> Shell Execute Hooks <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] \\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation) >>> Shared Task Scheduler <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] >>> Winlogon <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] \\UserInit = C:\WINDOWS\system32\userinit.exe, \\Shell = Explorer.exe \\System = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] \crypt32chain - crypt32.dll = (Microsoft Corporation) \cryptnet - cryptnet.dll = (Microsoft Corporation) \cscdll - cscdll.dll = (Microsoft Corporation) \ScCertProp - wlnotify.dll = (Microsoft Corporation) \Schedule - wlnotify.dll = (Microsoft Corporation) \sclgntfy - sclgntfy.dll = (Microsoft Corporation) \SensLogn - WlNotify.dll = (Microsoft Corporation) \termsrv - wlnotify.dll = (Microsoft Corporation) \wlballoon - wlnotify.dll = (Microsoft Corporation) >>> DNS Name Servers <<< {5E897DD1-AB44-46A3-9FD1-8416C73D295C} - (AVM FRITZ!Box SL) {9D7BDFC3-8F08-4CB3-B7A7-80745433A475} - (AVM FRITZ!Box SL) {AE171A7E-4DAE-47CD-BDFA-48E17AC72B7B} - () {DAB94F26-E1C9-46B5-BE31-91970580B13D} - (SiS 900-PCI-Fast Ethernet-Adapter) >>> All Winsock2 Catalogs <<< [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries] \000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation) \000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation) \000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries] \000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation) \000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation) \000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000019\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000020\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) \000000000021\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation) >>> Protocol Handlers (Non-Microsoft Only) <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler] \ipp - () \msdaipp - () >>> Protocol Filters (Non-Microsoft Only) <<< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter] >>> Selected AddOn's <<< »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Logfile of HijackThis v1.99.1 Scan saved at 14:01, on 06-10-01 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\HP\HP Software Update\HPWuSchd2.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Gemeinsame Dateien\AOL\1157655685\ee\AOLSoftware.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\CursorXP\CursorXP.exe C:\Programme\RocketDock\RocketDock.exe C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe C:\Programme\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Dokumente und Einstellungen\CarmenK\Eigene Dateien\Virus\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von AOL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AOLDialer] REM C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [QuickTime Task] REM "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NeroCheck] REM C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [DataLayer] REM C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM\..\Run: [PCSuiteTrayApplication] REM C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE O4 - HKLM\..\Run: [CheckDiskOnce] chkdisk.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [HostManager] C:\Programme\Gemeinsame Dateien\AOL\1157655685\ee\AOLSoftware.exe O4 - HKLM\..\Run: [IPHSend] C:\Programme\Gemeinsame Dateien\AOL\IPHSend\IPHSend.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] REM "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CursorXP] C:\Programme\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [AutoStart-Manager 2006] REM "C:\Programme\Tools&More\Autostart-Manager\AutoStart-Manager.exe" /AUTOSTART O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de/e60/ O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Dieser Beitrag wurde am 01.10.2006 um 14:02 Uhr von Carmen79 editiert.
|
|
|
||
Ich denke ich habe einen Virus, der aber nicht von Virenprogrammen erkannt wird. Habe hier schon einiges gelesen und ich denke der steckt irgendwo fest (system32 usw.).
Bitte um Hilfe!!!
Ach ja und ich habe bereits den clean up durchgeführt und gelesen, dass man diese Bat....??? hier angeben sollte:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1071-F798
Verzeichnis von C:\WINDOWS\system32
04.09.2006 19:27 7.006 jupdate-1.5.0_06-b05.log
04.09.2006 09:39 2.184 wpa.dbl
27.08.2006 16:19 28 log200674.log
25.08.2006 17:52 53.084 mlfcache.dat
07.08.2006 16:02 534.208 SymNeti.dll
07.08.2006 16:02 161.472 SymRedir.dll
04.08.2006 06:15 257.456 FNTCACHE.DAT
25.07.2006 18:03 466.944 capicom.dll
03.07.2006 22:55 47.290 interceptor.sys
03.07.2006 22:55 45.056 WNASPI32.DLL
03.07.2006 22:24 0 h323log.txt
03.07.2006 22:22 16.832 amcompat.tlb
03.07.2006 22:22 23.392 nscompat.tlb
03.07.2006 22:20 2.780 qtplugin.log
03.07.2006 22:20 157.696 rmoc3260.dll
03.07.2006 22:20 25.088 prefscpl.cpl
03.07.2006 22:20 5.632 pndx5032.dll
03.07.2006 22:20 6.656 pndx5016.dll
03.07.2006 22:20 278.528 pncrt.dll
03.07.2006 22:19 311.604 perfh009.dat
03.07.2006 22:19 39.992 perfc009.dat
03.07.2006 22:19 316.594 perfh007.dat
03.07.2006 22:19 48.156 perfc007.dat
03.07.2006 22:19 723.744 PerfStringBackup.INI
03.07.2006 21:41 25.065 wmpscheme.xml
03.07.2006 21:36 261 $winnt$.inf
03.07.2006 21:32 2.951 CONFIG.NT
03.07.2006 21:30 488 WindowsLogon.manifest
03.07.2006 21:30 488 logonui.exe.manifest
03.07.2006 21:30 749 nwc.cpl.manifest
03.07.2006 21:30 749 sapi.cpl.manifest
03.07.2006 21:30 749 ncpa.cpl.manifest
03.07.2006 21:30 749 wuaucpl.cpl.manifest
03.07.2006 21:30 749 cdplayer.exe.manifest
03.07.2006 21:28 21.740 emptyregdb.dat
25.05.2006 00:47 3.596.288 qt-dx331.dll
16.05.2006 14:34 87.808 S32EVNT1.DLL
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1071-F798
Verzeichnis von C:\DOKUME~1\CarmenK\LOKALE~1\Temp
07.09.2006 16:47 408 jusched.log
07.09.2006 16:38 107 STS7.tmp
07.09.2006 16:38 1.285 MAR3.tmp
07.09.2006 16:36 3.269 hpodvd09.log
07.09.2006 16:12 107 STS5.tmp
07.09.2006 16:11 1.285 MAR2.tmp
6 Datei(en) 6.461 Bytes
0 Verzeichnis(se), 31.673.806.848 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1071-F798
Verzeichnis von C:\WINDOWS
07.09.2006 16:39 12.574 Windows Update.log
07.09.2006 16:39 31.328 setupapi.log
07.09.2006 16:38 0 0.log
07.09.2006 16:38 159 wiadebug.log
07.09.2006 16:38 50 wiaservc.log
07.09.2006 16:37 2.048 bootstat.dat
07.09.2006 16:36 32.644 SchedLgU.Txt
07.09.2006 13:49 315 homeDVD-Fotos5.INI
07.09.2006 13:32 983 UPGRADE.TXT
07.09.2006 13:31 150 wsdu.log
07.09.2006 13:31 45 setupact.log
07.09.2006 13:31 0 setuperr.log
07.09.2006 13:31 178 DHCPUPG.LOG
07.09.2006 13:30 474 WINNT32.LOG
06.09.2006 15:50 515 ODBC.INI
04.09.2006 19:30 726 win.ini
04.09.2006 16:42 47 jptc.dat
04.09.2006 16:39 53 bqlecp.dat
04.09.2006 16:37 0 keyboard1.dat
04.09.2006 16:36 40 teller2.chk
01.09.2006 20:43 5.154 ModemLog_Standard 33600 bps Modem.txt
26.08.2006 16:33 2.429 GraphicsDesk.INI
09.08.2006 18:31 227 system.ini
09.08.2006 18:17 0 tosOBEX.INI
07.08.2006 17:41 1.655 cdplayer.ini
29.07.2006 18:51 113.591 hpoins07.dat
29.07.2006 18:34 0 Sti_Trace.log
21.07.2006 16:27 163 fantasy2.ini
21.07.2006 16:23 10 Fantasy2.SN
12.07.2006 20:56 643.173 unins000.exe
07.07.2006 18:44 92 CMISETUP.INI
07.07.2006 18:44 26 CMCDPLAY.INI
03.07.2006 23:02 3.428 mozver.dat
03.07.2006 22:23 725 aolback.exe.lnk
03.07.2006 22:18 335 nsreg.dat
03.07.2006 22:07 0 Wininit.ini
03.07.2006 21:59 59 vbaddin.ini
03.07.2006 21:37 8.192 REGLOCS.OLD
03.07.2006 21:32 0 control.ini
03.07.2006 21:32 299.552 WMSysPrx.prx
03.07.2006 21:31 4.161 ODBCINST.INI
03.07.2006 21:30 749 WindowsShell.Manifest
03.07.2006 21:27 36 vb.ini
27.01.2006 20:20 479 Uninst2.htm
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 1071-F798
Verzeichnis von C:\
07.09.2006 17:52 0 sys.txt
07.09.2006 17:51 4.713 system.txt
07.09.2006 17:51 528 systemtemp.txt
07.09.2006 17:49 100.651 system32.txt
07.09.2006 16:37 352.321.536 pagefile.sys
07.09.2006 16:35 3.944 files.txt
09.08.2006 18:31 194 boot.ini
03.07.2006 21:32 0 AUTOEXEC.BAT
03.07.2006 21:32 0 MSDOS.SYS
03.07.2006 21:32 0 IO.SYS
03.07.2006 21:32 0 CONFIG.SYS
18.08.2001 14:00 4.952 bootfont.bin