Home » Spyware & Browser Hijacker Support Forum » hatte ein Problem mit Codec - Trojan.Zlob » Themenansicht
hatte ein Problem mit Codec - Trojan.Zlob |
||
|---|---|---|
| #0
| ||
|
11.09.2006, 03:56
...neu hier
Beiträge: 2 |
||
 
|
|
|
|
11.09.2006, 14:35
Ehrenmitglied
 Beiträge: 29434 |
#2
Post ausser dem HijackThis folgende logs
http://board.protecus.de/t23187.htm __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
11.09.2006, 17:33
...neu hier
Themenstarter Beiträge: 2 |
#3
Hi hab die reports erstellt hier ( hoffe das alles OK ist hab keine Lust mein Apache neu zu machen )
system 32: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: E0D5-F4BE Verzeichnis von C:\WINDOWS\system32 11.09.2006 03:33 21.961 nvapps.xml 11.09.2006 01:27 13.646 wpa.dbl 01.08.2006 12:41 48.156 perfc007.dat 01.08.2006 12:41 311.604 perfh009.dat 01.08.2006 12:41 39.992 perfc009.dat 01.08.2006 12:41 316.594 perfh007.dat 01.08.2006 12:41 723.744 PerfStringBackup.INI 31.07.2006 21:56 4 PNMDPIF.dat 31.07.2006 21:56 131.072 TPUTIL.DLL 31.07.2006 21:56 253.952 PAVSHOOK.DLL 31.07.2006 21:56 61.440 PAVIPC.DLL 31.07.2006 21:56 45.056 AVLDR.DLL 28.07.2006 04:28 3.075.072 mshtml.dll 27.07.2006 15:25 679.424 inetcomm.dll 25.07.2006 22:33 615.936 urlmon.dll 21.07.2006 10:29 72.704 hlink.dll 14.07.2006 17:38 332.288 netapi32.dll 14.07.2006 17:25 546.304 hhctrl.ocx 13.07.2006 15:34 8.494.592 shell32.dll 09.07.2006 12:49 138.056 FNTCACHE.DAT 05.07.2006 12:55 1.057.792 kernel32.dll 26.06.2006 19:40 148.480 dnsapi.dll 26.06.2006 19:40 8.192 rasadhlp.dll 23.06.2006 13:10 664.576 wininet.dll 23.06.2006 13:10 448.512 mshtmled.dll 23.06.2006 13:10 39.424 pngfilt.dll 23.06.2006 13:10 532.480 mstime.dll 23.06.2006 13:10 146.432 msrating.dll 23.06.2006 13:10 1.494.016 shdocvw.dll 23.06.2006 13:10 474.624 shlwapi.dll 23.06.2006 13:10 1.022.976 browseui.dll 23.06.2006 13:10 55.808 extmgr.dll 23.06.2006 13:10 205.312 dxtrans.dll 23.06.2006 13:10 357.888 dxtmsft.dll 23.06.2006 13:10 152.064 cdfview.dll 23.06.2006 13:10 1.056.256 danim.dll 23.06.2006 13:10 251.392 iepeers.dll 23.06.2006 13:10 96.768 inseng.dll 23.06.2006 13:10 16.384 jsproxy.dll 23.06.2006 01:53 27.136 xpsp3res.dll 22.06.2006 12:47 181.248 rasmans.dll 01.06.2006 20:47 27.648 jgpl400.dll 01.06.2006 20:47 163.840 jgdw400.dll system : Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: E0D5-F4BE Verzeichnis von C:\WINDOWS 11.09.2006 03:33 227 system.ini 11.09.2006 03:33 0 win.ini 11.09.2006 03:33 0 0.log 11.09.2006 03:33 50 wiaservc.log 11.09.2006 03:33 159 wiadebug.log 11.09.2006 03:32 2.048 bootstat.dat 11.09.2006 03:30 32.540 SchedLgU.Txt 11.09.2006 03:30 15.084 WindowsUpdate.log 08.09.2006 02:36 116 NeroDigital.ini 07.09.2006 21:23 151 PhotoSnapViewer.INI 01.09.2006 17:35 15.816 setupapi.log 24.08.2006 18:06 18.221 comsetup.log 24.08.2006 18:06 3.078 ocmsn.log 24.08.2006 18:06 1.374 imsins.log 24.08.2006 18:06 11.053 ntdtcsetup.log 24.08.2006 18:06 2.799 tabletoc.log 24.08.2006 18:06 25.389 tsoc.log 24.08.2006 18:06 59.537 iis6.log 24.08.2006 18:06 13.453 KB922616.log 24.08.2006 18:06 3.825 MedCtrOC.log 24.08.2006 18:06 26.244 ocgen.log 24.08.2006 18:06 2.727 msgsocm.log 24.08.2006 18:06 9.747 netfxocm.log 24.08.2006 18:06 55.641 FaxSetup.log 24.08.2006 18:06 16.858 msmqinst.log 24.08.2006 18:06 4.168 updspapi.log 24.08.2006 18:06 1.374 imsins.BAK 24.08.2006 18:06 12.909 KB921883.log 24.08.2006 18:05 12.399 KB921398.log 24.08.2006 18:05 11.939 KB920683.log 24.08.2006 18:04 10.401 KB920670.log 24.08.2006 18:04 10.667 KB920214.log 24.08.2006 18:03 13.426 KB918899.log 24.08.2006 18:02 6.230 KB917422.log 18.08.2006 17:22 5.966 KB917159.log 18.08.2006 17:22 0 setupact.log 18.08.2006 17:22 0 setuperr.log 04.08.2006 14:28 8.919 mozver.dat 02.08.2006 00:35 635 Rtcw.INI 01.08.2006 12:36 106.496 DUMP4565.tmp 01.08.2006 10:44 106.496 DUMP44d9.tmp 01.08.2006 10:42 106.496 DUMP44ea.tmp 01.08.2006 10:40 106.496 DUMP44e9.tmp 01.08.2006 10:38 106.496 DUMP449a.tmp 01.08.2006 10:36 106.496 DUMP44b9.tmp 01.08.2006 10:34 106.496 DUMP44e8.tmp 01.08.2006 10:32 106.496 DUMP4507.tmp 01.08.2006 08:15 106.496 DUMP42c5.tmp 01.08.2006 08:13 106.496 DUMP4333.tmp 18.07.2006 01:44 80 my.ini sys: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: E0D5-F4BE Verzeichnis von C:\ 11.09.2006 17:27 0 sys.txt 11.09.2006 17:27 6.770 system.txt 11.09.2006 17:27 131 systemtemp.txt 11.09.2006 17:26 100.301 system32.txt 11.09.2006 17:23 13.887 ComboFix.txt 11.09.2006 03:32 1.073.274.880 hiberfil.sys 11.09.2006 03:32 1.610.612.736 pagefile.sys 11.09.2006 03:24 3.424 avenger.txt 31.08.2006 11:06 389 boot.ini 11.08.2006 19:01 210 ZendOptimizer_errors.txt 30.05.2006 20:42 7.200 panda.rpt combofix : Web - 06-09-11 17:22:48,90 ComboFix 06.09.11B - Running from: C:\Dokumente und Einstellungen\Web\Desktop Microsoft Windows XP [Version 5.1.2600] (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\windows\system32\taskmgr.com ((((((((((((((((((((((((((((((( Files Created from 2006-08-11 to 2006-09-11 )))))))))))))))))))))))))))))))))) 2006-08-26 03:04 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-09-11 17:21 -------- d-------- C:\Programme\Trillian 2006-09-11 17:15 -------- d-------- C:\Programme\Mozilla Firefox 2006-09-11 17:12 -------- d-------- C:\Programme\CleanUp! 2006-09-11 03:31 -------- d-------- C:\Programme\a2 Free 2006-09-11 03:31 -------- d-------- C:\Programme\a-squared Free 2006-09-11 03:08 -------- d-------- C:\Programme\DynDNS Updater 2006-09-11 02:56 -------- d-------- C:\Programme\WinRAR 2006-09-11 02:53 -------- d-------- C:\Programme\TuneUp Utilities 2006 2006-08-26 03:04 -------- d-------- C:\Programme\Sygate 2006-08-25 21:22 -------- d-------- C:\Programme\Steganos Secure FileSharing 6 2006-08-25 21:21 -------- d-------- C:\Programme\Outlook Express 2006-08-25 21:19 -------- d-------- C:\Programme\Gemeinsame Dateien\System 2006-08-24 18:34 89984 --a------ C:\WINDOWS\system32\drivers\av5flt.sys 2006-08-24 18:24 -------- d-------- C:\Programme\ICQLite 2006-08-24 18:03 -------- d-------- C:\Programme\Internet Explorer 2006-08-20 16:57 -------- d-------- C:\Dokumente und Einstellungen\Web\Anwendungsdaten\AdobeUM 2006-08-18 17:57 -------- d-------- C:\Programme\pROTON 2006-08-18 17:57 -------- d-------- C:\Programme\FileZilla 2006-07-31 21:56 9216 --a----t- C:\WINDOWS\system32\drivers\fnetmon.sys 2006-07-31 21:56 61440 --a----t- C:\WINDOWS\system32\PAVIPC.DLL 2006-07-31 21:56 45056 --a----t- C:\WINDOWS\system32\AVLDR.DLL 2006-07-31 21:56 26752 --a----t- C:\WINDOWS\system32\drivers\ShldDrv.sys 2006-07-31 21:56 253952 --a----t- C:\WINDOWS\system32\PAVSHOOK.DLL 2006-07-31 21:56 163856 --a----t- C:\WINDOWS\system32\drivers\PavProc.sys 2006-07-31 21:56 131072 --a----t- C:\WINDOWS\system32\TPUTIL.DLL 2006-07-31 21:56 115968 --a----t- C:\WINDOWS\system32\drivers\netflt.sys 2006-07-31 21:49 -------- d--h----- C:\Programme\InstallShield Installation Information 2006-07-31 21:35 -------- d-------- C:\Programme\Gemeinsame Dateien\Panda Software 2006-07-28 10:49 -------- d-------- C:\Dokumente und Einstellungen\Web\Anwendungsdaten\Adobe 2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\\windows\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 "SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui" "MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,02,00,00,00,00,00,00,00,02,00,00,e2,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,80,01,00,00,00,00,00,00,80,02,00,00,e2,02,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,80,01,00,00,00,00,00,00,80,02,00,00,e2,02,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk] "backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE " "item"="Adobe Reader - Schnellstart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^InterVideo WinCinema Manager.lnk] "backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup" "location"="Common Startup" "item"="InterVideo WinCinema Manager" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^Web^Startmenü^Programme^Autostart^Adobe Gamma.lnk] "path"="C:\\Dokumente und Einstellungen\\Web\\Startmenü\\Programme\\Autostart\\Adobe Gamma.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\GEMEIN~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE " "item"="Adobe Gamma" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Anti-Blaxx Manager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Anti-Blaxx" "hkey"="HKLM" "command"="C:\\Programme\\Anti-Blaxx 1.18\\Anti-Blaxx.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\APVXDWIN] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APVXDWIN" "hkey"="HKLM" "command"="\"C:\\Programme\\Panda Software\\Panda Platinum 2006 Internet Security\\APVXDWIN.EXE\" /s" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NMBgMonitor" "hkey"="HKCU" "command"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BoostSpeed] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="boostspeed" "hkey"="HKCU" "command"="\"C:\\Programme\\AusLogics BoostSpeed\\boostspeed.exe\" /Q" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\CookiePatrol] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="CookiePatrol" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\CTFMON.EXE] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ctfmon" "hkey"="HKCU" "command"="C:\\WINDOWS\\system32\\ctfmon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DAEMON Tools] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="daemon" "hkey"="HKLM" "command"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DW4] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DesktopWeather" "hkey"="HKCU" "command"="\"C:\\Programme\\The Weather Channel FW\\Desktop Weather\\DesktopWeather.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ICQ Lite] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ICQLite" "hkey"="HKLM" "command"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MsnMsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnmsgr" "hkey"="HKCU" "command"="\"C:\\Programme\\MSN Messenger\\msnmsgr.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PestPatrol Control Center] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PPControl" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PPMemCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PPMemCheck" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SCANINICIO] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Inicio" "hkey"="HKLM" "command"="\"C:\\Programme\\Panda Software\\Panda Platinum 2006 Internet Security\\Inicio.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SFS6] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="sfs" "hkey"="HKCU" "command"="\"C:\\Programme\\Steganos Secure FileSharing 6\\sfs.exe\" /booting" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SmcService] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="smc" "hkey"="HKLM" "command"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jusched" "hkey"="HKLM" "command"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Ulead AutoDetector v2] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="monitor" "hkey"="HKLM" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WinampAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="winampa" "hkey"="HKLM" "command"="C:\\Programme\\Winamp\\winampa.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services] "Spooler"=dword:00000002 "iPodService"=dword:00000003 "StarWindService"=dword:00000002 "FileZilla Server"=dword:00000003 "wuauserv"=dword:00000002 "TUWinStylerThemeSvc"=dword:00000002 "PSIMSVC"=dword:00000002 "PNMSRV"=dword:00000002 "pmshellsrv"=dword:00000002 "PAVSRV"=dword:00000002 "PavPrSrv"=dword:00000002 "PAVFNSVR"=dword:00000002 "Adobe LM Service"=dword:00000003 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Completion time: 11.09.2006 17:23:10.79 ComboFix.txt clean up : C:\DOKUME~1\Web\LOKALE~1\Temp\0oh75.htm - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\0oh75.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\11m4F.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\16012.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\28n16D.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\2hx23D.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\3db23B.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\3rf33.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\3xi98.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\4nm35.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\51fD8.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\5z7174.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\75d4D.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\98x54.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\a3z636.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\ayn32.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\dak622.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\dlg_0x6AE63F188.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\e3e55.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\emk10.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\exo6D.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\f0t2E.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\FRONTPG.log - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\fub6E.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\head.gif - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\i6x23C.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\ij548.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\index.html - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\j34DC.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\java_install_reg.log - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\jdf42.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\khw50.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\l9e31.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\lvw23E.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\lw64E.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\m5z2F.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\ma6170.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\mkc3.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\mmi1D.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\n3q48.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\ock1EE.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\onm2B.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\pav638.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\PSSysChk.log - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\q7f16E.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\qiuE.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\qp016F.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\ruz74.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\s0795.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\s4x24D.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\scl2E.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\sdd1D0.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\sendungsnummer.gif - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\tl07.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\tmp1B0.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\tmp1B2.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}838.html - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}11070.html - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\uiq36.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\vk32F.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\w3116C.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\wecerr.txt - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\xs253.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\xx10 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\xx11 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\xx2 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\xx3 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\xx4 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\xx5 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\xx6 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\xx7 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\xx8 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\xx9 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\y073F.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\y2a52.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\yenA8.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\ykc51.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\yy6F.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\zk943.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\zn9A7.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\~DF1722.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\~DF287D.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\~DF6CCD.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\~DF7595.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\~DF7935.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\~DF794F.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\~DF88EE.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\~DF9071.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\~DF9917.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\~DF9D36.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\~DFAD20.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\~DFAEF3.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\~DFD45.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\~DFF1.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\a2temp\update.ini - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\a2temp\Languages\ - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\a2temp\Signatures\ - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\hsperfdata_Web\ - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\OIS\cacheFiles\ - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\OIS\temp\ - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\OIS\ - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\Panda Soft\Live\AntiSpam\ - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\Panda Soft\Live\KRE\ - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\Panda Soft\Live\PavExp\ - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\Panda Soft\Live\Pavsig\ - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\Panda Soft\Live\TruPrevent\ - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\Panda Soft\Live\UDNA\ - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\Panda Soft\Live\WebproxyExc\ - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\Panda Soft\Live\ - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\Panda Soft\ - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\plugtmp\ - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\Rar$EX00.641\HijackThis.exe - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\Rar$EX00.641\backups\backup-20060911-032800-380 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\Rar$EX00.641\backups\backup-20060911-032800-380.dll - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\Rar$EX00.641\backups\backup-20060911-032800-649 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\Rar$EX00.641\backups\backup-20060911-032859-773 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\Rar$EX00.641\backups\backup-20060911-032859-773.dll - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\Rar$EX09.485\ - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\rb\4488\ - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\rb\ - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\tmp0000396b\tmp00000000 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\tmp0000442c\tmp00000000 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\tmp00007473\tmp00000000 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\0oh75.htm - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\0oh75.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\11m4F.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\16012.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\28n16D.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\2hx23D.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\3db23B.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\3rf33.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\3xi98.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\4nm35.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\51fD8.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\5z7174.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\75d4D.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\98x54.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\a3z636.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\ayn32.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\dak622.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\dlg_0x6AE63F188.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\e3e55.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\emk10.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\exo6D.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\f0t2E.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\FRONTPG.log - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\fub6E.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\head.gif - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\i6x23C.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\ij548.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\index.html - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\j34DC.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\java_install_reg.log - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\jdf42.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\khw50.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\l9e31.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\lvw23E.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\lw64E.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\m5z2F.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\ma6170.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\mkc3.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\mmi1D.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\n3q48.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\ock1EE.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\onm2B.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\pav638.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\PSSysChk.log - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\q7f16E.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\qiuE.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\qp016F.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\ruz74.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\s0795.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\s4x24D.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\scl2E.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\sdd1D0.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\sendungsnummer.gif - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\tl07.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\tmp1B0.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\tmp1B2.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}838.html - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}11070.html - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\uiq36.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\vk32F.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\w3116C.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\wecerr.txt - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\xs253.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\xx10 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\xx11 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\xx2 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\xx3 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\xx4 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\xx5 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\xx6 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\xx7 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\xx8 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\xx9 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\y073F.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\y2a52.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\yenA8.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\ykc51.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\yy6F.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\zk943.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\zn9A7.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\~DF1722.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\~DF287D.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\~DF6CCD.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\~DF7595.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\~DF7935.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\~DF794F.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\~DF88EE.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\~DF9071.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\~DF9917.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\~DF9D36.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\~DFAD20.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\~DFAEF3.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\~DFD45.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\~DFF1.tmp - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\a2temp\update.ini - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\Rar$EX00.641\HijackThis.exe - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\Rar$EX00.641\backups\backup-20060911-032800-380 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\Rar$EX00.641\backups\backup-20060911-032800-380.dll - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\Rar$EX00.641\backups\backup-20060911-032800-649 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\Rar$EX00.641\backups\backup-20060911-032859-773 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\Rar$EX00.641\backups\backup-20060911-032859-773.dll - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\tmp0000396b\tmp00000000 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\tmp0000442c\tmp00000000 - deleted C:\DOKUME~1\Web\LOKALE~1\Temp\tmp00007473\tmp00000000 - deleted C:\windows\DUMP3db4.tmp - deleted C:\windows\DUMP42c5.tmp - deleted C:\windows\DUMP4333.tmp - deleted C:\windows\DUMP449a.tmp - deleted C:\windows\DUMP44b9.tmp - deleted C:\windows\DUMP44d9.tmp - deleted C:\windows\DUMP44e8.tmp - deleted C:\windows\DUMP44e9.tmp - deleted C:\windows\DUMP44ea.tmp - deleted C:\windows\DUMP4507.tmp - deleted C:\windows\DUMP4565.tmp - deleted C:\windows\IE4 Error Log.txt - deleted C:\windows\temp\ib10 - deleted C:\windows\temp\ib2 - deleted C:\windows\temp\ib3 - deleted C:\windows\temp\ib4 - deleted C:\windows\temp\ib5 - deleted C:\windows\temp\ib6 - deleted C:\windows\temp\ib7 - deleted C:\windows\temp\ib8 - deleted C:\windows\temp\ib9 - deleted C:\windows\temp\ZendOptimizer.MemoryBase@SYSTEM - deleted C:\Dokumente und Einstellungen\Web\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\Web\Cookies\web@bitdefender[2].txt - deleted C:\Dokumente und Einstellungen\Web\Cookies\web@emsisoft[1].txt - deleted C:\Dokumente und Einstellungen\Web\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\Web\Cookies\web@bitdefender[2].txt - deleted C:\Dokumente und Einstellungen\Web\Cookies\web@emsisoft[1].txt - deleted C:\Dokumente und Einstellungen\NetworkService\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\NetworkService\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted C:\windows\Prefetch\A2FREE.EXE-0775134C.pf - deleted C:\windows\Prefetch\A2START.EXE-0A4EB81F.pf - deleted C:\windows\Prefetch\A2UPD.EXE-08A125B0.pf - deleted C:\windows\Prefetch\ACTHOSP.EXE-0A9506AC.pf - deleted C:\windows\Prefetch\ALHLP.EXE-347D4682.pf - deleted C:\windows\Prefetch\ASQUARED115AB4B3.EXE-06A376A7.pf - deleted C:\windows\Prefetch\AVCIMAN.EXE-3B478067.pf - deleted C:\windows\Prefetch\AVENGER.EXE-0916C6B4.pf - deleted C:\windows\Prefetch\CLEANUP.EXE-3438663A.pf - deleted C:\windows\Prefetch\CLEANUP452.EXE-30A323DF.pf - deleted C:\windows\Prefetch\CMD.EXE-087B4001.pf - deleted C:\windows\Prefetch\DEFRAG.EXE-273F131E.pf - deleted C:\windows\Prefetch\DFRGNTFS.EXE-269967DF.pf - deleted C:\windows\Prefetch\DYNDNS.EXE-10262B1F.pf - deleted C:\windows\Prefetch\EXPLORER.EXE-082F38A9.pf - deleted C:\windows\Prefetch\FILEZILLA.EXE-017E33E7.pf - deleted C:\windows\Prefetch\FIREFOX.EXE-17EE503B.pf - deleted C:\windows\Prefetch\FRONTPG.EXE-16B73165.pf - deleted C:\windows\Prefetch\HIJACKTHIS.EXE-06C84915.pf - deleted C:\windows\Prefetch\HIJACKTHIS.EXE-1BB5C5A6.pf - deleted C:\windows\Prefetch\HIJACKTHIS.EXE-1CAD70CC.pf - deleted C:\windows\Prefetch\HIJACKTHIS.EXE-21E0D0A2.pf - deleted C:\windows\Prefetch\HIJACKTHIS.EXE-39C0AA8D.pf - deleted C:\windows\Prefetch\ICODECPACK.543.EXE-08B29216.pf - deleted C:\windows\Prefetch\IEXPLORE.EXE-2CA9778D.pf - deleted C:\windows\Prefetch\IFACE.EXE-2807B284.pf - deleted C:\windows\Prefetch\IPCONFIG.EXE-2395F30B.pf - deleted C:\windows\Prefetch\ISAMINI.EXE-22706837.pf - deleted C:\windows\Prefetch\ISAMONITOR.EXE-160863D4.pf - deleted C:\windows\Prefetch\Layout.ini - deleted C:\windows\Prefetch\MSCONFIG.EXE-35E4DAE9.pf - deleted C:\windows\Prefetch\MSIMN.EXE-0B61806C.pf - deleted C:\windows\Prefetch\NOTEPAD.EXE-336351A9.pf - deleted C:\windows\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted C:\windows\Prefetch\NWIZ.EXE-2D0F9FBC.pf - deleted C:\windows\Prefetch\PAVJOBS.EXE-02578609.pf - deleted C:\windows\Prefetch\PAVW.EXE-056CF508.pf - deleted C:\windows\Prefetch\PHOTOSNAPVIEWER.EXE-1BCDA4AE.pf - deleted C:\windows\Prefetch\PMMON.EXE-349D7132.pf - deleted C:\windows\Prefetch\PMSNGR.EXE-39B5537A.pf - deleted C:\windows\Prefetch\PROTON.EXE-09742FCE.pf - deleted C:\windows\Prefetch\PSIMREAL.EXE-3B3C60A8.pf - deleted C:\windows\Prefetch\PV.EXE-01A8A6FB.pf - deleted C:\windows\Prefetch\RASAUTOU.EXE-18B88A68.pf - deleted C:\windows\Prefetch\REGEDIT.EXE-1B606482.pf - deleted C:\windows\Prefetch\RSTRUI.EXE-03C49A96.pf - deleted C:\windows\Prefetch\RUNDLL32.EXE-194CEC69.pf - deleted C:\windows\Prefetch\RUNDLL32.EXE-28C6E9BB.pf - deleted C:\windows\Prefetch\RUNDLL32.EXE-2A94BB85.pf - deleted C:\windows\Prefetch\RUNDLL32.EXE-2EFE39BB.pf - deleted C:\windows\Prefetch\RUNDLL32.EXE-30B8D1F0.pf - deleted C:\windows\Prefetch\RUNDLL32.EXE-35A97A73.pf - deleted C:\windows\Prefetch\RUNDLL32.EXE-3BB0BBC3.pf - deleted C:\windows\Prefetch\SFS.EXE-2DCC37A2.pf - deleted C:\windows\Prefetch\SHOWTIME.EXE-1713ECDC.pf - deleted C:\windows\Prefetch\SMC.EXE-0B61F84B.pf - deleted C:\windows\Prefetch\SNDVOL32.EXE-383480B7.pf - deleted C:\windows\Prefetch\SSSTARS.SCR-2D6FC20D.pf - deleted C:\windows\Prefetch\TASKMGR.EXE-20256C55.pf - deleted C:\windows\Prefetch\TMP1AF.TMP-1D319A1E.pf - deleted C:\windows\Prefetch\TMP1B0.TMP-28145282.pf - deleted C:\windows\Prefetch\TMP1B1.TMP-11B73BBE.pf - deleted C:\windows\Prefetch\TMP1B2.TMP-01ACD7ED.pf - deleted C:\windows\Prefetch\TRILLIAN.EXE-302642F0.pf - deleted C:\windows\Prefetch\TU_LOGONUI.EXE-381C5638.pf - deleted C:\windows\Prefetch\UNINS000.EXE-137CC836.pf - deleted C:\windows\Prefetch\UPD81.BPX-0C69427E.pf - deleted C:\windows\Prefetch\UPGRADER.EXE-37666463.pf - deleted C:\windows\Prefetch\VERCLSID.EXE-3667BD89.pf - deleted C:\windows\Prefetch\WINAMP.EXE-08C38ED9.pf - deleted C:\windows\Prefetch\WINRAR.EXE-3588DFE8.pf - deleted C:\windows\Prefetch\WMIPRVSE.EXE-28F301A9.pf - deleted C:\windows\Prefetch\XAMPP-CONTROL.EXE-0698926C.pf - deleted C:\windows\Prefetch\_IU14D2N.TMP-218E56FE.pf - deleted Emptied Recycle Bin on drive C: 'Run MRU' list - removed from the registry. 'Doc Find Spec MRU' list - removed from the registry. 'FindComputerMRU' list - removed from the registry. 'ComputerNameMRU' list - removed from the registry. 'ContainingTextMRU' list - removed from the registry. 'FilesNamedMRU' list - removed from the registry. Search Assistant MRU list - removed from the registry. Explorer Open/Save MRU list - removed from the registry. Explorer Last Visited MRU list - removed from the registry. Paint Recent File List - removed from the registry. WordPad Recent File List - removed from the registry. Telnet's MRU list - removed from the registry. Windows Media Player Recent File List - removed from the registry. WinZip Extract MRU list - removed from the registry. WinZip File MRU list - removed from the registry. CleanUp! 4.5.2 recovered 80.0 MB of disk space from 3817 files. CleanUp! finished on 09/11/06 17:13:47. Danke für deine Hilfe ! P.S. Ihr habt euch sehr verbessert hier weiter so !!!! gruss Bjoern Dieser Beitrag wurde am 11.09.2006 um 17:41 Uhr von webcool editiert.
|
|
|
|
|
|
|
12.09.2006, 01:05
Ehrenmitglied
Beiträge: 29434 |
#4
ich kann nichts finden und eine Datei hat die combofix schon geloescht...
das gehorte zum Virenprogramm: C:\windows\Prefetch\ISAMINI.EXE-22706837.pf - deleted C:\windows\Prefetch\ISAMONITOR.EXE-160863D4.pf - deleted scanne mit smitfraudfix und postee die scanreporte von option 1 und 2 http://virus-protect.org/artikel/tools/smitfrautfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Ich hatte leider das problem das ich mir ein multimediaprogramm heruntergeladen habe was verseucht war hab hier gelesen das ihr es öffter damit zu tuhen habt naja als ich bemerkte dass das programm auf das internet zugreifen wollte (Syegate hatte um erlaubnis gebeten) habe ich es abgebrochen und die Installation nur dan kam wie ihr bestimmt wisst die nervigen meldungen und ich soll virusbuster oder so herunterladen hab mich schlau gemacht und er soll angeblich ein trojaner installieren !
so ich glaube nicht dass das Programm es geschaft hat in der kurzen zeit.
ich habe meine System auf ein frühere zeitpunk wiederhergestellt und es war alles weg (das nervige Programm )!
Nun wollte ich euch bitten mal meine folgende Logfile durch zuschauen ob das Programm wirklich weg ist hab da nicht so plan von aber ich denke das ich glück hatte( hoffe ich ).
Logfile of HijackThis v1.99.1
Scan saved at 03:39:17, on 11.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\windows\System32\smss.exe
C:\windows\SYSTEM32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
F:\Apache\xampp\apache\bin\Apache.exe
F:\Apache\xampp\mysql\bin\mysqld-nt.exe
F:\Apache\xampp\apache\bin\Apache.exe
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\SLEE503.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\windows\system32\svchost.exe
C:\windows\system32\ctfmon.exe
C:\Programme\Sygate\SPF\smc.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Web\LOKALE~1\Temp\Rar$EX09.485\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webcool.we.funpic.de/Chatten/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DDAF3E3-1F11-4A90-A327-0007A3B55D95}: NameServer = 213.191.92.82 213.191.74.11
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O23 - Service: Apache2 - Unknown owner - F:\Apache\xampp\apache\bin\Apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mysql - Unknown owner - F:\Apache\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Steganos Live Encryption Engine (Version 503) [Service] (SLEE_503_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE503.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - F:\Apache\xampp\service.exe
Soweit ich das beurteilen kann sind die BHO`s weg und der Ordner wo die exen drin waren z.b. pmmon.exe ist auch weg !
Danke schon mal !
Ich hoffe das es OK ist das ich darum bitte da die Logfiles ja Individuell sind !
Bis Dann !