hatte ein Problem mit Codec - Trojan.Zlob

#0
11.09.2006, 03:56
...neu hier

Beiträge: 2
#1 Hallo zusammen

Ich hatte leider das problem das ich mir ein multimediaprogramm heruntergeladen habe was verseucht war hab hier gelesen das ihr es öffter damit zu tuhen habt naja als ich bemerkte dass das programm auf das internet zugreifen wollte (Syegate hatte um erlaubnis gebeten) habe ich es abgebrochen und die Installation nur dan kam wie ihr bestimmt wisst die nervigen meldungen und ich soll virusbuster oder so herunterladen hab mich schlau gemacht und er soll angeblich ein trojaner installieren !

so ich glaube nicht dass das Programm es geschaft hat in der kurzen zeit.

ich habe meine System auf ein frühere zeitpunk wiederhergestellt und es war alles weg (das nervige Programm )!

Nun wollte ich euch bitten mal meine folgende Logfile durch zuschauen ob das Programm wirklich weg ist hab da nicht so plan von aber ich denke das ich glück hatte( hoffe ich ).

Logfile of HijackThis v1.99.1
Scan saved at 03:39:17, on 11.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\SYSTEM32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
F:\Apache\xampp\apache\bin\Apache.exe
F:\Apache\xampp\mysql\bin\mysqld-nt.exe
F:\Apache\xampp\apache\bin\Apache.exe
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\SLEE503.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\windows\system32\svchost.exe
C:\windows\system32\ctfmon.exe
C:\Programme\Sygate\SPF\smc.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Web\LOKALE~1\Temp\Rar$EX09.485\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webcool.we.funpic.de/Chatten/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DDAF3E3-1F11-4A90-A327-0007A3B55D95}: NameServer = 213.191.92.82 213.191.74.11
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O23 - Service: Apache2 - Unknown owner - F:\Apache\xampp\apache\bin\Apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mysql - Unknown owner - F:\Apache\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Steganos Live Encryption Engine (Version 503) [Service] (SLEE_503_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE503.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - F:\Apache\xampp\service.exe

Soweit ich das beurteilen kann sind die BHO`s weg und der Ordner wo die exen drin waren z.b. pmmon.exe ist auch weg !


Danke schon mal !

Ich hoffe das es OK ist das ich darum bitte da die Logfiles ja Individuell sind !

Bis Dann !
Seitenanfang Seitenende
11.09.2006, 14:35
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Post ausser dem HijackThis folgende logs
http://board.protecus.de/t23187.htm
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
11.09.2006, 17:33
...neu hier

Themenstarter

Beiträge: 2
#3 Hi hab die reports erstellt hier ( hoffe das alles OK ist hab keine Lust mein Apache neu zu machen )

system 32:

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: E0D5-F4BE

Verzeichnis von C:\WINDOWS\system32

11.09.2006 03:33 21.961 nvapps.xml
11.09.2006 01:27 13.646 wpa.dbl
01.08.2006 12:41 48.156 perfc007.dat
01.08.2006 12:41 311.604 perfh009.dat
01.08.2006 12:41 39.992 perfc009.dat
01.08.2006 12:41 316.594 perfh007.dat
01.08.2006 12:41 723.744 PerfStringBackup.INI
31.07.2006 21:56 4 PNMDPIF.dat
31.07.2006 21:56 131.072 TPUTIL.DLL
31.07.2006 21:56 253.952 PAVSHOOK.DLL
31.07.2006 21:56 61.440 PAVIPC.DLL
31.07.2006 21:56 45.056 AVLDR.DLL
28.07.2006 04:28 3.075.072 mshtml.dll
27.07.2006 15:25 679.424 inetcomm.dll
25.07.2006 22:33 615.936 urlmon.dll
21.07.2006 10:29 72.704 hlink.dll
14.07.2006 17:38 332.288 netapi32.dll
14.07.2006 17:25 546.304 hhctrl.ocx
13.07.2006 15:34 8.494.592 shell32.dll
09.07.2006 12:49 138.056 FNTCACHE.DAT
05.07.2006 12:55 1.057.792 kernel32.dll
26.06.2006 19:40 148.480 dnsapi.dll
26.06.2006 19:40 8.192 rasadhlp.dll
23.06.2006 13:10 664.576 wininet.dll
23.06.2006 13:10 448.512 mshtmled.dll
23.06.2006 13:10 39.424 pngfilt.dll
23.06.2006 13:10 532.480 mstime.dll
23.06.2006 13:10 146.432 msrating.dll
23.06.2006 13:10 1.494.016 shdocvw.dll
23.06.2006 13:10 474.624 shlwapi.dll
23.06.2006 13:10 1.022.976 browseui.dll
23.06.2006 13:10 55.808 extmgr.dll
23.06.2006 13:10 205.312 dxtrans.dll
23.06.2006 13:10 357.888 dxtmsft.dll
23.06.2006 13:10 152.064 cdfview.dll
23.06.2006 13:10 1.056.256 danim.dll
23.06.2006 13:10 251.392 iepeers.dll
23.06.2006 13:10 96.768 inseng.dll
23.06.2006 13:10 16.384 jsproxy.dll
23.06.2006 01:53 27.136 xpsp3res.dll
22.06.2006 12:47 181.248 rasmans.dll
01.06.2006 20:47 27.648 jgpl400.dll
01.06.2006 20:47 163.840 jgdw400.dll

system :

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: E0D5-F4BE

Verzeichnis von C:\WINDOWS

11.09.2006 03:33 227 system.ini
11.09.2006 03:33 0 win.ini
11.09.2006 03:33 0 0.log
11.09.2006 03:33 50 wiaservc.log
11.09.2006 03:33 159 wiadebug.log
11.09.2006 03:32 2.048 bootstat.dat
11.09.2006 03:30 32.540 SchedLgU.Txt
11.09.2006 03:30 15.084 WindowsUpdate.log
08.09.2006 02:36 116 NeroDigital.ini
07.09.2006 21:23 151 PhotoSnapViewer.INI
01.09.2006 17:35 15.816 setupapi.log
24.08.2006 18:06 18.221 comsetup.log
24.08.2006 18:06 3.078 ocmsn.log
24.08.2006 18:06 1.374 imsins.log
24.08.2006 18:06 11.053 ntdtcsetup.log
24.08.2006 18:06 2.799 tabletoc.log
24.08.2006 18:06 25.389 tsoc.log
24.08.2006 18:06 59.537 iis6.log
24.08.2006 18:06 13.453 KB922616.log
24.08.2006 18:06 3.825 MedCtrOC.log
24.08.2006 18:06 26.244 ocgen.log
24.08.2006 18:06 2.727 msgsocm.log
24.08.2006 18:06 9.747 netfxocm.log
24.08.2006 18:06 55.641 FaxSetup.log
24.08.2006 18:06 16.858 msmqinst.log
24.08.2006 18:06 4.168 updspapi.log
24.08.2006 18:06 1.374 imsins.BAK
24.08.2006 18:06 12.909 KB921883.log
24.08.2006 18:05 12.399 KB921398.log
24.08.2006 18:05 11.939 KB920683.log
24.08.2006 18:04 10.401 KB920670.log
24.08.2006 18:04 10.667 KB920214.log
24.08.2006 18:03 13.426 KB918899.log
24.08.2006 18:02 6.230 KB917422.log
18.08.2006 17:22 5.966 KB917159.log
18.08.2006 17:22 0 setupact.log
18.08.2006 17:22 0 setuperr.log
04.08.2006 14:28 8.919 mozver.dat
02.08.2006 00:35 635 Rtcw.INI
01.08.2006 12:36 106.496 DUMP4565.tmp
01.08.2006 10:44 106.496 DUMP44d9.tmp
01.08.2006 10:42 106.496 DUMP44ea.tmp
01.08.2006 10:40 106.496 DUMP44e9.tmp
01.08.2006 10:38 106.496 DUMP449a.tmp
01.08.2006 10:36 106.496 DUMP44b9.tmp
01.08.2006 10:34 106.496 DUMP44e8.tmp
01.08.2006 10:32 106.496 DUMP4507.tmp
01.08.2006 08:15 106.496 DUMP42c5.tmp
01.08.2006 08:13 106.496 DUMP4333.tmp
18.07.2006 01:44 80 my.ini

sys:

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: E0D5-F4BE

Verzeichnis von C:\

11.09.2006 17:27 0 sys.txt
11.09.2006 17:27 6.770 system.txt
11.09.2006 17:27 131 systemtemp.txt
11.09.2006 17:26 100.301 system32.txt
11.09.2006 17:23 13.887 ComboFix.txt
11.09.2006 03:32 1.073.274.880 hiberfil.sys
11.09.2006 03:32 1.610.612.736 pagefile.sys
11.09.2006 03:24 3.424 avenger.txt
31.08.2006 11:06 389 boot.ini
11.08.2006 19:01 210 ZendOptimizer_errors.txt
30.05.2006 20:42 7.200 panda.rpt

combofix :

Web - 06-09-11 17:22:48,90
ComboFix 06.09.11B - Running from: C:\Dokumente und Einstellungen\Web\Desktop

Microsoft Windows XP [Version 5.1.2600]

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\windows\system32\taskmgr.com


((((((((((((((((((((((((((((((( Files Created from 2006-08-11 to 2006-09-11 ))))))))))))))))))))))))))))))))))


2006-08-26 03:04 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-11 17:21 -------- d-------- C:\Programme\Trillian
2006-09-11 17:15 -------- d-------- C:\Programme\Mozilla Firefox
2006-09-11 17:12 -------- d-------- C:\Programme\CleanUp!
2006-09-11 03:31 -------- d-------- C:\Programme\a2 Free
2006-09-11 03:31 -------- d-------- C:\Programme\a-squared Free
2006-09-11 03:08 -------- d-------- C:\Programme\DynDNS Updater
2006-09-11 02:56 -------- d-------- C:\Programme\WinRAR
2006-09-11 02:53 -------- d-------- C:\Programme\TuneUp Utilities 2006
2006-08-26 03:04 -------- d-------- C:\Programme\Sygate
2006-08-25 21:22 -------- d-------- C:\Programme\Steganos Secure FileSharing 6
2006-08-25 21:21 -------- d-------- C:\Programme\Outlook Express
2006-08-25 21:19 -------- d-------- C:\Programme\Gemeinsame Dateien\System
2006-08-24 18:34 89984 --a------ C:\WINDOWS\system32\drivers\av5flt.sys
2006-08-24 18:24 -------- d-------- C:\Programme\ICQLite
2006-08-24 18:03 -------- d-------- C:\Programme\Internet Explorer
2006-08-20 16:57 -------- d-------- C:\Dokumente und Einstellungen\Web\Anwendungsdaten\AdobeUM
2006-08-18 17:57 -------- d-------- C:\Programme\pROTON
2006-08-18 17:57 -------- d-------- C:\Programme\FileZilla
2006-07-31 21:56 9216 --a----t- C:\WINDOWS\system32\drivers\fnetmon.sys
2006-07-31 21:56 61440 --a----t- C:\WINDOWS\system32\PAVIPC.DLL
2006-07-31 21:56 45056 --a----t- C:\WINDOWS\system32\AVLDR.DLL
2006-07-31 21:56 26752 --a----t- C:\WINDOWS\system32\drivers\ShldDrv.sys
2006-07-31 21:56 253952 --a----t- C:\WINDOWS\system32\PAVSHOOK.DLL
2006-07-31 21:56 163856 --a----t- C:\WINDOWS\system32\drivers\PavProc.sys
2006-07-31 21:56 131072 --a----t- C:\WINDOWS\system32\TPUTIL.DLL
2006-07-31 21:56 115968 --a----t- C:\WINDOWS\system32\drivers\netflt.sys
2006-07-31 21:49 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-07-31 21:35 -------- d-------- C:\Programme\Gemeinsame Dateien\Panda Software
2006-07-28 10:49 -------- d-------- C:\Dokumente und Einstellungen\Web\Anwendungsdaten\Adobe
2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\windows\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,02,00,00,00,00,00,00,00,02,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,80,01,00,00,00,00,00,00,80,02,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,80,01,00,00,00,00,00,00,80,02,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader - Schnellstart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^InterVideo WinCinema Manager.lnk]
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Dokumente und Einstellungen^Web^Startmenü^Programme^Autostart^Adobe Gamma.lnk]
"path"="C:\\Dokumente und Einstellungen\\Web\\Startmenü\\Programme\\Autostart\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\GEMEIN~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Anti-Blaxx Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Anti-Blaxx"
"hkey"="HKLM"
"command"="C:\\Programme\\Anti-Blaxx 1.18\\Anti-Blaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\APVXDWIN]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APVXDWIN"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Panda Software\\Panda Platinum 2006 Internet Security\\APVXDWIN.EXE\" /s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NMBgMonitor"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\lib\\NMBgMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BoostSpeed]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="boostspeed"
"hkey"="HKCU"
"command"="\"C:\\Programme\\AusLogics BoostSpeed\\boostspeed.exe\" /Q"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\CookiePatrol]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CookiePatrol"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DW4]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DesktopWeather"
"hkey"="HKCU"
"command"="\"C:\\Programme\\The Weather Channel FW\\Desktop Weather\\DesktopWeather.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Programme\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PestPatrol Control Center]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PPControl"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PPMemCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PPMemCheck"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SCANINICIO]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Inicio"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Panda Software\\Panda Platinum 2006 Internet Security\\Inicio.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SFS6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sfs"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Steganos Secure FileSharing 6\\sfs.exe\" /booting"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SmcService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="smc"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Ulead AutoDetector v2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="monitor"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Programme\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]
"Spooler"=dword:00000002
"iPodService"=dword:00000003
"StarWindService"=dword:00000002
"FileZilla Server"=dword:00000003
"wuauserv"=dword:00000002
"TUWinStylerThemeSvc"=dword:00000002
"PSIMSVC"=dword:00000002
"PNMSRV"=dword:00000002
"pmshellsrv"=dword:00000002
"PAVSRV"=dword:00000002
"PavPrSrv"=dword:00000002
"PAVFNSVR"=dword:00000002
"Adobe LM Service"=dword:00000003


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 11.09.2006 17:23:10.79
ComboFix.txt

clean up :

C:\DOKUME~1\Web\LOKALE~1\Temp\0oh75.htm - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\0oh75.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\11m4F.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\16012.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\28n16D.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\2hx23D.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\3db23B.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\3rf33.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\3xi98.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\4nm35.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\51fD8.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\5z7174.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\75d4D.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\98x54.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\a3z636.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\ayn32.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\dak622.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\dlg_0x6AE63F188.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\e3e55.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\emk10.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\exo6D.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\f0t2E.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\FRONTPG.log - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\fub6E.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\head.gif - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\i6x23C.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\ij548.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\index.html - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\j34DC.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\java_install_reg.log - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\jdf42.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\khw50.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\l9e31.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\lvw23E.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\lw64E.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\m5z2F.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\ma6170.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\mkc3.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\mmi1D.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\n3q48.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\ock1EE.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\onm2B.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\pav638.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\PSSysChk.log - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\q7f16E.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\qiuE.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\qp016F.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\ruz74.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\s0795.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\s4x24D.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\scl2E.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\sdd1D0.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\sendungsnummer.gif - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\tl07.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\tmp1B0.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\tmp1B2.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}838.html - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}11070.html - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\uiq36.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\vk32F.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\w3116C.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\wecerr.txt - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\xs253.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\xx10 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\xx11 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\xx2 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\xx3 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\xx4 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\xx5 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\xx6 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\xx7 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\xx8 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\xx9 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\y073F.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\y2a52.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\yenA8.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\ykc51.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\yy6F.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\zk943.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\zn9A7.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\~DF1722.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\~DF287D.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\~DF6CCD.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\~DF7595.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\~DF7935.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\~DF794F.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\~DF88EE.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\~DF9071.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\~DF9917.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\~DF9D36.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\~DFAD20.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\~DFAEF3.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\~DFD45.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\~DFF1.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\a2temp\update.ini - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\a2temp\Languages\ - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\a2temp\Signatures\ - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\hsperfdata_Web\ - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\OIS\cacheFiles\ - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\OIS\temp\ - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\OIS\ - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\Panda Soft\Live\AntiSpam\ - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\Panda Soft\Live\KRE\ - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\Panda Soft\Live\PavExp\ - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\Panda Soft\Live\Pavsig\ - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\Panda Soft\Live\TruPrevent\ - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\Panda Soft\Live\UDNA\ - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\Panda Soft\Live\WebproxyExc\ - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\Panda Soft\Live\ - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\Panda Soft\ - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\plugtmp\ - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\Rar$EX00.641\HijackThis.exe - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\Rar$EX00.641\backups\backup-20060911-032800-380 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\Rar$EX00.641\backups\backup-20060911-032800-380.dll - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\Rar$EX00.641\backups\backup-20060911-032800-649 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\Rar$EX00.641\backups\backup-20060911-032859-773 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\Rar$EX00.641\backups\backup-20060911-032859-773.dll - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\Rar$EX09.485\ - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\rb\4488\ - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\rb\ - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\tmp0000396b\tmp00000000 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\tmp0000442c\tmp00000000 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\tmp00007473\tmp00000000 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\0oh75.htm - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\0oh75.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\11m4F.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\16012.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\28n16D.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\2hx23D.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\3db23B.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\3rf33.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\3xi98.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\4nm35.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\51fD8.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\5z7174.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\75d4D.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\98x54.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\a3z636.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\ayn32.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\dak622.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\dlg_0x6AE63F188.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\e3e55.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\emk10.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\exo6D.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\f0t2E.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\FRONTPG.log - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\fub6E.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\head.gif - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\i6x23C.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\ij548.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\index.html - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\j34DC.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\java_install_reg.log - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\jdf42.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\khw50.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\l9e31.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\lvw23E.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\lw64E.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\m5z2F.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\ma6170.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\mkc3.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\mmi1D.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\n3q48.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\ock1EE.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\onm2B.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\pav638.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\PSSysChk.log - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\q7f16E.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\qiuE.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\qp016F.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\ruz74.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\s0795.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\s4x24D.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\scl2E.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\sdd1D0.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\sendungsnummer.gif - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\tl07.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\tmp1B0.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\tmp1B2.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}838.html - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}11070.html - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\uiq36.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\vk32F.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\w3116C.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\wecerr.txt - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\xs253.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\xx10 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\xx11 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\xx2 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\xx3 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\xx4 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\xx5 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\xx6 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\xx7 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\xx8 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\xx9 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\y073F.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\y2a52.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\yenA8.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\ykc51.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\yy6F.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\zk943.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\zn9A7.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\~DF1722.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\~DF287D.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\~DF6CCD.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\~DF7595.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\~DF7935.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\~DF794F.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\~DF88EE.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\~DF9071.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\~DF9917.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\~DF9D36.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\~DFAD20.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\~DFAEF3.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\~DFD45.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\~DFF1.tmp - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\a2temp\update.ini - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\Rar$EX00.641\HijackThis.exe - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\Rar$EX00.641\backups\backup-20060911-032800-380 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\Rar$EX00.641\backups\backup-20060911-032800-380.dll - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\Rar$EX00.641\backups\backup-20060911-032800-649 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\Rar$EX00.641\backups\backup-20060911-032859-773 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\Rar$EX00.641\backups\backup-20060911-032859-773.dll - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\tmp0000396b\tmp00000000 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\tmp0000442c\tmp00000000 - deleted
C:\DOKUME~1\Web\LOKALE~1\Temp\tmp00007473\tmp00000000 - deleted
C:\windows\DUMP3db4.tmp - deleted
C:\windows\DUMP42c5.tmp - deleted
C:\windows\DUMP4333.tmp - deleted
C:\windows\DUMP449a.tmp - deleted
C:\windows\DUMP44b9.tmp - deleted
C:\windows\DUMP44d9.tmp - deleted
C:\windows\DUMP44e8.tmp - deleted
C:\windows\DUMP44e9.tmp - deleted
C:\windows\DUMP44ea.tmp - deleted
C:\windows\DUMP4507.tmp - deleted
C:\windows\DUMP4565.tmp - deleted
C:\windows\IE4 Error Log.txt - deleted
C:\windows\temp\ib10 - deleted
C:\windows\temp\ib2 - deleted
C:\windows\temp\ib3 - deleted
C:\windows\temp\ib4 - deleted
C:\windows\temp\ib5 - deleted
C:\windows\temp\ib6 - deleted
C:\windows\temp\ib7 - deleted
C:\windows\temp\ib8 - deleted
C:\windows\temp\ib9 - deleted
C:\windows\temp\ZendOptimizer.MemoryBase@SYSTEM - deleted
C:\Dokumente und Einstellungen\Web\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Web\Cookies\web@bitdefender[2].txt - deleted
C:\Dokumente und Einstellungen\Web\Cookies\web@emsisoft[1].txt - deleted
C:\Dokumente und Einstellungen\Web\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Web\Cookies\web@bitdefender[2].txt - deleted
C:\Dokumente und Einstellungen\Web\Cookies\web@emsisoft[1].txt - deleted
C:\Dokumente und Einstellungen\NetworkService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\NetworkService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted
C:\windows\Prefetch\A2FREE.EXE-0775134C.pf - deleted
C:\windows\Prefetch\A2START.EXE-0A4EB81F.pf - deleted
C:\windows\Prefetch\A2UPD.EXE-08A125B0.pf - deleted
C:\windows\Prefetch\ACTHOSP.EXE-0A9506AC.pf - deleted
C:\windows\Prefetch\ALHLP.EXE-347D4682.pf - deleted
C:\windows\Prefetch\ASQUARED115AB4B3.EXE-06A376A7.pf - deleted
C:\windows\Prefetch\AVCIMAN.EXE-3B478067.pf - deleted
C:\windows\Prefetch\AVENGER.EXE-0916C6B4.pf - deleted
C:\windows\Prefetch\CLEANUP.EXE-3438663A.pf - deleted
C:\windows\Prefetch\CLEANUP452.EXE-30A323DF.pf - deleted
C:\windows\Prefetch\CMD.EXE-087B4001.pf - deleted
C:\windows\Prefetch\DEFRAG.EXE-273F131E.pf - deleted
C:\windows\Prefetch\DFRGNTFS.EXE-269967DF.pf - deleted
C:\windows\Prefetch\DYNDNS.EXE-10262B1F.pf - deleted
C:\windows\Prefetch\EXPLORER.EXE-082F38A9.pf - deleted
C:\windows\Prefetch\FILEZILLA.EXE-017E33E7.pf - deleted
C:\windows\Prefetch\FIREFOX.EXE-17EE503B.pf - deleted
C:\windows\Prefetch\FRONTPG.EXE-16B73165.pf - deleted
C:\windows\Prefetch\HIJACKTHIS.EXE-06C84915.pf - deleted
C:\windows\Prefetch\HIJACKTHIS.EXE-1BB5C5A6.pf - deleted
C:\windows\Prefetch\HIJACKTHIS.EXE-1CAD70CC.pf - deleted
C:\windows\Prefetch\HIJACKTHIS.EXE-21E0D0A2.pf - deleted
C:\windows\Prefetch\HIJACKTHIS.EXE-39C0AA8D.pf - deleted
C:\windows\Prefetch\ICODECPACK.543.EXE-08B29216.pf - deleted
C:\windows\Prefetch\IEXPLORE.EXE-2CA9778D.pf - deleted
C:\windows\Prefetch\IFACE.EXE-2807B284.pf - deleted
C:\windows\Prefetch\IPCONFIG.EXE-2395F30B.pf - deleted
C:\windows\Prefetch\ISAMINI.EXE-22706837.pf - deleted
C:\windows\Prefetch\ISAMONITOR.EXE-160863D4.pf - deleted
C:\windows\Prefetch\Layout.ini - deleted
C:\windows\Prefetch\MSCONFIG.EXE-35E4DAE9.pf - deleted
C:\windows\Prefetch\MSIMN.EXE-0B61806C.pf - deleted
C:\windows\Prefetch\NOTEPAD.EXE-336351A9.pf - deleted
C:\windows\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted
C:\windows\Prefetch\NWIZ.EXE-2D0F9FBC.pf - deleted
C:\windows\Prefetch\PAVJOBS.EXE-02578609.pf - deleted
C:\windows\Prefetch\PAVW.EXE-056CF508.pf - deleted
C:\windows\Prefetch\PHOTOSNAPVIEWER.EXE-1BCDA4AE.pf - deleted
C:\windows\Prefetch\PMMON.EXE-349D7132.pf - deleted
C:\windows\Prefetch\PMSNGR.EXE-39B5537A.pf - deleted
C:\windows\Prefetch\PROTON.EXE-09742FCE.pf - deleted
C:\windows\Prefetch\PSIMREAL.EXE-3B3C60A8.pf - deleted
C:\windows\Prefetch\PV.EXE-01A8A6FB.pf - deleted
C:\windows\Prefetch\RASAUTOU.EXE-18B88A68.pf - deleted
C:\windows\Prefetch\REGEDIT.EXE-1B606482.pf - deleted
C:\windows\Prefetch\RSTRUI.EXE-03C49A96.pf - deleted
C:\windows\Prefetch\RUNDLL32.EXE-194CEC69.pf - deleted
C:\windows\Prefetch\RUNDLL32.EXE-28C6E9BB.pf - deleted
C:\windows\Prefetch\RUNDLL32.EXE-2A94BB85.pf - deleted
C:\windows\Prefetch\RUNDLL32.EXE-2EFE39BB.pf - deleted
C:\windows\Prefetch\RUNDLL32.EXE-30B8D1F0.pf - deleted
C:\windows\Prefetch\RUNDLL32.EXE-35A97A73.pf - deleted
C:\windows\Prefetch\RUNDLL32.EXE-3BB0BBC3.pf - deleted
C:\windows\Prefetch\SFS.EXE-2DCC37A2.pf - deleted
C:\windows\Prefetch\SHOWTIME.EXE-1713ECDC.pf - deleted
C:\windows\Prefetch\SMC.EXE-0B61F84B.pf - deleted
C:\windows\Prefetch\SNDVOL32.EXE-383480B7.pf - deleted
C:\windows\Prefetch\SSSTARS.SCR-2D6FC20D.pf - deleted
C:\windows\Prefetch\TASKMGR.EXE-20256C55.pf - deleted
C:\windows\Prefetch\TMP1AF.TMP-1D319A1E.pf - deleted
C:\windows\Prefetch\TMP1B0.TMP-28145282.pf - deleted
C:\windows\Prefetch\TMP1B1.TMP-11B73BBE.pf - deleted
C:\windows\Prefetch\TMP1B2.TMP-01ACD7ED.pf - deleted
C:\windows\Prefetch\TRILLIAN.EXE-302642F0.pf - deleted
C:\windows\Prefetch\TU_LOGONUI.EXE-381C5638.pf - deleted
C:\windows\Prefetch\UNINS000.EXE-137CC836.pf - deleted
C:\windows\Prefetch\UPD81.BPX-0C69427E.pf - deleted
C:\windows\Prefetch\UPGRADER.EXE-37666463.pf - deleted
C:\windows\Prefetch\VERCLSID.EXE-3667BD89.pf - deleted
C:\windows\Prefetch\WINAMP.EXE-08C38ED9.pf - deleted
C:\windows\Prefetch\WINRAR.EXE-3588DFE8.pf - deleted
C:\windows\Prefetch\WMIPRVSE.EXE-28F301A9.pf - deleted
C:\windows\Prefetch\XAMPP-CONTROL.EXE-0698926C.pf - deleted
C:\windows\Prefetch\_IU14D2N.TMP-218E56FE.pf - deleted
Emptied Recycle Bin on drive C:
'Run MRU' list - removed from the registry.
'Doc Find Spec MRU' list - removed from the registry.
'FindComputerMRU' list - removed from the registry.
'ComputerNameMRU' list - removed from the registry.
'ContainingTextMRU' list - removed from the registry.
'FilesNamedMRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
Windows Media Player Recent File List - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 80.0 MB of disk space from 3817 files.
CleanUp! finished on 09/11/06 17:13:47.

Danke für deine Hilfe !

P.S. Ihr habt euch sehr verbessert hier weiter so !!!!

gruss Bjoern
Dieser Beitrag wurde am 11.09.2006 um 17:41 Uhr von webcool editiert.
Seitenanfang Seitenende
12.09.2006, 01:05
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 ich kann nichts finden und eine Datei hat die combofix schon geloescht...

das gehorte zum Virenprogramm:
C:\windows\Prefetch\ISAMINI.EXE-22706837.pf - deleted
C:\windows\Prefetch\ISAMONITOR.EXE-160863D4.pf - deleted

scanne mit smitfraudfix und postee die scanreporte von option 1 und 2
http://virus-protect.org/artikel/tools/smitfrautfix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: