Home » Viren, Trojaner & Malware Forum » nervige "TR/VUNDO.GEN" ... wie kann man den löschen?? » Themenansicht
nervige "TR/VUNDO.GEN" ... wie kann man den löschen?? |
||
|---|---|---|
| #0
| ||
|
19.09.2006, 17:57
...neu hier
Beiträge: 3 |
||
 
|
|
|
|
19.09.2006, 18:54
Member
Beiträge: 130 |
#2
Da es noch ein Fall hier vor kurzem gab, kannst du dich so ziemlich an den halten, zumindest an dass, was du an logs zu posten hast:
1. stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html 2. combofix anwenden, auch die Datentraegerbereinigung durchfuehren lassen + den Scanreport abkopieren und im Beitrag posten http://virus-protect.org/artikel/tools/combofix.html 3. Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html dann sollte dir Sabina schnell sagen können was "böse" ist und wie dus loswirst 
|
|
|
|
|
|
|
19.09.2006, 19:58
...neu hier
Themenstarter Beiträge: 3 |
#3
CleanUp! started on 09/19/06 19:45:45.
... C:\DOKUME~1\Sewe\LOKALE~1\Temp\Acr18.tmp - deleted C:\DOKUME~1\Sewe\LOKALE~1\Temp\Acr4.tmp - deleted C:\DOKUME~1\Sewe\LOKALE~1\Temp\Acr6.tmp - deleted C:\DOKUME~1\Sewe\LOKALE~1\Temp\dvfrhdtd.dll - deleted C:\DOKUME~1\Sewe\LOKALE~1\Temp\Perflib_Perfdata_51c.dat - deleted C:\DOKUME~1\Sewe\LOKALE~1\Temp\Perflib_Perfdata_760.dat - deleted C:\DOKUME~1\Sewe\LOKALE~1\Temp\removalfile.bat - deleted C:\DOKUME~1\Sewe\LOKALE~1\Temp\Adobe\Acrobat\6.0\ - deleted C:\DOKUME~1\Sewe\LOKALE~1\Temp\Adobe\Acrobat\ - deleted C:\DOKUME~1\Sewe\LOKALE~1\Temp\Adobe\ - deleted C:\DOKUME~1\Sewe\LOKALE~1\Temp\Acr16.tmp - deleted C:\DOKUME~1\Sewe\LOKALE~1\Temp\Acr18.tmp - deleted C:\DOKUME~1\Sewe\LOKALE~1\Temp\Acr4.tmp - deleted C:\DOKUME~1\Sewe\LOKALE~1\Temp\Acr6.tmp - deleted C:\DOKUME~1\Sewe\LOKALE~1\Temp\dvfrhdtd.dll - deleted C:\DOKUME~1\Sewe\LOKALE~1\Temp\Perflib_Perfdata_51c.dat - deleted C:\DOKUME~1\Sewe\LOKALE~1\Temp\Perflib_Perfdata_760.dat - deleted C:\DOKUME~1\Sewe\LOKALE~1\Temp\removalfile.bat - deleted C:\WINDOWS\temp\alcupd.exe - deleted C:\WINDOWS\temp\alcxck8.cat - deleted C:\WINDOWS\temp\alcxsens.sys - deleted C:\WINDOWS\temp\alcxwdm.cat - deleted C:\WINDOWS\temp\alcxwdm.sys - deleted C:\WINDOWS\temp\alcxwdm0.inf - deleted C:\WINDOWS\temp\alcxwdm1.inf - deleted C:\WINDOWS\temp\alcxwdm10.inf - deleted C:\WINDOWS\temp\alcxwdm11.inf - deleted C:\WINDOWS\temp\alcxwdm12.inf - deleted C:\WINDOWS\temp\alcxwdm2.inf - deleted C:\WINDOWS\temp\alcxwdm3.inf - deleted C:\WINDOWS\temp\alcxwdm4.inf - deleted C:\WINDOWS\temp\alcxwdm5.inf - deleted C:\WINDOWS\temp\alcxwdm6.inf - deleted C:\WINDOWS\temp\alcxwdm7.inf - deleted C:\WINDOWS\temp\alcxwdm8.inf - deleted C:\WINDOWS\temp\alcxwdm9.inf - deleted C:\WINDOWS\temp\alsndmgr.cpl - deleted C:\WINDOWS\temp\alsndmgr.wav - deleted C:\WINDOWS\temp\audio3d.dll - deleted C:\WINDOWS\temp\crlds3d.dll - deleted C:\WINDOWS\temp\MSSSerif120.fon - deleted C:\WINDOWS\temp\newdev.dll - deleted C:\WINDOWS\temp\Perflib_Perfdata_11c.dat - deleted C:\WINDOWS\temp\Perflib_Perfdata_b74.dat - deleted C:\WINDOWS\temp\Perflib_Perfdata_bf0.dat - deleted C:\WINDOWS\temp\Perflib_Perfdata_ee0.dat - deleted C:\WINDOWS\temp\Perflib_Perfdata_f00.dat - deleted C:\WINDOWS\temp\Perflib_Perfdata_fa0.dat - deleted C:\WINDOWS\temp\soundman.exe - deleted C:\WINDOWS\temp\TMP000000019D095D0F421DF21B - deleted C:\WINDOWS\temp\win14.tmp - deleted C:\WINDOWS\temp\win48.tmp - deleted C:\WINDOWS\temp\win54.tmp - deleted C:\WINDOWS\temp\winAD.tmp - deleted C:\WINDOWS\temp\winBB.tmp - deleted C:\WINDOWS\temp\Cookies\index.dat - deleted C:\WINDOWS\temp\Cookies\sewe@survey[1].txt - deleted C:\WINDOWS\temp\Cookies\sewe@www.avira[1].txt - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\4TMJ4PQR\en_small[1].jpg - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\4TMJ4PQR\jp_small[1].jpg - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\4TMJ4PQR\Thread_de[1].gif - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\4TMJ4PQR\logo_web[1].gif - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\4TMJ4PQR\red_arrow[1].gif - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\4TMJ4PQR\sand[1].jpg - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\4TMJ4PQR\Thread_de[1].gif - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\4TMJ4PQR\v2_dot[1].gif - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\4TMJ4PQR\v_dot[1].gif - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\7DQDA463\alertspanel_en[1].gif - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\7DQDA463\av_vdl_style[1].css - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\7DQDA463\front[1].css - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\7DQDA463\ico_print[1].gif - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\7DQDA463\level_1[1].gif - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\7DQDA463\pt_small[1].jpg - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\7DQDA463\search[1].gif - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\7DQDA463\submit_blue[1].gif - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\7DQDA463\white_paper[1].gif - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\LBKIB9TZ\double_arrow[1].gif - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\LBKIB9TZ\es_small[1].jpg - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\LBKIB9TZ\it_small[1].jpg - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\LBKIB9TZ\level_3[1].gif - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\LBKIB9TZ\menu_sep[1].gif - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\LBKIB9TZ\removal_tool(1)[1].gif - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\LBKIB9TZ\topMenuBgd_sand[1].gif - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\LBKIB9TZ\top_picture_de[1].jpg - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\LBKIB9TZ\vireninfos[1].htm - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\LBKIB9TZ\virus_science[1].gif - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\Y5IXQZCJ\buttonstats[1].gif - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\Y5IXQZCJ\de_gray_small[1].jpg - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\Y5IXQZCJ\fr_small[1].jpg - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\Y5IXQZCJ\level_2[1].gif - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\Y5IXQZCJ\red_arrow_down[1].gif - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\Y5IXQZCJ\ro_small[1].jpg - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\Y5IXQZCJ\rssfeeds_en[1].gif - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\Y5IXQZCJ\rss[1].gif - deleted C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\Y5IXQZCJ\spacer[1].gif - deleted C:\WINDOWS\temp\tmp000016510\DTMcd.ini - deleted C:\WINDOWS\temp\tmp000016510\logo.gif - deleted C:\WINDOWS\temp\tmp000016510\ncrclean.exe - deleted C:\WINDOWS\temp\tmp000016510\ncrcon.exe - deleted C:\WINDOWS\temp\tmp000016510\ncrdev.exe - deleted C:\WINDOWS\temp\tmp000016510\ncrdll.exe - deleted C:\WINDOWS\temp\tmp000016510\ncrrb.exe - deleted C:\WINDOWS\temp\tmp000016510\ncrwait.exe - deleted C:\WINDOWS\temp\tmp000016510\ncrwait.rb - deleted C:\WINDOWS\temp\tmp000016510\primary_DTM2.mod - deleted C:\WINDOWS\temp\tmp000016510\primary_light.ini - deleted C:\WINDOWS\temp\tmp000016510\RACEDRIVER2.mdf - deleted C:\WINDOWS\temp\tmp000016510\RACEDRIVER2.mds - deleted C:\WINDOWS\temp\tmp000016510\rd2.ico - deleted C:\WINDOWS\temp\tmp000016510\RD2_tmp.exe - deleted C:\WINDOWS\temp\tmp000016510\secondary_DTM2.mod - deleted C:\WINDOWS\temp\tmp000016510\secondary_light.ini - deleted C:\WINDOWS\temp\tmp000016510\Settings.Ini - deleted C:\WINDOWS\temp\tmp000016510\zlportio.sys - deleted C:\WINDOWS\temp\tmp000016510\Language\German\Help.msg - deleted C:\WINDOWS\temp\tmp000016510\Language\German\Language.Ini - deleted C:\WINDOWS\temp\tmp000016510\Language\German\Buttons\About.bmp - deleted C:\WINDOWS\temp\tmp000016510\Language\German\Buttons\Close.bmp - deleted C:\WINDOWS\temp\tmp000016510\Language\German\Buttons\Patch.bmp - deleted C:\WINDOWS\temp\tmp000016510\Language\German\Buttons\UnPatch.bmp - deleted C:\WINDOWS\temp\tmp000018800\DTMcd.ini - deleted C:\WINDOWS\temp\tmp000018800\logo.gif - deleted C:\WINDOWS\temp\tmp000018800\ncrclean.exe - deleted C:\WINDOWS\temp\tmp000018800\ncrcon.exe - deleted C:\WINDOWS\temp\tmp000018800\ncrdev.exe - deleted C:\WINDOWS\temp\tmp000018800\ncrdll.exe - deleted C:\WINDOWS\temp\tmp000018800\ncrrb.exe - deleted C:\WINDOWS\temp\tmp000018800\ncrwait.exe - deleted C:\WINDOWS\temp\tmp000018800\ncrwait.rb - deleted C:\WINDOWS\temp\tmp000018800\primary_DTM2.mod - deleted C:\WINDOWS\temp\tmp000018800\primary_light.ini - deleted C:\WINDOWS\temp\tmp000018800\RACEDRIVER2.mdf - deleted C:\WINDOWS\temp\tmp000018800\RACEDRIVER2.mds - deleted C:\WINDOWS\temp\tmp000018800\rd2.ico - deleted C:\WINDOWS\temp\tmp000018800\RD2_tmp.exe - deleted C:\WINDOWS\temp\tmp000018800\secondary_DTM2.mod - deleted C:\WINDOWS\temp\tmp000018800\secondary_light.ini - deleted C:\WINDOWS\temp\tmp000018800\Settings.Ini - deleted C:\WINDOWS\temp\tmp000018800\zlportio.sys - deleted C:\WINDOWS\temp\tmp000018800\Language\German\Help.msg - deleted C:\WINDOWS\temp\tmp000018800\Language\German\Language.Ini - deleted C:\WINDOWS\temp\tmp000018800\Language\German\Buttons\About.bmp - deleted C:\WINDOWS\temp\tmp000018800\Language\German\Buttons\Close.bmp - deleted C:\WINDOWS\temp\tmp000018800\Language\German\Buttons\Patch.bmp - deleted C:\WINDOWS\temp\tmp000018800\Language\German\Buttons\UnPatch.bmp - deleted C:\WINDOWS\temp\tmp000021480\DTMcd.ini - deleted C:\WINDOWS\temp\tmp000021480\logo.gif - deleted C:\WINDOWS\temp\tmp000021480\ncrclean.exe - deleted C:\WINDOWS\temp\tmp000021480\ncrcon.exe - deleted C:\WINDOWS\temp\tmp000021480\ncrdev.exe - deleted C:\WINDOWS\temp\tmp000021480\ncrdll.exe - deleted C:\WINDOWS\temp\tmp000021480\ncrrb.exe - deleted C:\WINDOWS\temp\tmp000021480\ncrwait.exe - deleted C:\WINDOWS\temp\tmp000021480\ncrwait.rb - deleted C:\WINDOWS\temp\tmp000021480\primary_DTM2.mod - deleted C:\WINDOWS\temp\tmp000021480\primary_light.ini - deleted C:\WINDOWS\temp\tmp000021480\RACEDRIVER2.mdf - deleted C:\WINDOWS\temp\tmp000021480\RACEDRIVER2.mds - deleted C:\WINDOWS\temp\tmp000021480\rd2.ico - deleted C:\WINDOWS\temp\tmp000021480\RD2_tmp.exe - deleted C:\WINDOWS\temp\tmp000021480\secondary_DTM2.mod - deleted C:\WINDOWS\temp\tmp000021480\secondary_light.ini - deleted C:\WINDOWS\temp\tmp000021480\Settings.Ini - deleted C:\WINDOWS\temp\tmp000021480\zlportio.sys - deleted C:\WINDOWS\temp\tmp000021480\Language\German\Help.msg - deleted C:\WINDOWS\temp\tmp000021480\Language\German\Language.Ini - deleted C:\WINDOWS\temp\tmp000021480\Language\German\Buttons\About.bmp - deleted C:\WINDOWS\temp\tmp000021480\Language\German\Buttons\Close.bmp - deleted C:\WINDOWS\temp\tmp000021480\Language\German\Buttons\Patch.bmp - deleted C:\WINDOWS\temp\tmp000021480\Language\German\Buttons\UnPatch.bmp - deleted C:\WINDOWS\temp\tmp000027010\DTMcd.ini - deleted C:\WINDOWS\temp\tmp000027010\logo.gif - deleted C:\WINDOWS\temp\tmp000027010\ncrclean.exe - deleted C:\WINDOWS\temp\tmp000027010\ncrcon.exe - deleted C:\WINDOWS\temp\tmp000027010\ncrdev.exe - deleted C:\WINDOWS\temp\tmp000027010\ncrdll.exe - deleted C:\WINDOWS\temp\tmp000027010\ncrrb.exe - deleted C:\WINDOWS\temp\tmp000027010\ncrwait.exe - deleted C:\WINDOWS\temp\tmp000027010\ncrwait.rb - deleted C:\WINDOWS\temp\tmp000027010\primary_DTM2.mod - deleted C:\WINDOWS\temp\tmp000027010\primary_light.ini - deleted C:\WINDOWS\temp\tmp000027010\RACEDRIVER2.mdf - deleted C:\WINDOWS\temp\tmp000027010\RACEDRIVER2.mds - deleted C:\WINDOWS\temp\tmp000027010\rd2.ico - deleted C:\WINDOWS\temp\tmp000027010\RD2_tmp.exe - deleted C:\WINDOWS\temp\tmp000027010\secondary_DTM2.mod - deleted C:\WINDOWS\temp\tmp000027010\secondary_light.ini - deleted C:\WINDOWS\temp\tmp000027010\Settings.Ini - deleted C:\WINDOWS\temp\tmp000027010\zlportio.sys - deleted C:\WINDOWS\temp\tmp000027010\Language\German\Help.msg - deleted C:\WINDOWS\temp\tmp000027010\Language\German\Language.Ini - deleted C:\WINDOWS\temp\tmp000027010\Language\German\Buttons\About.bmp - deleted C:\WINDOWS\temp\tmp000027010\Language\German\Buttons\Close.bmp - deleted C:\WINDOWS\temp\tmp000027010\Language\German\Buttons\Patch.bmp - deleted C:\WINDOWS\temp\tmp000027010\Language\German\Buttons\UnPatch.bmp - deleted C:\WINDOWS\temp\tmp000029190\DTMcd.ini - deleted C:\WINDOWS\temp\tmp000029190\logo.gif - deleted C:\WINDOWS\temp\tmp000029190\ncrclean.exe - deleted C:\WINDOWS\temp\tmp000029190\ncrcon.exe - deleted C:\WINDOWS\temp\tmp000029190\ncrdev.exe - deleted C:\WINDOWS\temp\tmp000029190\ncrdll.exe - deleted C:\WINDOWS\temp\tmp000029190\ncrrb.exe - deleted C:\WINDOWS\temp\tmp000029190\ncrwait.exe - deleted C:\WINDOWS\temp\tmp000029190\ncrwait.rb - deleted C:\WINDOWS\temp\tmp000029190\primary_DTM2.mod - deleted C:\WINDOWS\temp\tmp000029190\primary_light.ini - deleted C:\WINDOWS\temp\tmp000029190\RACEDRIVER2.mdf - deleted C:\WINDOWS\temp\tmp000029190\RACEDRIVER2.mds - deleted C:\WINDOWS\temp\tmp000029190\rd2.ico - deleted C:\WINDOWS\temp\tmp000029190\RD2_tmp.exe - deleted C:\WINDOWS\temp\tmp000029190\secondary_DTM2.mod - deleted C:\WINDOWS\temp\tmp000029190\secondary_light.ini - deleted C:\WINDOWS\temp\tmp000029190\Settings.Ini - deleted C:\WINDOWS\temp\tmp000029190\zlportio.sys - deleted C:\WINDOWS\temp\tmp000029190\Language\German\Help.msg - deleted C:\WINDOWS\temp\tmp000029190\Language\German\Language.Ini - deleted C:\WINDOWS\temp\tmp000029190\Language\German\Buttons\About.bmp - deleted C:\WINDOWS\temp\tmp000029190\Language\German\Buttons\Close.bmp - deleted C:\WINDOWS\temp\tmp000029190\Language\German\Buttons\Patch.bmp - deleted C:\WINDOWS\temp\tmp000029190\Language\German\Buttons\UnPatch.bmp - deleted C:\WINDOWS\temp\tmp000033190\DTMcd.ini - deleted C:\WINDOWS\temp\tmp000033190\logo.gif - deleted C:\WINDOWS\temp\tmp000033190\ncrclean.exe - deleted C:\WINDOWS\temp\tmp000033190\ncrcon.exe - deleted C:\WINDOWS\temp\tmp000033190\ncrdev.exe - deleted C:\WINDOWS\temp\tmp000033190\ncrdll.exe - deleted C:\WINDOWS\temp\tmp000033190\ncrrb.exe - deleted C:\WINDOWS\temp\tmp000033190\ncrwait.exe - deleted C:\WINDOWS\temp\tmp000033190\ncrwait.rb - deleted C:\WINDOWS\temp\tmp000033190\primary_DTM2.mod - deleted C:\WINDOWS\temp\tmp000033190\primary_light.ini - deleted C:\WINDOWS\temp\tmp000033190\RACEDRIVER2.mdf - deleted C:\WINDOWS\temp\tmp000033190\RACEDRIVER2.mds - deleted C:\WINDOWS\temp\tmp000033190\rd2.ico - deleted C:\WINDOWS\temp\tmp000033190\RD2_tmp.exe - deleted C:\WINDOWS\temp\tmp000033190\secondary_DTM2.mod - deleted C:\WINDOWS\temp\tmp000033190\secondary_light.ini - deleted C:\WINDOWS\temp\tmp000033190\Settings.Ini - deleted C:\WINDOWS\temp\tmp000033190\zlportio.sys - deleted C:\WINDOWS\temp\tmp000033190\Language\German\Help.msg - deleted C:\WINDOWS\temp\tmp000033190\Language\German\Language.Ini - deleted C:\WINDOWS\temp\tmp000033190\Language\German\Buttons\About.bmp - deleted C:\WINDOWS\temp\tmp000033190\Language\German\Buttons\Close.bmp - deleted C:\WINDOWS\temp\tmp000033190\Language\German\Buttons\Patch.bmp - deleted C:\WINDOWS\temp\tmp000033190\Language\German\Buttons\UnPatch.bmp - deleted C:\WINDOWS\temp\tmp000080450\DTMcd.ini - deleted C:\WINDOWS\temp\tmp000080450\logo.gif - deleted C:\WINDOWS\temp\tmp000080450\ncrclean.exe - deleted C:\WINDOWS\temp\tmp000080450\ncrcon.exe - deleted C:\WINDOWS\temp\tmp000080450\ncrdev.exe - deleted C:\WINDOWS\temp\tmp000080450\ncrdll.exe - deleted C:\WINDOWS\temp\tmp000080450\ncrrb.exe - deleted C:\WINDOWS\temp\tmp000080450\ncrwait.exe - deleted C:\WINDOWS\temp\tmp000080450\ncrwait.rb - deleted C:\WINDOWS\temp\tmp000080450\primary_DTM2.mod - deleted C:\WINDOWS\temp\tmp000080450\primary_light.ini - deleted C:\WINDOWS\temp\tmp000080450\RACEDRIVER2.mdf - deleted C:\WINDOWS\temp\tmp000080450\RACEDRIVER2.mds - deleted C:\WINDOWS\temp\tmp000080450\rd2.ico - deleted C:\WINDOWS\temp\tmp000080450\RD2_tmp.exe - deleted C:\WINDOWS\temp\tmp000080450\secondary_DTM2.mod - deleted C:\WINDOWS\temp\tmp000080450\secondary_light.ini - deleted C:\WINDOWS\temp\tmp000080450\Settings.Ini - deleted C:\WINDOWS\temp\tmp000080450\zlportio.sys - deleted C:\WINDOWS\temp\tmp000080450\Language\German\Help.msg - deleted C:\WINDOWS\temp\tmp000080450\Language\German\Language.Ini - deleted C:\WINDOWS\temp\tmp000080450\Language\German\Buttons\About.bmp - deleted C:\WINDOWS\temp\tmp000080450\Language\German\Buttons\Close.bmp - deleted C:\WINDOWS\temp\tmp000080450\Language\German\Buttons\Patch.bmp - deleted C:\WINDOWS\temp\tmp000080450\Language\German\Buttons\UnPatch.bmp - deleted C:\WINDOWS\temp\Verlauf\History.IE5\index.dat - deleted C:\WINDOWS\temp\_ISTMP0.DIR\928fc6.DLL - deleted C:\WINDOWS\temp\_ISTMP1.DIR\972d4b.DLL - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@1069529469[2].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@1069654151[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@1071476066[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@1072403768[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@196263[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@2006[2].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@2006[3].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@700129213090912[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@as-eu.falkag[2].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@a[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@chip.de.intellitxt[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@chip[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@falkag[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@freenet[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@google[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@hijackthis[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@ilead.itrack[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@ivwbox[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@protecus[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@talkline[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@telefonbuch[2].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@test[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@virus-protect[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@www.chip[2].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@www.trojaner-board[2].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@1069529469[2].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@1069654151[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@1071476066[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@1072403768[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@196263[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@2006[2].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@2006[3].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@700129213090912[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@as-eu.falkag[2].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@a[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@chip.de.intellitxt[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@chip[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@falkag[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@freenet[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@google[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@hijackthis[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@ilead.itrack[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@ivwbox[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@protecus[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@talkline[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@telefonbuch[2].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@test[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@virus-protect[1].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@www.chip[2].txt - deleted C:\Dokumente und Einstellungen\Sewe\Cookies\sewe@www.trojaner-board[2].txt - deleted C:\Dokumente und Einstellungen\NetworkService\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\NetworkService\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted C:\WINDOWS\Prefetch\ACRORD32.EXE-0E853F30.pf - deleted C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf - deleted C:\WINDOWS\Prefetch\ALTCONVERTER.EXE-0EA827AC.pf - deleted C:\WINDOWS\Prefetch\ATI2EVXX.EXE-19D16EB9.pf - deleted C:\WINDOWS\Prefetch\ATIPRBXX.EXE-2EF3CAC1.pf - deleted C:\WINDOWS\Prefetch\ATIPTAXX.EXE-12B5048A.pf - deleted C:\WINDOWS\Prefetch\AVCENTER.EXE-37584419.pf - deleted C:\WINDOWS\Prefetch\AVGNT.EXE-36CA4640.pf - deleted C:\WINDOWS\Prefetch\AVGUARD.EXE-3490B18B.pf - deleted C:\WINDOWS\Prefetch\AVNOTIFY.EXE-22AE9451.pf - deleted C:\WINDOWS\Prefetch\BINKCONV.EXE-2E57D2D3.pf - deleted C:\WINDOWS\Prefetch\BITCOMET.EXE-1835A839.pf - deleted C:\WINDOWS\Prefetch\BITTORRENT.EXE-0BE93995.pf - deleted C:\WINDOWS\Prefetch\CDEX.EXE-02E54E66.pf - deleted C:\WINDOWS\Prefetch\CLI.EXE-02B0DB56.pf - deleted C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf - deleted C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf - deleted C:\WINDOWS\Prefetch\DAEMON.EXE-28AD7272.pf - deleted C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf - deleted C:\WINDOWS\Prefetch\DERE.EXE-2382F5D6.pf - deleted C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf - deleted C:\WINDOWS\Prefetch\DOWNLOAD.EXE-38E3AC19.pf - deleted C:\WINDOWS\Prefetch\DRIVERSETUP.EXE-13189F81.pf - deleted C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf - deleted C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf - deleted C:\WINDOWS\Prefetch\DVDNAVEXT.EXE-26D0278A.pf - deleted C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf - deleted C:\WINDOWS\Prefetch\EMULE.EXE-1872067A.pf - deleted C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf - deleted C:\WINDOWS\Prefetch\FFMPEG.EXE-39DD88B2.pf - deleted C:\WINDOWS\Prefetch\FLAG 3D SCREENSAVER.EXE-2000B142.pf - deleted C:\WINDOWS\Prefetch\FLAG_3~1.SCR-106B6CC3.pf - deleted C:\WINDOWS\Prefetch\FLATOUT2.EXE-1C7614B9.pf - deleted C:\WINDOWS\Prefetch\FLVTOOL2.EXE-09CA9CC1.pf - deleted C:\WINDOWS\Prefetch\FRAPS.EXE-2E18AF75.pf - deleted C:\WINDOWS\Prefetch\GLB2D.TMP-25F2C6A2.pf - deleted C:\WINDOWS\Prefetch\GLJ2F.TMP-276BA811.pf - deleted C:\WINDOWS\Prefetch\GTA_SA.EXE-141F6A7C.pf - deleted C:\WINDOWS\Prefetch\GTA_SA_MUSIC_EXTRACTOR.EXE-1F507A42.pf - deleted C:\WINDOWS\Prefetch\GUARDGUI.EXE-1BD45C30.pf - deleted C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf - deleted C:\WINDOWS\Prefetch\HL2.EXE-2FE7DBB4.pf - deleted C:\WINDOWS\Prefetch\ICQLITE.EXE-2AEFACA7.pf - deleted C:\WINDOWS\Prefetch\IEXPLORE.EXE-2CA9778D.pf - deleted C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf - deleted C:\WINDOWS\Prefetch\INTEGRATOR.EXE-30550117.pf - deleted C:\WINDOWS\Prefetch\IS-J8KD5.TMP-02D3208D.pf - deleted C:\WINDOWS\Prefetch\IS-TELCC.TMP-30429F26.pf - deleted C:\WINDOWS\Prefetch\JUSCHED.EXE-2E5491BE.pf - deleted C:\WINDOWS\Prefetch\LAME.EXE-0D775B23.pf - deleted C:\WINDOWS\Prefetch\Layout.ini - deleted C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf - deleted C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf - deleted C:\WINDOWS\Prefetch\MOVIEMK.EXE-26DF9BB8.pf - deleted C:\WINDOWS\Prefetch\MRT.EXE-1B4A8D49.pf - deleted C:\WINDOWS\Prefetch\MRTSTUB.EXE-16FC1861.pf - deleted C:\WINDOWS\Prefetch\MSPAINT.EXE-11CBB631.pf - deleted C:\WINDOWS\Prefetch\MSW2C.TMP-0037C358.pf - deleted C:\WINDOWS\Prefetch\NERO.EXE-2D2B9A2A.pf - deleted C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf - deleted C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted C:\WINDOWS\Prefetch\OGGENC.EXE-01DAB0A1.pf - deleted C:\WINDOWS\Prefetch\ONLINETV.EXE-05EC698F.pf - deleted C:\WINDOWS\Prefetch\PDVDSERV.EXE-15757141.pf - deleted C:\WINDOWS\Prefetch\POWERDVD.EXE-35D9A3BA.pf - deleted C:\WINDOWS\Prefetch\PP10.EXE-0345859D.pf - deleted C:\WINDOWS\Prefetch\PPACTIVEDETECTION.EXE-3A0CD469.pf - deleted C:\WINDOWS\Prefetch\PPV5UPDATER.EXE-271D3B0B.pf - deleted C:\WINDOWS\Prefetch\PREUPD.EXE-358AA1C1.pf - deleted C:\WINDOWS\Prefetch\QTTASK.EXE-2D7EEF34.pf - deleted C:\WINDOWS\Prefetch\QUICKTIMEPLAYER.EXE-1FAB6332.pf - deleted C:\WINDOWS\Prefetch\RADVIDEO.EXE-32C7C1DA.pf - deleted C:\WINDOWS\Prefetch\REALPLAY.EXE-39F79CBD.pf - deleted C:\WINDOWS\Prefetch\REALSCHED.EXE-0A2A7558.pf - deleted C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf - deleted C:\WINDOWS\Prefetch\RIVA FLV ENCODER.EXE-2261FD4B.pf - deleted C:\WINDOWS\Prefetch\RIVA FLV PLAYER.EXE-1649C791.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-12E27DD0.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-146D9EC8.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-279715C7.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-37D39423.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-385B954C.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-4992F977.pf - deleted C:\WINDOWS\Prefetch\SCHED.EXE-236A886F.pf - deleted C:\WINDOWS\Prefetch\SETUP_WM.EXE-19AC5A9B.pf - deleted C:\WINDOWS\Prefetch\SHREDDER.EXE-157C00C5.pf - deleted C:\WINDOWS\Prefetch\SOUNDMAN.EXE-19745A34.pf - deleted C:\WINDOWS\Prefetch\SPYBOTSD.EXE-1D495A65.pf - deleted C:\WINDOWS\Prefetch\STARTUPMANAGER.EXE-3B0DBE3F.pf - deleted C:\WINDOWS\Prefetch\STEAM.EXE-0D0CA5A7.pf - deleted C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf - deleted C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf - deleted C:\WINDOWS\Prefetch\TEAMSPEAK.EXE-113CF72F.pf - deleted C:\WINDOWS\Prefetch\TEATIMER.EXE-38E505A8.pf - deleted C:\WINDOWS\Prefetch\UNINS000.EXE-04303B57.pf - deleted C:\WINDOWS\Prefetch\UPDATE.EXE-1289F95D.pf - deleted C:\WINDOWS\Prefetch\UPDATE.EXE-13D57D76.pf - deleted C:\WINDOWS\Prefetch\UPDATE.EXE-1BCC513A.pf - deleted C:\WINDOWS\Prefetch\UPDATE.EXE-1E7D3B0D.pf - deleted C:\WINDOWS\Prefetch\UPDATE.EXE-21623DCF.pf - deleted C:\WINDOWS\Prefetch\UPDATE.EXE-2176BE1E.pf - deleted C:\WINDOWS\Prefetch\UPDATE.EXE-2461DDD9.pf - deleted C:\WINDOWS\Prefetch\UPDATE.EXE-26BEEFEC.pf - deleted C:\WINDOWS\Prefetch\UPDATE.EXE-2EDBE0C4.pf - deleted C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf - deleted C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf - deleted C:\WINDOWS\Prefetch\VSMON.EXE-1609C098.pf - deleted C:\WINDOWS\Prefetch\WAVSETUP.EXE-3957EE61.pf - deleted C:\WINDOWS\Prefetch\WIFIUSB.EXE-00D7C3CF.pf - deleted C:\WINDOWS\Prefetch\WINAMP.EXE-08C38ED9.pf - deleted C:\WINDOWS\Prefetch\WINANTIVIRUSPRO2006FREEINSTAL-37A45077.pf - deleted C:\WINDOWS\Prefetch\WINDOWS-KB890830-V1.20-DELTA.-224F9000.pf - deleted C:\WINDOWS\Prefetch\WINDOWSXP-KB922582-X86-DEU.EX-39C04EF5.pf - deleted C:\WINDOWS\Prefetch\WINRAR.EXE-1A0EFB18.pf - deleted C:\WINDOWS\Prefetch\WINWORD.EXE-3395695A.pf - deleted C:\WINDOWS\Prefetch\WISPTIS.EXE-0C21B942.pf - deleted C:\WINDOWS\Prefetch\WMIAPSRV.EXE-1E2270A5.pf - deleted C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf - deleted C:\WINDOWS\Prefetch\WMPLAYER.EXE-09969332.pf - deleted C:\WINDOWS\Prefetch\WMPLAYER.EXE-09969338.pf - deleted C:\WINDOWS\Prefetch\WMPLAYER.EXE-09969339.pf - deleted C:\WINDOWS\Prefetch\WMPLAYER.EXE-0996933A.pf - deleted C:\WINDOWS\Prefetch\WMPLAYER.EXE-0996933B.pf - deleted C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf - deleted C:\WINDOWS\Prefetch\ZLCLIENT.EXE-2ADB81FA.pf - deleted C:\WINDOWS\Prefetch\_IU14D2N.TMP-322199D8.pf - deleted C:\WINDOWS\Prefetch\_RIVA FLV ENCODER.EXE-2F28180D.pf - deleted C:\WINDOWS\Prefetch\_RIVA FLV PLAYER.EXE-2F8608FF.pf - deleted Emptied Recycle Bin on drive C: 'Run MRU' list - removed from the registry. 'Doc Find Spec MRU' list - removed from the registry. 'FindComputerMRU' list - removed from the registry. 'ComputerNameMRU' list - removed from the registry. 'ContainingTextMRU' list - removed from the registry. 'FilesNamedMRU' list - removed from the registry. Search Assistant MRU list - removed from the registry. Explorer Open/Save MRU list - removed from the registry. Explorer Last Visited MRU list - removed from the registry. Paint Recent File List - removed from the registry. WordPad Recent File List - removed from the registry. Telnet's MRU list - removed from the registry. Windows Media Player Recent File List - removed from the registry. WinZip Extract MRU list - removed from the registry. WinZip File MRU list - removed from the registry. CleanUp! 4.5.2 recovered 95.1 MB of disk space from 5252 files. CleanUp! finished on 09/19/06 19:45:53. Sewe - 06-09-19 19:51:41.84 Service Pack 2 ComboFix 06.09.19 - Running from: C:\Dokumente und Einstellungen\Sewe\Desktop (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Dokumente und Einstellungen\Sewe\Anwendungsdaten\Install.dat C:\Programme\Gemeinsame Dateien\{F858C930-077C-1031-0716-040501110031} ((((((((((((((((((((((((((((((( Files Created from 2006-08-19 to 2006-09-19 )))))))))))))))))))))))))))))))))) 2006-08-23 12:46 994,144 ---hs---- C:\WINDOWS\system32\srqss.bak2 2006-08-22 23:31 619,882 ---hs---- C:\WINDOWS\system32\srqss.bak1 2006-08-22 23:31 573,492 --------- C:\WINDOWS\system32\ssqrs.dll 2006-08-22 23:26 40,973 ---hs---- C:\WINDOWS\system32\vtuvsqo.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-09-19 19:52 -------- d-------- C:\Programme\Gemeinsame Dateien 2006-09-19 19:45 -------- d-------- C:\Programme\CleanUp! 2006-09-17 22:55 -------- d-------- C:\Dokumente und Einstellungen\Sewe\Anwendungsdaten\.bittorrent 2006-09-15 11:20 -------- d-------- C:\Programme\Alt WAV MP3 WMA OGG Converter 2006-09-12 00:51 -------- d-------- C:\Dokumente und Einstellungen\Sewe\Anwendungsdaten\Macromedia 2006-09-04 20:50 -------- d-------- C:\Dokumente und Einstellungen\Sewe\Anwendungsdaten\ACShredder3 2006-09-04 20:43 -------- d-------- C:\Programme\Abaiko Disk Space Monitor 2006-09-02 18:09 -------- d-------- C:\Programme\Gemeinsame Dateien\SWF Studio 2006-09-02 13:37 -------- d-------- C:\Programme\SprayR 2006-09-02 13:37 -------- d-------- C:\Programme\Powerbullet 2006-09-02 13:37 -------- d-------- C:\Programme\Easy Audio Editor(2) 2006-09-02 13:37 -------- d-------- C:\Programme\Audacity 2006-08-30 03:25 -------- d-------- C:\Programme\Riva 2006-08-24 20:39 -------- d-------- C:\Dokumente und Einstellungen\Sewe\Anwendungsdaten\teamspeak2 2006-08-24 14:44 -------- d-------- C:\Dokumente und Einstellungen\Sewe\Anwendungsdaten\Video DVD Maker FREE 2006-08-23 13:01 -------- d-------- C:\Programme\HT Burn DVD 3.2 Shareware 2006-08-23 12:57 -------- d--h----- C:\Programme\InstallShield Installation Information 2006-08-23 12:23 -------- d-------- C:\Programme\Video DVD Maker 2006-08-23 01:19 -------- d-------- C:\Programme\Xilisoft 2006-08-23 00:15 -------- d-------- C:\Programme\Super DVD Creator 9.25.0 2006-08-23 00:09 47360 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys 2006-08-22 23:47 -------- d-------- C:\Programme\Soldier of Fortune II - Double Helix 2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-21 11:14 128896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys 2006-08-19 14:45 -------- d-------- C:\Programme\GameSpy Arcade 2006-08-14 02:25 -------- d-------- C:\Programme\Internet Explorer 2006-08-13 12:47 -------- d-------- C:\Programme\Gemeinsame Dateien\InstallShield 2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-25 14:08 -------- d-------- C:\Programme\Lavalys 2006-07-22 13:50 -------- d---s---- C:\Programme\Xfire 2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll 2006-07-13 17:33 720896 --a------ C:\WINDOWS\iun6002.exe 2006-06-22 07:06 69120 --a------ C:\WINDOWS\system32\ciodm.dll 2006-06-22 07:06 1441792 --a------ C:\WINDOWS\system32\query.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "SpybotSD TeaTimer"="C:\\Programme\\Spybot - Search & Destroy\\TeaTimer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" "Zone Labs Client"="d:\\Programme\\Zone Labs\\ZoneAlarm\\zlclient.exe" "ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" @="" "ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime" "DAEMON Tools"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033" "eTrustPPAP"="\"C:\\Programme\\CA\\eTrust PestPatrol\\PPActiveDetection.exe\"" "QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime" "TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot" "SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe" "RemoteControl"="C:\\Programme\\CyberLink\\PowerDVD\\PDVDServ.exe" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="C:\\WINDOWS\\warnhp.html" "SubscribedURL"="" "FriendlyName"="Desktop Uninstall" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,57,02,00,00,b8,00,00,00,dc,00,00,00,d0,00,00,00,ea,\ 03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:01,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,02,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" @="" "ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" @="" "ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrs HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkq32 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\1-Klick-Wartung.job Completion time: 19.09.2006 19:53:25.54 ComboFix.txt Datentr„ger in Laufwerk C: ist WINDOWS Volumeseriennummer: F858-C930 Verzeichnis von C:\WINDOWS\system32 19.09.2006 19:55 997.786 srqss.ini 19.09.2006 17:09 96 mcrh.tmp 19.09.2006 16:40 35.870 vsconfig.xml 19.09.2006 14:23 5.550 Flag.log 19.09.2006 13:14 994.144 srqss.bak2 18.09.2006 12:59 2.206 wpa.dbl 11.09.2006 19:37 8.960.936 MRT.exe 29.08.2006 13:35 51.733 plugin1.dat 22.08.2006 23:31 619.882 srqss.bak1 22.08.2006 23:31 573.492 ssqrs.dll 22.08.2006 23:26 40.973 vtuvsqo.dll 21.08.2006 14:26 16.896 fltlib.dll 21.08.2006 11:14 23.040 fltmc.exe 28.07.2006 13:28 3.075.072 mshtml.dll 27.07.2006 15:25 679.424 inetcomm.dll 25.07.2006 22:33 615.936 urlmon.dll 21.07.2006 10:29 72.704 hlink.dll 14.07.2006 17:38 332.288 netapi32.dll 14.07.2006 17:25 546.304 hhctrl.ocx 13.07.2006 15:34 8.494.592 shell32.dll 12.07.2006 22:37 380.350 perfh009.dat 12.07.2006 22:37 52.764 perfc009.dat 12.07.2006 22:37 391.000 perfh007.dat 12.07.2006 22:37 63.580 perfc007.dat 12.07.2006 22:37 897.954 PerfStringBackup.INI 07.07.2006 16:12 320 results.txt 05.07.2006 12:55 1.057.792 kernel32.dll 26.06.2006 19:40 148.480 dnsapi.dll 26.06.2006 19:40 8.192 rasadhlp.dll 23.06.2006 13:10 664.576 wininet.dll 23.06.2006 13:10 146.432 msrating.dll 23.06.2006 13:10 474.624 shlwapi.dll 23.06.2006 13:10 448.512 mshtmled.dll 23.06.2006 13:10 1.494.016 shdocvw.dll 23.06.2006 13:10 39.424 pngfilt.dll 23.06.2006 13:10 532.480 mstime.dll 23.06.2006 13:10 16.384 jsproxy.dll 23.06.2006 13:10 251.392 iepeers.dll 23.06.2006 13:10 205.312 dxtrans.dll 23.06.2006 13:10 152.064 cdfview.dll 23.06.2006 13:10 357.888 dxtmsft.dll 23.06.2006 13:10 55.808 extmgr.dll 23.06.2006 13:10 1.056.256 danim.dll 23.06.2006 13:10 96.768 inseng.dll 23.06.2006 13:10 1.022.976 browseui.dll 23.06.2006 10:53 27.136 xpsp3res.dll 22.06.2006 12:47 181.248 rasmans.dll 22.06.2006 07:06 1.441.792 query.dll 22.06.2006 07:06 69.120 ciodm.dll 15.06.2006 13:57 57.384 avsda.dll 01.06.2006 20:47 163.840 jgdw400.dll 01.06.2006 20:47 27.648 jgpl400.dll Datentr„ger in Laufwerk C: ist WINDOWS Volumeseriennummer: F858-C930 Verzeichnis von C:\DOKUME~1\Sewe\LOKALE~1\Temp 19.09.2006 19:17 2.048.000 Acr18.tmp 19.09.2006 19:17 0 Acr16.tmp 19.09.2006 19:17 179 Acr4.tmp 19.09.2006 19:17 426 Acr6.tmp 19.09.2006 16:46 16.384 Perflib_Perfdata_760.dat 19.09.2006 16:46 16.384 Perflib_Perfdata_51c.dat 6 Datei(en) 2.081.373 Bytes 0 Verzeichnis(se), 794.570.752 Bytes frei Datentr„ger in Laufwerk C: ist WINDOWS Volumeseriennummer: F858-C930 Verzeichnis von C:\WINDOWS 19.09.2006 17:06 175.982 setupact.log 19.09.2006 16:48 1.145.770 WindowsUpdate.log 19.09.2006 16:47 122.182 setupapi.log 19.09.2006 16:46 0 0.log 19.09.2006 16:39 2.048 bootstat.dat 19.09.2006 16:38 32.570 SchedLgU.Txt 19.09.2006 14:24 116 NeroDigital.ini 19.09.2006 01:16 166.951 wmsetup.log 15.09.2006 14:50 21.898 tabletoc.log 15.09.2006 14:50 210.179 tsoc.log 15.09.2006 14:50 532.287 iis6.log 15.09.2006 14:50 1.374 imsins.log 15.09.2006 14:50 94.912 ntdtcsetup.log 15.09.2006 14:50 25.206 ocmsn.log 15.09.2006 14:50 157.746 comsetup.log 15.09.2006 14:50 14.026 KB920685.log 15.09.2006 14:50 32.210 medctroc.Log 15.09.2006 14:50 76.118 netfxocm.log 15.09.2006 14:50 225.535 ocgen.log 15.09.2006 14:50 22.542 msgsocm.log 15.09.2006 14:50 442.990 FaxSetup.log 15.09.2006 14:50 144.034 msmqinst.log 15.09.2006 14:50 1.374 imsins.BAK 15.09.2006 14:50 16.227 KB920872.log 15.09.2006 14:49 14.199 KB919007.log 15.09.2006 14:49 7.805 KB922582.log 15.09.2006 14:49 27.058 updspapi.log 12.09.2006 02:41 328 wiadebug.log 11.09.2006 23:23 50 wiaservc.log 11.09.2006 00:33 812 win.ini 23.08.2006 17:17 1.036.854 bn_file.bmp 23.08.2006 17:17 1.036.854 button_subpic.bmp 23.08.2006 17:17 1.036.854 button_pic.bmp 23.08.2006 17:16 28.854 ova1.bmp 23.08.2006 17:16 28.854 ova0.bmp 22.08.2006 23:47 604 Sof2.INI 14.08.2006 02:26 15.519 KB920214.log 14.08.2006 02:26 15.512 KB922616.log 14.08.2006 02:26 16.003 KB921398.log 14.08.2006 02:25 19.245 KB918899.log 14.08.2006 02:25 11.950 KB920670.log 14.08.2006 02:24 15.187 KB917422.log 14.08.2006 02:24 20.557 KB920683.log 13.08.2006 13:11 378.720 DirectX.log 08.08.2006 23:03 11.088 KB921883.log 01.08.2006 11:45 312 promillerechner.ini 13.07.2006 17:33 720.896 iun6002.exe 12.07.2006 19:12 12.271 KB917159.log 12.07.2006 19:12 12.840 KB914388.log 12.07.2006 19:11 10.741 KB916595.log 12.07.2006 16:53 1.028.360 setupapi.log.0.old 01.07.2006 12:45 213 wininit.ini 01.07.2006 12:39 2.483 mozver.dat 29.06.2006 11:36 16.627 KB911280.log 17.06.2006 21:31 31.076 spupdsvc.log 17.06.2006 21:09 10.449 KB917734.log 17.06.2006 21:08 13.807 KB918439.log 17.06.2006 21:08 14.164 KB917344.log 17.06.2006 21:08 19.784 KB917953.log 17.06.2006 21:08 24.020 KB916281.log 17.06.2006 21:08 11.656 KB914389.log 15.06.2006 21:28 316.640 WMSysPr9.prx Datentr„ger in Laufwerk C: ist WINDOWS Volumeseriennummer: F858-C930 Verzeichnis von C:\ 19.09.2006 19:57 0 sys.txt 19.09.2006 19:57 10.634 system.txt 19.09.2006 19:57 546 systemtemp.txt 19.09.2006 19:56 107.459 system32.txt 19.09.2006 19:53 8.587 ComboFix.txt 19.09.2006 16:39 1.677.721.600 pagefile.sys 07.09.2006 10:15 398 avenger.txt 02.09.2006 13:31 364 VundoFix.txt so das wars. hoffe mein system is noch zu retten ... |
|
|
|
|
|
|
20.09.2006, 17:43
Ehrenmitglied
 Beiträge: 29434 |
#4
Avenger
http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** poste das log vom avenger,was nach neustart erscheint ** scanne und poste den scanreport http://www.virus-protect.org/artikel/tools/superantispyware.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
ich habe ebenfalls den trojaner "TR/VUNDO.GEN".
Anitvir bringt warnung: "C:\Windows\System32\SSQRS.dll" ist das trojanische Pferd.
Und diese sch..... datei lässt sich einfach net löschen.
habe schon mit diversen shredder-software versucht sie zu löschen, aber entweder kommt ne meldung: "bla bla bla wird von einem anderen Person, bzw. Programm verwendet... oder mein pc stürtz in dem moment in dem ich sie löschen will ab.
Sieht wohl so aus, als ob der trojaner die datei ins system einbindet, und sie somit nicht so einfach gelöscht werden kann.
hab mal HTJ drüber laufen lassen....
Logfile of HijackThis v1.99.1
Scan saved at 17:58:55, on 19.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
D:\Programme\DT\Sinus 1054 data\Wifiusb.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Sewe\Desktop\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Zone Labs Client] d:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Programme\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Sinus 1054 data.lnk = D:\Programme\DT\Sinus 1054 data\Wifiusb.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Bitte Bitte helft mir! bin echt am verzweifeln ...
Gruß
Riddik