TR/Vundo.gen und rechner stürzt ab sobald ich online binThema ist geschlossen! |
||
---|---|---|
Thema ist geschlossen! |
||
#0
| ||
27.09.2006, 17:19
Member
Beiträge: 21 |
||
|
||
27.09.2006, 21:47
Member
Beiträge: 130 |
#2
die programme von http://board.protecus.de/t23188.htm werden vundo.gen nicht löschen aber ohne die logs können wir dir nicht sagen wie du ihn gelöscht bekommst... aber ich weiß nicht ob es vundo.gen legt das dein inet abstürzt. Naja dir bleibt wohl nichts übrig als die logs aufn usb stick zu ziehen und von woanders hier zu posten...
|
|
|
||
27.09.2006, 23:59
Member
Themenstarter Beiträge: 21 |
||
|
||
30.09.2006, 14:44
Member
Themenstarter Beiträge: 21 |
#4
hier jetzt endlich die logs!
ich hoffe man kann was machen! Logfile of HijackThis v1.99.1 Scan saved at 13:51:02, on 30.09.2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Programme\Dialer Control\dc.exe C:\Programme\Ahead\InCD\InCD.exe C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe C:\Programme\Lexmark X1100 Series\lxbkbmon.exe C:\Programme\ICQLite\ICQLite.exe C:\dfndrff_e16.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Winzip\WZQKPICK.EXE C:\Programme\StarOffice6.0\program\soffice.exe C:\Programme\OpenOffice.org 2.0\program\soffice.exe C:\Programme\OpenOffice.org 2.0\program\soffice.BIN C:\Programme\Network Monitor\netmon.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\winlogon.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\sssvhost.exe c:\dfndrff_e18.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\taskmgr.exe C:\Programme\AntiVir PersonalEdition Classic\GUARDGUI.EXE C:\Dokumente und Einstellungen\Besitzer.USER1-CO4CMGA9J\Eigene Dateien\gegenviren\hijack\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.arcor.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Programme\Deskbar\deskbar.dll O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\nnnopol.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Programme\TheSearchAccelerator\UCMTSAIE.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Dialer Control] C:\Programme\Dialer Control\dc.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\Run: [newname] C:\\nwnmff_e16.exe O4 - HKLM\..\Run: [defender] c:\\dfndrff_e18.exe O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_e18.exe O4 - HKLM\..\Run: [orx0cd35] RUNDLL32.EXE w00704b1.dll,n 0050cd300000000a00704b1 O4 - HKLM\..\Run: [internet service] sssvhost.exe O4 - HKLM\..\RunServices: [internet service] sssvhost.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programme\OpenOffice.org 2.0\program\quickstart.exe O4 - Startup: StarOffice 6.0.lnk = C:\Programme\StarOffice6.0\program\quickstart.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\Winzip\WZQKPICK.EXE O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\hrro0593e.dll O20 - Winlogon Notify: nnnopol - C:\WINDOWS\SYSTEM32\nnnopol.dll O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\nwwrsko.dll (file missing) O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\dXNlcjE\command.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Network Confg System - Unknown owner - C:\WINDOWS\system32\lviss.exe (file missing) O23 - Service: Network Monitor - Unknown owner - C:\Programme\Network Monitor\netmon.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINDOWS\winlogon.exe O23 - Service: Network Provision Managing Service (xmlprovman) - Unknown owner - C:\WINDOWS\system32\provsvc.exe (file missing) CleanUp! started on 09/30/06 13:59:59. ... C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9462.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF948C.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9497.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF94A1.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF94E5.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF94F5.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9518.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF951D.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF951F.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF953F.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF954A.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9571.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF957C.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF95AB.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF95EE.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9601.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF960E.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9616.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9671.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF967E.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF96A8.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF96B9.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF96E1.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF96F0.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF96FD.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF974E.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9750.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9752.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9756.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF97A2.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF97C6.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF97CF.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF97FE.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9809.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9863.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF986A.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9874.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9895.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF98E3.tmp currently in use. Will be deleted when Windows is restarted. C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF992F.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9960.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF998A.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF99C2.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9A.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9A54.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9A77.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9A7B.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9A8C.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9ACD.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9B3D.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9BB1.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9C0E.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9C61.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9C9F.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9D0F.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9D13.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9D4A.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9D6E.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9D88.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9DCE.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9DD8.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9E49.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9EC8.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9F3B.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9F4B.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9FF2.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA0AA.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA132.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA164.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA178.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA195.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA1B7.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA1D4.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA20B.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA221.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA24E.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA337.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA4.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA41E.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA429.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA4CF.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA508.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA9B5.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA9C9.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFAF5.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFB200.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFB43A.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFB73B.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFB9EB.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFBB16.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFBB34.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFBBA1.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFC653.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFC67E.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFC80E.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFC82D.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFC9E.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFD15F.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFD302.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFD9A.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFD9B9.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFDD7D.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFDDF1.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFDF35.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFE1D5.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFE4D8.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFE9BD.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFEB5B.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFED46.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFED52.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFEDF.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFF2B8.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFF592.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFF68F.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFF83E.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFFB26.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFFF87.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~WRD0000.doc - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~WRF0000.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~WRS0680.tmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Adobe\Acrobat\6.0\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Adobe\Acrobat\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Adobe\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\App\App\Avatar\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\App\App\InviteVideo\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\App\App\map_voice_chat\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\App\App\marketdevil\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\App\App\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\App\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Cookies\index.dat - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Cookies\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\gac8.tmp.dir\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Games\Games\Backgammon\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Games\Games\checkers\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Games\Games\InspectorParker\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Games\Games\rps\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Games\Games\slide-a-lama\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Games\Games\WordNinja\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Games\Games\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Games\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\hsperfdata_Besitzer\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\is-LNG84.tmp\SkypeVersionChecker.dll - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\is-LNG84.tmp\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\is-V99CG.tmp\SkypeVersionChecker.dll - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\is-V99CG.tmp\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\MIB\MIB\buddyDevil\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\MIB\MIB\Interactive\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\MIB\MIB\marketdevilRcv\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\MIB\MIB\ownerDevil\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\MIB\MIB\VideoRcv\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\MIB\MIB\voice_chat_recv_map\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\MIB\MIB\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\MIB\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\MIBShow\MIBShow\ICQChatRecv\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\MIBShow\MIBShow\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\MIBShow\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\msoclip1\01\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\msoclip1\02\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\msoclip1\03\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\msoclip1\04\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\msoclip1\05\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\msoclip1\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\ns_temp\xpcom.ns\bin\js3250.dll - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\ns_temp\xpcom.ns\bin\nspr4.dll - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\ns_temp\xpcom.ns\bin\plc4.dll - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\ns_temp\xpcom.ns\bin\plds4.dll - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\ns_temp\xpcom.ns\bin\xpcom.dll - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\ns_temp\xpcom.ns\bin\xpcom_compat.dll - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\ns_temp\xpcom.ns\bin\components\jar50.dll - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\ns_temp\xpcom.ns\bin\components\xpinstal.dll - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\ns_temp\xpcom.ns\bin\components\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\ns_temp\xpcom.ns\bin\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\ns_temp\xpcom.ns\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\ns_temp\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\People\People\Meetic\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\People\People\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\People\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\plugtmp\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\plugtmp-1\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\plugtmp-2\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\plugtmp-3\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\plugtmp-4\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\plugtmp-5\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\plugtmp-6\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\plugtmp-7\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\1280\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\256\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\2592\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\2736\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\2748\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\288\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\328\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\3460\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\3588\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\368\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\372\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\384\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\396\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\408\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\436\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\soffice.tmp\sv1oh.tmp\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\soffice.tmp\sva5l.tmp\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\soffice.tmp\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\sv1.tmp\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\sv2m5.tmp\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\sv4mc.tmp\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\sv56i.tmp\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\sv6bo.tmp\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\sv73n.tmp\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\sv7mf.tmp\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\sv8g7.tmp\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\svc34.tmp\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\svdpk.tmp\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\svf0l.tmp\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\svf22.tmp\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\svf8g.tmp\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\svgj7.tmp\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\svm23.tmp\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\svo4n.tmp\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\index.dat - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Verlauf\History.IE5\index.dat - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER1.tmp.dir00\sysdata.xml - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER1.tmp.dir00\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER12.tmp.dir00\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER14.tmp.dir00\appcompat.txt - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER14.tmp.dir00\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER15.tmp.dir00\appcompat.txt - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER15.tmp.dir00\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER17.tmp.dir00\appcompat.txt - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER17.tmp.dir00\manifest.txt - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER17.tmp.dir00\taskmgr.exe.hdmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER17.tmp.dir00\taskmgr.exe.mdmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER17.tmp.dir00\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER18.tmp.dir00\appcompat.txt - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER18.tmp.dir00\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER19.tmp.dir00\appcompat.txt - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER19.tmp.dir00\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER2.tmp.dir00\sysdata.xml - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER2.tmp.dir00\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER3.tmp.dir00\appcompat.txt - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER3.tmp.dir00\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WERB.tmp.dir00\setup.exe.hdmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WERB.tmp.dir00\setup.exe.mdmp - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WERB.tmp.dir00\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WERC.tmp.dir00\appcompat.txt - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WERC.tmp.dir00\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WERD.tmp.dir00\appcompat.txt - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WERD.tmp.dir00\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WERE.tmp.dir00\appcompat.txt - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WERE.tmp.dir00\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WERF.tmp.dir00\appcompat.txt - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WERF.tmp.dir00\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WZSE0.TMP\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WZSE1.TMP\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WZSE2.TMP\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WZSE3.TMP\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WZSE4.TMP\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WZSE5.TMP\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WZSE6.TMP\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WZSE7.TMP\disk_1\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WZSE7.TMP\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~offfilt\ - deleted C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Perflib_Perfdata_7f8.dat currently in use. Will be deleted when Windows is restarted. C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF98E3.tmp currently in use. Will be deleted when Windows is restarted. C:\WINDOWS\SET14.tmp - deleted C:\WINDOWS\SET20.tmp - deleted C:\WINDOWS\SET3.tmp - deleted C:\WINDOWS\SET7.tmp - deleted C:\WINDOWS\temp\cmdinst.exe - deleted C:\WINDOWS\temp\Perflib_Perfdata_7b8.dat - deleted C:\WINDOWS\temp\pw3.tmp - deleted C:\WINDOWS\temp\release.htm - deleted C:\WINDOWS\temp\removalfile.bat - deleted C:\WINDOWS\temp\rtdrvmon.exe - deleted C:\WINDOWS\temp\SPLE.tmp - deleted C:\WINDOWS\temp\Upd4.tmp - deleted C:\WINDOWS\temp\WER10.tmp - deleted C:\WINDOWS\temp\WER11.tmp - deleted C:\WINDOWS\temp\WER12.tmp - deleted C:\WINDOWS\temp\WER13.tmp - deleted C:\WINDOWS\temp\WER16.tmp - deleted C:\WINDOWS\temp\WER17.tmp - deleted C:\WINDOWS\temp\WER1A.tmp - deleted C:\WINDOWS\temp\WER1B.tmp - deleted C:\WINDOWS\temp\~DF70BF.tmp - deleted C:\WINDOWS\temp\~DF70C7.tmp - deleted C:\WINDOWS\temp\~DF71CB.tmp - deleted C:\WINDOWS\temp\~DF71D3.tmp - deleted C:\WINDOWS\temp\pw3~tmp\LICENSE.TXT - deleted C:\WINDOWS\temp\pw3~tmp\ - deleted C:\WINDOWS\temp\WER10.tmp.dir00\appcompat.txt - deleted C:\WINDOWS\temp\WER10.tmp.dir00\ - deleted C:\WINDOWS\temp\WER11.tmp.dir00\appcompat.txt - deleted C:\WINDOWS\temp\WER11.tmp.dir00\ - deleted C:\WINDOWS\temp\WER12.tmp.dir00\appcompat.txt - deleted C:\WINDOWS\temp\WER12.tmp.dir00\ - deleted C:\WINDOWS\temp\WER13.tmp.dir00\appcompat.txt - deleted C:\WINDOWS\temp\WER13.tmp.dir00\ - deleted C:\WINDOWS\temp\WER16.tmp.dir00\appcompat.txt - deleted C:\WINDOWS\temp\WER16.tmp.dir00\ - deleted C:\WINDOWS\temp\WER17.tmp.dir00\appcompat.txt - deleted C:\WINDOWS\temp\WER17.tmp.dir00\ - deleted C:\WINDOWS\temp\WER1A.tmp.dir00\appcompat.txt - deleted C:\WINDOWS\temp\WER1A.tmp.dir00\ - deleted C:\WINDOWS\temp\WER1B.tmp.dir00\appcompat.txt - deleted C:\WINDOWS\temp\WER1B.tmp.dir00\ - deleted C:\WINDOWS\temp\_ISTMP0.DIR\15b32d.DLL - deleted C:\WINDOWS\temp\_ISTMP0.DIR\CTL3D32.DLL - deleted C:\WINDOWS\temp\_ISTMP0.DIR\CTL3D32S.DLL - deleted C:\WINDOWS\temp\_ISTMP0.DIR\_SETUP.LIB - deleted C:\WINDOWS\temp\_ISTMP0.DIR\ - deleted C:\WINDOWS\temp\_ISTMP1.DIR\15def0.DLL - deleted C:\WINDOWS\temp\_ISTMP1.DIR\CTL3D32.DLL - deleted C:\WINDOWS\temp\_ISTMP1.DIR\CTL3D32S.DLL - deleted C:\WINDOWS\temp\_ISTMP1.DIR\DXLICENS.TXT - deleted C:\WINDOWS\temp\_ISTMP1.DIR\UNINST.EXE - deleted C:\WINDOWS\temp\_ISTMP1.DIR\_SETUP.LIB - deleted C:\WINDOWS\temp\_ISTMP1.DIR\ - deleted C:\WINDOWS\temp\_ISTMP2.DIR\16b124.DLL - deleted C:\WINDOWS\temp\_ISTMP2.DIR\CTL3D32.DLL - deleted C:\WINDOWS\temp\_ISTMP2.DIR\CTL3D32S.DLL - deleted C:\WINDOWS\temp\_ISTMP2.DIR\_SETUP.LIB - deleted C:\WINDOWS\temp\_ISTMP2.DIR\ - deleted C:\WINDOWS\temp\_ISTMP3.DIR\171d0d.DLL - deleted C:\WINDOWS\temp\_ISTMP3.DIR\CTL3D32.DLL - deleted C:\WINDOWS\temp\_ISTMP3.DIR\CTL3D32S.DLL - deleted C:\WINDOWS\temp\_ISTMP3.DIR\_SETUP.LIB - deleted C:\WINDOWS\temp\_ISTMP3.DIR\ - deleted C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted. C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted. C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\Besitzer.USER1-CO4CMGA9J\Cookies\index.dat currently in use. Will be deleted when Windows is restarted. C:\Dokumente und Einstellungen\Besitzer.USER1-CO4CMGA9J\Cookies\index.dat currently in use. Will be deleted when Windows is restarted. C:\Dokumente und Einstellungen\Besitzer\Cookies\index.dat - deleted C:\Dokumente und Einstellungen\Administrator\Cookies\index.dat - deleted C:\WINDOWS\Prefetch\AC3_0010.EXE-2C22AF0F.pf - deleted C:\WINDOWS\Prefetch\AEKTNTV.EXE-1DECAF12.pf - deleted C:\WINDOWS\Prefetch\AGENTSVR.EXE-002E45AB.pf - deleted C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf - deleted C:\WINDOWS\Prefetch\ARCOR.EXE-1E95EA5D.pf - deleted C:\WINDOWS\Prefetch\ARCOR.EXE-30D86E50.pf - deleted C:\WINDOWS\Prefetch\ARCOR_MAIN.EXE-0999621C.pf - deleted C:\WINDOWS\Prefetch\AVCENTER.EXE-37584419.pf - deleted C:\WINDOWS\Prefetch\AVGNT.EXE-36CA4640.pf - deleted C:\WINDOWS\Prefetch\AVGUARD.EXE-3490B18B.pf - deleted C:\WINDOWS\Prefetch\AVNOTIFY.EXE-22AE9451.pf - deleted C:\WINDOWS\Prefetch\AVSCAN.EXE-05AECC0E.pf - deleted C:\WINDOWS\Prefetch\CLEANMGR.EXE-1F86EA8E.pf - deleted C:\WINDOWS\Prefetch\CLEANUP.EXE-3438663A.pf - deleted C:\WINDOWS\Prefetch\CLEANUP452.EXE-0B70E484.pf - deleted C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf - deleted C:\WINDOWS\Prefetch\CMDINST.EXE-0C71A1C6.pf - deleted C:\WINDOWS\Prefetch\COMMAND.EXE-03FE2E83.pf - deleted C:\WINDOWS\Prefetch\DDKO.EXE-02D27899.pf - deleted C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf - deleted C:\WINDOWS\Prefetch\DESKBAR.EXE-38CDF805.pf - deleted C:\WINDOWS\Prefetch\DESKBAR_E12.EXE-0A435696.pf - deleted C:\WINDOWS\Prefetch\DESKBAR_E13.EXE-08741ACF.pf - deleted C:\WINDOWS\Prefetch\DESKBAR_E15.EXE-2EDB9564.pf - deleted C:\WINDOWS\Prefetch\DESKBAR_E18.EXE-355697C0.pf - deleted C:\WINDOWS\Prefetch\DFNDRFF_E12.EXE-14B94189.pf - deleted C:\WINDOWS\Prefetch\DFNDRFF_E16.EXE-03851666.pf - deleted C:\WINDOWS\Prefetch\DFNDRFF_E18.EXE-34773C13.pf - deleted C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf - deleted C:\WINDOWS\Prefetch\DREVE.EXE-0666DF36.pf - deleted C:\WINDOWS\Prefetch\DRSMARTLOAD.EXE-113D05CC.pf - deleted C:\WINDOWS\Prefetch\DRSMARTLOAD45A45A45E.EXE-30DF92CA.pf - deleted C:\WINDOWS\Prefetch\DRSMARTLOAD45A45A45L.EXE-2B1132B4.pf - deleted C:\WINDOWS\Prefetch\DRSMARTLOAD45A45A45O.EXE-3920FA70.pf - deleted C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf - deleted C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf - deleted C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf - deleted C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf - deleted C:\WINDOWS\Prefetch\FIREFOX.EXE-17EE503B.pf - deleted C:\WINDOWS\Prefetch\FIREFOX.EXE-1D57670A.pf - deleted C:\WINDOWS\Prefetch\FTP.EXE-0FFFB5A3.pf - deleted C:\WINDOWS\Prefetch\GBROWSER.EXE-36415DF1.pf - deleted C:\WINDOWS\Prefetch\GLB5.TMP-1F9B87DF.pf - deleted C:\WINDOWS\Prefetch\GUARDGUI.EXE-1BD45C30.pf - deleted C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf - deleted C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-062C5304.pf - deleted C:\WINDOWS\Prefetch\ICQLITE.EXE-2AEFACA7.pf - deleted C:\WINDOWS\Prefetch\ICWCONN1.EXE-009F492A.pf - deleted C:\WINDOWS\Prefetch\IEXPLORE.EXE-07D1865D.pf - deleted C:\WINDOWS\Prefetch\IEXPLORE.EXE-2CA9778D.pf - deleted C:\WINDOWS\Prefetch\IPCONFIG.EXE-2395F30B.pf - deleted C:\WINDOWS\Prefetch\IS-02PF4.TMP-0A28BE8F.pf - deleted C:\WINDOWS\Prefetch\IS-LTUIS.TMP-216E1F7C.pf - deleted C:\WINDOWS\Prefetch\KYBRDFF_E12.EXE-0629E0C8.pf - deleted C:\WINDOWS\Prefetch\KYBRDFF_E16.EXE-1C9F223F.pf - deleted C:\WINDOWS\Prefetch\KYBRDFF_E18.EXE-076BD2CD.pf - deleted C:\WINDOWS\Prefetch\Layout.ini - deleted C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf - deleted C:\WINDOWS\Prefetch\LVISS.EXE-04C12ED3.pf - deleted C:\WINDOWS\Prefetch\LXBKJSWX.EXE-16A78713.pf - deleted C:\WINDOWS\Prefetch\LXBKPSWX.EXE-1C1D8359.pf - deleted C:\WINDOWS\Prefetch\MJM5.EXE-1E472EB4.pf - deleted C:\WINDOWS\Prefetch\MMC.EXE-14140460.pf - deleted C:\WINDOWS\Prefetch\MSIMN.EXE-0B61806C.pf - deleted C:\WINDOWS\Prefetch\MTE3NDI6ODOXNG.EXE-0C5660D8.pf - deleted C:\WINDOWS\Prefetch\MTE3NDI6ODOXNGNEW.EXE-0CD90C43.pf - deleted C:\WINDOWS\Prefetch\NETMON.EXE-397BEF2D.pf - deleted C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf - deleted C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted C:\WINDOWS\Prefetch\NVSVC32.EXE-1F9EED18.pf - deleted C:\WINDOWS\Prefetch\NWNMFF_E12.EXE-3B2F7616.pf - deleted C:\WINDOWS\Prefetch\NWNMFF_E16.EXE-10C8D732.pf - deleted C:\WINDOWS\Prefetch\PASTISVC.EXE-1683FB81.pf - deleted C:\WINDOWS\Prefetch\PREUPD.EXE-358AA1C1.pf - deleted C:\WINDOWS\Prefetch\PRO3_INSTALL.EXE-050C59B9.pf - deleted C:\WINDOWS\Prefetch\PROVSVC.EXE-2B83C6B0.pf - deleted C:\WINDOWS\Prefetch\QNFNZGVS.EXE-19BE8F00.pf - deleted C:\WINDOWS\Prefetch\QUICKSTART.EXE-2849B922.pf - deleted C:\WINDOWS\Prefetch\RASMED.EXE-1C1A4E7B.pf - deleted C:\WINDOWS\Prefetch\REG32.EXE-2C294990.pf - deleted C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-194BE47B.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-19771D0B.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-1B29F75A.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-1D006EFE.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-2E62241F.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-47A42AF0.pf - deleted C:\WINDOWS\Prefetch\SCHED.EXE-236A886F.pf - deleted C:\WINDOWS\Prefetch\SETUP_00763.EXE-373FC4DC.pf - deleted C:\WINDOWS\Prefetch\SOFFICE.BIN-13DC9FB8.pf - deleted C:\WINDOWS\Prefetch\SOFFICE.EXE-0BED0A91.pf - deleted C:\WINDOWS\Prefetch\SOFFICE.EXE-1BD52FDA.pf - deleted C:\WINDOWS\Prefetch\SPIDER.EXE-2D998CA6.pf - deleted C:\WINDOWS\Prefetch\SSSTARS.SCR-2D6FC20D.pf - deleted C:\WINDOWS\Prefetch\SSSVHOST.EXE-0C3E01D0.pf - deleted C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf - deleted C:\WINDOWS\Prefetch\TASKMAN.EXE-286CBC75.pf - deleted C:\WINDOWS\Prefetch\TASKMANGER.EXE-2F080219.pf - deleted C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf - deleted C:\WINDOWS\Prefetch\TFTP.EXE-2FB50BCA.pf - deleted C:\WINDOWS\Prefetch\UCMOREIEX.EXE-39BCB8D0.pf - deleted C:\WINDOWS\Prefetch\UPDATE.EXE-13D57D76.pf - deleted C:\WINDOWS\Prefetch\UPDATE.EXE-2D54AF30.pf - deleted C:\WINDOWS\Prefetch\WINLOGON.EXE-36FAD343.pf - deleted C:\WINDOWS\Prefetch\WINWORD.EXE-0AEA99D4.pf - deleted C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf - deleted C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf - deleted C:\temp\WMALog.txt - deleted 'Run MRU' list - removed from the registry. Search Assistant MRU list - removed from the registry. Explorer Open/Save MRU list - removed from the registry. Explorer Last Visited MRU list - removed from the registry. Paint Recent File List - removed from the registry. WordPad Recent File List - removed from the registry. Telnet's MRU list - removed from the registry. WinZip Extract MRU list - removed from the registry. WinZip File MRU list - removed from the registry. CleanUp! 4.5.2 recovered 774.5 MB of disk space from 85670 files. CleanUp! finished on 09/30/06 14:04:18. Besitzer - 06-09-30 14:31:59.82 Service Pack 1 ComboFix 06.09.28 - Running from: "C:\Dokumente und Einstellungen\Besitzer.USER1-CO4CMGA9J\Eigene Dateien\gegenviren\combofix" ((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log )))))))))))))))))))))))))))))))))))))))))))))))))) REGISTRY ENTRIES REMOVED: [HKEY_CLASSES_ROOT\CLSID\{6E7A6F19-F7DA-428A-A27D-910CD918C963}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{6E7A6F19-F7DA-428A-A27D-910CD918C963}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{6E7A6F19-F7DA-428A-A27D-910CD918C963}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{6E7A6F19-F7DA-428A-A27D-910CD918C963}\InprocServer32] @="C:\\WINDOWS\\system32\\nwwrsko.dll" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{F7D24AE8-36EC-4568-B33B-566E7D7383A5}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{F7D24AE8-36EC-4568-B33B-566E7D7383A5}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{F7D24AE8-36EC-4568-B33B-566E7D7383A5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{F7D24AE8-36EC-4568-B33B-566E7D7383A5}\InprocServer32] @="C:\\WINDOWS\\system32\\okffilt.dll" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{96B14D77-F843-4BAA-BE14-AF3AEB116BDD}] @="" [HKEY_CLASSES_ROOT\CLSID\{96B14D77-F843-4BAA-BE14-AF3AEB116BDD}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{96B14D77-F843-4BAA-BE14-AF3AEB116BDD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{96B14D77-F843-4BAA-BE14-AF3AEB116BDD}\InprocServer32] @="C:\\WINDOWS\\system32\\pnofmap.dll" "ThreadingModel"="Apartment" [HKEY_CLASSES_ROOT\CLSID\{BA217DFC-EBB7-43E4-A454-3B39503B24C9}] @="" [HKEY_CLASSES_ROOT\CLSID\{BA217DFC-EBB7-43E4-A454-3B39503B24C9}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{BA217DFC-EBB7-43E4-A454-3B39503B24C9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{BA217DFC-EBB7-43E4-A454-3B39503B24C9}\InprocServer32] @="C:\\WINDOWS\\system32\\kqdcr.dll" "ThreadingModel"="Apartment" * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * FILES REMOVED: C:\WINDOWS\system32\aqycfilt.dll C:\WINDOWS\system32\csrpol.dll C:\WINDOWS\system32\dswsockx.dll C:\WINDOWS\system32\fpjm0311e.dll C:\WINDOWS\system32\hrr2059oe.dll C:\WINDOWS\system32\hrro0593e.dll C:\WINDOWS\system32\irj8l51u1.dll C:\WINDOWS\system32\j4n20e5oeh.dll C:\WINDOWS\system32\k4pm0e71eh.dll C:\WINDOWS\system32\k8260ifse8260.dll C:\WINDOWS\system32\kqdcr.dll C:\WINDOWS\system32\l8r0li9m18.dll C:\WINDOWS\system32\m2nqlc551f.dll C:\WINDOWS\system32\mv26l9fs1.dll C:\WINDOWS\system32\mv2ml9f11.dll C:\WINDOWS\system32\mv84l9lq1.dll C:\WINDOWS\system32\nfrsfr.dll C:\WINDOWS\system32\pmbase.dll C:\WINDOWS\system32\pnofmap.dll C:\WINDOWS\system32\szrrnde.dll C:\WINDOWS\system32\witdecod.dll C:\WINDOWS\system32\wktdecod.dll Granting sedebugprivilege to Administratoren ... successful (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\teller2.chk C:\dfndrff_e16.exe C:\dfndrff_e18.exe C:\drsmartload.exe C:\drsmartload45a45a45o.exe C:\deskbar.exe C:\deskbar_e18.exe C:\warebundlenewer.exe C:\ac3_0010.exe C:\ucmoreiex.exe C:\WINDOWS\uninstall_nmon.vbs C:\WINDOWS\system32\atmtd.dll C:\WINDOWS\system32\atmtd.dll._ C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\NetMon C:\Programme\network monitor C:\Programme\TheSearchAccelerator C:\Programme\Deskbar ((((((((((((((((((((((((((((((( Files Created from 2006-08-30 to 2006-09-30 )))))))))))))))))))))))))))))))))) 2006-09-30 14:16 6,694 --------- C:\WINDOWS\system32\.exe 2006-09-30 13:39 40,973 ---hs---- C:\WINDOWS\system32\khfedab.dll 2006-09-28 14:55 1,233 --a------ C:\WINDOWS\system32\orx0cd35.sys 2006-09-28 14:54 175,900 --a------ C:\pro3_install.exe 2006-09-24 16:36 40,973 --------- C:\WINDOWS\system32\nnnopol.dll 2006-09-24 15:46 95,232 -r-hs---- C:\WINDOWS\winlogon.exe 2006-09-23 12:05 234,272 -r--s---- C:\WINDOWS\system32\khdes.dll 2006-09-23 10:53 578,560 --a------ C:\Installer4.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-09-30 14:30 -------- d-------- C:\Dokumente und Einstellungen\Besitzer.USER1-CO4CMGA9J\Anwendungsdaten\OpenOffice.org2 2006-09-30 14:16 6694 --------- C:\WINDOWS\system32\.exe 2006-09-30 13:57 -------- d-------- C:\Programme\CleanUp! 2006-09-28 14:54 -------- d-------- C:\Programme\ICQToolbar 2006-09-23 11:27 -------- d-------- C:\Dokumente und Einstellungen\Besitzer.USER1-CO4CMGA9J\Anwendungsdaten\Skype 2006-09-23 10:38 -------- d-------- C:\Programme\ArcorOnline 2006-09-04 20:20 -------- d-------- C:\Programme\Lexmark X1100 Series 2006-08-30 14:07 -------- d-------- C:\Programme\ICQLite 2006-08-22 10:20 -------- d-------- C:\Programme\Gemeinsame Dateien 2006-07-21 14:45 8760 --a------ C:\WINDOWS\system32\host.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe" "MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background" "MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background" "Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce] "ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "Dialer Control"="C:\\Programme\\Dialer Control\\dc.exe" "NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "InCD"="C:\\Programme\\Ahead\\InCD\\InCD.exe" "Lexmark X1100 Series"="\"C:\\Programme\\Lexmark X1100 Series\\lxbkbmgr.exe\"" "avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize" "orx0cd35"="RUNDLL32.EXE w00704b1.dll,n 0050cd300000000a00704b1" "internet service"="sssvhost.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices] "internet service"="sssvhost.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Die derzeitige Homepage" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"="" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnopol HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Completion time: 30.09.2006 14:33:41.78 ComboFix.txt ComboFix2.txt Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 2462-6EED Verzeichnis von c:\ 30.09.2006 14:36 0 dirdat.txt 30.09.2006 14:33 9.783 ComboFix.txt 30.09.2006 14:33 352.321.536 pagefile.sys 30.09.2006 14:16 175.900 pro3_install.exe 30.09.2006 14:12 181 ComboFix2.txt 23.09.2006 10:53 578.560 Installer4.exe 29.03.2004 13:07 168 setupfax.log 16.01.2004 20:46 1.091 INSTALL.LOG 11.12.2003 02:52 194 boot.ini 10.12.2003 12:48 0 MSDOS.SYS 10.12.2003 12:48 0 IO.SYS 10.12.2003 12:48 0 CONFIG.SYS 10.12.2003 12:48 0 AUTOEXEC.BAT 02.04.2003 14:00 235.296 ntldr 02.04.2003 14:00 47.580 NTDETECT.COM 02.04.2003 14:00 4.952 bootfont.bin 06.01.2002 20:48 0 nvlog.txt 24.05.2001 13:59 162.304 UNWISE.EXE 18 Datei(en) 353.537.545 Bytes 0 Verzeichnis(se), 14.473.838.592 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 2462-6EED Verzeichnis von C:\WINDOWS\system32 30.09.2006 14:16 6.694 .exe 30.09.2006 13:39 67 o 30.09.2006 13:39 40.973 khfedab.dll 30.09.2006 13:28 13.646 wpa.dbl 28.09.2006 14:55 1.233 orx0cd35.sys 24.09.2006 16:36 40.973 nnnopol.dll 24.09.2006 15:46 69 i 23.09.2006 12:05 234.272 khdes.dll 21.07.2006 14:45 8.760 host.exe 21.07.2006 14:44 79 qaz 15.06.2006 18:33 57.384 avsda.dll 26.03.2006 11:25 51.358 perfc009.dat 26.03.2006 11:25 351.080 perfh009.dat 26.03.2006 11:25 363.708 perfh007.dat 26.03.2006 11:25 61.834 perfc007.dat 26.03.2006 11:25 837.074 PerfStringBackup.INI 13.12.2005 14:35 261.432 FNTCACHE.DAT 19.09.2005 07:00 119.856 sirenacm.dll 15.09.2005 14:28 56.320 SP7311.AX 09.08.2005 19:21 65.536 WinRas32.ocx 18.07.2005 09:05 1.047.552 mfc71u.dll 06.07.2005 14:59 348.160 msvcr71.dll 26.05.2005 04:16 41.240 wups.dll 26.05.2005 04:16 173.536 wuweb.dll 26.05.2005 04:16 1.343.768 wuaueng.dll 26.05.2005 04:16 18.200 wups2.dll 26.05.2005 04:16 198.424 iuengine.dll 26.05.2005 04:16 75.544 cdm.dll 26.05.2005 04:16 174.872 wuaucpl.cpl 26.05.2005 04:16 194.840 wuaueng1.dll 26.05.2005 04:16 128.280 wucltui.dll 26.05.2005 04:16 466.200 wuapi.dll 26.05.2005 04:16 124.696 wuauclt.exe 26.05.2005 04:16 174.872 wuauclt1.exe 04.05.2005 14:45 271.360 msihnd.dll 04.05.2005 14:45 884.736 msimsg.dll 04.05.2005 14:45 78.848 msiexec.exe 04.05.2005 14:45 15.360 msisip.dll 04.05.2005 14:45 2.890.240 msi.dll 04.05.2005 14:45 15.072 spmsg.dll 10.04.2005 19:44 0 TFTP1984 25.02.2005 05:34 22.752 spupdsvc.exe 14.01.2005 09:32 53.248 PAStiSvc.exe 18.11.2004 19:28 566.272 NexPlayerX.dll 17.11.2004 10:28 10.240 P7311USD.DLL 02.07.2004 00:08 17.408 qmgrprxy.dll 02.07.2004 00:08 7.168 bitsprx3.dll 02.07.2004 00:08 7.680 bitsprx2.dll 02.07.2004 00:08 331.776 winhttp.dll 02.07.2004 00:08 360.448 qmgr.dll 30.06.2004 17:00 183.808 xpob2res.dll 23.02.2004 20:42 1.386.496 msvbvm60.dll 13.12.2003 14:03 13.646 wpa.bak 11.12.2003 03:03 25.065 wmpscheme.xml 11.12.2003 02:58 261 $winnt$.inf 11.12.2003 02:56 2.951 CONFIG.NT 11.12.2003 02:56 16.832 amcompat.tlb |
|
|
||
01.10.2006, 15:01
Ehrenmitglied
Beiträge: 29434 |
#5
bringe den avenger per USB-Stick oder Diskette auf deinen Rechner.
Avenger http://virus-protect.org/artikel/tools/avenger.html Zitat registry keys to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten Zitat R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.comServiceFilter.zip http://virus-protect.org/artikel/tools/ServiceFilter.zip - entzippen - doppelklick auf die datei ServiceFilter.vbs - versions-nummer bestätigen - scannen - öffnen von wordpad oder editor erlauben - POST_THIS.TXT abkopieren __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
01.10.2006, 15:42
Member
Themenstarter Beiträge: 21 |
#6
Der avenger gibt mir eine Fehlermeldung:
Error: could not create zip file Error code: 0 Habe danach Hijack laufen lassen. Es waren aber nicht alle Einträge vorhanden. Nach dem Neustart kam kein avenger log. Und im Ordner von avenger ist auch keine Textdatei. Hier der ServiceFilter log: The script did not recognize the services listed below. This does not mean that they are a problem. To copy the entire contents of this document for posting: At the top of this window click "Edit" then "Select All" Next click "Edit" again then "Copy" Now right click in the forum post box then click "Paste" ######################################## ServiceFilter 1.1 by rand1038 Microsoft Windows XP Home Edition Version: 5.1.2600 Service Pack 1 Okt 1, 2006 16:22:50 ---> Begin Service Listing <--- Unknown Service # 1 Service Name: AntiVirScheduler Display Name: AntiVir Scheduler Start Mode: Auto Start Name: LocalSystem Description: Dienst zur Planung und Steuerung von Prüf- und Updateaufgaben der AntiVir PersonalEdition ... Service Type: Own Process Path: c:\programme\antivir personaledition classic\sched.exe State: Running Process ID: 1592 Started: Wahr Exit Code: 0 Accept Pause: Wahr Accept Stop: Wahr Unknown Service # 2 Service Name: AntiVirService Display Name: AntiVir PersonalEdition Classic Service Start Mode: Auto Start Name: LocalSystem Description: Echtzeit Virenschutz durch H+BEDV AntiVir ... Service Type: Own Process Path: c:\programme\antivir personaledition classic\avguard.exe State: Running Process ID: 1612 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 3 Service Name: cmdService Display Name: Command Service Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\windows\dxnlcje\command.exe State: Running Process ID: 1632 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 4 Service Name: hwclock Display Name: Hardware Clock Driver Start Mode: Auto Start Name: LocalSystem Description: Enables a computer to save and restore system time information using the hardware clock. Stopping ... Service Type: Own Process Path: State: Stopped Process ID: 0 Started: Falsch Exit Code: 3 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 5 Service Name: Network Confg System Display Name: Network Confg System Start Mode: Auto Start Name: LocalSystem Description: Network Confg ... Service Type: Own Process Path: "c:\windows\system32\lviss.exe" State: Stopped Process ID: 0 Started: Falsch Exit Code: 0 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 6 Service Name: Network Monitor Display Name: Network Monitor Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\programme\network monitor\netmon.exe service State: Running Process ID: 1688 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service # 7 Service Name: STI Simulator Display Name: STI Simulator Start Mode: Auto Start Name: LocalSystem Description: ... Service Type: Own Process Path: c:\windows\system32\pastisvc.exe State: Running Process ID: 1780 Started: Wahr Exit Code: 0 Accept Pause: Falsch Accept Stop: Wahr Unknown Service #8 Service Name: SwPrv Display Name: MS Software Shadow Copy Provider Start Mode: Manual Start Name: LocalSystem Description: Verwaltet Software-basierte Schattenkopien des Volumeschattenkopie-Dienstes. Software-basierte ... Service Type: Own Process Path: c:\windows\system32\dllhost.exe /processid:{6cc54972-8f72-477d-bc0e-891fdc10bd36} State: Stopped Process ID: 0 Started: Falsch Exit Code: 1077 Accept Pause: Falsch Accept Stop: Falsch Unknown Service # 9 Service Name: xmlprovman Display Name: Network Provision Managing Service Start Mode: Auto Start Name: LocalSystem Description: Manages XML configuration files on a domain basis for automatic network ... Service Type: Own Process Path: "c:\windows\system32\provsvc.exe" State: Stopped Process ID: 0 Started: Falsch Exit Code: 0 Accept Pause: Falsch Accept Stop: Falsch ---> End Service Listing <--- There are 84 Win32 services on this machine. 9 were unrecognized. Script Execution Time: 1,90625 seconds. Hoffe, du kannst mir da weiter helfen. Danke! Dieser Beitrag wurde am 01.10.2006 um 16:33 Uhr von Kross editiert.
|
|
|
||
01.10.2006, 17:48
Ehrenmitglied
Beiträge: 29434 |
#7
««
ich habe den avenger text editiert kopiere solange den text in den avenger, bis er durchlaeuft und der rechner neustartet dann poste das log , was nach neustart erscheint -------------------------------------------------------- Download Registry Search by Bobbi Flekman http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) Network Provision Managing Service in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. "Enter search strings" (reinschreiben oder reinkopieren) STI Simulator in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. «« "Enter search strings" (reinschreiben oder reinkopieren) Network Monitor n edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. «« "Enter search strings" (reinschreiben oder reinkopieren) Network Confg System n edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. Command Service n edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. "Enter search strings" (reinschreiben oder reinkopieren) Hardware Clock Driver n edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. http://www.viruslist.com/de/viruses/encyclopedia?virusid=76726 __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
01.10.2006, 18:17
Member
Themenstarter Beiträge: 21 |
#8
Vielen Dank für die Mühe!
Hier schon mal der avenger log: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\lvrebxls ******************* Script file located at: \??\C:\okuuoohq.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS_SPOOLER_SERVICE\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS_SPOOLER_SERVICE\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS_SPOOLER_SERVICE\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Spooler Service not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Spooler Service failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Spooler Service Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_SPOOLER_SERVICE\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_SPOOLER_SERVICE\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_SPOOLER_SERVICE\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows Spooler Service not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows Spooler Service failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows Spooler Service Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_SPOOLER_SERVICE\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_SPOOLER_SERVICE\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_SPOOLER_SERVICE\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Spooler Service not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Spooler Service failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Spooler Service Status: 0xc0000034 File c:\Installer4.exe not found! Deletion of file c:\Installer4.exe failed! Could not process line: c:\Installer4.exe Status: 0xc0000034 File c:\pro3_install.exe not found! Deletion of file c:\pro3_install.exe failed! Could not process line: c:\pro3_install.exe Status: 0xc0000034 File C:\WINDOWS\winlogon.exe not found! Deletion of file C:\WINDOWS\winlogon.exe failed! Could not process line: C:\WINDOWS\winlogon.exe Status: 0xc0000034 File C:\WINDOWS\system32\sssvhost.exe not found! Deletion of file C:\WINDOWS\system32\sssvhost.exe failed! Could not process line: C:\WINDOWS\system32\sssvhost.exe Status: 0xc0000034 File C:\WINDOWS\system32\w00704b1.dll not found! Deletion of file C:\WINDOWS\system32\w00704b1.dll failed! Could not process line: C:\WINDOWS\system32\w00704b1.dll Status: 0xc0000034 File C:\WINDOWS\system32\.exe not found! Deletion of file C:\WINDOWS\system32\.exe failed! Could not process line: C:\WINDOWS\system32\.exe Status: 0xc0000034 File C:\WINDOWS\system32\o not found! Deletion of file C:\WINDOWS\system32\o failed! Could not process line: C:\WINDOWS\system32\o Status: 0xc0000034 File C:\WINDOWS\system32\khfedab.dll not found! Deletion of file C:\WINDOWS\system32\khfedab.dll failed! Could not process line: C:\WINDOWS\system32\khfedab.dll Status: 0xc0000034 File C:\WINDOWS\system32\orx0cd35.sys not found! Deletion of file C:\WINDOWS\system32\orx0cd35.sys failed! Could not process line: C:\WINDOWS\system32\orx0cd35.sys Status: 0xc0000034 File C:\WINDOWS\system32\nnnopol.dll not found! Deletion of file C:\WINDOWS\system32\nnnopol.dll failed! Could not process line: C:\WINDOWS\system32\nnnopol.dll Status: 0xc0000034 File C:\WINDOWS\system32\i not found! Deletion of file C:\WINDOWS\system32\i failed! Could not process line: C:\WINDOWS\system32\i Status: 0xc0000034 File C:\WINDOWS\system32\khdes.dll not found! Deletion of file C:\WINDOWS\system32\khdes.dll failed! Could not process line: C:\WINDOWS\system32\khdes.dll Status: 0xc0000034 File C:\WINDOWS\system32\host.exe not found! Deletion of file C:\WINDOWS\system32\host.exe failed! Could not process line: C:\WINDOWS\system32\host.exe Status: 0xc0000034 File C:\WINDOWS\system32\qaz not found! Deletion of file C:\WINDOWS\system32\qaz failed! Could not process line: C:\WINDOWS\system32\qaz Status: 0xc0000034 File C:\WINDOWS\system32\TFTP1984 not found! Deletion of file C:\WINDOWS\system32\TFTP1984 failed! Could not process line: C:\WINDOWS\system32\TFTP1984 Status: 0xc0000034 Folder C:\Programme\TheSearchAccelerator not found! Deletion of folder C:\Programme\TheSearchAccelerator failed! Could not process line: C:\Programme\TheSearchAccelerator Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnopol not found! Deletion of registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnopol failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. |
|
|
||
01.10.2006, 18:18
Ehrenmitglied
Beiträge: 29434 |
||
|
||
01.10.2006, 18:32
Member
Themenstarter Beiträge: 21 |
#10
Abgearbeitet
REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 01.10.2006 18:19:44 for strings: ; 'network provision managing service' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_XMLPROVMAN\0000] "DeviceDesc"="Network Provision Managing Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprovman] "DisplayName"="Network Provision Managing Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_XMLPROVMAN\0000] "DeviceDesc"="Network Provision Managing Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\xmlprovman] "DisplayName"="Network Provision Managing Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_XMLPROVMAN\0000] "DeviceDesc"="Network Provision Managing Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xmlprovman] "DisplayName"="Network Provision Managing Service" ; End Of The Log... REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 01.10.2006 18:21:41 for strings: ; 'sti simulator' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_STI_SIMULATOR\0000] "Service"="STI Simulator" "DeviceDesc"="STI Simulator" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_STI_SIMULATOR\0000\Control] "ActiveService"="STI Simulator" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application] ; Contents of value: ; WSH ; WMIAdapter Wmdm ; WmdmPmSp WinMgmt Winlogo ; WinMgmt Winlogon Windows Product ; Winlogon Windows Product Activation Windo ; Windows Product Activation Windows 3.1 Migration WebClient VSS VBRun ; Windows 3.1 Migration WebClient VSS VBRuntime Userinit Userenv UploadM SysmonLog STI Simul ; WebClient VSS VBRuntime Userinit Userenv UploadM SysmonLog STI Simulator SpoolerCtrs Software Instal ; VSS VBRuntime Userinit Userenv UploadM SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtf ; VBRuntime Userinit Userenv UploadM SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCl ; Userinit Userenv UploadM SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SA ; Userenv UploadM SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc Pe ; UploadM SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Per ; SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfD ; STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Fil ; SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroChe ; Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC ; SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Offi ; SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft ; SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephon ; Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Prov ; safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H ; SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Fo ; PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection ; PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment ; PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESE ; Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatso ; Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota cryp ; PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkds ; Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment A ; Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Mana ; Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Ha ; ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application E ; NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; AutoEnrollment Autochk Application Management Application Hang Application Error Application ; Autochk Application Management Application Hang Application Error Application ; Application Management Application Hang Application Error Application ; Application Hang Application Error Application ; Application Error Application ; Application ; "Sources"=hex(7):57,53,48,00,57,4d,49,41,64,61,70,74,65,72,00,57,6d,64,6d,50,\ 6d,53,70,00,57,69,6e,4d,67,6d,74,00,57,69,6e,6c,6f,67,6f,6e,00,57,69,6e,64,\ 6f,77,73,20,50,72,6f,64,75,63,74,20,41,63,74,69,76,61,74,69,6f,6e,00,57,69,\ 6e,64,6f,77,73,20,33,2e,31,20,4d,69,67,72,61,74,69,6f,6e,00,57,65,62,43,6c,\ 69,65,6e,74,00,56,53,53,00,56,42,52,75,6e,74,69,6d,65,00,55,73,65,72,69,6e,\ 69,74,00,55,73,65,72,65,6e,76,00,55,70,6c,6f,61,64,4d,00,53,79,73,6d,6f,6e,\ 4c,6f,67,00,53,54,49,20,53,69,6d,75,6c,61,74,6f,72,00,53,70,6f,6f,6c,65,72,\ 43,74,72,73,00,53,6f,66,74,77,61,72,65,20,49,6e,73,74,61,6c,6c,61,74,69,6f,\ 6e,00,53,63,6c,67,4e,74,66,79,00,53,63,65,53,72,76,00,53,63,65,43,6c,69,00,\ 53,61,6e,64,72,61,00,73,61,66,72,73,6c,76,00,53,41,46,72,64,6d,73,00,50,65,\ 72,66,50,72,6f,63,00,50,65,72,66,4f,53,00,50,65,72,66,4e,65,74,00,50,65,72,\ 66,6d,6f,6e,00,50,65,72,66,6c,69,62,00,50,65,72,66,44,69,73,6b,00,50,65,72,\ 66,63,74,72,73,00,4f,66,66,6c,69,6e,65,20,46,69,6c,65,73,00,4f,61,6b,6c,65,\ 79,00,6e,74,62,61,63,6b,75,70,00,4e,65,72,6f,43,68,65,63,6b,00,4d,73,69,49,\ 6e,73,74,61,6c,6c,65,72,00,4d,53,44,54,43,20,43,6c,69,65,6e,74,00,4d,53,44,\ 54,43,00,4d,53,44,4d,69,6e,65,00,6d,6e,6d,73,72,76,63,00,4d,69,63,72,6f,73,\ 6f,66,74,20,4f,66,66,69,63,65,20,31,30,00,4d,69,63,72,6f,73,6f,66,74,20,48,\ 2e,33,32,33,20,54,65,6c,65,70,68,6f,6e,79,20,53,65,72,76,69,63,65,20,50,72,\ 6f,76,69,64,65,72,00,4c,6f,61,64,50,65,72,66,00,48,2b,42,45,44,56,20,41,6e,\ 74,69,76,69,72,00,46,6f,6c,64,65,72,20,52,65,64,69,72,65,63,74,69,6f,6e,00,\ 46,69,6c,65,20,44,65,70,6c,6f,79,6d,65,6e,74,00,45,76,65,6e,74,53,79,73,74,\ 65,6d,00,45,53,45,4e,54,00,45,41,50,4f,4c,00,44,72,57,61,74,73,6f,6e,00,44,\ 69,73,6b,51,75,6f,74,61,00,63,72,79,70,74,33,32,00,43,4f,4d,2b,00,43,69,00,\ 43,68,6b,64,73,6b,00,41,75,74,6f,45,6e,72,6f,6c,6c,6d,65,6e,74,00,41,75,74,\ 6f,63,68,6b,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,4d,61,6e,61,67,65,6d,65,\ 6e,74,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,48,61,6e,67,00,41,70,70,6c,69,\ 63,61,74,69,6f,6e,20,45,72,72,6f,72,00,41,70,70,6c,69,63,61,74,69,6f,6e,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\STI Simulator] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\STI Simulator] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\STI Simulator] "DisplayName"="STI Simulator" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\STI Simulator\PAC207] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\STI Simulator\PAC7311] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\STI Simulator\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\STI Simulator\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_STI_SIMULATOR\0000] "Service"="STI Simulator" "DeviceDesc"="STI Simulator" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application] ; Contents of value: ; WSH ; WMIAdapter Wmdm ; WmdmPmSp WinMgmt Winlogo ; WinMgmt Winlogon Windows Product ; Winlogon Windows Product Activation Windo ; Windows Product Activation Windows 3.1 Migration WebClient VSS VBRun ; Windows 3.1 Migration WebClient VSS VBRuntime Userinit Userenv UploadM SysmonLog STI Simul ; WebClient VSS VBRuntime Userinit Userenv UploadM SysmonLog STI Simulator SpoolerCtrs Software Instal ; VSS VBRuntime Userinit Userenv UploadM SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtf ; VBRuntime Userinit Userenv UploadM SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCl ; Userinit Userenv UploadM SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SA ; Userenv UploadM SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc Pe ; UploadM SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Per ; SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfD ; STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Fil ; SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroChe ; Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC ; SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Offi ; SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft ; SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephon ; Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Prov ; safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H ; SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Fo ; PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection ; PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment ; PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESE ; Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatso ; Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota cryp ; PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkds ; Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment A ; Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Mana ; Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Ha ; ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application E ; NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; AutoEnrollment Autochk Application Management Application Hang Application Error Application ; Autochk Application Management Application Hang Application Error Application ; Application Management Application Hang Application Error Application ; Application Hang Application Error Application ; Application Error Application ; Application ; "Sources"=hex(7):57,53,48,00,57,4d,49,41,64,61,70,74,65,72,00,57,6d,64,6d,50,\ 6d,53,70,00,57,69,6e,4d,67,6d,74,00,57,69,6e,6c,6f,67,6f,6e,00,57,69,6e,64,\ 6f,77,73,20,50,72,6f,64,75,63,74,20,41,63,74,69,76,61,74,69,6f,6e,00,57,69,\ 6e,64,6f,77,73,20,33,2e,31,20,4d,69,67,72,61,74,69,6f,6e,00,57,65,62,43,6c,\ 69,65,6e,74,00,56,53,53,00,56,42,52,75,6e,74,69,6d,65,00,55,73,65,72,69,6e,\ 69,74,00,55,73,65,72,65,6e,76,00,55,70,6c,6f,61,64,4d,00,53,79,73,6d,6f,6e,\ 4c,6f,67,00,53,54,49,20,53,69,6d,75,6c,61,74,6f,72,00,53,70,6f,6f,6c,65,72,\ 43,74,72,73,00,53,6f,66,74,77,61,72,65,20,49,6e,73,74,61,6c,6c,61,74,69,6f,\ 6e,00,53,63,6c,67,4e,74,66,79,00,53,63,65,53,72,76,00,53,63,65,43,6c,69,00,\ 53,61,6e,64,72,61,00,73,61,66,72,73,6c,76,00,53,41,46,72,64,6d,73,00,50,65,\ 72,66,50,72,6f,63,00,50,65,72,66,4f,53,00,50,65,72,66,4e,65,74,00,50,65,72,\ 66,6d,6f,6e,00,50,65,72,66,6c,69,62,00,50,65,72,66,44,69,73,6b,00,50,65,72,\ 66,63,74,72,73,00,4f,66,66,6c,69,6e,65,20,46,69,6c,65,73,00,4f,61,6b,6c,65,\ 79,00,6e,74,62,61,63,6b,75,70,00,4e,65,72,6f,43,68,65,63,6b,00,4d,73,69,49,\ 6e,73,74,61,6c,6c,65,72,00,4d,53,44,54,43,20,43,6c,69,65,6e,74,00,4d,53,44,\ 54,43,00,4d,53,44,4d,69,6e,65,00,6d,6e,6d,73,72,76,63,00,4d,69,63,72,6f,73,\ 6f,66,74,20,4f,66,66,69,63,65,20,31,30,00,4d,69,63,72,6f,73,6f,66,74,20,48,\ 2e,33,32,33,20,54,65,6c,65,70,68,6f,6e,79,20,53,65,72,76,69,63,65,20,50,72,\ 6f,76,69,64,65,72,00,4c,6f,61,64,50,65,72,66,00,48,2b,42,45,44,56,20,41,6e,\ 74,69,76,69,72,00,46,6f,6c,64,65,72,20,52,65,64,69,72,65,63,74,69,6f,6e,00,\ 46,69,6c,65,20,44,65,70,6c,6f,79,6d,65,6e,74,00,45,76,65,6e,74,53,79,73,74,\ 65,6d,00,45,53,45,4e,54,00,45,41,50,4f,4c,00,44,72,57,61,74,73,6f,6e,00,44,\ 69,73,6b,51,75,6f,74,61,00,63,72,79,70,74,33,32,00,43,4f,4d,2b,00,43,69,00,\ 43,68,6b,64,73,6b,00,41,75,74,6f,45,6e,72,6f,6c,6c,6d,65,6e,74,00,41,75,74,\ 6f,63,68,6b,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,4d,61,6e,61,67,65,6d,65,\ 6e,74,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,48,61,6e,67,00,41,70,70,6c,69,\ 63,61,74,69,6f,6e,20,45,72,72,6f,72,00,41,70,70,6c,69,63,61,74,69,6f,6e,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\STI Simulator] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\STI Simulator] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\STI Simulator] "DisplayName"="STI Simulator" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\STI Simulator\PAC207] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\STI Simulator\PAC7311] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\STI Simulator\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_STI_SIMULATOR\0000] "Service"="STI Simulator" "DeviceDesc"="STI Simulator" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_STI_SIMULATOR\0000\Control] "ActiveService"="STI Simulator" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application] ; Contents of value: ; WSH ; WMIAdapter Wmdm ; WmdmPmSp WinMgmt Winlogo ; WinMgmt Winlogon Windows Product ; Winlogon Windows Product Activation Windo ; Windows Product Activation Windows 3.1 Migration WebClient VSS VBRun ; Windows 3.1 Migration WebClient VSS VBRuntime Userinit Userenv UploadM SysmonLog STI Simul ; WebClient VSS VBRuntime Userinit Userenv UploadM SysmonLog STI Simulator SpoolerCtrs Software Instal ; VSS VBRuntime Userinit Userenv UploadM SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtf ; VBRuntime Userinit Userenv UploadM SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCl ; Userinit Userenv UploadM SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SA ; Userenv UploadM SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc Pe ; UploadM SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Per ; SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfD ; STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Fil ; SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroChe ; Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC ; SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Offi ; SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft ; SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephon ; Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Prov ; safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H ; SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Fo ; PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection ; PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment ; PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESE ; Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatso ; Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota cryp ; PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkds ; Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment A ; Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Mana ; Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Ha ; ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application E ; NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application ; AutoEnrollment Autochk Application Management Application Hang Application Error Application ; Autochk Application Management Application Hang Application Error Application ; Application Management Application Hang Application Error Application ; Application Hang Application Error Application ; Application Error Application ; Application ; "Sources"=hex(7):57,53,48,00,57,4d,49,41,64,61,70,74,65,72,00,57,6d,64,6d,50,\ 6d,53,70,00,57,69,6e,4d,67,6d,74,00,57,69,6e,6c,6f,67,6f,6e,00,57,69,6e,64,\ 6f,77,73,20,50,72,6f,64,75,63,74,20,41,63,74,69,76,61,74,69,6f,6e,00,57,69,\ 6e,64,6f,77,73,20,33,2e,31,20,4d,69,67,72,61,74,69,6f,6e,00,57,65,62,43,6c,\ 69,65,6e,74,00,56,53,53,00,56,42,52,75,6e,74,69,6d,65,00,55,73,65,72,69,6e,\ 69,74,00,55,73,65,72,65,6e,76,00,55,70,6c,6f,61,64,4d,00,53,79,73,6d,6f,6e,\ 4c,6f,67,00,53,54,49,20,53,69,6d,75,6c,61,74,6f,72,00,53,70,6f,6f,6c,65,72,\ 43,74,72,73,00,53,6f,66,74,77,61,72,65,20,49,6e,73,74,61,6c,6c,61,74,69,6f,\ 6e,00,53,63,6c,67,4e,74,66,79,00,53,63,65,53,72,76,00,53,63,65,43,6c,69,00,\ 53,61,6e,64,72,61,00,73,61,66,72,73,6c,76,00,53,41,46,72,64,6d,73,00,50,65,\ 72,66,50,72,6f,63,00,50,65,72,66,4f,53,00,50,65,72,66,4e,65,74,00,50,65,72,\ 66,6d,6f,6e,00,50,65,72,66,6c,69,62,00,50,65,72,66,44,69,73,6b,00,50,65,72,\ 66,63,74,72,73,00,4f,66,66,6c,69,6e,65,20,46,69,6c,65,73,00,4f,61,6b,6c,65,\ 79,00,6e,74,62,61,63,6b,75,70,00,4e,65,72,6f,43,68,65,63,6b,00,4d,73,69,49,\ 6e,73,74,61,6c,6c,65,72,00,4d,53,44,54,43,20,43,6c,69,65,6e,74,00,4d,53,44,\ 54,43,00,4d,53,44,4d,69,6e,65,00,6d,6e,6d,73,72,76,63,00,4d,69,63,72,6f,73,\ 6f,66,74,20,4f,66,66,69,63,65,20,31,30,00,4d,69,63,72,6f,73,6f,66,74,20,48,\ 2e,33,32,33,20,54,65,6c,65,70,68,6f,6e,79,20,53,65,72,76,69,63,65,20,50,72,\ 6f,76,69,64,65,72,00,4c,6f,61,64,50,65,72,66,00,48,2b,42,45,44,56,20,41,6e,\ 74,69,76,69,72,00,46,6f,6c,64,65,72,20,52,65,64,69,72,65,63,74,69,6f,6e,00,\ 46,69,6c,65,20,44,65,70,6c,6f,79,6d,65,6e,74,00,45,76,65,6e,74,53,79,73,74,\ 65,6d,00,45,53,45,4e,54,00,45,41,50,4f,4c,00,44,72,57,61,74,73,6f,6e,00,44,\ 69,73,6b,51,75,6f,74,61,00,63,72,79,70,74,33,32,00,43,4f,4d,2b,00,43,69,00,\ 43,68,6b,64,73,6b,00,41,75,74,6f,45,6e,72,6f,6c,6c,6d,65,6e,74,00,41,75,74,\ 6f,63,68,6b,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,4d,61,6e,61,67,65,6d,65,\ 6e,74,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,48,61,6e,67,00,41,70,70,6c,69,\ 63,61,74,69,6f,6e,20,45,72,72,6f,72,00,41,70,70,6c,69,63,61,74,69,6f,6e,00,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\STI Simulator] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\STI Simulator] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\STI Simulator] "DisplayName"="STI Simulator" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\STI Simulator\PAC207] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\STI Simulator\PAC7311] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\STI Simulator\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\STI Simulator\Enum] ; End Of The Log... REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 01.10.2006 18:23:03 for strings: ; 'network monitor' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}] "DisplayName"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "Service"="Network Monitor" "DeviceDesc"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000\Control] "ActiveService"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor] ; Contents of value: ; c:\programme\network monitor\netmon.exe service "ImagePath"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,6d,65,5c,4e,65,74,77,6f,72,6b,\ 20,4d,6f,6e,69,74,6f,72,5c,6e,65,74,6d,6f,6e,2e,65,78,65,20,73,65,72,76,69,\ 63,65,00 "DisplayName"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "Service"="Network Monitor" "DeviceDesc"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor] ; Contents of value: ; c:\programme\network monitor\netmon.exe service "ImagePath"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,6d,65,5c,4e,65,74,77,6f,72,6b,\ 20,4d,6f,6e,69,74,6f,72,5c,6e,65,74,6d,6f,6e,2e,65,78,65,20,73,65,72,76,69,\ 63,65,00 "DisplayName"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000] "Service"="Network Monitor" "DeviceDesc"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000\Control] "ActiveService"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor] ; Contents of value: ; c:\programme\network monitor\netmon.exe service "ImagePath"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,6d,65,5c,4e,65,74,77,6f,72,6b,\ 20,4d,6f,6e,69,74,6f,72,5c,6e,65,74,6d,6f,6e,2e,65,78,65,20,73,65,72,76,69,\ 63,65,00 "DisplayName"="Network Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum] ; End Of The Log... REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 01.10.2006 18:24:35 for strings: ; 'network confg system' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_CONFG_SYSTEM\0000] "Service"="Network Confg System" "DeviceDesc"="Network Confg System" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Confg System] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Confg System] "DisplayName"="Network Confg System" "Description"="Network Confg System" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Confg System\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Confg System\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_CONFG_SYSTEM\0000] "Service"="Network Confg System" "DeviceDesc"="Network Confg System" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Confg System] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Confg System] "DisplayName"="Network Confg System" "Description"="Network Confg System" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Confg System\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_CONFG_SYSTEM\0000] "Service"="Network Confg System" "DeviceDesc"="Network Confg System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Confg System] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Confg System] "DisplayName"="Network Confg System" "Description"="Network Confg System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Confg System\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Confg System\Enum] ; End Of The Log... REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 01.10.2006 18:25:45 for strings: ; 'command service' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000] "DeviceDesc"="Command Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService] "DisplayName"="Command Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000] "DeviceDesc"="Command Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService] "DisplayName"="Command Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000] "DeviceDesc"="Command Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService] "DisplayName"="Command Service" ; End Of The Log... REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 01.10.2006 18:26:54 for strings: ; 'hardware clock driver' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HWCLOCK\0000] "DeviceDesc"="Hardware Clock Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hwclock] "DisplayName"="Hardware Clock Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_HWCLOCK\0000] "DeviceDesc"="Hardware Clock Driver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hwclock] "DisplayName"="Hardware Clock Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HWCLOCK\0000] "DeviceDesc"="Hardware Clock Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hwclock] "DisplayName"="Hardware Clock Driver" ; End Of The Log... |
|
|
||
01.10.2006, 18:48
Ehrenmitglied
Beiträge: 29434 |
#11
Avenger
Zitat registry keys to delete: __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
01.10.2006, 19:05
Ehrenmitglied
Beiträge: 29434 |
#12
arbeite den avenger oben ab, poste das log.
dann scanne und poste den report http://virus-protect.org/cureit.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
01.10.2006, 20:17
Member
Themenstarter Beiträge: 21 |
#13
Sieht so aus, als hätte er noch einiges gefunden.
Hoffe, das war so geplant DrWeb hat wegen umbenennen gar nicht gefragt, sondern nur ob er desinfizieren soll. Da hab ich dann ja gesagt. Hier also noch avenger und DrWeb: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ehpfhkcm ******************* Script file located at: \??\C:\Program Files\lfwgrjhf.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HWCLOCK\0000 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hwclock deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_HWCLOCK\0000 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hwclock deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HWCLOCK\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HWCLOCK\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HWCLOCK\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hwclock not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hwclock failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hwclock Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000\Control not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000\Control failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000\Control Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000\Control not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000\Control failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000\Control Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_XMLPROVMAN\0000 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprovman deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_XMLPROVMAN\0000 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\xmlprovman deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_XMLPROVMAN\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_XMLPROVMAN\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_XMLPROVMAN\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xmlprovman not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xmlprovman failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xmlprovman Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_CONFG_SYSTEM\0000 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Confg System deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Confg System not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Confg System failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Confg System Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_CONFG_SYSTEM\0000 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Confg System deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_CONFG_SYSTEM\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_CONFG_SYSTEM\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_CONFG_SYSTEM\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Confg System not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Confg System failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Confg System Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE} deleted successfully. Completed script processing. ******************* Finished! Terminate. Dr.Web(R) Scanner für Windows v4.33.2 (4.33.2.06080) Copyright (c) Igor Daniloff, 1992-2006 Bericht erstellt auf: 2006-10-01, 19:24:26 [Besitzer] Kommandozeile: "C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\cureit.exe" /lng:de-cureit.dwl /ini:cureit_XP.ini Betriebssystem:Windows XP Home Edition x86 (Build 2600), Service Pack 1 ============================================================================= Suchmodul Version: 4.33 (4.33.4.07270) API Version: 2.01 [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crwtoday.cdb - 2437 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43354.cdb - 1283 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43353.cdb - 795 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43352.cdb - 2016 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43351.cdb - 941 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43350.cdb - 1020 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43349.cdb - 1008 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43348.cdb - 1096 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43347.cdb - 707 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43346.cdb - 1429 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43345.cdb - 1358 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43344.cdb - 694 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43343.cdb - 1186 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43342.cdb - 744 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43341.cdb - 841 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43340.cdb - 822 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43339.cdb - 1071 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43338.cdb - 989 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43337.cdb - 855 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43336.cdb - 1297 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43335.cdb - 1195 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43334.cdb - 900 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43333.cdb - 1381 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43332.cdb - 1340 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43331.cdb - 2735 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43330.cdb - 2078 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43329.cdb - 2490 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43328.cdb - 743 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43327.cdb - 958 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43326.cdb - 793 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43325.cdb - 713 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43324.cdb - 655 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43323.cdb - 655 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43322.cdb - 778 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43321.cdb - 846 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43320.cdb - 808 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43319.cdb - 764 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43318.cdb - 838 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43317.cdb - 363 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43316.cdb - 730 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43315.cdb - 627 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43314.cdb - 824 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43313.cdb - 842 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43312.cdb - 830 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43311.cdb - 862 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43310.cdb - 853 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43309.cdb - 733 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43308.cdb - 708 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43307.cdb - 839 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43306.cdb - 930 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43305.cdb - 759 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43304.cdb - 721 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43303.cdb - 638 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43302.cdb - 806 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43301.cdb - 504 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43300.cdb - 24 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crwebase.cdb - 78674 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\cwrtoday.cdb - 276 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\cwr43301.cdb - 697 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crwrisky.cdb - 1271 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\cwntoday.cdb - 619 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\cwn43304.cdb - 793 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\cwn43303.cdb - 766 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\cwn43302.cdb - 850 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\cwn43301.cdb - 773 Virus Einträge [Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crwnasty.cdb - 4867 Virus Einträge Summe der Vireneinträge: 145438 Lizenzschlüssel: C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\cureit.key Lizenzchlüssel-Nummer: 0000000010 Registriert für:: Dr.Web CureIt Project Lizenzschlüssel aktiviert!: 2005-03-05 Lizenzschlüssel wird ablaufen!: 2007-03-05 ----------------------------------------------------------------------------- Prüfstatistiken ----------------------------------------------------------------------------- Geprüfte Objekte: 0 Infizierte Objekte gefunden: 0 Objekte mit Modifikation gefunden: 0 Verdächtige Objekte gefunden: 0 Adware-Programm gefunden: 0 Dialer-Programm gefunden: 0 Scherz-Programm gefunden: 0 Riskware programm gefunden: 0 Hacktool-Programm gefunden: 0 Desinfizierte Objekte: 0 Gelöschte Objekte: 0 Umbenannte Objekte: 0 Verschobene Objekte: 0 Ignorierte Objekte: 0 Leistung:: 0 Kb/s Dauer:: 00:00:00 ----------------------------------------------------------------------------- [Prüfpfad] C:\WINDOWS\System32\smss.exe [Prüfpfad] C:\WINDOWS\system32\csrss.exe [Prüfpfad] C:\WINDOWS\system32\winlogon.exe [Prüfpfad] C:\WINDOWS\system32\services.exe [Prüfpfad] C:\WINDOWS\system32\lsass.exe [Prüfpfad] C:\WINDOWS\system32\svchost.exe [Prüfpfad] C:\WINDOWS\Explorer.EXE [Prüfpfad] C:\WINDOWS\system32\LEXBCES.EXE [Prüfpfad] C:\WINDOWS\system32\spoolsv.exe [Prüfpfad] C:\WINDOWS\system32\LEXPPS.EXE [Prüfpfad] C:\WINDOWS\System32\alg.exe [Prüfpfad] C:\Programme\AntiVir PersonalEdition Classic\sched.exe [Prüfpfad] C:\Programme\AntiVir PersonalEdition Classic\avguard.exe [Prüfpfad] C:\WINDOWS\System32\nvsvc32.exe [Prüfpfad] C:\WINDOWS\System32\PAStiSvc.exe [Prüfpfad] C:\Programme\Dialer Control\dc.exe [Prüfpfad] C:\Programme\Ahead\InCD\InCD.exe [Prüfpfad] C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe [Prüfpfad] C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe [Prüfpfad] C:\Programme\ICQLite\ICQLite.exe [Prüfpfad] C:\Programme\Lexmark X1100 Series\lxbkbmon.exe [Prüfpfad] C:\WINDOWS\System32\ctfmon.exe [Prüfpfad] C:\Programme\Messenger\msmsgs.exe [Prüfpfad] C:\Programme\MSN Messenger\MsnMsgr.Exe [Prüfpfad] C:\Programme\Skype\Phone\Skype.exe [Prüfpfad] C:\Programme\Winzip\WZQKPICK.EXE [Prüfpfad] C:\Programme\StarOffice6.0\program\soffice.exe [Prüfpfad] C:\Programme\OpenOffice.org 2.0\program\soffice.exe [Prüfpfad] C:\Programme\OpenOffice.org 2.0\program\soffice.BIN [Prüfpfad] C:\WINDOWS\System32\wuauclt.exe [Prüfpfad] C:\Dokumente und Einstellungen\Besitzer.USER1-CO4CMGA9J\Eigene Dateien\gegenviren\drweb\drweb-cureit.exe [Prüfpfad] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\_start.exe [Prüfpfad] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\cureit.exe [Prüfpfad] c:\windows\system32\nvcpl.dll [Prüfpfad] C:\WINDOWS\System32\rundll32.exe [Prüfpfad] C:\WINDOWS\System32\nwiz.exe [Prüfpfad] C:\WINDOWS\system32\NeroCheck.exe [Prüfpfad] C:\Dokumente und Einstellungen\Besitzer.USER1-CO4CMGA9J\Startmenü\Programme\Autostart\desktop.ini [Prüfpfad] C:\Programme\OpenOffice.org 2.0\program\quickstart.exe [Prüfpfad] C:\Programme\StarOffice6.0\program\quickstart.exe [Prüfpfad] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini [Prüfpfad] C:\Programme\Microsoft Office\Office\OSA9.EXE [Prüfpfad] C:\WINDOWS\System32\mmsys.cpl [Prüfpfad] C:\WINDOWS\System32\icmui.dll [Prüfpfad] C:\WINDOWS\System32\rshx32.dll [Prüfpfad] C:\WINDOWS\System32\docprop.dll [Prüfpfad] C:\WINDOWS\System32\ntshrui.dll [Prüfpfad] C:\WINDOWS\System32\themeui.dll [Prüfpfad] C:\WINDOWS\System32\deskadp.dll [Prüfpfad] C:\WINDOWS\System32\deskmon.dll [Prüfpfad] C:\WINDOWS\System32\dssec.dll [Prüfpfad] C:\WINDOWS\System32\SlayerXP.dll [Prüfpfad] C:\WINDOWS\System32\shscrap.dll [Prüfpfad] C:\WINDOWS\System32\diskcopy.dll [Prüfpfad] C:\WINDOWS\System32\ntlanui2.dll [Prüfpfad] C:\WINDOWS\System32\printui.dll [Prüfpfad] C:\WINDOWS\System32\dskquoui.dll [Prüfpfad] C:\WINDOWS\System32\syncui.dll [Prüfpfad] C:\WINDOWS\System32\hticons.dll [Prüfpfad] C:\WINDOWS\System32\fontext.dll [Prüfpfad] C:\WINDOWS\System32\deskperf.dll [Prüfpfad] C:\WINDOWS\system32\cryptext.dll [Prüfpfad] C:\WINDOWS\system32\NETSHELL.dll [Prüfpfad] C:\WINDOWS\System32\wiashext.dll [Prüfpfad] C:\WINDOWS\System32\remotepg.dll [Prüfpfad] C:\WINDOWS\System32\wuaucpl.cpl [Prüfpfad] C:\WINDOWS\System32\wshext.dll [Prüfpfad] C:\Programme\Gemeinsame Dateien\System\Ole DB\oledb32.dll [Prüfpfad] C:\WINDOWS\System32\mstask.dll [Prüfpfad] C:\WINDOWS\system32\shdocvw.dll [Prüfpfad] C:\WINDOWS\System32\shmedia.dll [Prüfpfad] C:\WINDOWS\System32\browseui.dll [Prüfpfad] C:\WINDOWS\System32\sendmail.dll [Prüfpfad] C:\WINDOWS\System32\occache.dll [Prüfpfad] C:\WINDOWS\System32\webcheck.dll [Prüfpfad] C:\WINDOWS\System32\appwiz.cpl [Prüfpfad] C:\WINDOWS\System32\shimgvw.dll [Prüfpfad] C:\WINDOWS\System32\netplwiz.dll [Prüfpfad] C:\WINDOWS\System32\zipfldr.dll [Prüfpfad] C:\WINDOWS\System32\cdfview.dll [Prüfpfad] C:\WINDOWS\System32\msieftp.dll [Prüfpfad] C:\WINDOWS\System32\docprop2.dll [Prüfpfad] C:\WINDOWS\System32\dsquery.dll [Prüfpfad] C:\WINDOWS\System32\dsuiext.dll [Prüfpfad] C:\WINDOWS\System32\mydocs.dll [Prüfpfad] C:\WINDOWS\System32\cscui.dll [Prüfpfad] C:\WINDOWS\msagent\agentpsh.dll [Prüfpfad] C:\WINDOWS\System32\dfsshlex.dll [Prüfpfad] C:\WINDOWS\System32\photowiz.dll [Prüfpfad] C:\WINDOWS\System32\mmcshext.dll [Prüfpfad] C:\WINDOWS\System32\cabview.dll [Prüfpfad] C:\Programme\Outlook Express\wabfind.dll [Prüfpfad] C:\WINDOWS\System32\wmpshell.dll [Prüfpfad] C:\WINDOWS\System32\nvshell.dll [Prüfpfad] C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [Prüfpfad] C:\Programme\ICQLite\ICQLiteShell.dll [Prüfpfad] C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL [Prüfpfad] C:\Programme\Microsoft Office\Office10\msohev.dll [Prüfpfad] C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll [Prüfpfad] C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL [Prüfpfad] C:\Programme\AntiVir PersonalEdition Classic\shlext.dll [Prüfpfad] C:\Programme\Deskbar\deskbar.dll C:\Programme\Deskbar\deskbar.dll ist ein Adware-Programm Adware.Softomate [Prüfpfad] C:\WINDOWS\system32\SHELL32.dll [Prüfpfad] C:\WINDOWS\System32\stobject.dll [Prüfpfad] C:\WINDOWS\System32\crypt32.dll [Prüfpfad] C:\WINDOWS\System32\cryptnet.dll [Prüfpfad] C:\WINDOWS\System32\cscdll.dll [Prüfpfad] C:\WINDOWS\System32\wlnotify.dll [Prüfpfad] C:\WINDOWS\System32\sclgntfy.dll [Prüfpfad] C:\WINDOWS\System32\wzcdlg.dll [Prüfpfad] C:\WINDOWS\System32\DRIVERS\ACPI.sys [Prüfpfad] C:\WINDOWS\system32\drivers\aec.sys [Prüfpfad] C:\WINDOWS\System32\drivers\afd.sys [Prüfpfad] c:\windows\system32\svchost.exe [Prüfpfad] C:\WINDOWS\System32\DRIVERS\asyncmac.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\atapi.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\atmarpc.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\audstub.sys [Prüfpfad] C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [Prüfpfad] C:\WINDOWS\SYSTEM32\drivers\avgntmgr.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\avmwan.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\bsstor.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\cdrom.sys [Prüfpfad] C:\WINDOWS\system32\cisvc.exe [Prüfpfad] C:\WINDOWS\system32\clipsrv.exe [Prüfpfad] c:\windows\system32\dllhost.exe [Prüfpfad] C:\WINDOWS\System32\DRIVERS\disk.sys [Prüfpfad] c:\windows\system32\dmadmin.exe [Prüfpfad] C:\WINDOWS\System32\drivers\dmboot.sys [Prüfpfad] C:\WINDOWS\System32\drivers\dmio.sys [Prüfpfad] C:\WINDOWS\System32\drivers\dmload.sys [Prüfpfad] C:\WINDOWS\system32\drivers\DMusic.sys [Prüfpfad] C:\WINDOWS\system32\drivers\drmkaud.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\fdc.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\flpydisk.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\fpcibase.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\ftdisk.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\msgpc.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\i8042prt.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\imapi.sys [Prüfpfad] C:\WINDOWS\System32\imapi.exe [Prüfpfad] C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\ipinip.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\ipnat.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\ipsec.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\irenum.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\isapnp.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\kbdclass.sys [Prüfpfad] C:\WINDOWS\system32\drivers\kmixer.sys [Prüfpfad] C:\WINDOWS\System32\mnmsrvc.exe [Prüfpfad] C:\WINDOWS\System32\DRIVERS\mouclass.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\mrxdav.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [Prüfpfad] C:\WINDOWS\System32\msdtc.exe [Prüfpfad] c:\windows\system32\msiexec.exe [Prüfpfad] C:\WINDOWS\system32\drivers\MSKSSRV.sys [Prüfpfad] C:\WINDOWS\system32\drivers\MSPCLOCK.sys [Prüfpfad] C:\WINDOWS\system32\drivers\MSPQM.sys [Prüfpfad] C:\WINDOWS\system32\drivers\MSTEE.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\NdisIP.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\ndistapi.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\ndisuio.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\ndiswan.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\netbios.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\netbt.sys [Prüfpfad] C:\WINDOWS\system32\netdde.exe [Prüfpfad] C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [Prüfpfad] C:\WINDOWS\system32\drivers\nvax.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\NVENET.sys [Prüfpfad] C:\WINDOWS\system32\drivers\nvapu.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\nv_agp.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\parport.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\pci.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\pciide.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\raspptp.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\processr.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\psched.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\ptilink.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\rasacd.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\raspppoe.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\raspti.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\rdbss.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [Prüfpfad] C:\WINDOWS\system32\sessmgr.exe [Prüfpfad] C:\WINDOWS\System32\DRIVERS\redbook.sys [Prüfpfad] C:\WINDOWS\System32\locator.exe [Prüfpfad] C:\WINDOWS\System32\rsvp.exe [Prüfpfad] C:\WINDOWS\System32\SCardSvr.exe [Prüfpfad] C:\WINDOWS\System32\DRIVERS\secdrv.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\serenum.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\serial.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\SLIP.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [Prüfpfad] C:\WINDOWS\system32\drivers\splitter.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\sr.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\srv.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\StreamIP.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\swenum.sys [Prüfpfad] C:\WINDOWS\system32\drivers\swmidi.sys [Prüfpfad] C:\WINDOWS\system32\drivers\sysaudio.sys [Prüfpfad] C:\WINDOWS\system32\smlogsvc.exe [Prüfpfad] C:\WINDOWS\System32\DRIVERS\tcpip.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\termdd.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\update.sys [Prüfpfad] C:\WINDOWS\System32\ups.exe [Prüfpfad] C:\WINDOWS\System32\DRIVERS\usbehci.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\usbhub.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\usbohci.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\usbprint.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\usbscan.sys [Prüfpfad] C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [Prüfpfad] C:\WINDOWS\System32\drivers\vga.sys [Prüfpfad] C:\WINDOWS\System32\vssvc.exe [Prüfpfad] C:\WINDOWS\System32\DRIVERS\wanarp.sys [Prüfpfad] C:\WINDOWS\system32\drivers\wdmaud.sys [Prüfpfad] C:\WINDOWS\System32\wbem\wmiapsrv.exe [Prüfpfad] C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [Prüfpfad] C:\WINDOWS\System32\ntsd.exe ----------------------------------------------------------------------------- Prüfstatistiken ----------------------------------------------------------------------------- Geprüfte Objekte: 225 Infizierte Objekte gefunden: 0 Objekte mit Modifikation gefunden: 0 Verdächtige Objekte gefunden: 0 Adware-Programm gefunden: 1 Dialer-Programm gefunden: 0 Scherz-Programm gefunden: 0 Riskware programm gefunden: 0 Hacktool-Programm gefunden: 0 Desinfizierte Objekte: 0 Gelöschte Objekte: 0 Umbenannte Objekte: 0 Verschobene Objekte: 0 Ignorierte Objekte: 0 Leistung:: 2959 Kb/s Dauer:: 00:00:28 ----------------------------------------------------------------------------- [Prüfpfad] C:\ C:\dfndrff_e18.exe ist ein Adware-Programm Adware.DollarRevenue C:\Dokumente und Einstellungen\Besitzer.USER1-CO4CMGA9J\NTUSER.DAT - Lesefehler C:\Dokumente und Einstellungen\Besitzer.USER1-CO4CMGA9J\NTUSER~1.LOG - Lesefehler C:\Dokumente und Einstellungen\Besitzer.USER1-CO4CMGA9J\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat - Lesefehler C:\Dokumente und Einstellungen\Besitzer.USER1-CO4CMGA9J\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\USRCLA~1.LOG - Lesefehler C:\Dokumente und Einstellungen\Besitzer.USER1-CO4CMGA9J\Lokale Einstellungen\Temp\PERFLI~2.DAT - Lesefehler C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT - Lesefehler C:\Dokumente und Einstellungen\LocalService\NTUSER~1.LOG - Lesefehler C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat - Lesefehler C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\USRCLA~1.LOG - Lesefehler C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\01KLM56P\installer[2].exe infiziert mit Trojan.Proxy.493 - nicht desinfizierbar - verschoben C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GH0JKLMN\ucmoreiex[1].exe ist ein Adware-Programm Adware.Ucmore C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\O789ATUV\dfndrff_e_uit[1].exe ist ein Adware-Programm Adware.DollarRevenue C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT - Lesefehler C:\Dokumente und Einstellungen\NetworkService\NTUSER~1.LOG - Lesefehler C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat - Lesefehler C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\USRCLA~1.LOG - Lesefehler C:\Programme\ArcorOnline\Arcor.exe möglicherweise infiziert mit BACKDOOR.Trojan C:\Programme\Deskbar\deskbar.dll ist ein Adware-Programm Adware.Softomate C:\Programme\Network Monitor\netmon.exe - Lesefehler C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP156\A0033643.exe infiziert mit Win32.HLLW.MyBot - gelöscht C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP156\A0033644.exe ist ein Adware-Programm Adware.DollarRevenue C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP156\A0033645.exe ist ein Adware-Programm Adware.DollarRevenue C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP156\A0033646.exe ist ein Adware-Programm Adware.DollarRevenue C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP156\A0033647.exe ist ein Adware-Programm Adware.DollarRevenue C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP156\A0033648.exe infiziert mit Trojan.DownLoader.13015 - gelöscht C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP156\A0033649.exe ist ein Adware-Programm Adware.DollarRevenue >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP156\A0033650.exe infiziert mit Trojan.DownLoader.5013 - gelöscht >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP156\A0033651.exe infiziert mit Trojan.DownLoader.5013 - gelöscht C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP156\A0033652.exe infiziert mit Win32.IRC.Bot - gelöscht >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP156\A0034642.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP156\A0035635.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0035644.exe infiziert mit Trojan.Proxy.493 - gelöscht >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0035645.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0035646.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0036644.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0036657.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0036667.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0036668.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0036676.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0037676.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0037684.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0038684.dll infiziert mit Trojan.Virtumod - gelöscht >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0038686.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0038694.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0038696.exe infiziert mit Trojan.Virtumod - gelöscht >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0038703.dll ist ein Adware-Programm Adware.Runk >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0038704.dll infiziert mit Trojan.Virtumod - gelöscht >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0038705.dll infiziert mit Trojan.DownLoader.10919 - gelöscht >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0038706.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0038714.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0038722.dll ist ein Adware-Programm Adware.Look2me C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0038917.exe ist ein Adware-Programm Adware.DollarRevenue >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0038930.exe infiziert mit Trojan.Virtumod - gelöscht C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0038931.exe ist ein Adware-Programm Adware.DollarRevenue >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0038932.exe infiziert mit Trojan.DownLoader.5013 - gelöscht C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039940.exe ist ein Adware-Programm Adware.DollarRevenue C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039941.exe ist ein Adware-Programm Adware.DollarRevenue C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039942.exe ist ein Adware-Programm Adware.DollarRevenue C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039946.exe ist ein Adware-Programm Adware.Look2me C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039947.exe infiziert mit Trojan.DownLoader.10918 - gelöscht C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039948.exe ist ein Adware-Programm Adware.Ucmore C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039953.exe infiziert mit Trojan.DnsChange - gelöscht C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039954.dll ist ein Adware-Programm Adware.Ucmore C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039957.dll ist ein Adware-Programm Adware.Ucmore C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039962.dll ist ein Adware-Programm Adware.Softomate >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039963.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039964.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039965.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039966.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039967.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039968.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039969.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039970.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039971.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039972.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039973.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039974.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039975.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039976.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039977.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039978.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039979.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039980.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039981.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039982.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039983.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039984.dll ist ein Adware-Programm Adware.Look2me C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0040030.exe ist ein Adware-Programm Adware.DollarRevenue >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0040032.exe infiziert mit Trojan.Virtumod - gelöscht C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0041974.exe ist ein Adware-Programm Adware.DollarRevenue >>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0041975.exe infiziert mit Win32.HLLW.MyBot - gelöscht C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0041977.exe ist ein Adware-Programm Adware.DollarRevenue >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0041979.exe infiziert mit Trojan.DownLoader.5013 - gelöscht >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0041981.exe infiziert mit BackDoor.IRC.Hwclock - gelöscht >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0041982.dll infiziert mit Trojan.Virtumod - gelöscht >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0041983.dll infiziert mit Trojan.Virtumod - gelöscht C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0041984.exe ist ein Adware-Programm Adware.DollarRevenue >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP158\A0044018.exeC:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP158\A0044019.exe ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP158\A0044020.dll ist ein Adware-Programm Adware.Look2me >C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP158\A0044021.dll infiziert mit Trojan.Virtumod - gelöscht C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP158\A0044023.exe infiziert mit Win32.HLLW.MyBot - gelöscht C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP158\A0044175.exe infiziert mit Trojan.DnsChange - gelöscht >C:\WINDOWS\dXNlcjE\asappsrv.dll infiziert mit Trojan.Proxy.493 - gelöscht >C:\WINDOWS\dXNlcjE\command.exe infiziert mit Trojan.Proxy.493 - gelöscht C:\WINDOWS\system32\config\default - Lesefehler C:\WINDOWS\system32\config\DEFAULT.LOG - Lesefehler C:\WINDOWS\system32\config\SAM - Lesefehler C:\WINDOWS\system32\config\SAM.LOG - Lesefehler C:\WINDOWS\system32\config\SECURITY - Lesefehler C:\WINDOWS\system32\config\SECURITY.LOG - Lesefehler C:\WINDOWS\system32\config\software - Lesefehler C:\WINDOWS\system32\config\SOFTWARE.LOG - Lesefehler C:\WINDOWS\system32\config\system - Lesefehler C:\WINDOWS\system32\config\SYSTEM.LOG - Lesefehler C:\WINDOWS\Temp\cmdinst.exe infiziert mit Trojan.Proxy.493 - nicht desinfizierbar - verschoben ----------------------------------------------------------------------------- Prüfstatistiken ----------------------------------------------------------------------------- Geprüfte Objekte: 89536 Infizierte Objekte gefunden: 27 Objekte mit Modifikation gefunden: 0 Verdächtige Objekte gefunden: 1 Adware-Programm gefunden: 64 Dialer-Programm gefunden: 0 Scherz-Programm gefunden: 0 Riskware programm gefunden: 0 Hacktool-Programm gefunden: 0 Desinfizierte Objekte: 0 Gelöschte Objekte: 25 Umbenannte Objekte: 0 Verschobene Objekte: 2 Ignorierte Objekte: 0 Leistung:: 739 Kb/s Dauer:: 00:41:31 ----------------------------------------------------------------------------- |
|
|
||
01.10.2006, 20:29
Ehrenmitglied
Beiträge: 29434 |
#14
1.
Avenger Zitat Files to delete:2. Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. 3. Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint Zitat cd\ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
01.10.2006, 21:04
Member
Themenstarter Beiträge: 21 |
#15
Hier der avenger log und die listen.bat für dich. Danke schon mal für's anschauen
Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\nvdtcegh ******************* Script file located at: \??\C:\WINDOWS\ggskcfcc.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\dfndrff_e18.exe deleted successfully. Folder C:\Programme\Network Monitor deleted successfully. Folder C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\01KLM56P deleted successfully. Folder C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GH0JKLMN deleted successfully. Folder C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\O789ATUV deleted successfully. Folder C:\Programme\Deskbar deleted successfully. Folder C:\WINDOWS\dXNlcjE deleted successfully. Completed script processing. ******************* Finished! Terminate. Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 2462-6EED Verzeichnis von C:\Windows\System32\Com 30.09.2006 16:40 <DIR> . 30.09.2006 16:40 <DIR> .. 02.04.2003 14:00 186.880 comadmin.dll 02.04.2003 14:00 61.440 comempty.dat 02.04.2003 14:00 77.348 comexp.msc 02.04.2003 14:00 8.192 comrepl.exe 02.04.2003 14:00 5.120 comrereg.exe 12.07.2006 23:59 94 install.bat 02.04.2003 14:00 19.456 mtsadmin.tlb 7 Datei(en) 358.530 Bytes 2 Verzeichnis(se), 14.855.913.472 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 2462-6EED Verzeichnis von C:\WINDOWS\system32 Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 2462-6EED Verzeichnis von C:\WINDOWS\Downloaded Program Files 30.06.2005 15:19 227 MsnMessengerSetupDownloader.inf 14.08.2005 00:26 113.664 MsnMessengerSetupDownloader.ocx 04.09.2003 15:14 3.759 swflash.inf 3 Datei(en) 117.650 Bytes 0 Verzeichnis(se), 14.855.909.376 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 2462-6EED Verzeichnis von C:\Programme Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 2462-6EED Verzeichnis von C:\Dokumente und Einstellungen\Besitzer 11.12.2003 03:00 <DIR> . 11.12.2003 03:00 <DIR> .. 11.12.2003 02:48 <DIR> Desktop 11.12.2003 03:00 <DIR> Eigene Dateien 11.12.2003 03:00 <DIR> Favoriten 11.12.2003 02:48 <DIR> Startmen 0 Datei(en) 0 Bytes 6 Verzeichnis(se), 14.855.909.376 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 2462-6EED Verzeichnis von C:\Program Files 01.10.2006 19:20 <DIR> . 01.10.2006 19:20 <DIR> .. 03.06.2006 14:21 <DIR> ICQLite 0 Datei(en) 0 Bytes 3 Verzeichnis(se), 14.855.909.376 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 2462-6EED Verzeichnis von C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp 11.12.2003 03:00 <DIR> . 11.12.2003 03:00 <DIR> .. 0 Datei(en) 0 Bytes 2 Verzeichnis(se), 14.855.909.376 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 2462-6EED Verzeichnis von C:\WINDOWS\Temp 01.10.2006 20:56 <DIR> . 01.10.2006 20:56 <DIR> .. 0 Datei(en) 0 Bytes 2 Verzeichnis(se), 14.855.909.376 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 2462-6EED Verzeichnis von C:\Temp 30.09.2006 14:04 <DIR> . 30.09.2006 14:04 <DIR> .. 0 Datei(en) 0 Bytes 2 Verzeichnis(se), 14.855.909.376 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 2462-6EED Verzeichnis von C:\Programme 01.10.2006 20:54 <DIR> . 01.10.2006 20:54 <DIR> .. 29.03.2004 13:08 <DIR> ABBYY FineReader 5.0 Sprint 29.03.2004 13:07 <DIR> ABBYY FineReader 6.0 13.12.2003 14:10 <DIR> Adabas 08.01.2002 22:11 <DIR> Adobe 13.12.2003 14:00 <DIR> Ahead 31.05.2004 14:26 <DIR> Anims 05.05.2006 21:34 <DIR> AntiVir PersonalEdition Classic 23.09.2006 10:38 <DIR> ArcorOnline 23.10.2005 22:36 21 AVPersonalAVWIN.INI 09.08.2002 10:22 35.328 AweMan32.dll 30.09.2006 13:57 <DIR> CleanUp! 10.12.2003 12:46 <DIR> ComPlus Applications 13.12.2003 14:24 <DIR> CyberLink 31.05.2004 14:26 <DIR> Data 31.05.2004 14:26 <DIR> DataM 31.05.2004 14:26 18.037 DeIsL1.isu 13.06.2006 21:18 <DIR> Dialer Control 29.03.2004 13:07 <DIR> FaxTools 22.08.2006 10:20 <DIR> Gemeinsame Dateien 25.04.2005 20:23 <DIR> Graph 31.05.2004 14:26 56 Hospital.Cfg 09.08.2002 10:23 1.074.688 Hospital.exe 30.08.2006 14:07 <DIR> ICQLite 28.09.2006 14:54 <DIR> ICQToolbar 11.12.2003 02:54 <DIR> Internet Explorer 31.05.2004 14:26 <DIR> Levels 04.09.2006 20:20 <DIR> Lexmark X1100 Series 05.01.2005 21:27 <DIR> Maxis 10.12.2003 12:45 <DIR> Messenger 11.12.2005 23:17 <DIR> microsoft frontpage 11.12.2005 23:18 <DIR> Microsoft Office 09.08.2002 10:23 85 Modem.ini 11.12.2003 02:54 <DIR> Movie Maker 11.11.2005 17:07 <DIR> Mozilla Firefox 10.12.2003 12:45 <DIR> MSN 10.12.2003 12:45 <DIR> MSN Gaming Zone 30.09.2005 18:36 <DIR> MSN Messenger 09.08.2002 10:23 144.384 Mss32.dll 11.12.2003 02:54 <DIR> NetMeeting 10.12.2003 12:45 <DIR> Online Services 10.12.2003 12:47 <DIR> Online-Dienste 23.11.2005 18:26 <DIR> OpenOffice.org 2.0 11.12.2003 02:54 <DIR> Outlook Express 31.05.2004 14:26 <DIR> QData 31.05.2004 14:26 <DIR> QDataM 20.08.2005 15:30 <DIR> ratiopharm 31.05.2004 20:48 <DIR> Save 25.07.2005 13:23 <DIR> Skype 09.08.2002 10:23 71.168 Smackw32.dll 11.12.2005 23:18 <DIR> Snapshot Viewer 31.05.2004 14:26 <DIR> Sound 13.12.2003 14:16 <DIR> StarOffice6.0 13.12.2003 13:57 <DIR> Windows Media Player 10.12.2003 12:45 <DIR> Windows NT 06.11.2005 17:25 <DIR> Winzip 09.08.2002 10:23 109.056 WSnd7R.dll 10.12.2003 12:48 <DIR> xerox 9 Datei(en) 1.452.823 Bytes 50 Verzeichnis(se), 14.855.905.280 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 2462-6EED Verzeichnis von C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten 11.12.2003 03:00 <DIR> Microsoft 0 Datei(en) 0 Bytes 1 Verzeichnis(se), 14.855.905.280 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 2462-6EED Verzeichnis von C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 2462-6EED Verzeichnis von C:\Dokumente und Einstellungen\All Users\Anwendungsdaten 13.02.2006 21:18 305 addr_file.html 08.01.2002 22:11 <DIR> Adobe 14.09.2006 23:50 <DIR> AntiVir PersonalEdition Classic 29.03.2004 13:07 <DIR> BVRP Software 13.12.2003 14:24 <DIR> CyberLink 11.12.2005 23:18 <DIR> SBT 1 Datei(en) 305 Bytes 5 Verzeichnis(se), 14.855.905.280 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 2462-6EED Verzeichnis von C:\Programme\Gemeinsame Dateien 22.08.2006 10:20 <DIR> . 22.08.2006 10:20 <DIR> .. 24.01.2004 15:34 <DIR> Adobe 03.11.2005 19:55 <DIR> Designer 11.12.2003 02:54 <DIR> Dienste 13.12.2003 13:54 <DIR> InstallShield 11.12.2005 23:20 <DIR> Microsoft Shared 10.12.2003 12:47 <DIR> MSSoap 10.12.2003 12:38 <DIR> ODBC 10.12.2003 12:38 <DIR> SpeechEngines 11.12.2005 23:18 <DIR> System 0 Datei(en) 0 Bytes 11 Verzeichnis(se), 14.855.905.280 Bytes frei Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 2462-6EED Verzeichnis von C:\Windows\tasks |
|
|
||
Habe einen Rechner mit Vundo.gen verseucht. Leider kann ich von dem aus nicht ins Internet, weil er sich momentan immer aufhängt sobald die Verbindung besteht. Möchte mir jetzt ein paar programme mitnehmen. Habe mir hijack this und alle die programme, von denen ihr den report haben möchtet runtergeladen und werde die auf dem anderen Rechner laufen lassen. Habe ich dann eine chance, dass ich wieder online kann und die reports durchbringe?
vielen dank schon mal im voraus.
Kross