Home » Viren, Trojaner & Malware Forum » TR/Vundo.gen und rechner stürzt ab sobald ich online bin » Themenansicht

TR/Vundo.gen und rechner stürzt ab sobald ich online bin

Thema ist geschlossen!
Thema ist geschlossen!
#0
27.09.2006, 17:19
Kross
Member

Beiträge: 21
#1 Hallo!

Habe einen Rechner mit Vundo.gen verseucht. Leider kann ich von dem aus nicht ins Internet, weil er sich momentan immer aufhängt sobald die Verbindung besteht. Möchte mir jetzt ein paar programme mitnehmen. Habe mir hijack this und alle die programme, von denen ihr den report haben möchtet runtergeladen und werde die auf dem anderen Rechner laufen lassen. Habe ich dann eine chance, dass ich wieder online kann und die reports durchbringe?

vielen dank schon mal im voraus.

Kross
Seitenanfang Seitenende
27.09.2006, 21:47
Terementor
Member

Beiträge: 130
#2 die programme von http://board.protecus.de/t23188.htm werden vundo.gen nicht löschen aber ohne die logs können wir dir nicht sagen wie du ihn gelöscht bekommst... aber ich weiß nicht ob es vundo.gen legt das dein inet abstürzt. Naja dir bleibt wohl nichts übrig als die logs aufn usb stick zu ziehen und von woanders hier zu posten...
Seitenanfang Seitenende
27.09.2006, 23:59
Kross
Member

Themenstarter

Beiträge: 21
#3 gut, werden wir das so versuchen!

ich melde mich mit den logs

danke erstmal!

kross
Seitenanfang Seitenende
30.09.2006, 14:44
Kross
Member

Themenstarter

Beiträge: 21
#4 hier jetzt endlich die logs!

ich hoffe man kann was machen!


Logfile of HijackThis v1.99.1
Scan saved at 13:51:02, on 30.09.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\Dialer Control\dc.exe
C:\Programme\Ahead\InCD\InCD.exe
C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programme\Lexmark X1100 Series\lxbkbmon.exe
C:\Programme\ICQLite\ICQLite.exe
C:\dfndrff_e16.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Winzip\WZQKPICK.EXE
C:\Programme\StarOffice6.0\program\soffice.exe
C:\Programme\OpenOffice.org 2.0\program\soffice.exe
C:\Programme\OpenOffice.org 2.0\program\soffice.BIN
C:\Programme\Network Monitor\netmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\winlogon.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\sssvhost.exe
c:\dfndrff_e18.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Programme\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Dokumente und Einstellungen\Besitzer.USER1-CO4CMGA9J\Eigene Dateien\gegenviren\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.arcor.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Programme\Deskbar\deskbar.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\nnnopol.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Programme\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dialer Control] C:\Programme\Dialer Control\dc.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e16.exe
O4 - HKLM\..\Run: [defender] c:\\dfndrff_e18.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_e18.exe
O4 - HKLM\..\Run: [orx0cd35] RUNDLL32.EXE w00704b1.dll,n 0050cd300000000a00704b1
O4 - HKLM\..\Run: [internet service] sssvhost.exe
O4 - HKLM\..\RunServices: [internet service] sssvhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programme\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: StarOffice 6.0.lnk = C:\Programme\StarOffice6.0\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\Winzip\WZQKPICK.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\hrro0593e.dll
O20 - Winlogon Notify: nnnopol - C:\WINDOWS\SYSTEM32\nnnopol.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\nwwrsko.dll (file missing)
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\dXNlcjE\command.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Network Confg System - Unknown owner - C:\WINDOWS\system32\lviss.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Programme\Network Monitor\netmon.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Microsoft Windows Spooler Service (Windows Spooler Service) - Unknown owner - C:\WINDOWS\winlogon.exe
O23 - Service: Network Provision Managing Service (xmlprovman) - Unknown owner - C:\WINDOWS\system32\provsvc.exe (file missing)






CleanUp! started on 09/30/06 13:59:59.
...
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9462.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF948C.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9497.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF94A1.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF94E5.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF94F5.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9518.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF951D.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF951F.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF953F.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF954A.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9571.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF957C.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF95AB.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF95EE.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9601.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF960E.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9616.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9671.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF967E.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF96A8.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF96B9.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF96E1.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF96F0.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF96FD.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF974E.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9750.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9752.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9756.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF97A2.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF97C6.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF97CF.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF97FE.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9809.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9863.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF986A.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9874.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9895.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF98E3.tmp currently in use. Will be deleted when Windows is restarted.
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF992F.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9960.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF998A.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF99C2.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9A.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9A54.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9A77.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9A7B.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9A8C.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9ACD.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9B3D.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9BB1.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9C0E.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9C61.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9C9F.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9D0F.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9D13.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9D4A.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9D6E.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9D88.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9DCE.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9DD8.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9E49.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9EC8.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9F3B.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9F4B.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF9FF2.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA0AA.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA132.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA164.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA178.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA195.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA1B7.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA1D4.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA20B.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA221.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA24E.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA337.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA4.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA41E.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA429.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA4CF.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA508.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA9B5.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFA9C9.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFAF5.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFB200.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFB43A.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFB73B.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFB9EB.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFBB16.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFBB34.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFBBA1.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFC653.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFC67E.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFC80E.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFC82D.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFC9E.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFD15F.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFD302.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFD9A.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFD9B9.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFDD7D.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFDDF1.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFDF35.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFE1D5.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFE4D8.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFE9BD.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFEB5B.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFED46.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFED52.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFEDF.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFF2B8.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFF592.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFF68F.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFF83E.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFFB26.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DFFF87.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~WRD0000.doc - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~WRF0000.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~WRS0680.tmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Adobe\Acrobat\6.0\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Adobe\Acrobat\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Adobe\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\App\App\Avatar\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\App\App\InviteVideo\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\App\App\map_voice_chat\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\App\App\marketdevil\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\App\App\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\App\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Cookies\index.dat - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Cookies\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\gac8.tmp.dir\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Games\Games\Backgammon\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Games\Games\checkers\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Games\Games\InspectorParker\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Games\Games\rps\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Games\Games\slide-a-lama\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Games\Games\WordNinja\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Games\Games\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Games\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\hsperfdata_Besitzer\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\is-LNG84.tmp\SkypeVersionChecker.dll - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\is-LNG84.tmp\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\is-V99CG.tmp\SkypeVersionChecker.dll - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\is-V99CG.tmp\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\MIB\MIB\buddyDevil\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\MIB\MIB\Interactive\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\MIB\MIB\marketdevilRcv\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\MIB\MIB\ownerDevil\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\MIB\MIB\VideoRcv\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\MIB\MIB\voice_chat_recv_map\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\MIB\MIB\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\MIB\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\MIBShow\MIBShow\ICQChatRecv\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\MIBShow\MIBShow\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\MIBShow\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\msoclip1\01\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\msoclip1\02\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\msoclip1\03\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\msoclip1\04\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\msoclip1\05\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\msoclip1\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\ns_temp\xpcom.ns\bin\js3250.dll - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\ns_temp\xpcom.ns\bin\nspr4.dll - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\ns_temp\xpcom.ns\bin\plc4.dll - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\ns_temp\xpcom.ns\bin\plds4.dll - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\ns_temp\xpcom.ns\bin\xpcom.dll - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\ns_temp\xpcom.ns\bin\xpcom_compat.dll - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\ns_temp\xpcom.ns\bin\components\jar50.dll - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\ns_temp\xpcom.ns\bin\components\xpinstal.dll - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\ns_temp\xpcom.ns\bin\components\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\ns_temp\xpcom.ns\bin\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\ns_temp\xpcom.ns\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\ns_temp\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\People\People\Meetic\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\People\People\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\People\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\plugtmp\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\plugtmp-1\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\plugtmp-2\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\plugtmp-3\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\plugtmp-4\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\plugtmp-5\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\plugtmp-6\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\plugtmp-7\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\1280\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\256\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\2592\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\2736\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\2748\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\288\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\328\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\3460\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\3588\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\368\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\372\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\384\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\396\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\408\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\436\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\rb\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\soffice.tmp\sv1oh.tmp\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\soffice.tmp\sva5l.tmp\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\soffice.tmp\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\sv1.tmp\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\sv2m5.tmp\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\sv4mc.tmp\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\sv56i.tmp\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\sv6bo.tmp\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\sv73n.tmp\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\sv7mf.tmp\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\sv8g7.tmp\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\svc34.tmp\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\svdpk.tmp\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\svf0l.tmp\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\svf22.tmp\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\svf8g.tmp\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\svgj7.tmp\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\svm23.tmp\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\svo4n.tmp\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Verlauf\History.IE5\index.dat - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER1.tmp.dir00\sysdata.xml - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER1.tmp.dir00\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER12.tmp.dir00\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER14.tmp.dir00\appcompat.txt - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER14.tmp.dir00\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER15.tmp.dir00\appcompat.txt - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER15.tmp.dir00\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER17.tmp.dir00\appcompat.txt - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER17.tmp.dir00\manifest.txt - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER17.tmp.dir00\taskmgr.exe.hdmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER17.tmp.dir00\taskmgr.exe.mdmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER17.tmp.dir00\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER18.tmp.dir00\appcompat.txt - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER18.tmp.dir00\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER19.tmp.dir00\appcompat.txt - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER19.tmp.dir00\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER2.tmp.dir00\sysdata.xml - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER2.tmp.dir00\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER3.tmp.dir00\appcompat.txt - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WER3.tmp.dir00\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WERB.tmp.dir00\setup.exe.hdmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WERB.tmp.dir00\setup.exe.mdmp - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WERB.tmp.dir00\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WERC.tmp.dir00\appcompat.txt - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WERC.tmp.dir00\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WERD.tmp.dir00\appcompat.txt - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WERD.tmp.dir00\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WERE.tmp.dir00\appcompat.txt - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WERE.tmp.dir00\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WERF.tmp.dir00\appcompat.txt - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WERF.tmp.dir00\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WZSE0.TMP\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WZSE1.TMP\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WZSE2.TMP\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WZSE3.TMP\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WZSE4.TMP\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WZSE5.TMP\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WZSE6.TMP\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WZSE7.TMP\disk_1\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\WZSE7.TMP\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~offfilt\ - deleted
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\Perflib_Perfdata_7f8.dat currently in use. Will be deleted when Windows is restarted.
C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\~DF98E3.tmp currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\SET14.tmp - deleted
C:\WINDOWS\SET20.tmp - deleted
C:\WINDOWS\SET3.tmp - deleted
C:\WINDOWS\SET7.tmp - deleted
C:\WINDOWS\temp\cmdinst.exe - deleted
C:\WINDOWS\temp\Perflib_Perfdata_7b8.dat - deleted
C:\WINDOWS\temp\pw3.tmp - deleted
C:\WINDOWS\temp\release.htm - deleted
C:\WINDOWS\temp\removalfile.bat - deleted
C:\WINDOWS\temp\rtdrvmon.exe - deleted
C:\WINDOWS\temp\SPLE.tmp - deleted
C:\WINDOWS\temp\Upd4.tmp - deleted
C:\WINDOWS\temp\WER10.tmp - deleted
C:\WINDOWS\temp\WER11.tmp - deleted
C:\WINDOWS\temp\WER12.tmp - deleted
C:\WINDOWS\temp\WER13.tmp - deleted
C:\WINDOWS\temp\WER16.tmp - deleted
C:\WINDOWS\temp\WER17.tmp - deleted
C:\WINDOWS\temp\WER1A.tmp - deleted
C:\WINDOWS\temp\WER1B.tmp - deleted
C:\WINDOWS\temp\~DF70BF.tmp - deleted
C:\WINDOWS\temp\~DF70C7.tmp - deleted
C:\WINDOWS\temp\~DF71CB.tmp - deleted
C:\WINDOWS\temp\~DF71D3.tmp - deleted
C:\WINDOWS\temp\pw3~tmp\LICENSE.TXT - deleted
C:\WINDOWS\temp\pw3~tmp\ - deleted
C:\WINDOWS\temp\WER10.tmp.dir00\appcompat.txt - deleted
C:\WINDOWS\temp\WER10.tmp.dir00\ - deleted
C:\WINDOWS\temp\WER11.tmp.dir00\appcompat.txt - deleted
C:\WINDOWS\temp\WER11.tmp.dir00\ - deleted
C:\WINDOWS\temp\WER12.tmp.dir00\appcompat.txt - deleted
C:\WINDOWS\temp\WER12.tmp.dir00\ - deleted
C:\WINDOWS\temp\WER13.tmp.dir00\appcompat.txt - deleted
C:\WINDOWS\temp\WER13.tmp.dir00\ - deleted
C:\WINDOWS\temp\WER16.tmp.dir00\appcompat.txt - deleted
C:\WINDOWS\temp\WER16.tmp.dir00\ - deleted
C:\WINDOWS\temp\WER17.tmp.dir00\appcompat.txt - deleted
C:\WINDOWS\temp\WER17.tmp.dir00\ - deleted
C:\WINDOWS\temp\WER1A.tmp.dir00\appcompat.txt - deleted
C:\WINDOWS\temp\WER1A.tmp.dir00\ - deleted
C:\WINDOWS\temp\WER1B.tmp.dir00\appcompat.txt - deleted
C:\WINDOWS\temp\WER1B.tmp.dir00\ - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\15b32d.DLL - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\CTL3D32.DLL - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\CTL3D32S.DLL - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\_SETUP.LIB - deleted
C:\WINDOWS\temp\_ISTMP0.DIR\ - deleted
C:\WINDOWS\temp\_ISTMP1.DIR\15def0.DLL - deleted
C:\WINDOWS\temp\_ISTMP1.DIR\CTL3D32.DLL - deleted
C:\WINDOWS\temp\_ISTMP1.DIR\CTL3D32S.DLL - deleted
C:\WINDOWS\temp\_ISTMP1.DIR\DXLICENS.TXT - deleted
C:\WINDOWS\temp\_ISTMP1.DIR\UNINST.EXE - deleted
C:\WINDOWS\temp\_ISTMP1.DIR\_SETUP.LIB - deleted
C:\WINDOWS\temp\_ISTMP1.DIR\ - deleted
C:\WINDOWS\temp\_ISTMP2.DIR\16b124.DLL - deleted
C:\WINDOWS\temp\_ISTMP2.DIR\CTL3D32.DLL - deleted
C:\WINDOWS\temp\_ISTMP2.DIR\CTL3D32S.DLL - deleted
C:\WINDOWS\temp\_ISTMP2.DIR\_SETUP.LIB - deleted
C:\WINDOWS\temp\_ISTMP2.DIR\ - deleted
C:\WINDOWS\temp\_ISTMP3.DIR\171d0d.DLL - deleted
C:\WINDOWS\temp\_ISTMP3.DIR\CTL3D32.DLL - deleted
C:\WINDOWS\temp\_ISTMP3.DIR\CTL3D32S.DLL - deleted
C:\WINDOWS\temp\_ISTMP3.DIR\_SETUP.LIB - deleted
C:\WINDOWS\temp\_ISTMP3.DIR\ - deleted
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Default User\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Besitzer.USER1-CO4CMGA9J\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Besitzer.USER1-CO4CMGA9J\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Dokumente und Einstellungen\Besitzer\Cookies\index.dat - deleted
C:\Dokumente und Einstellungen\Administrator\Cookies\index.dat - deleted
C:\WINDOWS\Prefetch\AC3_0010.EXE-2C22AF0F.pf - deleted
C:\WINDOWS\Prefetch\AEKTNTV.EXE-1DECAF12.pf - deleted
C:\WINDOWS\Prefetch\AGENTSVR.EXE-002E45AB.pf - deleted
C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf - deleted
C:\WINDOWS\Prefetch\ARCOR.EXE-1E95EA5D.pf - deleted
C:\WINDOWS\Prefetch\ARCOR.EXE-30D86E50.pf - deleted
C:\WINDOWS\Prefetch\ARCOR_MAIN.EXE-0999621C.pf - deleted
C:\WINDOWS\Prefetch\AVCENTER.EXE-37584419.pf - deleted
C:\WINDOWS\Prefetch\AVGNT.EXE-36CA4640.pf - deleted
C:\WINDOWS\Prefetch\AVGUARD.EXE-3490B18B.pf - deleted
C:\WINDOWS\Prefetch\AVNOTIFY.EXE-22AE9451.pf - deleted
C:\WINDOWS\Prefetch\AVSCAN.EXE-05AECC0E.pf - deleted
C:\WINDOWS\Prefetch\CLEANMGR.EXE-1F86EA8E.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP.EXE-3438663A.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP452.EXE-0B70E484.pf - deleted
C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf - deleted
C:\WINDOWS\Prefetch\CMDINST.EXE-0C71A1C6.pf - deleted
C:\WINDOWS\Prefetch\COMMAND.EXE-03FE2E83.pf - deleted
C:\WINDOWS\Prefetch\DDKO.EXE-02D27899.pf - deleted
C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf - deleted
C:\WINDOWS\Prefetch\DESKBAR.EXE-38CDF805.pf - deleted
C:\WINDOWS\Prefetch\DESKBAR_E12.EXE-0A435696.pf - deleted
C:\WINDOWS\Prefetch\DESKBAR_E13.EXE-08741ACF.pf - deleted
C:\WINDOWS\Prefetch\DESKBAR_E15.EXE-2EDB9564.pf - deleted
C:\WINDOWS\Prefetch\DESKBAR_E18.EXE-355697C0.pf - deleted
C:\WINDOWS\Prefetch\DFNDRFF_E12.EXE-14B94189.pf - deleted
C:\WINDOWS\Prefetch\DFNDRFF_E16.EXE-03851666.pf - deleted
C:\WINDOWS\Prefetch\DFNDRFF_E18.EXE-34773C13.pf - deleted
C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf - deleted
C:\WINDOWS\Prefetch\DREVE.EXE-0666DF36.pf - deleted
C:\WINDOWS\Prefetch\DRSMARTLOAD.EXE-113D05CC.pf - deleted
C:\WINDOWS\Prefetch\DRSMARTLOAD45A45A45E.EXE-30DF92CA.pf - deleted
C:\WINDOWS\Prefetch\DRSMARTLOAD45A45A45L.EXE-2B1132B4.pf - deleted
C:\WINDOWS\Prefetch\DRSMARTLOAD45A45A45O.EXE-3920FA70.pf - deleted
C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf - deleted
C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf - deleted
C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf - deleted
C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf - deleted
C:\WINDOWS\Prefetch\FIREFOX.EXE-17EE503B.pf - deleted
C:\WINDOWS\Prefetch\FIREFOX.EXE-1D57670A.pf - deleted
C:\WINDOWS\Prefetch\FTP.EXE-0FFFB5A3.pf - deleted
C:\WINDOWS\Prefetch\GBROWSER.EXE-36415DF1.pf - deleted
C:\WINDOWS\Prefetch\GLB5.TMP-1F9B87DF.pf - deleted
C:\WINDOWS\Prefetch\GUARDGUI.EXE-1BD45C30.pf - deleted
C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf - deleted
C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-062C5304.pf - deleted
C:\WINDOWS\Prefetch\ICQLITE.EXE-2AEFACA7.pf - deleted
C:\WINDOWS\Prefetch\ICWCONN1.EXE-009F492A.pf - deleted
C:\WINDOWS\Prefetch\IEXPLORE.EXE-07D1865D.pf - deleted
C:\WINDOWS\Prefetch\IEXPLORE.EXE-2CA9778D.pf - deleted
C:\WINDOWS\Prefetch\IPCONFIG.EXE-2395F30B.pf - deleted
C:\WINDOWS\Prefetch\IS-02PF4.TMP-0A28BE8F.pf - deleted
C:\WINDOWS\Prefetch\IS-LTUIS.TMP-216E1F7C.pf - deleted
C:\WINDOWS\Prefetch\KYBRDFF_E12.EXE-0629E0C8.pf - deleted
C:\WINDOWS\Prefetch\KYBRDFF_E16.EXE-1C9F223F.pf - deleted
C:\WINDOWS\Prefetch\KYBRDFF_E18.EXE-076BD2CD.pf - deleted
C:\WINDOWS\Prefetch\Layout.ini - deleted
C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf - deleted
C:\WINDOWS\Prefetch\LVISS.EXE-04C12ED3.pf - deleted
C:\WINDOWS\Prefetch\LXBKJSWX.EXE-16A78713.pf - deleted
C:\WINDOWS\Prefetch\LXBKPSWX.EXE-1C1D8359.pf - deleted
C:\WINDOWS\Prefetch\MJM5.EXE-1E472EB4.pf - deleted
C:\WINDOWS\Prefetch\MMC.EXE-14140460.pf - deleted
C:\WINDOWS\Prefetch\MSIMN.EXE-0B61806C.pf - deleted
C:\WINDOWS\Prefetch\MTE3NDI6ODOXNG.EXE-0C5660D8.pf - deleted
C:\WINDOWS\Prefetch\MTE3NDI6ODOXNGNEW.EXE-0CD90C43.pf - deleted
C:\WINDOWS\Prefetch\NETMON.EXE-397BEF2D.pf - deleted
C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf - deleted
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted
C:\WINDOWS\Prefetch\NVSVC32.EXE-1F9EED18.pf - deleted
C:\WINDOWS\Prefetch\NWNMFF_E12.EXE-3B2F7616.pf - deleted
C:\WINDOWS\Prefetch\NWNMFF_E16.EXE-10C8D732.pf - deleted
C:\WINDOWS\Prefetch\PASTISVC.EXE-1683FB81.pf - deleted
C:\WINDOWS\Prefetch\PREUPD.EXE-358AA1C1.pf - deleted
C:\WINDOWS\Prefetch\PRO3_INSTALL.EXE-050C59B9.pf - deleted
C:\WINDOWS\Prefetch\PROVSVC.EXE-2B83C6B0.pf - deleted
C:\WINDOWS\Prefetch\QNFNZGVS.EXE-19BE8F00.pf - deleted
C:\WINDOWS\Prefetch\QUICKSTART.EXE-2849B922.pf - deleted
C:\WINDOWS\Prefetch\RASMED.EXE-1C1A4E7B.pf - deleted
C:\WINDOWS\Prefetch\REG32.EXE-2C294990.pf - deleted
C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-194BE47B.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-19771D0B.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-1B29F75A.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-1D006EFE.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-2E62241F.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-47A42AF0.pf - deleted
C:\WINDOWS\Prefetch\SCHED.EXE-236A886F.pf - deleted
C:\WINDOWS\Prefetch\SETUP_00763.EXE-373FC4DC.pf - deleted
C:\WINDOWS\Prefetch\SOFFICE.BIN-13DC9FB8.pf - deleted
C:\WINDOWS\Prefetch\SOFFICE.EXE-0BED0A91.pf - deleted
C:\WINDOWS\Prefetch\SOFFICE.EXE-1BD52FDA.pf - deleted
C:\WINDOWS\Prefetch\SPIDER.EXE-2D998CA6.pf - deleted
C:\WINDOWS\Prefetch\SSSTARS.SCR-2D6FC20D.pf - deleted
C:\WINDOWS\Prefetch\SSSVHOST.EXE-0C3E01D0.pf - deleted
C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf - deleted
C:\WINDOWS\Prefetch\TASKMAN.EXE-286CBC75.pf - deleted
C:\WINDOWS\Prefetch\TASKMANGER.EXE-2F080219.pf - deleted
C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf - deleted
C:\WINDOWS\Prefetch\TFTP.EXE-2FB50BCA.pf - deleted
C:\WINDOWS\Prefetch\UCMOREIEX.EXE-39BCB8D0.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-13D57D76.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-2D54AF30.pf - deleted
C:\WINDOWS\Prefetch\WINLOGON.EXE-36FAD343.pf - deleted
C:\WINDOWS\Prefetch\WINWORD.EXE-0AEA99D4.pf - deleted
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf - deleted
C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf - deleted
C:\temp\WMALog.txt - deleted
'Run MRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 774.5 MB of disk space from 85670 files.
CleanUp! finished on 09/30/06 14:04:18.




Besitzer - 06-09-30 14:31:59.82 Service Pack 1
ComboFix 06.09.28 - Running from: "C:\Dokumente und Einstellungen\Besitzer.USER1-CO4CMGA9J\Eigene Dateien\gegenviren\combofix"

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\CLSID\{6E7A6F19-F7DA-428A-A27D-910CD918C963}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{6E7A6F19-F7DA-428A-A27D-910CD918C963}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6E7A6F19-F7DA-428A-A27D-910CD918C963}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6E7A6F19-F7DA-428A-A27D-910CD918C963}\InprocServer32]
@="C:\\WINDOWS\\system32\\nwwrsko.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{F7D24AE8-36EC-4568-B33B-566E7D7383A5}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{F7D24AE8-36EC-4568-B33B-566E7D7383A5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F7D24AE8-36EC-4568-B33B-566E7D7383A5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F7D24AE8-36EC-4568-B33B-566E7D7383A5}\InprocServer32]
@="C:\\WINDOWS\\system32\\okffilt.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{96B14D77-F843-4BAA-BE14-AF3AEB116BDD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{96B14D77-F843-4BAA-BE14-AF3AEB116BDD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{96B14D77-F843-4BAA-BE14-AF3AEB116BDD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{96B14D77-F843-4BAA-BE14-AF3AEB116BDD}\InprocServer32]
@="C:\\WINDOWS\\system32\\pnofmap.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{BA217DFC-EBB7-43E4-A454-3B39503B24C9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BA217DFC-EBB7-43E4-A454-3B39503B24C9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BA217DFC-EBB7-43E4-A454-3B39503B24C9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BA217DFC-EBB7-43E4-A454-3B39503B24C9}\InprocServer32]
@="C:\\WINDOWS\\system32\\kqdcr.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\system32\aqycfilt.dll
C:\WINDOWS\system32\csrpol.dll
C:\WINDOWS\system32\dswsockx.dll
C:\WINDOWS\system32\fpjm0311e.dll
C:\WINDOWS\system32\hrr2059oe.dll
C:\WINDOWS\system32\hrro0593e.dll
C:\WINDOWS\system32\irj8l51u1.dll
C:\WINDOWS\system32\j4n20e5oeh.dll
C:\WINDOWS\system32\k4pm0e71eh.dll
C:\WINDOWS\system32\k8260ifse8260.dll
C:\WINDOWS\system32\kqdcr.dll
C:\WINDOWS\system32\l8r0li9m18.dll
C:\WINDOWS\system32\m2nqlc551f.dll
C:\WINDOWS\system32\mv26l9fs1.dll
C:\WINDOWS\system32\mv2ml9f11.dll
C:\WINDOWS\system32\mv84l9lq1.dll
C:\WINDOWS\system32\nfrsfr.dll
C:\WINDOWS\system32\pmbase.dll
C:\WINDOWS\system32\pnofmap.dll
C:\WINDOWS\system32\szrrnde.dll
C:\WINDOWS\system32\witdecod.dll
C:\WINDOWS\system32\wktdecod.dll


Granting sedebugprivilege to Administratoren ... successful


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\teller2.chk
C:\dfndrff_e16.exe
C:\dfndrff_e18.exe
C:\drsmartload.exe
C:\drsmartload45a45a45o.exe
C:\deskbar.exe
C:\deskbar_e18.exe
C:\warebundlenewer.exe
C:\ac3_0010.exe
C:\ucmoreiex.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\NetMon
C:\Programme\network monitor
C:\Programme\TheSearchAccelerator
C:\Programme\Deskbar


((((((((((((((((((((((((((((((( Files Created from 2006-08-30 to 2006-09-30 ))))))))))))))))))))))))))))))))))


2006-09-30 14:16 6,694 --------- C:\WINDOWS\system32\.exe
2006-09-30 13:39 40,973 ---hs---- C:\WINDOWS\system32\khfedab.dll
2006-09-28 14:55 1,233 --a------ C:\WINDOWS\system32\orx0cd35.sys
2006-09-28 14:54 175,900 --a------ C:\pro3_install.exe
2006-09-24 16:36 40,973 --------- C:\WINDOWS\system32\nnnopol.dll
2006-09-24 15:46 95,232 -r-hs---- C:\WINDOWS\winlogon.exe
2006-09-23 12:05 234,272 -r--s---- C:\WINDOWS\system32\khdes.dll
2006-09-23 10:53 578,560 --a------ C:\Installer4.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-30 14:30 -------- d-------- C:\Dokumente und Einstellungen\Besitzer.USER1-CO4CMGA9J\Anwendungsdaten\OpenOffice.org2
2006-09-30 14:16 6694 --------- C:\WINDOWS\system32\.exe
2006-09-30 13:57 -------- d-------- C:\Programme\CleanUp!
2006-09-28 14:54 -------- d-------- C:\Programme\ICQToolbar
2006-09-23 11:27 -------- d-------- C:\Dokumente und Einstellungen\Besitzer.USER1-CO4CMGA9J\Anwendungsdaten\Skype
2006-09-23 10:38 -------- d-------- C:\Programme\ArcorOnline
2006-09-04 20:20 -------- d-------- C:\Programme\Lexmark X1100 Series
2006-08-30 14:07 -------- d-------- C:\Programme\ICQLite
2006-08-22 10:20 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-07-21 14:45 8760 --a------ C:\WINDOWS\system32\host.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Skype"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"Dialer Control"="C:\\Programme\\Dialer Control\\dc.exe"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"InCD"="C:\\Programme\\Ahead\\InCD\\InCD.exe"
"Lexmark X1100 Series"="\"C:\\Programme\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"orx0cd35"="RUNDLL32.EXE w00704b1.dll,n 0050cd300000000a00704b1"
"internet service"="sssvhost.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]
"internet service"="sssvhost.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnopol

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 30.09.2006 14:33:41.78
ComboFix.txt
ComboFix2.txt





Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2462-6EED

Verzeichnis von c:\

30.09.2006 14:36 0 dirdat.txt
30.09.2006 14:33 9.783 ComboFix.txt
30.09.2006 14:33 352.321.536 pagefile.sys
30.09.2006 14:16 175.900 pro3_install.exe
30.09.2006 14:12 181 ComboFix2.txt
23.09.2006 10:53 578.560 Installer4.exe
29.03.2004 13:07 168 setupfax.log
16.01.2004 20:46 1.091 INSTALL.LOG
11.12.2003 02:52 194 boot.ini
10.12.2003 12:48 0 MSDOS.SYS
10.12.2003 12:48 0 IO.SYS
10.12.2003 12:48 0 CONFIG.SYS
10.12.2003 12:48 0 AUTOEXEC.BAT
02.04.2003 14:00 235.296 ntldr
02.04.2003 14:00 47.580 NTDETECT.COM
02.04.2003 14:00 4.952 bootfont.bin
06.01.2002 20:48 0 nvlog.txt
24.05.2001 13:59 162.304 UNWISE.EXE
18 Datei(en) 353.537.545 Bytes
0 Verzeichnis(se), 14.473.838.592 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2462-6EED

Verzeichnis von C:\WINDOWS\system32

30.09.2006 14:16 6.694 .exe
30.09.2006 13:39 67 o
30.09.2006 13:39 40.973 khfedab.dll
30.09.2006 13:28 13.646 wpa.dbl
28.09.2006 14:55 1.233 orx0cd35.sys
24.09.2006 16:36 40.973 nnnopol.dll
24.09.2006 15:46 69 i
23.09.2006 12:05 234.272 khdes.dll
21.07.2006 14:45 8.760 host.exe
21.07.2006 14:44 79 qaz
15.06.2006 18:33 57.384 avsda.dll
26.03.2006 11:25 51.358 perfc009.dat
26.03.2006 11:25 351.080 perfh009.dat
26.03.2006 11:25 363.708 perfh007.dat
26.03.2006 11:25 61.834 perfc007.dat
26.03.2006 11:25 837.074 PerfStringBackup.INI
13.12.2005 14:35 261.432 FNTCACHE.DAT
19.09.2005 07:00 119.856 sirenacm.dll
15.09.2005 14:28 56.320 SP7311.AX
09.08.2005 19:21 65.536 WinRas32.ocx
18.07.2005 09:05 1.047.552 mfc71u.dll
06.07.2005 14:59 348.160 msvcr71.dll
26.05.2005 04:16 41.240 wups.dll
26.05.2005 04:16 173.536 wuweb.dll
26.05.2005 04:16 1.343.768 wuaueng.dll
26.05.2005 04:16 18.200 wups2.dll
26.05.2005 04:16 198.424 iuengine.dll
26.05.2005 04:16 75.544 cdm.dll
26.05.2005 04:16 174.872 wuaucpl.cpl
26.05.2005 04:16 194.840 wuaueng1.dll
26.05.2005 04:16 128.280 wucltui.dll
26.05.2005 04:16 466.200 wuapi.dll
26.05.2005 04:16 124.696 wuauclt.exe
26.05.2005 04:16 174.872 wuauclt1.exe
04.05.2005 14:45 271.360 msihnd.dll
04.05.2005 14:45 884.736 msimsg.dll
04.05.2005 14:45 78.848 msiexec.exe
04.05.2005 14:45 15.360 msisip.dll
04.05.2005 14:45 2.890.240 msi.dll
04.05.2005 14:45 15.072 spmsg.dll
10.04.2005 19:44 0 TFTP1984
25.02.2005 05:34 22.752 spupdsvc.exe
14.01.2005 09:32 53.248 PAStiSvc.exe
18.11.2004 19:28 566.272 NexPlayerX.dll
17.11.2004 10:28 10.240 P7311USD.DLL
02.07.2004 00:08 17.408 qmgrprxy.dll
02.07.2004 00:08 7.168 bitsprx3.dll
02.07.2004 00:08 7.680 bitsprx2.dll
02.07.2004 00:08 331.776 winhttp.dll
02.07.2004 00:08 360.448 qmgr.dll
30.06.2004 17:00 183.808 xpob2res.dll
23.02.2004 20:42 1.386.496 msvbvm60.dll
13.12.2003 14:03 13.646 wpa.bak
11.12.2003 03:03 25.065 wmpscheme.xml
11.12.2003 02:58 261 $winnt$.inf
11.12.2003 02:56 2.951 CONFIG.NT
11.12.2003 02:56 16.832 amcompat.tlb
Seitenanfang Seitenende
01.10.2006, 15:01
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#5 bringe den avenger per USB-Stick oder Diskette auf deinen Rechner.

Avenger
http://virus-protect.org/artikel/tools/avenger.html

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS_SPOOLER_SERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Spooler Service
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_SPOOLER_SERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows Spooler Service
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_SPOOLER_SERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Spooler Service
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnopol

Files to delete:
c:\Installer4.exe
c:\pro3_install.exe
C:\WINDOWS\winlogon.exe
C:\WINDOWS\system32\sssvhost.exe
C:\WINDOWS\system32\w00704b1.dll
C:\WINDOWS\system32\.exe
C:\WINDOWS\system32\o
C:\WINDOWS\system32\khfedab.dll
C:\WINDOWS\system32\orx0cd35.sys
C:\WINDOWS\system32\nnnopol.dll
C:\WINDOWS\system32\i
C:\WINDOWS\system32\khdes.dll
C:\WINDOWS\system32\host.exe
C:\WINDOWS\system32\qaz
C:\WINDOWS\system32\TFTP1984

Folders to delete:
C:\Programme\TheSearchAccelerator

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Programme\Deskbar\deskbar.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\System32\nnnopol.dll

O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Programme\TheSearchAccelerator\UCMTSAIE.dll

O4 - HKLM\..\Run: [newname] C:\\nwnmff_e16.exe
O4 - HKLM\..\Run: [defender] c:\\dfndrff_e18.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_e18.exe
O4 - HKLM\..\Run: [orx0cd35] RUNDLL32.EXE w00704b1.dll,n 0050cd300000000a00704b1
O4 - HKLM\..\Run: [internet service] sssvhost.exe
O4 - HKLM\..\RunServices: [internet service] sssvhost.exe

O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\hrro0593e.dll
O20 - Winlogon Notify: nnnopol - C:\WINDOWS\SYSTEM32\nnnopol.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\nwwrsko.dll (file missing)

ServiceFilter.zip
http://virus-protect.org/artikel/tools/ServiceFilter.zip

- entzippen
- doppelklick auf die datei ServiceFilter.vbs
- versions-nummer bestätigen
- scannen
- öffnen von wordpad oder editor erlauben
- POST_THIS.TXT abkopieren
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
01.10.2006, 15:42
Kross
Member

Themenstarter

Beiträge: 21
#6 Der avenger gibt mir eine Fehlermeldung:
Error: could not create zip file
Error code: 0

Habe danach Hijack laufen lassen. Es waren aber nicht alle Einträge vorhanden.
Nach dem Neustart kam kein avenger log. Und im Ordner von avenger ist auch keine Textdatei.


Hier der ServiceFilter log:

The script did not recognize the services listed below.
This does not mean that they are a problem.

To copy the entire contents of this document for posting:
At the top of this window click "Edit" then "Select All"
Next click "Edit" again then "Copy"
Now right click in the forum post box then click "Paste"

########################################

ServiceFilter 1.1
by rand1038

Microsoft Windows XP Home Edition
Version: 5.1.2600 Service Pack 1
Okt 1, 2006 16:22:50


---> Begin Service Listing <---

Unknown Service # 1
Service Name: AntiVirScheduler
Display Name: AntiVir Scheduler
Start Mode: Auto
Start Name: LocalSystem
Description: Dienst zur Planung und Steuerung von Prüf- und Updateaufgaben der AntiVir PersonalEdition ...
Service Type: Own Process
Path: c:\programme\antivir personaledition classic\sched.exe
State: Running
Process ID: 1592
Started: Wahr
Exit Code: 0
Accept Pause: Wahr
Accept Stop: Wahr

Unknown Service # 2
Service Name: AntiVirService
Display Name: AntiVir PersonalEdition Classic Service
Start Mode: Auto
Start Name: LocalSystem
Description: Echtzeit Virenschutz durch H+BEDV AntiVir ...
Service Type: Own Process
Path: c:\programme\antivir personaledition classic\avguard.exe
State: Running
Process ID: 1612
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 3
Service Name: cmdService
Display Name: Command Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\windows\dxnlcje\command.exe
State: Running
Process ID: 1632
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 4
Service Name: hwclock
Display Name: Hardware Clock Driver
Start Mode: Auto
Start Name: LocalSystem
Description: Enables a computer to save and restore system time information using the hardware clock. Stopping ...
Service Type: Own Process
Path:
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 3
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 5
Service Name: Network Confg System
Display Name: Network Confg System
Start Mode: Auto
Start Name: LocalSystem
Description: Network Confg ...
Service Type: Own Process
Path: "c:\windows\system32\lviss.exe"
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 6
Service Name: Network Monitor
Display Name: Network Monitor
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\programme\network monitor\netmon.exe service
State: Running
Process ID: 1688
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 7
Service Name: STI Simulator
Display Name: STI Simulator
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\windows\system32\pastisvc.exe
State: Running
Process ID: 1780
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service #8
Service Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Start Mode: Manual
Start Name: LocalSystem
Description: Verwaltet Software-basierte Schattenkopien des Volumeschattenkopie-Dienstes. Software-basierte ...
Service Type: Own Process
Path: c:\windows\system32\dllhost.exe /processid:{6cc54972-8f72-477d-bc0e-891fdc10bd36}
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 9
Service Name: xmlprovman
Display Name: Network Provision Managing Service
Start Mode: Auto
Start Name: LocalSystem
Description: Manages XML configuration files on a domain basis for automatic network ...
Service Type: Own Process
Path: "c:\windows\system32\provsvc.exe"
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Falsch

---> End Service Listing <---

There are 84 Win32 services on this machine.
9 were unrecognized.

Script Execution Time: 1,90625 seconds.



Hoffe, du kannst mir da weiter helfen.
Danke!
Dieser Beitrag wurde am 01.10.2006 um 16:33 Uhr von Kross editiert.
Seitenanfang Seitenende
01.10.2006, 17:48
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#7 ««
ich habe den avenger text editiert
kopiere solange den text in den avenger, bis er durchlaeuft und der rechner neustartet
dann poste das log , was nach neustart erscheint
--------------------------------------------------------

Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren)

Network Provision Managing Service

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.

"Enter search strings" (reinschreiben oder reinkopieren)


STI Simulator

in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.

««
"Enter search strings" (reinschreiben oder reinkopieren)

Network Monitor

n edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.

««
"Enter search strings" (reinschreiben oder reinkopieren)

Network Confg System

n edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.

Command Service

n edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.


"Enter search strings" (reinschreiben oder reinkopieren)

Hardware Clock Driver

n edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.

http://www.viruslist.com/de/viruses/encyclopedia?virusid=76726
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
01.10.2006, 18:17
Kross
Member

Themenstarter

Beiträge: 21
#8 Vielen Dank für die Mühe!
Hier schon mal der avenger log:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\lvrebxls

*******************

Script file located at: \??\C:\okuuoohq.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS_SPOOLER_SERVICE\0000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS_SPOOLER_SERVICE\0000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINDOWS_SPOOLER_SERVICE\0000
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Spooler Service not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Spooler Service failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Spooler Service
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_SPOOLER_SERVICE\0000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_SPOOLER_SERVICE\0000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINDOWS_SPOOLER_SERVICE\0000
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows Spooler Service not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows Spooler Service failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows Spooler Service
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_SPOOLER_SERVICE\0000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_SPOOLER_SERVICE\0000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWS_SPOOLER_SERVICE\0000
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Spooler Service not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Spooler Service failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Spooler Service
Status: 0xc0000034



File c:\Installer4.exe not found!
Deletion of file c:\Installer4.exe failed!

Could not process line:
c:\Installer4.exe
Status: 0xc0000034



File c:\pro3_install.exe not found!
Deletion of file c:\pro3_install.exe failed!

Could not process line:
c:\pro3_install.exe
Status: 0xc0000034



File C:\WINDOWS\winlogon.exe not found!
Deletion of file C:\WINDOWS\winlogon.exe failed!

Could not process line:
C:\WINDOWS\winlogon.exe
Status: 0xc0000034



File C:\WINDOWS\system32\sssvhost.exe not found!
Deletion of file C:\WINDOWS\system32\sssvhost.exe failed!

Could not process line:
C:\WINDOWS\system32\sssvhost.exe
Status: 0xc0000034



File C:\WINDOWS\system32\w00704b1.dll not found!
Deletion of file C:\WINDOWS\system32\w00704b1.dll failed!

Could not process line:
C:\WINDOWS\system32\w00704b1.dll
Status: 0xc0000034



File C:\WINDOWS\system32\.exe not found!
Deletion of file C:\WINDOWS\system32\.exe failed!

Could not process line:
C:\WINDOWS\system32\.exe
Status: 0xc0000034



File C:\WINDOWS\system32\o not found!
Deletion of file C:\WINDOWS\system32\o failed!

Could not process line:
C:\WINDOWS\system32\o
Status: 0xc0000034



File C:\WINDOWS\system32\khfedab.dll not found!
Deletion of file C:\WINDOWS\system32\khfedab.dll failed!

Could not process line:
C:\WINDOWS\system32\khfedab.dll
Status: 0xc0000034



File C:\WINDOWS\system32\orx0cd35.sys not found!
Deletion of file C:\WINDOWS\system32\orx0cd35.sys failed!

Could not process line:
C:\WINDOWS\system32\orx0cd35.sys
Status: 0xc0000034



File C:\WINDOWS\system32\nnnopol.dll not found!
Deletion of file C:\WINDOWS\system32\nnnopol.dll failed!

Could not process line:
C:\WINDOWS\system32\nnnopol.dll
Status: 0xc0000034



File C:\WINDOWS\system32\i not found!
Deletion of file C:\WINDOWS\system32\i failed!

Could not process line:
C:\WINDOWS\system32\i
Status: 0xc0000034



File C:\WINDOWS\system32\khdes.dll not found!
Deletion of file C:\WINDOWS\system32\khdes.dll failed!

Could not process line:
C:\WINDOWS\system32\khdes.dll
Status: 0xc0000034



File C:\WINDOWS\system32\host.exe not found!
Deletion of file C:\WINDOWS\system32\host.exe failed!

Could not process line:
C:\WINDOWS\system32\host.exe
Status: 0xc0000034



File C:\WINDOWS\system32\qaz not found!
Deletion of file C:\WINDOWS\system32\qaz failed!

Could not process line:
C:\WINDOWS\system32\qaz
Status: 0xc0000034



File C:\WINDOWS\system32\TFTP1984 not found!
Deletion of file C:\WINDOWS\system32\TFTP1984 failed!

Could not process line:
C:\WINDOWS\system32\TFTP1984
Status: 0xc0000034



Folder C:\Programme\TheSearchAccelerator not found!
Deletion of folder C:\Programme\TheSearchAccelerator failed!

Could not process line:
C:\Programme\TheSearchAccelerator
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnopol not found!
Deletion of registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnopol failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
Seitenanfang Seitenende
01.10.2006, 18:18
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#9 fein ;)
nun arbeite regseach ab ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
01.10.2006, 18:32
Kross
Member

Themenstarter

Beiträge: 21
#10 Abgearbeitet ;)

REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 01.10.2006 18:19:44 for strings:
; 'network provision managing service'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_XMLPROVMAN\0000]
"DeviceDesc"="Network Provision Managing Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprovman]
"DisplayName"="Network Provision Managing Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_XMLPROVMAN\0000]
"DeviceDesc"="Network Provision Managing Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\xmlprovman]
"DisplayName"="Network Provision Managing Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_XMLPROVMAN\0000]
"DeviceDesc"="Network Provision Managing Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xmlprovman]
"DisplayName"="Network Provision Managing Service"

; End Of The Log...














REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 01.10.2006 18:21:41 for strings:
; 'sti simulator'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_STI_SIMULATOR\0000]
"Service"="STI Simulator"
"DeviceDesc"="STI Simulator"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_STI_SIMULATOR\0000\Control]
"ActiveService"="STI Simulator"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter Wmdm
; WmdmPmSp WinMgmt Winlogo
; WinMgmt Winlogon Windows Product
; Winlogon Windows Product Activation Windo
; Windows Product Activation Windows 3.1 Migration WebClient VSS VBRun
; Windows 3.1 Migration WebClient VSS VBRuntime Userinit Userenv UploadM SysmonLog STI Simul
; WebClient VSS VBRuntime Userinit Userenv UploadM SysmonLog STI Simulator SpoolerCtrs Software Instal
; VSS VBRuntime Userinit Userenv UploadM SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtf
; VBRuntime Userinit Userenv UploadM SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCl
; Userinit Userenv UploadM SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SA
; Userenv UploadM SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc Pe
; UploadM SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Per
; SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfD
; STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Fil
; SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroChe
; Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC
; SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Offi
; SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft
; SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephon
; Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Prov
; safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H
; SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Fo
; PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection
; PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment
; PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESE
; Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatso
; Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota cryp
; PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkds
; Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment A
; Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Mana
; Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Ha
; ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application E
; NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; AutoEnrollment Autochk Application Management Application Hang Application Error Application
; Autochk Application Management Application Hang Application Error Application
; Application Management Application Hang Application Error Application
; Application Hang Application Error Application
; Application Error Application
; Application
;
"Sources"=hex(7):57,53,48,00,57,4d,49,41,64,61,70,74,65,72,00,57,6d,64,6d,50,\
6d,53,70,00,57,69,6e,4d,67,6d,74,00,57,69,6e,6c,6f,67,6f,6e,00,57,69,6e,64,\
6f,77,73,20,50,72,6f,64,75,63,74,20,41,63,74,69,76,61,74,69,6f,6e,00,57,69,\
6e,64,6f,77,73,20,33,2e,31,20,4d,69,67,72,61,74,69,6f,6e,00,57,65,62,43,6c,\
69,65,6e,74,00,56,53,53,00,56,42,52,75,6e,74,69,6d,65,00,55,73,65,72,69,6e,\
69,74,00,55,73,65,72,65,6e,76,00,55,70,6c,6f,61,64,4d,00,53,79,73,6d,6f,6e,\
4c,6f,67,00,53,54,49,20,53,69,6d,75,6c,61,74,6f,72,00,53,70,6f,6f,6c,65,72,\
43,74,72,73,00,53,6f,66,74,77,61,72,65,20,49,6e,73,74,61,6c,6c,61,74,69,6f,\
6e,00,53,63,6c,67,4e,74,66,79,00,53,63,65,53,72,76,00,53,63,65,43,6c,69,00,\
53,61,6e,64,72,61,00,73,61,66,72,73,6c,76,00,53,41,46,72,64,6d,73,00,50,65,\
72,66,50,72,6f,63,00,50,65,72,66,4f,53,00,50,65,72,66,4e,65,74,00,50,65,72,\
66,6d,6f,6e,00,50,65,72,66,6c,69,62,00,50,65,72,66,44,69,73,6b,00,50,65,72,\
66,63,74,72,73,00,4f,66,66,6c,69,6e,65,20,46,69,6c,65,73,00,4f,61,6b,6c,65,\
79,00,6e,74,62,61,63,6b,75,70,00,4e,65,72,6f,43,68,65,63,6b,00,4d,73,69,49,\
6e,73,74,61,6c,6c,65,72,00,4d,53,44,54,43,20,43,6c,69,65,6e,74,00,4d,53,44,\
54,43,00,4d,53,44,4d,69,6e,65,00,6d,6e,6d,73,72,76,63,00,4d,69,63,72,6f,73,\
6f,66,74,20,4f,66,66,69,63,65,20,31,30,00,4d,69,63,72,6f,73,6f,66,74,20,48,\
2e,33,32,33,20,54,65,6c,65,70,68,6f,6e,79,20,53,65,72,76,69,63,65,20,50,72,\
6f,76,69,64,65,72,00,4c,6f,61,64,50,65,72,66,00,48,2b,42,45,44,56,20,41,6e,\
74,69,76,69,72,00,46,6f,6c,64,65,72,20,52,65,64,69,72,65,63,74,69,6f,6e,00,\
46,69,6c,65,20,44,65,70,6c,6f,79,6d,65,6e,74,00,45,76,65,6e,74,53,79,73,74,\
65,6d,00,45,53,45,4e,54,00,45,41,50,4f,4c,00,44,72,57,61,74,73,6f,6e,00,44,\
69,73,6b,51,75,6f,74,61,00,63,72,79,70,74,33,32,00,43,4f,4d,2b,00,43,69,00,\
43,68,6b,64,73,6b,00,41,75,74,6f,45,6e,72,6f,6c,6c,6d,65,6e,74,00,41,75,74,\
6f,63,68,6b,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,4d,61,6e,61,67,65,6d,65,\
6e,74,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,48,61,6e,67,00,41,70,70,6c,69,\
63,61,74,69,6f,6e,20,45,72,72,6f,72,00,41,70,70,6c,69,63,61,74,69,6f,6e,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\STI Simulator]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\STI Simulator]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\STI Simulator]
"DisplayName"="STI Simulator"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\STI Simulator\PAC207]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\STI Simulator\PAC7311]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\STI Simulator\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\STI Simulator\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_STI_SIMULATOR\0000]
"Service"="STI Simulator"
"DeviceDesc"="STI Simulator"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter Wmdm
; WmdmPmSp WinMgmt Winlogo
; WinMgmt Winlogon Windows Product
; Winlogon Windows Product Activation Windo
; Windows Product Activation Windows 3.1 Migration WebClient VSS VBRun
; Windows 3.1 Migration WebClient VSS VBRuntime Userinit Userenv UploadM SysmonLog STI Simul
; WebClient VSS VBRuntime Userinit Userenv UploadM SysmonLog STI Simulator SpoolerCtrs Software Instal
; VSS VBRuntime Userinit Userenv UploadM SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtf
; VBRuntime Userinit Userenv UploadM SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCl
; Userinit Userenv UploadM SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SA
; Userenv UploadM SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc Pe
; UploadM SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Per
; SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfD
; STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Fil
; SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroChe
; Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC
; SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Offi
; SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft
; SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephon
; Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Prov
; safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H
; SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Fo
; PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection
; PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment
; PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESE
; Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatso
; Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota cryp
; PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkds
; Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment A
; Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Mana
; Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Ha
; ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application E
; NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; AutoEnrollment Autochk Application Management Application Hang Application Error Application
; Autochk Application Management Application Hang Application Error Application
; Application Management Application Hang Application Error Application
; Application Hang Application Error Application
; Application Error Application
; Application
;
"Sources"=hex(7):57,53,48,00,57,4d,49,41,64,61,70,74,65,72,00,57,6d,64,6d,50,\
6d,53,70,00,57,69,6e,4d,67,6d,74,00,57,69,6e,6c,6f,67,6f,6e,00,57,69,6e,64,\
6f,77,73,20,50,72,6f,64,75,63,74,20,41,63,74,69,76,61,74,69,6f,6e,00,57,69,\
6e,64,6f,77,73,20,33,2e,31,20,4d,69,67,72,61,74,69,6f,6e,00,57,65,62,43,6c,\
69,65,6e,74,00,56,53,53,00,56,42,52,75,6e,74,69,6d,65,00,55,73,65,72,69,6e,\
69,74,00,55,73,65,72,65,6e,76,00,55,70,6c,6f,61,64,4d,00,53,79,73,6d,6f,6e,\
4c,6f,67,00,53,54,49,20,53,69,6d,75,6c,61,74,6f,72,00,53,70,6f,6f,6c,65,72,\
43,74,72,73,00,53,6f,66,74,77,61,72,65,20,49,6e,73,74,61,6c,6c,61,74,69,6f,\
6e,00,53,63,6c,67,4e,74,66,79,00,53,63,65,53,72,76,00,53,63,65,43,6c,69,00,\
53,61,6e,64,72,61,00,73,61,66,72,73,6c,76,00,53,41,46,72,64,6d,73,00,50,65,\
72,66,50,72,6f,63,00,50,65,72,66,4f,53,00,50,65,72,66,4e,65,74,00,50,65,72,\
66,6d,6f,6e,00,50,65,72,66,6c,69,62,00,50,65,72,66,44,69,73,6b,00,50,65,72,\
66,63,74,72,73,00,4f,66,66,6c,69,6e,65,20,46,69,6c,65,73,00,4f,61,6b,6c,65,\
79,00,6e,74,62,61,63,6b,75,70,00,4e,65,72,6f,43,68,65,63,6b,00,4d,73,69,49,\
6e,73,74,61,6c,6c,65,72,00,4d,53,44,54,43,20,43,6c,69,65,6e,74,00,4d,53,44,\
54,43,00,4d,53,44,4d,69,6e,65,00,6d,6e,6d,73,72,76,63,00,4d,69,63,72,6f,73,\
6f,66,74,20,4f,66,66,69,63,65,20,31,30,00,4d,69,63,72,6f,73,6f,66,74,20,48,\
2e,33,32,33,20,54,65,6c,65,70,68,6f,6e,79,20,53,65,72,76,69,63,65,20,50,72,\
6f,76,69,64,65,72,00,4c,6f,61,64,50,65,72,66,00,48,2b,42,45,44,56,20,41,6e,\
74,69,76,69,72,00,46,6f,6c,64,65,72,20,52,65,64,69,72,65,63,74,69,6f,6e,00,\
46,69,6c,65,20,44,65,70,6c,6f,79,6d,65,6e,74,00,45,76,65,6e,74,53,79,73,74,\
65,6d,00,45,53,45,4e,54,00,45,41,50,4f,4c,00,44,72,57,61,74,73,6f,6e,00,44,\
69,73,6b,51,75,6f,74,61,00,63,72,79,70,74,33,32,00,43,4f,4d,2b,00,43,69,00,\
43,68,6b,64,73,6b,00,41,75,74,6f,45,6e,72,6f,6c,6c,6d,65,6e,74,00,41,75,74,\
6f,63,68,6b,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,4d,61,6e,61,67,65,6d,65,\
6e,74,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,48,61,6e,67,00,41,70,70,6c,69,\
63,61,74,69,6f,6e,20,45,72,72,6f,72,00,41,70,70,6c,69,63,61,74,69,6f,6e,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\STI Simulator]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\STI Simulator]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\STI Simulator]
"DisplayName"="STI Simulator"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\STI Simulator\PAC207]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\STI Simulator\PAC7311]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\STI Simulator\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_STI_SIMULATOR\0000]
"Service"="STI Simulator"
"DeviceDesc"="STI Simulator"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_STI_SIMULATOR\0000\Control]
"ActiveService"="STI Simulator"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter Wmdm
; WmdmPmSp WinMgmt Winlogo
; WinMgmt Winlogon Windows Product
; Winlogon Windows Product Activation Windo
; Windows Product Activation Windows 3.1 Migration WebClient VSS VBRun
; Windows 3.1 Migration WebClient VSS VBRuntime Userinit Userenv UploadM SysmonLog STI Simul
; WebClient VSS VBRuntime Userinit Userenv UploadM SysmonLog STI Simulator SpoolerCtrs Software Instal
; VSS VBRuntime Userinit Userenv UploadM SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtf
; VBRuntime Userinit Userenv UploadM SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCl
; Userinit Userenv UploadM SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SA
; Userenv UploadM SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc Pe
; UploadM SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Per
; SysmonLog STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfD
; STI Simulator SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Fil
; SpoolerCtrs Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroChe
; Software Installation SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC
; SclgNtfy SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Offi
; SceSrv SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft
; SceCli Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephon
; Sandra safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Prov
; safrslv SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H
; SAFrdms PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Fo
; PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection
; PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment
; PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESE
; Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatso
; Perflib PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota cryp
; PerfDisk Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkds
; Perfctrs Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment A
; Offline Files Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Mana
; Oakley ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Ha
; ntbackup NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application E
; NeroCheck MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; MsiInstaller MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; MSDTC Client MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; MSDTC MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; MSDMine mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; mnmsrvc Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; Microsoft Office 10 Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; Microsoft H.323 Telephony Service Provider LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; LoadPerf H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; H+BEDV Antivir Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; Folder Redirection File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; File Deployment EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; EventSystem ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; ESENT EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; EAPOL DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; DrWatson DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; DiskQuota crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; crypt32 COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; COM+ Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; Ci Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; Chkdsk AutoEnrollment Autochk Application Management Application Hang Application Error Application
; AutoEnrollment Autochk Application Management Application Hang Application Error Application
; Autochk Application Management Application Hang Application Error Application
; Application Management Application Hang Application Error Application
; Application Hang Application Error Application
; Application Error Application
; Application
;
"Sources"=hex(7):57,53,48,00,57,4d,49,41,64,61,70,74,65,72,00,57,6d,64,6d,50,\
6d,53,70,00,57,69,6e,4d,67,6d,74,00,57,69,6e,6c,6f,67,6f,6e,00,57,69,6e,64,\
6f,77,73,20,50,72,6f,64,75,63,74,20,41,63,74,69,76,61,74,69,6f,6e,00,57,69,\
6e,64,6f,77,73,20,33,2e,31,20,4d,69,67,72,61,74,69,6f,6e,00,57,65,62,43,6c,\
69,65,6e,74,00,56,53,53,00,56,42,52,75,6e,74,69,6d,65,00,55,73,65,72,69,6e,\
69,74,00,55,73,65,72,65,6e,76,00,55,70,6c,6f,61,64,4d,00,53,79,73,6d,6f,6e,\
4c,6f,67,00,53,54,49,20,53,69,6d,75,6c,61,74,6f,72,00,53,70,6f,6f,6c,65,72,\
43,74,72,73,00,53,6f,66,74,77,61,72,65,20,49,6e,73,74,61,6c,6c,61,74,69,6f,\
6e,00,53,63,6c,67,4e,74,66,79,00,53,63,65,53,72,76,00,53,63,65,43,6c,69,00,\
53,61,6e,64,72,61,00,73,61,66,72,73,6c,76,00,53,41,46,72,64,6d,73,00,50,65,\
72,66,50,72,6f,63,00,50,65,72,66,4f,53,00,50,65,72,66,4e,65,74,00,50,65,72,\
66,6d,6f,6e,00,50,65,72,66,6c,69,62,00,50,65,72,66,44,69,73,6b,00,50,65,72,\
66,63,74,72,73,00,4f,66,66,6c,69,6e,65,20,46,69,6c,65,73,00,4f,61,6b,6c,65,\
79,00,6e,74,62,61,63,6b,75,70,00,4e,65,72,6f,43,68,65,63,6b,00,4d,73,69,49,\
6e,73,74,61,6c,6c,65,72,00,4d,53,44,54,43,20,43,6c,69,65,6e,74,00,4d,53,44,\
54,43,00,4d,53,44,4d,69,6e,65,00,6d,6e,6d,73,72,76,63,00,4d,69,63,72,6f,73,\
6f,66,74,20,4f,66,66,69,63,65,20,31,30,00,4d,69,63,72,6f,73,6f,66,74,20,48,\
2e,33,32,33,20,54,65,6c,65,70,68,6f,6e,79,20,53,65,72,76,69,63,65,20,50,72,\
6f,76,69,64,65,72,00,4c,6f,61,64,50,65,72,66,00,48,2b,42,45,44,56,20,41,6e,\
74,69,76,69,72,00,46,6f,6c,64,65,72,20,52,65,64,69,72,65,63,74,69,6f,6e,00,\
46,69,6c,65,20,44,65,70,6c,6f,79,6d,65,6e,74,00,45,76,65,6e,74,53,79,73,74,\
65,6d,00,45,53,45,4e,54,00,45,41,50,4f,4c,00,44,72,57,61,74,73,6f,6e,00,44,\
69,73,6b,51,75,6f,74,61,00,63,72,79,70,74,33,32,00,43,4f,4d,2b,00,43,69,00,\
43,68,6b,64,73,6b,00,41,75,74,6f,45,6e,72,6f,6c,6c,6d,65,6e,74,00,41,75,74,\
6f,63,68,6b,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,4d,61,6e,61,67,65,6d,65,\
6e,74,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,48,61,6e,67,00,41,70,70,6c,69,\
63,61,74,69,6f,6e,20,45,72,72,6f,72,00,41,70,70,6c,69,63,61,74,69,6f,6e,00,\
00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\STI Simulator]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\STI Simulator]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\STI Simulator]
"DisplayName"="STI Simulator"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\STI Simulator\PAC207]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\STI Simulator\PAC7311]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\STI Simulator\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\STI Simulator\Enum]

; End Of The Log...









REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 01.10.2006 18:23:03 for strings:
; 'network monitor'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}]
"DisplayName"="Network Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000]
"Service"="Network Monitor"
"DeviceDesc"="Network Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000\Control]
"ActiveService"="Network Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor]
; Contents of value:
; c:\programme\network monitor\netmon.exe service
"ImagePath"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,6d,65,5c,4e,65,74,77,6f,72,6b,\
20,4d,6f,6e,69,74,6f,72,5c,6e,65,74,6d,6f,6e,2e,65,78,65,20,73,65,72,76,69,\
63,65,00
"DisplayName"="Network Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000]
"Service"="Network Monitor"
"DeviceDesc"="Network Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor]
; Contents of value:
; c:\programme\network monitor\netmon.exe service
"ImagePath"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,6d,65,5c,4e,65,74,77,6f,72,6b,\
20,4d,6f,6e,69,74,6f,72,5c,6e,65,74,6d,6f,6e,2e,65,78,65,20,73,65,72,76,69,\
63,65,00
"DisplayName"="Network Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000]
"Service"="Network Monitor"
"DeviceDesc"="Network Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000\Control]
"ActiveService"="Network Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor]
; Contents of value:
; c:\programme\network monitor\netmon.exe service
"ImagePath"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,6d,65,5c,4e,65,74,77,6f,72,6b,\
20,4d,6f,6e,69,74,6f,72,5c,6e,65,74,6d,6f,6e,2e,65,78,65,20,73,65,72,76,69,\
63,65,00
"DisplayName"="Network Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor\Enum]

; End Of The Log...




REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 01.10.2006 18:24:35 for strings:
; 'network confg system'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_CONFG_SYSTEM\0000]
"Service"="Network Confg System"
"DeviceDesc"="Network Confg System"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Confg System]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Confg System]
"DisplayName"="Network Confg System"
"Description"="Network Confg System"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Confg System\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Confg System\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_CONFG_SYSTEM\0000]
"Service"="Network Confg System"
"DeviceDesc"="Network Confg System"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Confg System]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Confg System]
"DisplayName"="Network Confg System"
"Description"="Network Confg System"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Confg System\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_CONFG_SYSTEM\0000]
"Service"="Network Confg System"
"DeviceDesc"="Network Confg System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Confg System]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Confg System]
"DisplayName"="Network Confg System"
"Description"="Network Confg System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Confg System\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Confg System\Enum]

; End Of The Log...









REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 01.10.2006 18:25:45 for strings:
; 'command service'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000]
"DeviceDesc"="Command Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService]
"DisplayName"="Command Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]
"DeviceDesc"="Command Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService]
"DisplayName"="Command Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000]
"DeviceDesc"="Command Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService]
"DisplayName"="Command Service"

; End Of The Log...







REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 01.10.2006 18:26:54 for strings:
; 'hardware clock driver'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HWCLOCK\0000]
"DeviceDesc"="Hardware Clock Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hwclock]
"DisplayName"="Hardware Clock Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_HWCLOCK\0000]
"DeviceDesc"="Hardware Clock Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hwclock]
"DisplayName"="Hardware Clock Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HWCLOCK\0000]
"DeviceDesc"="Hardware Clock Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hwclock]
"DisplayName"="Hardware Clock Driver"

; End Of The Log...
Seitenanfang Seitenende
01.10.2006, 18:48
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#11 Avenger

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HWCLOCK\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hwclock
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_HWCLOCK\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hwclock
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HWCLOCK\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hwclock
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_XMLPROVMAN\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprovman
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_XMLPROVMAN\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\xmlprovman
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_XMLPROVMAN\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xmlprovman
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_CONFG_SYSTEM\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Confg System
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Confg System
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_CONFG_SYSTEM\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Confg System
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_CONFG_SYSTEM\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Confg System





__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
01.10.2006, 19:05
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 arbeite den avenger oben ab, poste das log.
dann
scanne und poste den report
http://virus-protect.org/cureit.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
01.10.2006, 20:17
Kross
Member

Themenstarter

Beiträge: 21
#13 Sieht so aus, als hätte er noch einiges gefunden.
Hoffe, das war so geplant ;)
DrWeb hat wegen umbenennen gar nicht gefragt, sondern nur ob er desinfizieren soll. Da hab ich dann ja gesagt.

Hier also noch avenger und DrWeb:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ehpfhkcm

*******************

Script file located at: \??\C:\Program Files\lfwgrjhf.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_HWCLOCK\0000 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hwclock deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_HWCLOCK\0000 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hwclock deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HWCLOCK\0000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HWCLOCK\0000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HWCLOCK\0000
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hwclock not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hwclock failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hwclock
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CMDSERVICE\0000 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000 deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000\Control not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000\Control failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000\Control
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Monitor deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Monitor deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000\Control not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000\Control failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000\Control
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_XMLPROVMAN\0000 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprovman deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_XMLPROVMAN\0000 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\xmlprovman deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_XMLPROVMAN\0000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_XMLPROVMAN\0000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_XMLPROVMAN\0000
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xmlprovman not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xmlprovman failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xmlprovman
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_CONFG_SYSTEM\0000 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Confg System deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Confg System not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Confg System failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Network Confg System
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_CONFG_SYSTEM\0000 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Network Confg System deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_CONFG_SYSTEM\0000 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_CONFG_SYSTEM\0000 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_CONFG_SYSTEM\0000
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Confg System not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Confg System failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Confg System
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE} deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



Dr.Web(R) Scanner für Windows v4.33.2 (4.33.2.06080)
Copyright (c) Igor Daniloff, 1992-2006
Bericht erstellt auf: 2006-10-01, 19:24:26 [Besitzer]
Kommandozeile: "C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\cureit.exe" /lng:de-cureit.dwl /ini:cureit_XP.ini
Betriebssystem:Windows XP Home Edition x86 (Build 2600), Service Pack 1
=============================================================================
Suchmodul Version: 4.33 (4.33.4.07270)
API Version: 2.01
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crwtoday.cdb - 2437 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43354.cdb - 1283 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43353.cdb - 795 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43352.cdb - 2016 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43351.cdb - 941 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43350.cdb - 1020 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43349.cdb - 1008 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43348.cdb - 1096 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43347.cdb - 707 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43346.cdb - 1429 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43345.cdb - 1358 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43344.cdb - 694 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43343.cdb - 1186 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43342.cdb - 744 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43341.cdb - 841 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43340.cdb - 822 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43339.cdb - 1071 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43338.cdb - 989 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43337.cdb - 855 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43336.cdb - 1297 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43335.cdb - 1195 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43334.cdb - 900 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43333.cdb - 1381 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43332.cdb - 1340 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43331.cdb - 2735 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43330.cdb - 2078 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43329.cdb - 2490 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43328.cdb - 743 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43327.cdb - 958 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43326.cdb - 793 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43325.cdb - 713 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43324.cdb - 655 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43323.cdb - 655 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43322.cdb - 778 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43321.cdb - 846 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43320.cdb - 808 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43319.cdb - 764 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43318.cdb - 838 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43317.cdb - 363 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43316.cdb - 730 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43315.cdb - 627 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43314.cdb - 824 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43313.cdb - 842 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43312.cdb - 830 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43311.cdb - 862 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43310.cdb - 853 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43309.cdb - 733 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43308.cdb - 708 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43307.cdb - 839 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43306.cdb - 930 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43305.cdb - 759 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43304.cdb - 721 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43303.cdb - 638 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43302.cdb - 806 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43301.cdb - 504 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crw43300.cdb - 24 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crwebase.cdb - 78674 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\cwrtoday.cdb - 276 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\cwr43301.cdb - 697 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crwrisky.cdb - 1271 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\cwntoday.cdb - 619 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\cwn43304.cdb - 793 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\cwn43303.cdb - 766 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\cwn43302.cdb - 850 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\cwn43301.cdb - 773 Virus Einträge
[Virus-Datenbank] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\crwnasty.cdb - 4867 Virus Einträge
Summe der Vireneinträge: 145438
Lizenzschlüssel: C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\cureit.key
Lizenzchlüssel-Nummer: 0000000010
Registriert für:: Dr.Web CureIt Project
Lizenzschlüssel aktiviert!: 2005-03-05
Lizenzschlüssel wird ablaufen!: 2007-03-05

-----------------------------------------------------------------------------
Prüfstatistiken
-----------------------------------------------------------------------------
Geprüfte Objekte: 0
Infizierte Objekte gefunden: 0
Objekte mit Modifikation gefunden: 0
Verdächtige Objekte gefunden: 0
Adware-Programm gefunden: 0
Dialer-Programm gefunden: 0
Scherz-Programm gefunden: 0
Riskware programm gefunden: 0
Hacktool-Programm gefunden: 0
Desinfizierte Objekte: 0
Gelöschte Objekte: 0
Umbenannte Objekte: 0
Verschobene Objekte: 0
Ignorierte Objekte: 0
Leistung:: 0 Kb/s
Dauer:: 00:00:00
-----------------------------------------------------------------------------

[Prüfpfad] C:\WINDOWS\System32\smss.exe
[Prüfpfad] C:\WINDOWS\system32\csrss.exe
[Prüfpfad] C:\WINDOWS\system32\winlogon.exe
[Prüfpfad] C:\WINDOWS\system32\services.exe
[Prüfpfad] C:\WINDOWS\system32\lsass.exe
[Prüfpfad] C:\WINDOWS\system32\svchost.exe
[Prüfpfad] C:\WINDOWS\Explorer.EXE
[Prüfpfad] C:\WINDOWS\system32\LEXBCES.EXE
[Prüfpfad] C:\WINDOWS\system32\spoolsv.exe
[Prüfpfad] C:\WINDOWS\system32\LEXPPS.EXE
[Prüfpfad] C:\WINDOWS\System32\alg.exe
[Prüfpfad] C:\Programme\AntiVir PersonalEdition Classic\sched.exe
[Prüfpfad] C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
[Prüfpfad] C:\WINDOWS\System32\nvsvc32.exe
[Prüfpfad] C:\WINDOWS\System32\PAStiSvc.exe
[Prüfpfad] C:\Programme\Dialer Control\dc.exe
[Prüfpfad] C:\Programme\Ahead\InCD\InCD.exe
[Prüfpfad] C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe
[Prüfpfad] C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
[Prüfpfad] C:\Programme\ICQLite\ICQLite.exe
[Prüfpfad] C:\Programme\Lexmark X1100 Series\lxbkbmon.exe
[Prüfpfad] C:\WINDOWS\System32\ctfmon.exe
[Prüfpfad] C:\Programme\Messenger\msmsgs.exe
[Prüfpfad] C:\Programme\MSN Messenger\MsnMsgr.Exe
[Prüfpfad] C:\Programme\Skype\Phone\Skype.exe
[Prüfpfad] C:\Programme\Winzip\WZQKPICK.EXE
[Prüfpfad] C:\Programme\StarOffice6.0\program\soffice.exe
[Prüfpfad] C:\Programme\OpenOffice.org 2.0\program\soffice.exe
[Prüfpfad] C:\Programme\OpenOffice.org 2.0\program\soffice.BIN
[Prüfpfad] C:\WINDOWS\System32\wuauclt.exe
[Prüfpfad] C:\Dokumente und Einstellungen\Besitzer.USER1-CO4CMGA9J\Eigene Dateien\gegenviren\drweb\drweb-cureit.exe
[Prüfpfad] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\_start.exe
[Prüfpfad] C:\DOKUME~1\BESITZ~1.USE\LOKALE~1\Temp\RarSFX0\cureit.exe
[Prüfpfad] c:\windows\system32\nvcpl.dll
[Prüfpfad] C:\WINDOWS\System32\rundll32.exe
[Prüfpfad] C:\WINDOWS\System32\nwiz.exe
[Prüfpfad] C:\WINDOWS\system32\NeroCheck.exe
[Prüfpfad] C:\Dokumente und Einstellungen\Besitzer.USER1-CO4CMGA9J\Startmenü\Programme\Autostart\desktop.ini
[Prüfpfad] C:\Programme\OpenOffice.org 2.0\program\quickstart.exe
[Prüfpfad] C:\Programme\StarOffice6.0\program\quickstart.exe
[Prüfpfad] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
[Prüfpfad] C:\Programme\Microsoft Office\Office\OSA9.EXE
[Prüfpfad] C:\WINDOWS\System32\mmsys.cpl
[Prüfpfad] C:\WINDOWS\System32\icmui.dll
[Prüfpfad] C:\WINDOWS\System32\rshx32.dll
[Prüfpfad] C:\WINDOWS\System32\docprop.dll
[Prüfpfad] C:\WINDOWS\System32\ntshrui.dll
[Prüfpfad] C:\WINDOWS\System32\themeui.dll
[Prüfpfad] C:\WINDOWS\System32\deskadp.dll
[Prüfpfad] C:\WINDOWS\System32\deskmon.dll
[Prüfpfad] C:\WINDOWS\System32\dssec.dll
[Prüfpfad] C:\WINDOWS\System32\SlayerXP.dll
[Prüfpfad] C:\WINDOWS\System32\shscrap.dll
[Prüfpfad] C:\WINDOWS\System32\diskcopy.dll
[Prüfpfad] C:\WINDOWS\System32\ntlanui2.dll
[Prüfpfad] C:\WINDOWS\System32\printui.dll
[Prüfpfad] C:\WINDOWS\System32\dskquoui.dll
[Prüfpfad] C:\WINDOWS\System32\syncui.dll
[Prüfpfad] C:\WINDOWS\System32\hticons.dll
[Prüfpfad] C:\WINDOWS\System32\fontext.dll
[Prüfpfad] C:\WINDOWS\System32\deskperf.dll
[Prüfpfad] C:\WINDOWS\system32\cryptext.dll
[Prüfpfad] C:\WINDOWS\system32\NETSHELL.dll
[Prüfpfad] C:\WINDOWS\System32\wiashext.dll
[Prüfpfad] C:\WINDOWS\System32\remotepg.dll
[Prüfpfad] C:\WINDOWS\System32\wuaucpl.cpl
[Prüfpfad] C:\WINDOWS\System32\wshext.dll
[Prüfpfad] C:\Programme\Gemeinsame Dateien\System\Ole DB\oledb32.dll
[Prüfpfad] C:\WINDOWS\System32\mstask.dll
[Prüfpfad] C:\WINDOWS\system32\shdocvw.dll
[Prüfpfad] C:\WINDOWS\System32\shmedia.dll
[Prüfpfad] C:\WINDOWS\System32\browseui.dll
[Prüfpfad] C:\WINDOWS\System32\sendmail.dll
[Prüfpfad] C:\WINDOWS\System32\occache.dll
[Prüfpfad] C:\WINDOWS\System32\webcheck.dll
[Prüfpfad] C:\WINDOWS\System32\appwiz.cpl
[Prüfpfad] C:\WINDOWS\System32\shimgvw.dll
[Prüfpfad] C:\WINDOWS\System32\netplwiz.dll
[Prüfpfad] C:\WINDOWS\System32\zipfldr.dll
[Prüfpfad] C:\WINDOWS\System32\cdfview.dll
[Prüfpfad] C:\WINDOWS\System32\msieftp.dll
[Prüfpfad] C:\WINDOWS\System32\docprop2.dll
[Prüfpfad] C:\WINDOWS\System32\dsquery.dll
[Prüfpfad] C:\WINDOWS\System32\dsuiext.dll
[Prüfpfad] C:\WINDOWS\System32\mydocs.dll
[Prüfpfad] C:\WINDOWS\System32\cscui.dll
[Prüfpfad] C:\WINDOWS\msagent\agentpsh.dll
[Prüfpfad] C:\WINDOWS\System32\dfsshlex.dll
[Prüfpfad] C:\WINDOWS\System32\photowiz.dll
[Prüfpfad] C:\WINDOWS\System32\mmcshext.dll
[Prüfpfad] C:\WINDOWS\System32\cabview.dll
[Prüfpfad] C:\Programme\Outlook Express\wabfind.dll
[Prüfpfad] C:\WINDOWS\System32\wmpshell.dll
[Prüfpfad] C:\WINDOWS\System32\nvshell.dll
[Prüfpfad] C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[Prüfpfad] C:\Programme\ICQLite\ICQLiteShell.dll
[Prüfpfad] C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
[Prüfpfad] C:\Programme\Microsoft Office\Office10\msohev.dll
[Prüfpfad] C:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
[Prüfpfad] C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL
[Prüfpfad] C:\Programme\AntiVir PersonalEdition Classic\shlext.dll
[Prüfpfad] C:\Programme\Deskbar\deskbar.dll
C:\Programme\Deskbar\deskbar.dll ist ein Adware-Programm Adware.Softomate

[Prüfpfad] C:\WINDOWS\system32\SHELL32.dll
[Prüfpfad] C:\WINDOWS\System32\stobject.dll
[Prüfpfad] C:\WINDOWS\System32\crypt32.dll
[Prüfpfad] C:\WINDOWS\System32\cryptnet.dll
[Prüfpfad] C:\WINDOWS\System32\cscdll.dll
[Prüfpfad] C:\WINDOWS\System32\wlnotify.dll
[Prüfpfad] C:\WINDOWS\System32\sclgntfy.dll
[Prüfpfad] C:\WINDOWS\System32\wzcdlg.dll
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\ACPI.sys
[Prüfpfad] C:\WINDOWS\system32\drivers\aec.sys
[Prüfpfad] C:\WINDOWS\System32\drivers\afd.sys
[Prüfpfad] c:\windows\system32\svchost.exe
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\asyncmac.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\atapi.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\atmarpc.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\audstub.sys
[Prüfpfad] C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys
[Prüfpfad] C:\WINDOWS\SYSTEM32\drivers\avgntmgr.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\avmwan.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\bsstor.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\CCDECODE.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\cdrom.sys
[Prüfpfad] C:\WINDOWS\system32\cisvc.exe
[Prüfpfad] C:\WINDOWS\system32\clipsrv.exe
[Prüfpfad] c:\windows\system32\dllhost.exe
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\disk.sys
[Prüfpfad] c:\windows\system32\dmadmin.exe
[Prüfpfad] C:\WINDOWS\System32\drivers\dmboot.sys
[Prüfpfad] C:\WINDOWS\System32\drivers\dmio.sys
[Prüfpfad] C:\WINDOWS\System32\drivers\dmload.sys
[Prüfpfad] C:\WINDOWS\system32\drivers\DMusic.sys
[Prüfpfad] C:\WINDOWS\system32\drivers\drmkaud.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\fdc.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\flpydisk.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\fpcibase.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\ftdisk.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\msgpc.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\i8042prt.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\imapi.sys
[Prüfpfad] C:\WINDOWS\System32\imapi.exe
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\ipinip.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\ipnat.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\ipsec.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\irenum.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\isapnp.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\kbdclass.sys
[Prüfpfad] C:\WINDOWS\system32\drivers\kmixer.sys
[Prüfpfad] C:\WINDOWS\System32\mnmsrvc.exe
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\mouclass.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\mrxdav.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
[Prüfpfad] C:\WINDOWS\System32\msdtc.exe
[Prüfpfad] c:\windows\system32\msiexec.exe
[Prüfpfad] C:\WINDOWS\system32\drivers\MSKSSRV.sys
[Prüfpfad] C:\WINDOWS\system32\drivers\MSPCLOCK.sys
[Prüfpfad] C:\WINDOWS\system32\drivers\MSPQM.sys
[Prüfpfad] C:\WINDOWS\system32\drivers\MSTEE.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\NdisIP.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\ndistapi.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\ndisuio.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\ndiswan.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\netbios.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\netbt.sys
[Prüfpfad] C:\WINDOWS\system32\netdde.exe
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
[Prüfpfad] C:\WINDOWS\system32\drivers\nvax.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\NVENET.sys
[Prüfpfad] C:\WINDOWS\system32\drivers\nvapu.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\nv_agp.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\parport.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\pci.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\pciide.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\raspptp.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\processr.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\psched.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\ptilink.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\rasacd.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\raspppoe.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\raspti.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\rdbss.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
[Prüfpfad] C:\WINDOWS\system32\sessmgr.exe
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\redbook.sys
[Prüfpfad] C:\WINDOWS\System32\locator.exe
[Prüfpfad] C:\WINDOWS\System32\rsvp.exe
[Prüfpfad] C:\WINDOWS\System32\SCardSvr.exe
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\secdrv.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\serenum.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\serial.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\SLIP.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS
[Prüfpfad] C:\WINDOWS\system32\drivers\splitter.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\sr.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\srv.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\StreamIP.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\swenum.sys
[Prüfpfad] C:\WINDOWS\system32\drivers\swmidi.sys
[Prüfpfad] C:\WINDOWS\system32\drivers\sysaudio.sys
[Prüfpfad] C:\WINDOWS\system32\smlogsvc.exe
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\tcpip.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\termdd.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\update.sys
[Prüfpfad] C:\WINDOWS\System32\ups.exe
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\usbehci.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\usbhub.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\usbohci.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\usbprint.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\usbscan.sys
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
[Prüfpfad] C:\WINDOWS\System32\drivers\vga.sys
[Prüfpfad] C:\WINDOWS\System32\vssvc.exe
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\wanarp.sys
[Prüfpfad] C:\WINDOWS\system32\drivers\wdmaud.sys
[Prüfpfad] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[Prüfpfad] C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS
[Prüfpfad] C:\WINDOWS\System32\ntsd.exe
-----------------------------------------------------------------------------
Prüfstatistiken
-----------------------------------------------------------------------------
Geprüfte Objekte: 225
Infizierte Objekte gefunden: 0
Objekte mit Modifikation gefunden: 0
Verdächtige Objekte gefunden: 0
Adware-Programm gefunden: 1
Dialer-Programm gefunden: 0
Scherz-Programm gefunden: 0
Riskware programm gefunden: 0
Hacktool-Programm gefunden: 0
Desinfizierte Objekte: 0
Gelöschte Objekte: 0
Umbenannte Objekte: 0
Verschobene Objekte: 0
Ignorierte Objekte: 0
Leistung:: 2959 Kb/s
Dauer:: 00:00:28
-----------------------------------------------------------------------------

[Prüfpfad] C:\
C:\dfndrff_e18.exe ist ein Adware-Programm Adware.DollarRevenue
C:\Dokumente und Einstellungen\Besitzer.USER1-CO4CMGA9J\NTUSER.DAT - Lesefehler
C:\Dokumente und Einstellungen\Besitzer.USER1-CO4CMGA9J\NTUSER~1.LOG - Lesefehler
C:\Dokumente und Einstellungen\Besitzer.USER1-CO4CMGA9J\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat - Lesefehler
C:\Dokumente und Einstellungen\Besitzer.USER1-CO4CMGA9J\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\USRCLA~1.LOG - Lesefehler
C:\Dokumente und Einstellungen\Besitzer.USER1-CO4CMGA9J\Lokale Einstellungen\Temp\PERFLI~2.DAT - Lesefehler
C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT - Lesefehler
C:\Dokumente und Einstellungen\LocalService\NTUSER~1.LOG - Lesefehler
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat - Lesefehler
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\USRCLA~1.LOG - Lesefehler
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\01KLM56P\installer[2].exe infiziert mit Trojan.Proxy.493 - nicht desinfizierbar - verschoben
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GH0JKLMN\ucmoreiex[1].exe ist ein Adware-Programm Adware.Ucmore
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\O789ATUV\dfndrff_e_uit[1].exe ist ein Adware-Programm Adware.DollarRevenue
C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT - Lesefehler
C:\Dokumente und Einstellungen\NetworkService\NTUSER~1.LOG - Lesefehler
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat - Lesefehler
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\USRCLA~1.LOG - Lesefehler
C:\Programme\ArcorOnline\Arcor.exe möglicherweise infiziert mit BACKDOOR.Trojan
C:\Programme\Deskbar\deskbar.dll ist ein Adware-Programm Adware.Softomate
C:\Programme\Network Monitor\netmon.exe - Lesefehler
C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP156\A0033643.exe infiziert mit Win32.HLLW.MyBot - gelöscht
C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP156\A0033644.exe ist ein Adware-Programm Adware.DollarRevenue
C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP156\A0033645.exe ist ein Adware-Programm Adware.DollarRevenue
C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP156\A0033646.exe ist ein Adware-Programm Adware.DollarRevenue
C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP156\A0033647.exe ist ein Adware-Programm Adware.DollarRevenue
C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP156\A0033648.exe infiziert mit Trojan.DownLoader.13015 - gelöscht
C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP156\A0033649.exe ist ein Adware-Programm Adware.DollarRevenue
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP156\A0033650.exe infiziert mit Trojan.DownLoader.5013 - gelöscht
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP156\A0033651.exe infiziert mit Trojan.DownLoader.5013 - gelöscht
C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP156\A0033652.exe infiziert mit Win32.IRC.Bot - gelöscht
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP156\A0034642.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP156\A0035635.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0035644.exe infiziert mit Trojan.Proxy.493 - gelöscht
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0035645.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0035646.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0036644.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0036657.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0036667.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0036668.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0036676.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0037676.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0037684.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0038684.dll infiziert mit Trojan.Virtumod - gelöscht
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0038686.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0038694.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0038696.exe infiziert mit Trojan.Virtumod - gelöscht
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0038703.dll ist ein Adware-Programm Adware.Runk
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0038704.dll infiziert mit Trojan.Virtumod - gelöscht
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0038705.dll infiziert mit Trojan.DownLoader.10919 - gelöscht
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0038706.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0038714.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0038722.dll ist ein Adware-Programm Adware.Look2me
C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0038917.exe ist ein Adware-Programm Adware.DollarRevenue
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0038930.exe infiziert mit Trojan.Virtumod - gelöscht
C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0038931.exe ist ein Adware-Programm Adware.DollarRevenue
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0038932.exe infiziert mit Trojan.DownLoader.5013 - gelöscht
C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039940.exe ist ein Adware-Programm Adware.DollarRevenue
C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039941.exe ist ein Adware-Programm Adware.DollarRevenue
C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039942.exe ist ein Adware-Programm Adware.DollarRevenue
C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039946.exe ist ein Adware-Programm Adware.Look2me
C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039947.exe infiziert mit Trojan.DownLoader.10918 - gelöscht
C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039948.exe ist ein Adware-Programm Adware.Ucmore
C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039953.exe infiziert mit Trojan.DnsChange - gelöscht
C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039954.dll ist ein Adware-Programm Adware.Ucmore
C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039957.dll ist ein Adware-Programm Adware.Ucmore
C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039962.dll ist ein Adware-Programm Adware.Softomate
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039963.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039964.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039965.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039966.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039967.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039968.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039969.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039970.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039971.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039972.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039973.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039974.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039975.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039976.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039977.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039978.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039979.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039980.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039981.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039982.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039983.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0039984.dll ist ein Adware-Programm Adware.Look2me
C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0040030.exe ist ein Adware-Programm Adware.DollarRevenue
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0040032.exe infiziert mit Trojan.Virtumod - gelöscht
C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0041974.exe ist ein Adware-Programm Adware.DollarRevenue
>>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0041975.exe infiziert mit Win32.HLLW.MyBot - gelöscht
C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0041977.exe ist ein Adware-Programm Adware.DollarRevenue
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0041979.exe infiziert mit Trojan.DownLoader.5013 - gelöscht
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0041981.exe infiziert mit BackDoor.IRC.Hwclock - gelöscht
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0041982.dll infiziert mit Trojan.Virtumod - gelöscht
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0041983.dll infiziert mit Trojan.Virtumod - gelöscht
C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP157\A0041984.exe ist ein Adware-Programm Adware.DollarRevenue
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP158\A0044018.exeC:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP158\A0044019.exe ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP158\A0044020.dll ist ein Adware-Programm Adware.Look2me
>C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP158\A0044021.dll infiziert mit Trojan.Virtumod - gelöscht
C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP158\A0044023.exe infiziert mit Win32.HLLW.MyBot - gelöscht
C:\System Volume Information\_restore{E9343113-6888-4B27-B018-76CC0364A642}\RP158\A0044175.exe infiziert mit Trojan.DnsChange - gelöscht
>C:\WINDOWS\dXNlcjE\asappsrv.dll infiziert mit Trojan.Proxy.493 - gelöscht
>C:\WINDOWS\dXNlcjE\command.exe infiziert mit Trojan.Proxy.493 - gelöscht
C:\WINDOWS\system32\config\default - Lesefehler
C:\WINDOWS\system32\config\DEFAULT.LOG - Lesefehler
C:\WINDOWS\system32\config\SAM - Lesefehler
C:\WINDOWS\system32\config\SAM.LOG - Lesefehler
C:\WINDOWS\system32\config\SECURITY - Lesefehler
C:\WINDOWS\system32\config\SECURITY.LOG - Lesefehler
C:\WINDOWS\system32\config\software - Lesefehler
C:\WINDOWS\system32\config\SOFTWARE.LOG - Lesefehler
C:\WINDOWS\system32\config\system - Lesefehler
C:\WINDOWS\system32\config\SYSTEM.LOG - Lesefehler
C:\WINDOWS\Temp\cmdinst.exe infiziert mit Trojan.Proxy.493 - nicht desinfizierbar - verschoben

-----------------------------------------------------------------------------
Prüfstatistiken
-----------------------------------------------------------------------------
Geprüfte Objekte: 89536
Infizierte Objekte gefunden: 27
Objekte mit Modifikation gefunden: 0
Verdächtige Objekte gefunden: 1
Adware-Programm gefunden: 64
Dialer-Programm gefunden: 0
Scherz-Programm gefunden: 0
Riskware programm gefunden: 0
Hacktool-Programm gefunden: 0
Desinfizierte Objekte: 0
Gelöschte Objekte: 25
Umbenannte Objekte: 0
Verschobene Objekte: 2
Ignorierte Objekte: 0
Leistung:: 739 Kb/s
Dauer:: 00:41:31
-----------------------------------------------------------------------------
Seitenanfang Seitenende
01.10.2006, 20:29
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#14 1.
Avenger

Zitat

Files to delete:
C:\dfndrff_e18.exe

Folders to delete:
C:\Programme\Network Monitor
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\01KLM56P
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GH0JKLMN
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\O789ATUV
C:\Programme\Deskbar
C:\WINDOWS\dXNlcjE
2.
Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.

3.
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\Windows\System32\Com" >>files.txt
dir "C:\WINDOWS\system32\components" >>files.txt
dir "C:\WINDOWS\Downloaded Program Files" >>files.txt
dir "C:\Programme\Common Files" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%" >>files.txt
dir "C:\Program Files" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Temp" >>files.txt
dir "C:\WINDOWS\Temp" >>files.txt
dir "C:\Temp" >>files.txt
dir "C:\Programme" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Lokale Einstellungen\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\%UserName%\Anwendungsdaten" >>files.txt
dir "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten" >>files.txt
dir "C:\Programme\Gemeinsame Dateien" >>files.txt
dir "C:Windows\tasks" >>files.txt
notepad files.txt

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
01.10.2006, 21:04
Kross
Member

Themenstarter

Beiträge: 21
#15 Hier der avenger log und die listen.bat für dich. Danke schon mal für's anschauen ;)


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\nvdtcegh

*******************

Script file located at: \??\C:\WINDOWS\ggskcfcc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\dfndrff_e18.exe deleted successfully.
Folder C:\Programme\Network Monitor deleted successfully.
Folder C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\01KLM56P deleted successfully.
Folder C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GH0JKLMN deleted successfully.
Folder C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\O789ATUV deleted successfully.
Folder C:\Programme\Deskbar deleted successfully.
Folder C:\WINDOWS\dXNlcjE deleted successfully.

Completed script processing.

*******************

Finished! Terminate.






Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2462-6EED

Verzeichnis von C:\Windows\System32\Com

30.09.2006 16:40 <DIR> .
30.09.2006 16:40 <DIR> ..
02.04.2003 14:00 186.880 comadmin.dll
02.04.2003 14:00 61.440 comempty.dat
02.04.2003 14:00 77.348 comexp.msc
02.04.2003 14:00 8.192 comrepl.exe
02.04.2003 14:00 5.120 comrereg.exe
12.07.2006 23:59 94 install.bat
02.04.2003 14:00 19.456 mtsadmin.tlb
7 Datei(en) 358.530 Bytes
2 Verzeichnis(se), 14.855.913.472 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2462-6EED

Verzeichnis von C:\WINDOWS\system32

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2462-6EED

Verzeichnis von C:\WINDOWS\Downloaded Program Files

30.06.2005 15:19 227 MsnMessengerSetupDownloader.inf
14.08.2005 00:26 113.664 MsnMessengerSetupDownloader.ocx
04.09.2003 15:14 3.759 swflash.inf
3 Datei(en) 117.650 Bytes
0 Verzeichnis(se), 14.855.909.376 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2462-6EED

Verzeichnis von C:\Programme

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2462-6EED

Verzeichnis von C:\Dokumente und Einstellungen\Besitzer

11.12.2003 03:00 <DIR> .
11.12.2003 03:00 <DIR> ..
11.12.2003 02:48 <DIR> Desktop
11.12.2003 03:00 <DIR> Eigene Dateien
11.12.2003 03:00 <DIR> Favoriten
11.12.2003 02:48 <DIR> Startmen
0 Datei(en) 0 Bytes
6 Verzeichnis(se), 14.855.909.376 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2462-6EED

Verzeichnis von C:\Program Files

01.10.2006 19:20 <DIR> .
01.10.2006 19:20 <DIR> ..
03.06.2006 14:21 <DIR> ICQLite
0 Datei(en) 0 Bytes
3 Verzeichnis(se), 14.855.909.376 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2462-6EED

Verzeichnis von C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp

11.12.2003 03:00 <DIR> .
11.12.2003 03:00 <DIR> ..
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 14.855.909.376 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2462-6EED

Verzeichnis von C:\WINDOWS\Temp

01.10.2006 20:56 <DIR> .
01.10.2006 20:56 <DIR> ..
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 14.855.909.376 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2462-6EED

Verzeichnis von C:\Temp

30.09.2006 14:04 <DIR> .
30.09.2006 14:04 <DIR> ..
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 14.855.909.376 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2462-6EED

Verzeichnis von C:\Programme

01.10.2006 20:54 <DIR> .
01.10.2006 20:54 <DIR> ..
29.03.2004 13:08 <DIR> ABBYY FineReader 5.0 Sprint
29.03.2004 13:07 <DIR> ABBYY FineReader 6.0
13.12.2003 14:10 <DIR> Adabas
08.01.2002 22:11 <DIR> Adobe
13.12.2003 14:00 <DIR> Ahead
31.05.2004 14:26 <DIR> Anims
05.05.2006 21:34 <DIR> AntiVir PersonalEdition Classic
23.09.2006 10:38 <DIR> ArcorOnline
23.10.2005 22:36 21 AVPersonalAVWIN.INI
09.08.2002 10:22 35.328 AweMan32.dll
30.09.2006 13:57 <DIR> CleanUp!
10.12.2003 12:46 <DIR> ComPlus Applications
13.12.2003 14:24 <DIR> CyberLink
31.05.2004 14:26 <DIR> Data
31.05.2004 14:26 <DIR> DataM
31.05.2004 14:26 18.037 DeIsL1.isu
13.06.2006 21:18 <DIR> Dialer Control
29.03.2004 13:07 <DIR> FaxTools
22.08.2006 10:20 <DIR> Gemeinsame Dateien
25.04.2005 20:23 <DIR> Graph
31.05.2004 14:26 56 Hospital.Cfg
09.08.2002 10:23 1.074.688 Hospital.exe
30.08.2006 14:07 <DIR> ICQLite
28.09.2006 14:54 <DIR> ICQToolbar
11.12.2003 02:54 <DIR> Internet Explorer
31.05.2004 14:26 <DIR> Levels
04.09.2006 20:20 <DIR> Lexmark X1100 Series
05.01.2005 21:27 <DIR> Maxis
10.12.2003 12:45 <DIR> Messenger
11.12.2005 23:17 <DIR> microsoft frontpage
11.12.2005 23:18 <DIR> Microsoft Office
09.08.2002 10:23 85 Modem.ini
11.12.2003 02:54 <DIR> Movie Maker
11.11.2005 17:07 <DIR> Mozilla Firefox
10.12.2003 12:45 <DIR> MSN
10.12.2003 12:45 <DIR> MSN Gaming Zone
30.09.2005 18:36 <DIR> MSN Messenger
09.08.2002 10:23 144.384 Mss32.dll
11.12.2003 02:54 <DIR> NetMeeting
10.12.2003 12:45 <DIR> Online Services
10.12.2003 12:47 <DIR> Online-Dienste
23.11.2005 18:26 <DIR> OpenOffice.org 2.0
11.12.2003 02:54 <DIR> Outlook Express
31.05.2004 14:26 <DIR> QData
31.05.2004 14:26 <DIR> QDataM
20.08.2005 15:30 <DIR> ratiopharm
31.05.2004 20:48 <DIR> Save
25.07.2005 13:23 <DIR> Skype
09.08.2002 10:23 71.168 Smackw32.dll
11.12.2005 23:18 <DIR> Snapshot Viewer
31.05.2004 14:26 <DIR> Sound
13.12.2003 14:16 <DIR> StarOffice6.0
13.12.2003 13:57 <DIR> Windows Media Player
10.12.2003 12:45 <DIR> Windows NT
06.11.2005 17:25 <DIR> Winzip
09.08.2002 10:23 109.056 WSnd7R.dll
10.12.2003 12:48 <DIR> xerox
9 Datei(en) 1.452.823 Bytes
50 Verzeichnis(se), 14.855.905.280 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2462-6EED

Verzeichnis von C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten

11.12.2003 03:00 <DIR> Microsoft
0 Datei(en) 0 Bytes
1 Verzeichnis(se), 14.855.905.280 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2462-6EED

Verzeichnis von C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2462-6EED

Verzeichnis von C:\Dokumente und Einstellungen\All Users\Anwendungsdaten

13.02.2006 21:18 305 addr_file.html
08.01.2002 22:11 <DIR> Adobe
14.09.2006 23:50 <DIR> AntiVir PersonalEdition Classic
29.03.2004 13:07 <DIR> BVRP Software
13.12.2003 14:24 <DIR> CyberLink
11.12.2005 23:18 <DIR> SBT
1 Datei(en) 305 Bytes
5 Verzeichnis(se), 14.855.905.280 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2462-6EED

Verzeichnis von C:\Programme\Gemeinsame Dateien

22.08.2006 10:20 <DIR> .
22.08.2006 10:20 <DIR> ..
24.01.2004 15:34 <DIR> Adobe
03.11.2005 19:55 <DIR> Designer
11.12.2003 02:54 <DIR> Dienste
13.12.2003 13:54 <DIR> InstallShield
11.12.2005 23:20 <DIR> Microsoft Shared
10.12.2003 12:47 <DIR> MSSoap
10.12.2003 12:38 <DIR> ODBC
10.12.2003 12:38 <DIR> SpeechEngines
11.12.2005 23:18 <DIR> System
0 Datei(en) 0 Bytes
11 Verzeichnis(se), 14.855.905.280 Bytes frei
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 2462-6EED

Verzeichnis von C:\Windows\tasks
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
  • »
  • »
  • »
  • »
  • »
Seite(n): 123