Home » Spyware & Browser Hijacker Support Forum » WinAntiVirusPro 2006- und safeiepage.com Probleme » Themenansicht
WinAntiVirusPro 2006- und safeiepage.com Probleme |
||
|---|---|---|
| #0
| ||
|
23.10.2006, 19:54
...neu hier
Beiträge: 9 |
||
 
|
|
|
|
24.10.2006, 02:29
Ehrenmitglied
 Beiträge: 29434 |
#2
OliB
Den folgenden Text in den Editor (Start - Zubehr - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint Zitat cd\ __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
24.10.2006, 06:56
...neu hier
Themenstarter Beiträge: 9 |
#3
Mein PC konnte den Editor nicht finden ?!?!?
Ich habe es jetzt ber start>ausfhren>cmd gemacht. Hier das file. Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\Programme\TBONBin 20.10.2006 06:37 <DIR> . 20.10.2006 06:37 <DIR> .. 23.01.2006 23:40 82'944 tbon.exe 24.10.2006 06:49 45 tboninst.cfg 20.10.2006 06:37 3'335 TBONUnst.htm 21.10.2003 15:25 86'528 TBONWnd.EXE 23.01.2006 23:40 82'944 Uninstall.exe 5 Datei(en) 255'796 Bytes 2 Verzeichnis(se), 5'068'435'456 Bytes frei Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\Programme\VideoCompressionCodec 19.10.2006 23:28 <DIR> . 19.10.2006 23:28 <DIR> .. 19.10.2006 23:28 26'624 iesplugin.dll 19.10.2006 23:28 24'576 iesuninst.exe 24.10.2006 06:33 13'824 isaddon.dll 24.10.2006 06:33 6'144 isamini.exe 19.10.2006 23:28 32'768 isamonitor.exe 19.10.2006 23:28 24'576 isauninst.exe 19.10.2006 23:28 4'286 ot.ico 24.10.2006 06:33 2'624 pmmon.exe 19.10.2006 23:28 11'304 pmsngr.exe 19.10.2006 23:28 14'848 pmuninst.exe 19.10.2006 23:28 4'286 ts.ico 11 Datei(en) 165'860 Bytes 2 Verzeichnis(se), 5'068'431'360 Bytes frei Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\Programme\SpywareHeal 20.10.2006 20:20 <DIR> . 20.10.2006 20:20 <DIR> .. 20.10.2006 20:20 0 ignored.lst 09.10.2006 22:31 2'437'120 SpywareHeal.exe 20.10.2006 20:20 356 sq.ini 3 Datei(en) 2'437'476 Bytes 2 Verzeichnis(se), 5'068'431'360 Bytes frei Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von c:\programme Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\WINDOWS\system32 Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\WINDOWS\Downloaded Program Files 09.02.2005 16:54 1'271 erma.inf 25.08.2003 19:12 1'096 iuctl.inf 20.01.2000 16:25 1'162 Microsoft XML Parser for Java.osd 27.08.2005 13:30 5'065 swflash.inf 03.05.2006 21:27 4'434'336 WebCleaner.dll 03.05.2006 21:44 318 WebCleaner.inf 27.10.2002 19:32 3'036 wmv9dmo.inf 7 Datei(en) 4'446'284 Bytes 0 Verzeichnis(se), 5'068'431'360 Bytes frei Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\Programme\Common Files 02.01.2005 21:25 <DIR> . 02.01.2005 21:25 <DIR> .. 02.01.2005 21:25 <DIR> Microsoft Shared 0 Datei(en) 0 Bytes 3 Verzeichnis(se), 5'068'431'360 Bytes frei Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\Dokumente und Einstellungen\Oliver Bucher 23.10.2006 22:02 <DIR> . 23.10.2006 22:02 <DIR> .. 17.01.2002 22:40 <DIR> .java 13.05.2003 20:27 <DIR> .limewire 20.10.2006 21:28 <DIR> Anwendungsdaten 03.09.2006 19:35 <DIR> Contacts 23.10.2006 19:14 <DIR> Desktop 19.10.2006 18:04 <DIR> Eigene Dateien 20.10.2006 17:10 0 err.log 20.10.2006 20:59 <DIR> Favoriten 20.10.2006 17:10 908 FileAccess.log 26.06.2004 08:38 <DIR> Incomplete 29.07.2006 13:13 <DIR> java_plugin_AppletStore 22.10.2006 21:19 616 plugin131_02.trace 26.06.2004 08:38 <DIR> Shared 20.10.2006 20:20 <DIR> Startmen 06.12.2001 06:35 <DIR> WINDOWS 20.10.2004 21:06 182'797 ~ 4 Datei(en) 184'321 Bytes 14 Verzeichnis(se), 5'068'431'360 Bytes frei Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\Dokumente und Einstellungen\Oliver Bucher\Eigene Dateien 19.10.2006 18:04 <DIR> . 19.10.2006 18:04 <DIR> .. 08.05.2004 12:18 <DIR> Ascaron Entertainment 08.08.2005 21:33 59'841'024 Australia 2005.ppt 18.10.2006 21:04 134'620 DSC01882.JPG 19.10.2006 16:47 152'261 DSC01885.JPG 18.09.2004 10:15 <DIR> EA Games 11.12.2005 11:18 <DIR> Eigene Bilder 24.04.2006 19:44 <DIR> Eigene Musik 07.05.2004 14:56 <DIR> Eigene Videos 24.10.2006 06:34 606 Meine freigegebenen Ordner.lnk 06.12.2001 04:29 <DIR> My eBooks 12.11.2005 13:13 <DIR> My Games 23.10.2006 21:30 <DIR> My Received Files 17.06.2005 19:54 19'868 Neues Projekt.erp 06.01.2004 20:45 <DIR> NHL 2004 23.10.2006 19:33 <DIR> Privat 05.01.2006 18:58 <DIR> Private Bilder 29.08.2002 18:34 572 spider.sav 22.11.2005 20:58 <DIR> TCM 2005 6 Datei(en) 60'148'951 Bytes 14 Verzeichnis(se), 5'068'427'264 Bytes frei Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\Program Files 19.10.2006 23:42 <DIR> . 19.10.2006 23:42 <DIR> .. 23.01.2006 23:41 <DIR> Altnet 05.12.2001 09:05 <DIR> C-Media 05.12.2001 08:50 <DIR> INTERVIDEO 20.10.2006 21:51 <DIR> PestTrap 0 Datei(en) 0 Bytes 6 Verzeichnis(se), 5'068'427'264 Bytes frei Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\Dokumente und Einstellungen\Oliver Bucher\Lokale Einstellungen\Temp 24.10.2006 06:37 <DIR> . 24.10.2006 06:37 <DIR> .. 23.10.2006 19:20 <DIR> MessengerCache 24.10.2006 06:33 32'768 ~DF2F98.tmp 24.10.2006 06:33 512 ~DF2FD8.tmp 24.10.2006 06:33 32'768 ~DFE1A0.tmp 24.10.2006 06:33 512 ~DFE1BC.tmp 4 Datei(en) 66'560 Bytes 3 Verzeichnis(se), 5'068'427'264 Bytes frei Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\WINDOWS\Temp 24.10.2006 06:33 <DIR> . 24.10.2006 06:33 <DIR> .. 24.10.2006 06:33 255 WGAErrLog.txt 24.10.2006 06:33 409 WGANotify.settings 2 Datei(en) 664 Bytes 2 Verzeichnis(se), 5'068'427'264 Bytes frei Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\ Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\Programme 23.10.2006 18:51 <DIR> . 23.10.2006 18:51 <DIR> .. 09.11.2005 19:18 <DIR> a2 08.11.2005 20:30 <DIR> a2 Free 06.12.2001 04:29 <DIR> Adobe 06.12.2001 04:26 <DIR> ahead 16.09.2006 13:32 <DIR> AntiVir PersonalEdition Classic 08.05.2004 12:17 <DIR> Ascaron Entertainment 06.07.2004 22:32 21 AVPersonalAVWIN.INI 12.01.2002 19:43 <DIR> CDBWS 23.10.2006 18:51 <DIR> CleanUp! 09.10.2002 16:58 <DIR> Codemasters 02.01.2005 21:25 <DIR> Common files 15.04.2002 19:38 <DIR> Core Design 26.07.2006 17:53 <DIR> Cyanide 19.01.2005 21:26 <DIR> Dark Quiz 28.06.2004 21:41 <DIR> directx 17.01.2002 20:23 <DIR> DivXCodec 20.11.2004 15:33 <DIR> dtp 18.09.2004 09:51 <DIR> EA GAMES 08.06.2005 19:40 <DIR> EA SPORTS 20.01.2002 13:39 <DIR> Eidos Interactive 08.11.2005 20:29 <DIR> emule 08.11.2005 20:29 <DIR> eMule.de 15.01.2005 17:38 <DIR> FantasticTV 06.12.2001 06:35 <DIR> FoneSync 20.10.2006 19:23 <DIR> Gemeinsame Dateien 11.01.2002 08:07 <DIR> GoBluewin 23.08.2006 22:48 <DIR> Google 09.08.2005 18:26 <DIR> HP Photo Idea CD 29.05.2006 20:38 <DIR> IncrediMail 26.12.2005 14:49 <DIR> Infogrames 05.12.2001 10:17 <DIR> Intel 09.08.2006 23:44 <DIR> Internet Explorer 06.12.2001 04:33 <DIR> InterVideo 24.04.2006 19:37 <DIR> iPod 24.04.2006 19:39 <DIR> iTunes 17.01.2002 21:06 <DIR> JavaSoft 06.12.2004 18:41 <DIR> JoWooD 20.10.2006 19:23 <DIR> Kazaa 20.10.2006 17:43 <DIR> Lavasoft 26.07.2006 17:00 <DIR> Logitech 08.01.2004 22:33 <DIR> Maxis 12.02.2005 12:13 <DIR> Messenger 09.08.2005 18:31 <DIR> MGI 06.12.2001 07:05 <DIR> Microsoft AutoRoute 06.12.2001 07:31 <DIR> Microsoft Encarta 16.01.2002 07:43 <DIR> microsoft frontpage 09.02.2006 19:16 <DIR> Microsoft Games 06.12.2001 06:37 <DIR> Microsoft Office 06.12.2001 07:13 <DIR> Microsoft Picture It! PhotoPub 06.12.2001 06:41 <DIR> Microsoft Visual Studio 06.12.2001 06:45 <DIR> Microsoft Works 06.12.2001 06:28 <DIR> Microsoft Works Suite 2001 02.11.2004 21:23 <DIR> Movie Maker 09.01.2002 22:45 <DIR> MSN 06.11.2004 12:24 <DIR> MSN Apps 05.12.2001 08:20 <DIR> MSN Gaming Zone 03.09.2006 19:35 <DIR> MSN Messenger 21.05.2003 21:30 <DIR> Natulafree1 23.01.2006 23:41 <DIR> Need2Find 02.11.2004 21:18 <DIR> NetMeeting 23.10.2003 17:46 <DIR> New Generation Software 05.12.2001 08:20 <DIR> Online Services 05.12.2001 08:22 <DIR> Online-Dienste 25.04.2006 03:01 <DIR> Outlook Express 05.12.2001 09:14 <DIR> PCI Audio Applications 24.04.2006 19:42 <DIR> QuickTime 07.05.2004 16:04 <DIR> Railroad Tycoon 3 12.11.2005 10:43 <DIR> Red Orb 08.01.2004 19:31 <DIR> Saitek 20.10.2006 20:20 <DIR> SpywareHeal 01.08.2002 13:52 <DIR> SSI 20.10.2006 06:37 <DIR> TBONBin 07.05.2004 16:04 <DIR> The Playa 05.01.2006 23:48 <DIR> thriXXX 02.09.2004 18:16 <DIR> TriNodE 16.12.2004 20:23 <DIR> Ubisoft 19.12.2005 22:08 <DIR> Uninstall Information 19.10.2006 23:28 <DIR> VideoCompressionCodec 13.02.2006 20:36 <DIR> Wanadoo Edition 05.06.2004 13:36 <DIR> Wanted Guns 17.02.2006 19:53 <DIR> Windows Media Player 02.11.2004 21:18 <DIR> Windows NT 24.06.2006 15:45 <DIR> WinRAR 05.12.2001 08:24 <DIR> xerox 26.06.2004 08:41 <DIR> Zero G Registry 1 Datei(en) 21 Bytes 86 Verzeichnis(se), 5'068'423'168 Bytes frei Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\Dokumente und Einstellungen\Oliver Bucher\Lokale Einstellungen\Anwendungsdaten 04.06.2005 16:29 <DIR> ACDSee 24.04.2006 22:38 <DIR> Apple Computer 18.10.2006 22:00 102'400 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 29.05.2006 21:19 63'880 GDIPFONTCACHEV1.DAT 23.08.2006 22:48 <DIR> Google 08.02.2004 22:31 <DIR> Help 09.01.2002 19:33 <DIR> Identities 10.01.2005 22:34 <DIR> IM 03.09.2006 19:36 <DIR> Microsoft 2 Datei(en) 166'280 Bytes 7 Verzeichnis(se), 5'068'423'168 Bytes frei Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\Dokumente und Einstellungen\Oliver Bucher\Anwendungsdaten 20.10.2006 21:28 <DIR> . 20.10.2006 21:28 <DIR> .. 04.06.2005 16:29 <DIR> ACD Systems 06.12.2001 04:29 <DIR> Adobe 24.04.2006 19:42 <DIR> Apple Computer 08.05.2004 12:22 <DIR> Ascaron Entertainment 23.08.2006 22:48 <DIR> Google 08.02.2004 22:31 <DIR> Help 05.12.2001 08:24 <DIR> Identities 06.12.2001 04:29 <DIR> InterTrust 06.12.2001 06:26 <DIR> InterVideo 20.10.2006 17:43 <DIR> Lavasoft 06.08.2005 12:01 <DIR> Macromedia 06.12.2001 06:37 <DIR> Microsoft Web Folders 17.07.2005 12:28 <DIR> MSN6 0 Datei(en) 0 Bytes 15 Verzeichnis(se), 5'068'419'072 Bytes frei Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\Dokumente und Einstellungen\All Users\Anwendungsdaten 20.05.2006 15:24 305 addr_file.html 23.10.2006 06:37 <DIR> AntiVir PersonalEdition Classic 24.04.2006 19:39 <DIR> Apple Computer 06.12.2001 06:25 <DIR> InterVideo 09.01.2002 22:44 <DIR> MSN6 05.12.2001 08:31 <DIR> SBSI 20.10.2006 00:02 <DIR> WinAntiVirus Pro 2006 29.06.2006 19:53 <DIR> Windows Genuine Advantage 1 Datei(en) 305 Bytes 7 Verzeichnis(se), 5'068'419'072 Bytes frei Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\Programme\Gemeinsame Dateien 20.10.2006 19:23 <DIR> . 20.10.2006 19:23 <DIR> .. 12.12.2005 20:49 <DIR> ACD Systems 07.12.2001 19:50 <DIR> Adobe 06.12.2001 06:41 <DIR> Designer 05.12.2001 08:22 <DIR> Dienste 03.11.2003 20:15 <DIR> InstallShield 26.07.2006 16:59 <DIR> Labtec 03.09.2006 19:34 <DIR> Microsoft Shared 05.12.2001 08:21 <DIR> MSSoap 05.12.2001 08:15 <DIR> SpeechEngines 25.04.2006 03:01 <DIR> System 0 Datei(en) 0 Bytes 12 Verzeichnis(se), 5'068'419'072 Bytes frei Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\Windows\tasks Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\Programme\TBONBin 20.10.2006 06:37 <DIR> . 20.10.2006 06:37 <DIR> .. 23.01.2006 23:40 82'944 tbon.exe 24.10.2006 06:52 45 tboninst.cfg 20.10.2006 06:37 3'335 TBONUnst.htm 21.10.2003 15:25 86'528 TBONWnd.EXE 23.01.2006 23:40 82'944 Uninstall.exe 5 Datei(en) 255'796 Bytes 2 Verzeichnis(se), 5'068'406'784 Bytes frei Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\Programme\VideoCompressionCodec 19.10.2006 23:28 <DIR> . 19.10.2006 23:28 <DIR> .. 19.10.2006 23:28 26'624 iesplugin.dll 19.10.2006 23:28 24'576 iesuninst.exe 24.10.2006 06:33 13'824 isaddon.dll 24.10.2006 06:33 6'144 isamini.exe 19.10.2006 23:28 32'768 isamonitor.exe 19.10.2006 23:28 24'576 isauninst.exe 19.10.2006 23:28 4'286 ot.ico 24.10.2006 06:33 2'624 pmmon.exe 19.10.2006 23:28 11'304 pmsngr.exe 19.10.2006 23:28 14'848 pmuninst.exe 19.10.2006 23:28 4'286 ts.ico 11 Datei(en) 165'860 Bytes 2 Verzeichnis(se), 5'068'406'784 Bytes frei Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\Programme\SpywareHeal 20.10.2006 20:20 <DIR> . 20.10.2006 20:20 <DIR> .. 20.10.2006 20:20 0 ignored.lst 09.10.2006 22:31 2'437'120 SpywareHeal.exe 20.10.2006 20:20 356 sq.ini 3 Datei(en) 2'437'476 Bytes 2 Verzeichnis(se), 5'068'402'688 Bytes frei Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von c:\programme Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\WINDOWS\system32 Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\WINDOWS\Downloaded Program Files 09.02.2005 16:54 1'271 erma.inf 25.08.2003 19:12 1'096 iuctl.inf 20.01.2000 16:25 1'162 Microsoft XML Parser for Java.osd 27.08.2005 13:30 5'065 swflash.inf 03.05.2006 21:27 4'434'336 WebCleaner.dll 03.05.2006 21:44 318 WebCleaner.inf 27.10.2002 19:32 3'036 wmv9dmo.inf 7 Datei(en) 4'446'284 Bytes 0 Verzeichnis(se), 5'068'402'688 Bytes frei Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\Programme\Common Files 02.01.2005 21:25 <DIR> . 02.01.2005 21:25 <DIR> .. 02.01.2005 21:25 <DIR> Microsoft Shared 0 Datei(en) 0 Bytes 3 Verzeichnis(se), 5'068'402'688 Bytes frei Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\Dokumente und Einstellungen\Oliver Bucher 23.10.2006 22:02 <DIR> . 23.10.2006 22:02 <DIR> .. 17.01.2002 22:40 <DIR> .java 13.05.2003 20:27 <DIR> .limewire 20.10.2006 21:28 <DIR> Anwendungsdaten 03.09.2006 19:35 <DIR> Contacts 24.10.2006 06:52 <DIR> Desktop 19.10.2006 18:04 <DIR> Eigene Dateien 20.10.2006 17:10 0 err.log 20.10.2006 20:59 <DIR> Favoriten 20.10.2006 17:10 908 FileAccess.log 26.06.2004 08:38 <DIR> Incomplete 29.07.2006 13:13 <DIR> java_plugin_AppletStore 22.10.2006 21:19 616 plugin131_02.trace 26.06.2004 08:38 <DIR> Shared 20.10.2006 20:20 <DIR> Startmen 06.12.2001 06:35 <DIR> WINDOWS 20.10.2004 21:06 182'797 ~ 4 Datei(en) 184'321 Bytes 14 Verzeichnis(se), 5'068'402'688 Bytes frei Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\Dokumente und Einstellungen\Oliver Bucher\Eigene Dateien 19.10.2006 18:04 <DIR> . 19.10.2006 18:04 <DIR> .. 08.05.2004 12:18 <DIR> Ascaron Entertainment 08.08.2005 21:33 59'841'024 Australia 2005.ppt 18.10.2006 21:04 134'620 DSC01882.JPG 19.10.2006 16:47 152'261 DSC01885.JPG 18.09.2004 10:15 <DIR> EA Games 11.12.2005 11:18 <DIR> Eigene Bilder 24.04.2006 19:44 <DIR> Eigene Musik 07.05.2004 14:56 <DIR> Eigene Videos 24.10.2006 06:34 606 Meine freigegebenen Ordner.lnk 06.12.2001 04:29 <DIR> My eBooks 12.11.2005 13:13 <DIR> My Games 23.10.2006 21:30 <DIR> My Received Files 17.06.2005 19:54 19'868 Neues Projekt.erp 06.01.2004 20:45 <DIR> NHL 2004 23.10.2006 19:33 <DIR> Privat 05.01.2006 18:58 <DIR> Private Bilder 29.08.2002 18:34 572 spider.sav 22.11.2005 20:58 <DIR> TCM 2005 6 Datei(en) 60'148'951 Bytes 14 Verzeichnis(se), 5'068'402'688 Bytes frei Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\Program Files 19.10.2006 23:42 <DIR> . 19.10.2006 23:42 <DIR> .. 23.01.2006 23:41 <DIR> Altnet 05.12.2001 09:05 <DIR> C-Media 05.12.2001 08:50 <DIR> INTERVIDEO 20.10.2006 21:51 <DIR> PestTrap 0 Datei(en) 0 Bytes 6 Verzeichnis(se), 5'068'398'592 Bytes frei Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\Dokumente und Einstellungen\Oliver Bucher\Lokale Einstellungen\Temp 24.10.2006 06:51 <DIR> . 24.10.2006 06:51 <DIR> .. 23.10.2006 19:20 <DIR> MessengerCache 24.10.2006 06:33 32'768 ~DF2F98.tmp 24.10.2006 06:33 512 ~DF2FD8.tmp 24.10.2006 06:33 32'768 ~DFE1A0.tmp 24.10.2006 06:33 512 ~DFE1BC.tmp 4 Datei(en) 66'560 Bytes 3 Verzeichnis(se), 5'068'398'592 Bytes frei Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\WINDOWS\Temp 24.10.2006 06:33 <DIR> . 24.10.2006 06:33 <DIR> .. 24.10.2006 06:33 255 WGAErrLog.txt 24.10.2006 06:33 409 WGANotify.settings 2 Datei(en) 664 Bytes 2 Verzeichnis(se), 5'068'398'592 Bytes frei Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\ Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\Programme 23.10.2006 18:51 <DIR> . 23.10.2006 18:51 <DIR> .. 09.11.2005 19:18 <DIR> a2 08.11.2005 20:30 <DIR> a2 Free 06.12.2001 04:29 <DIR> Adobe 06.12.2001 04:26 <DIR> ahead 16.09.2006 13:32 <DIR> AntiVir PersonalEdition Classic 08.05.2004 12:17 <DIR> Ascaron Entertainment 06.07.2004 22:32 21 AVPersonalAVWIN.INI 12.01.2002 19:43 <DIR> CDBWS 23.10.2006 18:51 <DIR> CleanUp! 09.10.2002 16:58 <DIR> Codemasters 02.01.2005 21:25 <DIR> Common files 15.04.2002 19:38 <DIR> Core Design 26.07.2006 17:53 <DIR> Cyanide 19.01.2005 21:26 <DIR> Dark Quiz 28.06.2004 21:41 <DIR> directx 17.01.2002 20:23 <DIR> DivXCodec 20.11.2004 15:33 <DIR> dtp 18.09.2004 09:51 <DIR> EA GAMES 08.06.2005 19:40 <DIR> EA SPORTS 20.01.2002 13:39 <DIR> Eidos Interactive 08.11.2005 20:29 <DIR> emule 08.11.2005 20:29 <DIR> eMule.de 15.01.2005 17:38 <DIR> FantasticTV 06.12.2001 06:35 <DIR> FoneSync 20.10.2006 19:23 <DIR> Gemeinsame Dateien 11.01.2002 08:07 <DIR> GoBluewin 23.08.2006 22:48 <DIR> Google 09.08.2005 18:26 <DIR> HP Photo Idea CD 29.05.2006 20:38 <DIR> IncrediMail 26.12.2005 14:49 <DIR> Infogrames 05.12.2001 10:17 <DIR> Intel 09.08.2006 23:44 <DIR> Internet Explorer 06.12.2001 04:33 <DIR> InterVideo 24.04.2006 19:37 <DIR> iPod 24.04.2006 19:39 <DIR> iTunes 17.01.2002 21:06 <DIR> JavaSoft 06.12.2004 18:41 <DIR> JoWooD 20.10.2006 19:23 <DIR> Kazaa 20.10.2006 17:43 <DIR> Lavasoft 26.07.2006 17:00 <DIR> Logitech 08.01.2004 22:33 <DIR> Maxis 12.02.2005 12:13 <DIR> Messenger 09.08.2005 18:31 <DIR> MGI 06.12.2001 07:05 <DIR> Microsoft AutoRoute 06.12.2001 07:31 <DIR> Microsoft Encarta 16.01.2002 07:43 <DIR> microsoft frontpage 09.02.2006 19:16 <DIR> Microsoft Games 06.12.2001 06:37 <DIR> Microsoft Office 06.12.2001 07:13 <DIR> Microsoft Picture It! PhotoPub 06.12.2001 06:41 <DIR> Microsoft Visual Studio 06.12.2001 06:45 <DIR> Microsoft Works 06.12.2001 06:28 <DIR> Microsoft Works Suite 2001 02.11.2004 21:23 <DIR> Movie Maker 09.01.2002 22:45 <DIR> MSN 06.11.2004 12:24 <DIR> MSN Apps 05.12.2001 08:20 <DIR> MSN Gaming Zone 03.09.2006 19:35 <DIR> MSN Messenger 21.05.2003 21:30 <DIR> Natulafree1 23.01.2006 23:41 <DIR> Need2Find 02.11.2004 21:18 <DIR> NetMeeting 23.10.2003 17:46 <DIR> New Generation Software 05.12.2001 08:20 <DIR> Online Services 05.12.2001 08:22 <DIR> Online-Dienste 25.04.2006 03:01 <DIR> Outlook Express 05.12.2001 09:14 <DIR> PCI Audio Applications 24.04.2006 19:42 <DIR> QuickTime 07.05.2004 16:04 <DIR> Railroad Tycoon 3 12.11.2005 10:43 <DIR> Red Orb 08.01.2004 19:31 <DIR> Saitek 20.10.2006 20:20 <DIR> SpywareHeal 01.08.2002 13:52 <DIR> SSI 20.10.2006 06:37 <DIR> TBONBin 07.05.2004 16:04 <DIR> The Playa 05.01.2006 23:48 <DIR> thriXXX 02.09.2004 18:16 <DIR> TriNodE 16.12.2004 20:23 <DIR> Ubisoft 19.12.2005 22:08 <DIR> Uninstall Information 19.10.2006 23:28 <DIR> VideoCompressionCodec 13.02.2006 20:36 <DIR> Wanadoo Edition 05.06.2004 13:36 <DIR> Wanted Guns 17.02.2006 19:53 <DIR> Windows Media Player 02.11.2004 21:18 <DIR> Windows NT 24.06.2006 15:45 <DIR> WinRAR 05.12.2001 08:24 <DIR> xerox 26.06.2004 08:41 <DIR> Zero G Registry 1 Datei(en) 21 Bytes 86 Verzeichnis(se), 5'068'394'496 Bytes frei Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\Dokumente und Einstellungen\Oliver Bucher\Lokale Einstellungen\Anwendungsdaten 04.06.2005 16:29 <DIR> ACDSee 24.04.2006 22:38 <DIR> Apple Computer 18.10.2006 22:00 102'400 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 29.05.2006 21:19 63'880 GDIPFONTCACHEV1.DAT 23.08.2006 22:48 <DIR> Google 08.02.2004 22:31 <DIR> Help 09.01.2002 19:33 <DIR> Identities 10.01.2005 22:34 <DIR> IM 03.09.2006 19:36 <DIR> Microsoft 2 Datei(en) 166'280 Bytes 7 Verzeichnis(se), 5'068'394'496 Bytes frei Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\Dokumente und Einstellungen\Oliver Bucher\Anwendungsdaten 20.10.2006 21:28 <DIR> . 20.10.2006 21:28 <DIR> .. 04.06.2005 16:29 <DIR> ACD Systems 06.12.2001 04:29 <DIR> Adobe 24.04.2006 19:42 <DIR> Apple Computer 08.05.2004 12:22 <DIR> Ascaron Entertainment 23.08.2006 22:48 <DIR> Google 08.02.2004 22:31 <DIR> Help 05.12.2001 08:24 <DIR> Identities 06.12.2001 04:29 <DIR> InterTrust 06.12.2001 06:26 <DIR> InterVideo 20.10.2006 17:43 <DIR> Lavasoft 06.08.2005 12:01 <DIR> Macromedia 06.12.2001 06:37 <DIR> Microsoft Web Folders 17.07.2005 12:28 <DIR> MSN6 0 Datei(en) 0 Bytes 15 Verzeichnis(se), 5'068'394'496 Bytes frei Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\Dokumente und Einstellungen\All Users\Anwendungsdaten 20.05.2006 15:24 305 addr_file.html 23.10.2006 06:37 <DIR> AntiVir PersonalEdition Classic 24.04.2006 19:39 <DIR> Apple Computer 06.12.2001 06:25 <DIR> InterVideo 09.01.2002 22:44 <DIR> MSN6 05.12.2001 08:31 <DIR> SBSI 20.10.2006 00:02 <DIR> WinAntiVirus Pro 2006 29.06.2006 19:53 <DIR> Windows Genuine Advantage 1 Datei(en) 305 Bytes 7 Verzeichnis(se), 5'068'394'496 Bytes frei Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\Programme\Gemeinsame Dateien 20.10.2006 19:23 <DIR> . 20.10.2006 19:23 <DIR> .. 12.12.2005 20:49 <DIR> ACD Systems 07.12.2001 19:50 <DIR> Adobe 06.12.2001 06:41 <DIR> Designer 05.12.2001 08:22 <DIR> Dienste 03.11.2003 20:15 <DIR> InstallShield 26.07.2006 16:59 <DIR> Labtec 03.09.2006 19:34 <DIR> Microsoft Shared 05.12.2001 08:21 <DIR> MSSoap 05.12.2001 08:15 <DIR> SpeechEngines 25.04.2006 03:01 <DIR> System 0 Datei(en) 0 Bytes 12 Verzeichnis(se), 5'068'390'400 Bytes frei Datentrger in Laufwerk C: ist BOOT Volumeseriennummer: 409F-65E4 Verzeichnis von C:\Windows\tasks |
|
|
|
|
|
|
24.10.2006, 10:43
Ehrenmitglied
Beiträge: 29434 |
#4
1.
Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat registry keys to delete:Klicke die grne Ampel das Script wird nun ausgefhrt, dann wird der PC automatisch neustarten poste das log vom avenger, was nach neustart erscheint 2. ffne das HijackThis -- Button "scan" -- vor diese Eintrge Hkchen setzen -- Button "Fix checked" -- PC neustarten Zitat O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Programme\VideoCompressionCodec\isaddon.dll3, scanne mit smitfraudfix (option 1 und 2 ) http://virus-protect.org/artikel/tools/smitfrautfix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
24.10.2006, 18:53
...neu hier
Themenstarter Beiträge: 9 |
#5
Logfile of The Avenger version 1, by Swandog46
Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\brpjgaae ******************* Script file located at: \??\C:\suaokfbq.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf_hk Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vspf Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FWSvc not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FWSvc failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FWSvc Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FWSvc not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FWSvc failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FWSvc Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FWSvc not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FWSvc failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FWSvc Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FWSVC not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FWSVC failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FWSVC Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_FWSVC not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_FWSVC failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_FWSVC Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FWSVC not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FWSVC failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FWSVC Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FOPN not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FOPN failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FOPN Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FOPN not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FOPN failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FOPN Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FOPN not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FOPN failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FOPN Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN Status: 0xc0000034 File C:\WINDOWS\system32\drivers\vspf5.sys not found! Deletion of file C:\WINDOWS\system32\drivers\vspf5.sys failed! Could not process line: C:\WINDOWS\system32\drivers\vspf5.sys Status: 0xc0000034 File C:\WINDOWS\system32\drivers\vspf_hk5.sys not found! Deletion of file C:\WINDOWS\system32\drivers\vspf_hk5.sys failed! Could not process line: C:\WINDOWS\system32\drivers\vspf_hk5.sys Status: 0xc0000034 File C:\WINDOWS\system32\drivers\fopn.sys not found! Deletion of file C:\WINDOWS\system32\drivers\fopn.sys failed! Could not process line: C:\WINDOWS\system32\drivers\fopn.sys Status: 0xc0000034 File C:\WINDOWS\system32\av.cpl not found! Deletion of file C:\WINDOWS\system32\av.cpl failed! Could not process line: C:\WINDOWS\system32\av.cpl Status: 0xc0000034 File C:\WINDOWS\Downloaded Program Files\WebCleaner.dll not found! Deletion of file C:\WINDOWS\Downloaded Program Files\WebCleaner.dll failed! Could not process line: C:\WINDOWS\Downloaded Program Files\WebCleaner.dll Status: 0xc0000034 File C:\WINDOWS\Downloaded Program Files\WebCleaner.inf not found! Deletion of file C:\WINDOWS\Downloaded Program Files\WebCleaner.inf failed! Could not process line: C:\WINDOWS\Downloaded Program Files\WebCleaner.inf Status: 0xc0000034 File C:\WINDOWS\system32\stera.log not found! Deletion of file C:\WINDOWS\system32\stera.log failed! Could not process line: C:\WINDOWS\system32\stera.log Status: 0xc0000034 File C:\WINDOWS\system32\atl71.dll not found! Deletion of file C:\WINDOWS\system32\atl71.dll failed! Could not process line: C:\WINDOWS\system32\atl71.dll Status: 0xc0000034 File C:\WINDOWS\system32\SpOrder.dll not found! Deletion of file C:\WINDOWS\system32\SpOrder.dll failed! Could not process line: C:\WINDOWS\system32\SpOrder.dll Status: 0xc0000034 File C:\WINDOWS\system32\stera.exe not found! Deletion of file C:\WINDOWS\system32\stera.exe failed! Could not process line: C:\WINDOWS\system32\stera.exe Status: 0xc0000034 File C:\WINDOWS\system32\msvcp71.dll not found! Deletion of file C:\WINDOWS\system32\msvcp71.dll failed! Could not process line: C:\WINDOWS\system32\msvcp71.dll Status: 0xc0000034 File C:\WINDOWS\system32\msvcr71.dll not found! Deletion of file C:\WINDOWS\system32\msvcr71.dll failed! Could not process line: C:\WINDOWS\system32\msvcr71.dll Status: 0xc0000034 File C:\WINDOWS\system32\mfc71.dll not found! Deletion of file C:\WINDOWS\system32\mfc71.dll failed! Could not process line: C:\WINDOWS\system32\mfc71.dll Status: 0xc0000034 File C:\WINDOWS\WinMuschi.exe not found! Deletion of file C:\WINDOWS\WinMuschi.exe failed! Could not process line: C:\WINDOWS\WinMuschi.exe Status: 0xc0000034 Folder C:\Programme\WinAntiVirus Pro 2006 not found! Deletion of folder C:\Programme\WinAntiVirus Pro 2006 failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006 Status: 0xc0000034 Folder C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006 not found! Deletion of folder C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006 failed! Could not process line: C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006 Status: 0xc0000034 Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinAntiVirus Pro 2006 not found! Deletion of folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinAntiVirus Pro 2006 failed! Could not process line: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinAntiVirus Pro 2006 Status: 0xc0000034 Folder c:\programme\Webdialer not found! Deletion of folder c:\programme\Webdialer failed! Could not process line: c:\programme\Webdialer Status: 0xc0000034 Folder C:\Programme\VideoCompressionCodec not found! Deletion of folder C:\Programme\VideoCompressionCodec failed! Could not process line: C:\Programme\VideoCompressionCodec Status: 0xc0000034 Folder C:\Programme\SpywareHeal not found! Deletion of folder C:\Programme\SpywareHeal failed! Could not process line: C:\Programme\SpywareHeal Status: 0xc0000034 Folder C:\Programme\Need2Find not found! Deletion of folder C:\Programme\Need2Find failed! Could not process line: C:\Programme\Need2Find Status: 0xc0000034 Folder C:\Programme\TBONBin not found! Deletion of folder C:\Programme\TBONBin failed! Could not process line: C:\Programme\TBONBin Status: 0xc0000034 Folder C:\Program Files\Altnet not found! Deletion of folder C:\Program Files\Altnet failed! Could not process line: C:\Program Files\Altnet Status: 0xc0000034 Folder C:\Program Files\PestTrap not found! Deletion of folder C:\Program Files\PestTrap failed! Could not process line: C:\Program Files\PestTrap Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiVirus Pro 2006 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiVirus Pro 2006 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\WinAntiVirus Pro 2006 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\WinAntiVirus Pro 2006 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SupportUninstall\WinAntiVirus Pro 2006 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\SupportUninstall\WinAntiVirus Pro 2006 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B646F5E2-0A48-421d-AC91-F96C92BFC17A} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B646F5E2-0A48-421d-AC91-F96C92BFC17A} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E69F0D6A-1C69-4A04-8709-5EAC2019D9BE} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E69F0D6A-1C69-4A04-8709-5EAC2019D9BE} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5141620-C2B2-4d95-9F0F-134D99C87AB0} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5141620-C2B2-4d95-9F0F-134D99C87AB0} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0903FECD-7F7A-4790-A819-A3CE08416732} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0903FECD-7F7A-4790-A819-A3CE08416732} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85C99188-BEFD-4c61-A54B-5D7CB0204C1E} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85C99188-BEFD-4c61-A54B-5D7CB0204C1E} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B32FE740-8B67-409A-BCA8-3297263C354E} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B32FE740-8B67-409A-BCA8-3297263C354E} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC0B8EB8-AE24-4FD6-B479-E2B464F32DA6} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC0B8EB8-AE24-4FD6-B479-E2B464F32DA6} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} not found! Deletion of registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d869742a-e5d2-4624-96c7-aae26170665e} not found! Deletion of registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d869742a-e5d2-4624-96c7-aae26170665e} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfa61db1-388e-4c87-8d56-540fa229bcb4} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44d22a64-2399-4edf-8b32-f2c729c1e8a7} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44d22a64-2399-4edf-8b32-f2c729c1e8a7} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d869742a-e5d2-4624-96c7-aae26170665e} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d869742a-e5d2-4624-96c7-aae26170665e} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VideoCompressionCodec not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VideoCompressionCodec failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. Smitfraudfix funktioniert nicht. Es steht immer process.exe missing Dieser Beitrag wurde am 24.10.2006 um 19:02 Uhr von OliB editiert.
|
|
|
|
|
|
|
25.10.2006, 00:09
Ehrenmitglied
Beiträge: 29434 |
#6
scanne mit panda (online) und post den report
http://virus-protect.org/multiavtool.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
25.10.2006, 20:44
...neu hier
Themenstarter Beiträge: 9 |
#7
Sophos Anti-Virus
>>> Virus 'Mal/Packer' found in file C:\avenger\backup-24.10.2006-18.53.49.92.zip\avenger/TBONBin/tbon.exe >>> Virus 'Mal/Packer' found in file C:\avenger\backup-24.10.2006-18.53.49.92.zip\avenger/TBONBin/Uninstall.exe >>> Virus 'Troj/Zlobie-Gen' found in file C:\avenger\backup-24.10.2006-18.53.49.92.zip\avenger/VideoCompressionCodec/iesplugin.dll >>> Virus 'Troj/Zlobun-Gen' found in file C:\avenger\backup-24.10.2006-18.53.49.92.zip\avenger/VideoCompressionCodec/iesuninst.exe >>> Virus 'Mal/Packer' found in file C:\avenger\backup-24.10.2006-18.53.49.92.zip\avenger/VideoCompressionCodec/pmmon.exe >>> Virus 'Mal/Packer' found in file C:\avenger\backup-24.10.2006-18.53.49.92.zip\avenger/VideoCompressionCodec/pmsngr.exe Removal successful Could not open C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Could not open C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Could not open C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Could not open C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Aborted checking C:\Dokumente und Einstellungen\Oliver Bucher\Lokale Einstellungen\Anwendungsdaten\Identities\{AC8825EF-A678-4E67-8750-3DCF2C46CFAD}\Microsoft\Outlook Express\Posteingang.dbx - appears to be a 'zip bomb' Could not open C:\Dokumente und Einstellungen\Oliver Bucher\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\grossmeistero@msn.com\SharingMetadata\pending.dat Could not open C:\Dokumente und Einstellungen\Oliver Bucher\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\grossmeistero@msn.com\SharingMetadata\Working\database_FC40_9FA6_409F_65E4\dfsr.db Could not open C:\Dokumente und Einstellungen\Oliver Bucher\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\grossmeistero@msn.com\SharingMetadata\Working\database_FC40_9FA6_409F_65E4\fsr.log Could not open C:\Dokumente und Einstellungen\Oliver Bucher\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\grossmeistero@msn.com\SharingMetadata\Working\database_FC40_9FA6_409F_65E4\fsrtmp.log Could not open C:\Dokumente und Einstellungen\Oliver Bucher\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\grossmeistero@msn.com\SharingMetadata\Working\database_FC40_9FA6_409F_65E4\tmp.edb Could not open C:\Dokumente und Einstellungen\Oliver Bucher\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Could not open C:\Dokumente und Einstellungen\Oliver Bucher\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Could not open C:\Dokumente und Einstellungen\Oliver Bucher\Lokale Einstellungen\Temp\~DF7D7D.tmp Could not open C:\Dokumente und Einstellungen\Oliver Bucher\Lokale Einstellungen\Temp\~DF8055.tmp Could not open C:\Dokumente und Einstellungen\Oliver Bucher\Lokale Einstellungen\Temp\~DF9F95.tmp Could not open C:\Dokumente und Einstellungen\Oliver Bucher\Lokale Einstellungen\Temp\~DF9FBD.tmp Could not open C:\hiberfil.sys Password protected file C:\Programme\Dark Quiz\DarkQuiz.zip\DarkQuiz.dba Password protected file C:\Programme\Dark Quiz\DarkQuiz.zip\comment Aborted checking C:\Programme\FantasticTV\Skispringen Saison 2003-2004\Pak.pak - appears to be a 'zip bomb' Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow1.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow2.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bck1.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt11.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt12.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt13.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt21.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt22.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt23.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt31.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt32.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt33.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt41.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt42.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt43.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt51.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt52.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt53.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt61.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt62.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox1.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox2.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox3.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox4.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn1.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn2.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn3.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph1.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph2.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph3.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph4.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph5.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph6.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph7.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\main.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\preview.bmp Password protected file C:\Programme\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\sprite1.bmp Aborted checking C:\Programme\Wanadoo Edition\Robin Hood - Die Legende von Sherwood\DATA\robinhood.bks - appears to be a 'zip bomb' >>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{6BFECE8F-D6A2-4989-840C-BEC4913CF5D7}\RP538\A0054556.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{6BFECE8F-D6A2-4989-840C-BEC4913CF5D7}\RP538\A0054557.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{6BFECE8F-D6A2-4989-840C-BEC4913CF5D7}\RP538\A0054615.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{6BFECE8F-D6A2-4989-840C-BEC4913CF5D7}\RP538\A0054617.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{6BFECE8F-D6A2-4989-840C-BEC4913CF5D7}\RP538\A0054627.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{6BFECE8F-D6A2-4989-840C-BEC4913CF5D7}\RP538\A0054629.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{6BFECE8F-D6A2-4989-840C-BEC4913CF5D7}\RP538\A0054668.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{6BFECE8F-D6A2-4989-840C-BEC4913CF5D7}\RP538\A0054671.exe Removal successful >>> Virus 'Troj/Zlobie-Gen' found in file C:\System Volume Information\_restore{6BFECE8F-D6A2-4989-840C-BEC4913CF5D7}\RP538\A0054672.dll Removal successful >>> Virus 'Troj/Zlobun-Gen' found in file C:\System Volume Information\_restore{6BFECE8F-D6A2-4989-840C-BEC4913CF5D7}\RP538\A0054673.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{6BFECE8F-D6A2-4989-840C-BEC4913CF5D7}\RP538\A0054679.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{6BFECE8F-D6A2-4989-840C-BEC4913CF5D7}\RP538\A0054680.exe Removal successful Could not check C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\mshtml.dll (virus scan failed) Could not open C:\WINDOWS\SoftwareDistribution\EventCache\{AAA76AD9-91D5-4346-8231-70972BA93C19}.bin Could not open C:\WINDOWS\system32\config\system.LOG 1 master boot record swept. 122067 files swept in 2 hours, 38 minutes and 47 seconds. 62 errors were encountered. 18 viruses were discovered. 13 files out of 122067 were infected. Please send infected samples to Sophos for analysis. For advice consult www.sophos.com, email support@sophos.com or telephone +44 1235 559933 40 encrypted files were not checked. Ending Sophos Anti-Virus. /--------------------------------------------------------------\ | Trend Micro System Cleaner | | Copyright 2006, Trend Micro, Inc. | | http://www.antivirus.com | \--------------------------------------------------------------/ 2006-10-25, 20:49:59, Auto-clean mode specified. 2006-10-25, 20:49:59, Running scanner "c:\AV-CLS\Trend\TSC.BIN"... 2006-10-25, 20:50:20, Scanner "c:\AV-CLS\Trend\TSC.BIN" has finished running. 2006-10-25, 20:50:20, TSC Log: Damage Cleanup Engine (DCE) 3.98(Build 1012) Windows XP(Build 2600: Service Pack 2) Start time : Mi Okt 25 2006 20:50:00 Load Damage Cleanup Template (DCT) "c:\AV-CLS\Trend\tsc.ptn" (version 800) [success] Complete time : Mi Okt 25 2006 20:50:20 Execute pattern count(2966), Virus found count(0), Virus clean count(0), Clean failed count(0) 2006-10-25, 20:52:33, An error was detected on "C:\System Volume Information\*.*": Zugriff verweigert 2006-10-25, 20:52:54, An error was detected on "D:\System Volume Information\*.*": Zugriff verweigert 2006-10-25, 21:51:14, Files Detected: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 10/25/2006 20:52:54 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 877 (138478 Patterns) (2006/10/24) (387700) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend 113211 files have been read. 113211 files have been checked. 86266 files have been scanned. 138559 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 10/25/2006 21:51:13 ---------*---------*---------*---------*---------*---------*---------*---------* 2006-10-25, 21:51:15, Files Clean: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 10/25/2006 20:52:54 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 877 (138478 Patterns) (2006/10/24) (387700) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend 113211 files have been read. 113211 files have been checked. 86266 files have been scanned. 138559 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 10/25/2006 21:51:13 58 minutes 11 seconds (3491.23 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2006-10-25, 21:51:15, Clean Fail: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 10/25/2006 20:52:54 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 877 (138478 Patterns) (2006/10/24) (387700) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=c:\AV-CLS\Trend 113211 files have been read. 113211 files have been checked. 86266 files have been scanned. 138559 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 10/25/2006 21:51:13 58 minutes 11 seconds (3491.23 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2006-10-25, 21:51:15, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running. 2006-10-25, 21:54:23, Files Detected: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 10/25/2006 21:51:20 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 877 (138478 Patterns) (2006/10/24) (387700) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=c:\AV-CLS\Trend 2487 files have been read. 2487 files have been checked. 2040 files have been scanned. 22040 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 10/25/2006 21:54:23 ---------*---------*---------*---------*---------*---------*---------*---------* 2006-10-25, 21:54:23, Files Clean: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 10/25/2006 21:51:20 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 877 (138478 Patterns) (2006/10/24) (387700) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=c:\AV-CLS\Trend 2487 files have been read. 2487 files have been checked. 2040 files have been scanned. 22040 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 10/25/2006 21:54:23 3 minutes 1 second (180.25 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2006-10-25, 21:54:23, Clean Fail: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 10/25/2006 21:51:20 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 877 (138478 Patterns) (2006/10/24) (387700) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=c:\AV-CLS\Trend 2487 files have been read. 2487 files have been checked. 2040 files have been scanned. 22040 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 10/25/2006 21:54:23 3 minutes 1 second (180.25 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2006-10-25, 21:54:23, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running. 2006-10-25, 21:54:27, Files Detected: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 10/25/2006 21:54:25 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 877 (138478 Patterns) (2006/10/24) (387700) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=c:\AV-CLS\Trend 61 files have been read. 61 files have been checked. 59 files have been scanned. 59 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 10/25/2006 21:54:27 ---------*---------*---------*---------*---------*---------*---------*---------* 2006-10-25, 21:54:27, Files Clean: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 10/25/2006 21:54:25 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 877 (138478 Patterns) (2006/10/24) (387700) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=c:\AV-CLS\Trend 61 files have been read. 61 files have been checked. 59 files have been scanned. 59 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 10/25/2006 21:54:27 1 second (1.31 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2006-10-25, 21:54:27, Clean Fail: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 10/25/2006 21:54:25 VSAPI Engine Version : 8.000-1001 VSCANTM Version : 1.1-1001 Virus Pattern Version : 877 (138478 Patterns) (2006/10/24) (387700) Command Line: c:\AV-CLS\Trend\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=c:\AV-CLS\Trend 61 files have been read. 61 files have been checked. 59 files have been scanned. 59 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 10/25/2006 21:54:27 1 second (1.31 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2006-10-25, 21:54:27, Scanner "c:\AV-CLS\Trend\VSCANTM.BIN" has finished running. Dieser Beitrag wurde am 25.10.2006 um 21:56 Uhr von OliB editiert.
|
|
|
|
|
|
|
25.10.2006, 23:12
Ehrenmitglied
Beiträge: 29434 |
#8
loesche alle backups vom avenger, falls sie noch vorhanden sind:
C:\avenger\backup-24.10.2006-18.53.49.92.zip dann poste das neue log vom hijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
26.10.2006, 06:05
...neu hier
Themenstarter Beiträge: 9 |
#9
Logfile of HijackThis v1.99.1
Scan saved at 06:05:49, on 26.10.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\svchost.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Mixer.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\QuickTime\qttask.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Logitech\Video\LogiTray.exe C:\Programme\MSN Messenger\MsnMsgr.Exe C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe C:\WINDOWS\system32\LVComS.exe C:\Dokumente und Einstellungen\Oliver Bucher\Eigene Dateien\Privat\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bluewin.ch/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bluewin.ch/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de-ch\msntb.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {8699D723-6DC6-47D3-B55C-489BA006B917} - http://213.69.158.80/payball/kramkiste/webinstall.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe |
|
|
|
|
|
|
26.10.2006, 10:41
Ehrenmitglied
Beiträge: 29434 |
#10
das sieht schon bedeutend besser aus
 scanne mit ewido (online) und poste den scanreport http://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
26.10.2006, 19:53
...neu hier
Themenstarter Beiträge: 9 |
#11
__________________________________________________
ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.Planetactive Path: C:\Dokumente und Einstellungen\Oliver Bucher\Cookies\oliver bucher@ads.planetactive[2].txt Risk: Medium Name: TrackingCookie.Advertising Path: C:\Dokumente und Einstellungen\Oliver Bucher\Cookies\oliver bucher@advertising[1].txt Risk: Medium Name: TrackingCookie.Falkag Path: C:\Dokumente und Einstellungen\Oliver Bucher\Cookies\oliver bucher@as1.falkag[1].txt Risk: Medium Name: TrackingCookie.Atdmt Path: C:\Dokumente und Einstellungen\Oliver Bucher\Cookies\oliver bucher@atdmt[2].txt Risk: Medium Name: TrackingCookie.Bestoffersnetworks Path: C:\Dokumente und Einstellungen\Oliver Bucher\Cookies\oliver bucher@bestoffersnetworks[2].txt Risk: Medium Name: TrackingCookie.Casalemedia Path: C:\Dokumente und Einstellungen\Oliver Bucher\Cookies\oliver bucher@casalemedia[1].txt Risk: Medium Name: TrackingCookie.Cliks Path: C:\Dokumente und Einstellungen\Oliver Bucher\Cookies\oliver bucher@cliks[2].txt Risk: Medium Name: TrackingCookie.Sextracker Path: C:\Dokumente und Einstellungen\Oliver Bucher\Cookies\oliver bucher@counter10.sextracker[1].txt Risk: Medium Name: TrackingCookie.Sextracker Path: C:\Dokumente und Einstellungen\Oliver Bucher\Cookies\oliver bucher@counter11.sextracker[1].txt Risk: Medium Name: TrackingCookie.Sextracker Path: C:\Dokumente und Einstellungen\Oliver Bucher\Cookies\oliver bucher@counter15.sextracker[1].txt Risk: Medium Name: TrackingCookie.Sextracker Path: C:\Dokumente und Einstellungen\Oliver Bucher\Cookies\oliver bucher@counter2.sextracker[1].txt Risk: Medium Name: TrackingCookie.Sextracker Path: C:\Dokumente und Einstellungen\Oliver Bucher\Cookies\oliver bucher@counter5.sextracker[1].txt Risk: Medium Name: TrackingCookie.Sextracker Path: C:\Dokumente und Einstellungen\Oliver Bucher\Cookies\oliver bucher@counter6.sextracker[2].txt Risk: Medium Name: TrackingCookie.Sextracker Path: C:\Dokumente und Einstellungen\Oliver Bucher\Cookies\oliver bucher@counter7.sextracker[1].txt Risk: Medium Name: TrackingCookie.Sexcounter Path: C:\Dokumente und Einstellungen\Oliver Bucher\Cookies\oliver bucher@cs.sexcounter[2].txt Risk: Medium Name: TrackingCookie.Clickzs Path: C:\Dokumente und Einstellungen\Oliver Bucher\Cookies\oliver bucher@cz11.clickzs[2].txt Risk: Medium Name: TrackingCookie.Doubleclick Path: C:\Dokumente und Einstellungen\Oliver Bucher\Cookies\oliver bucher@doubleclick[1].txt Risk: Medium Name: TrackingCookie.Fastclick Path: C:\Dokumente und Einstellungen\Oliver Bucher\Cookies\oliver bucher@fastclick[1].txt Risk: Medium Name: TrackingCookie.Masterstats Path: C:\Dokumente und Einstellungen\Oliver Bucher\Cookies\oliver bucher@image.masterstats[1].txt Risk: Medium Name: TrackingCookie.Fastclick Path: C:\Dokumente und Einstellungen\Oliver Bucher\Cookies\oliver bucher@media.fastclick[2].txt Risk: Medium Name: TrackingCookie.Mediaplex Path: C:\Dokumente und Einstellungen\Oliver Bucher\Cookies\oliver bucher@mediaplex[1].txt Risk: Medium Name: TrackingCookie.Sexlist Path: C:\Dokumente und Einstellungen\Oliver Bucher\Cookies\oliver bucher@sexlist[2].txt Risk: Medium Name: TrackingCookie.Sextracker Path: C:\Dokumente und Einstellungen\Oliver Bucher\Cookies\oliver bucher@sextracker[1].txt Risk: Medium Name: TrackingCookie.Reliablestats Path: C:\Dokumente und Einstellungen\Oliver Bucher\Cookies\oliver bucher@stats1.reliablestats[1].txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: C:\Dokumente und Einstellungen\Oliver Bucher\Cookies\oliver bucher@tribalfusion[2].txt Risk: Medium Name: TrackingCookie.Clickzs Path: C:\Dokumente und Einstellungen\Oliver Bucher\Cookies\oliver bucher@vip.clickzs[2].txt Risk: Medium Name: TrackingCookie.Clickzs Path: C:\Dokumente und Einstellungen\Oliver Bucher\Cookies\oliver bucher@vip2.clickzs[2].txt Risk: Medium Name: TrackingCookie.Xxxcounter Path: C:\Dokumente und Einstellungen\Oliver Bucher\Cookies\oliver bucher@xxxcounter[2].txt Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{131706D3-7294-4EDC-BA4B-5290BAB9FB36} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{241D6A46-E756-47C2-A95D-CB63313A5FAB} Risk: Medium Name: Adware.SpywareHeal Path: HKLM\SOFTWARE\Classes\Interface\{2E0ED423-67B0-4C73-BADB-57D673A92E92} Risk: Medium Name: Adware.SpywareHeal Path: HKLM\SOFTWARE\Classes\Interface\{41417555-4052-47C1-A7DF-C5A2B869F98E} Risk: Medium Name: Adware.SpywareHeal Path: HKLM\SOFTWARE\Classes\Interface\{4AE0048E-4C88-43DE-BBCC-2530A2C24634} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{544F9A30-7A37-4E83-95BF-704131C6B928} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{58F394DC-8F9C-41AF-99A8-0C5DBD830512} Risk: Medium Name: Adware.SpywareHeal Path: HKLM\SOFTWARE\Classes\Interface\{6D8D02FB-2877-40CF-8325-B6FFEC0811DA} Risk: Medium Name: Adware.SpywareHeal Path: HKLM\SOFTWARE\Classes\Interface\{7FB0A17F-60E7-47C6-BBF8-00A0427CF8EF} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{85953437-B661-4DC1-98A6-FC7005B710FC} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{87664F4C-697D-437E-BF90-2FD7C6C0B04C} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{984281D2-E2E0-442D-A2DD-88638F2CE04C} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{9D5ADF27-B3F9-493D-A15E-AB019B9FD18B} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{9DE6DA81-E460-4E25-937D-A3EE1E6FCA27} Risk: Medium Name: Adware.SpywareHeal Path: HKLM\SOFTWARE\Classes\Interface\{EF215DAD-8E52-4C75-B779-5093B3855E79} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\Interface\{EF884BC1-EE64-4E8B-AE3D-84037A0D1606} Risk: Medium Name: Adware.Generic Path: HKLM\SOFTWARE\Classes\TypeLib\{2A762197-1159-441E-BE28-4160C5494A66} Risk: Medium Name: Dialer.Generic Path: HKLM\SOFTWARE\MainPean Highspeed Risk: High Name: Adware.IntCodec Path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On Risk: Medium Name: Adware.IntCodec Path: HKU\S-1-5-21-4189850523-3402799377-1653462319-1005\Software\Internet Security Risk: Medium Name: Adware.WinAntiVirus Path: HKU\S-1-5-21-4189850523-3402799377-1653462319-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} Risk: Medium Name: Trojan.Small Path: HKU\S-1-5-21-4189850523-3402799377-1653462319-1005\Software\Classes\CLSID\{64ba30a2-811a-4597-b0af-d551128be340} Risk: High Name: Trojan.Small Path: HKU\S-1-5-21-4189850523-3402799377-1653462319-1005_Classes\CLSID\{64ba30a2-811a-4597-b0af-d551128be340} Risk: High Name: Not-A-Virus.Downloader.Win32.ImLoader.c Path: C:\Dokumente und Einstellungen\Oliver Bucher\Eigene Dateien\My Received Files\incredimail_install.exe Risk: Low Name: Not-A-Virus.Hoax.Win32.Renos.fp Path: C:\System Volume Information\_restore{6BFECE8F-D6A2-4989-840C-BEC4913CF5D7}\RP538\A0054554.dll Risk: Low Name: Not-A-Virus.Hoax.Win32.Renos.fp Path: C:\System Volume Information\_restore{6BFECE8F-D6A2-4989-840C-BEC4913CF5D7}\RP538\A0054614.dll Risk: Low Name: Not-A-Virus.Hoax.Win32.Renos.fp Path: C:\System Volume Information\_restore{6BFECE8F-D6A2-4989-840C-BEC4913CF5D7}\RP538\A0054626.dll Risk: Low Name: Adware.Spysheriff Path: C:\System Volume Information\_restore{6BFECE8F-D6A2-4989-840C-BEC4913CF5D7}\RP538\A0054663.exe Risk: Medium Name: Adware.WinAntiVirus Path: C:\System Volume Information\_restore{6BFECE8F-D6A2-4989-840C-BEC4913CF5D7}\RP538\A0054664.dll Risk: Medium Name: Adware.SpywareHeal Path: C:\System Volume Information\_restore{6BFECE8F-D6A2-4989-840C-BEC4913CF5D7}\RP538\A0054665.exe Risk: Medium Name: Not-A-Virus.Hoax.Win32.Renos.fp Path: C:\System Volume Information\_restore{6BFECE8F-D6A2-4989-840C-BEC4913CF5D7}\RP538\A0054674.dll Risk: Low Name: Trojan.Small Path: C:\WINDOWS\system32\1024 Risk: High |
|
|
|
|
|
|
26.10.2006, 20:03
Ehrenmitglied
Beiträge: 29434 |
#12
A venger
Zitat registry keys to delete:poste den report vom avenger __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
26.10.2006, 20:54
...neu hier
Themenstarter Beiträge: 9 |
#13
Logfile of The Avenger version 1, by Swandog46
Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\geblyogv ******************* Script file located at: \??\C:\Documents and Settings\cimefaol.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Folder C:\WINDOWS\system32\1024 not found! Deletion of folder C:\WINDOWS\system32\1024 failed! Could not process line: C:\WINDOWS\system32\1024 Status: 0xc0000034 Registry key HKLM\SOFTWARE\Classes\Interface\{131706D3-7294-4EDC-BA4B-5290BAB9FB36} not found! Deletion of registry key HKLM\SOFTWARE\Classes\Interface\{131706D3-7294-4EDC-BA4B-5290BAB9FB36} failed! Status: 0xc0000034 Registry key HKLM\SOFTWARE\Classes\Interface\{241D6A46-E756-47C2-A95D-CB63313A5FAB} not found! Deletion of registry key HKLM\SOFTWARE\Classes\Interface\{241D6A46-E756-47C2-A95D-CB63313A5FAB} failed! Status: 0xc0000034 Registry key HKLM\SOFTWARE\Classes\Interface\{2E0ED423-67B0-4C73-BADB-57D673A92E92} not found! Deletion of registry key HKLM\SOFTWARE\Classes\Interface\{2E0ED423-67B0-4C73-BADB-57D673A92E92} failed! Status: 0xc0000034 Registry key HKLM\SOFTWARE\Classes\Interface\{41417555-4052-47C1-A7DF-C5A2B869F98E} not found! Deletion of registry key HKLM\SOFTWARE\Classes\Interface\{41417555-4052-47C1-A7DF-C5A2B869F98E} failed! Status: 0xc0000034 Registry key HKLM\SOFTWARE\Classes\Interface\{4AE0048E-4C88-43DE-BBCC-2530A2C24634} not found! Deletion of registry key HKLM\SOFTWARE\Classes\Interface\{4AE0048E-4C88-43DE-BBCC-2530A2C24634} failed! Status: 0xc0000034 Registry key HKLM\SOFTWARE\Classes\Interface\{544F9A30-7A37-4E83-95BF-704131C6B928} not found! Deletion of registry key HKLM\SOFTWARE\Classes\Interface\{544F9A30-7A37-4E83-95BF-704131C6B928} failed! Status: 0xc0000034 Registry key HKLM\SOFTWARE\MainPean Highspeed not found! Deletion of registry key HKLM\SOFTWARE\MainPean Highspeed failed! Status: 0xc0000034 Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On not found! Deletion of registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On failed! Status: 0xc0000034 Registry key HKU\S-1-5-21-4189850523-3402799377-1653462319-1005\Software\Internet Security not found! Deletion of registry key HKU\S-1-5-21-4189850523-3402799377-1653462319-1005\Software\Internet Security failed! Status: 0xc0000034 Registry key HKU\S-1-5-21-4189850523-3402799377-1653462319-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} not found! Deletion of registry key HKU\S-1-5-21-4189850523-3402799377-1653462319-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} failed! Status: 0xc0000034 Registry key HKU\S-1-5-21-4189850523-3402799377-1653462319-1005_Classes\CLSID\{64ba30a2-811a-4597-b0af-d551128be340} not found! Deletion of registry key HKU\S-1-5-21-4189850523-3402799377-1653462319-1005_Classes\CLSID\{64ba30a2-811a-4597-b0af-d551128be340} failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. |
|
|
|
|
|
|
27.10.2006, 00:26
Ehrenmitglied
Beiträge: 29434 |
#14
Arbeitsplatz-->Rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Hkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
(dann wieder aktivieren) wenn schon smitfraudfix nicht geklappt hat...versuche es damit und poste den report http://virus-protect.org/artikel/tools/smitrem.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
30.10.2006, 17:02
...neu hier
Themenstarter Beiträge: 9 |
#15
smitRem log file
version 3.2 by noahdfear Microsoft Windows XP [Version 5.1.2600] "IE"="6.0000" Running from C:\Dokumente und Einstellungen\Oliver Bucher\Desktop\smitRem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Pre-run SharedTask Export (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright(C) 2006 BleepingComputer.com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{64ba30a2-811a-4597-b0af-d551128be340}"="AppManager" "{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Appinitdll check ........ Thank you Grinler! dumphive.exe (C)2000-2004 Markus Stephany REGEDIT4 [Windows] "AppInit_DLLs"="" "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ XP Firewall allowed access Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Programme\\emule\\emule.exe"="C:\\Programme\\emule\\emule.exe:*:Enabled:eMule" "C:\\Programme\\IncrediMail\\bin\\IMApp.exe"="C:\\Programme\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail" "C:\\Programme\\IncrediMail\\bin\\IncMail.exe"="C:\\Programme\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail" "C:\\Programme\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Programme\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail" "C:\\Programme\\EA GAMES\\MOHAA\\MOHAA.exe"="C:\\Programme\\EA GAMES\\MOHAA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)" "C:\\Programme\\Cyanide\\Radsport Manager 20042005\\Cym2004.exe"="C:\\Programme\\Cyanide\\Radsport Manager 20042005\\Cym2004.exe:*:Enabled:CyclingManager" "C:\\Programme\\EA GAMES\\MOHAA\\moh_spearhead.exe"="C:\\Programme\\EA GAMES\\MOHAA\\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault(tm) Spearhead" "C:\\Programme\\EA GAMES\\MOHAA\\moh_Breakthrough.exe"="C:\\Programme\\EA GAMES\\MOHAA\\moh_Breakthrough.exe:*:Enabled:Medal of Honor Allied Assault(tm) Breakthrough" "C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe:*:Enabled  2P Networking""C:\\Programme\\Kazaa\\kazaa.exe"="C:\\Programme\\Kazaa\\kazaa.exe:*:Enabled:Kazaa Media Desktop" "C:\\Programme\\iTunes\\iTunes.exe"="C:\\Programme\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Programme\\Cyanide\\GameCenter\\GameCenter.exe"="C:\\Programme\\Cyanide\\GameCenter\\GameCenter.exe:*:Enabled:GameCenter" "C:\\Programme\\Cyanide\\Radsport Manager Pro 2006\\PCM.exe"="C:\\Programme\\Cyanide\\Radsport Manager Pro 2006\\PCM.exe:*:Enabled  cm""C:\\Programme\\MSN Messenger\\msnmsgr.exe"="C:\\Programme\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0" "C:\\Programme\\MSN Messenger\\msncall.exe"="C:\\Programme\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Programme\\WinAntiVirus Pro 2006\\Updater.exe"="C:\\Programme\\WinAntiVirus Pro 2006\\Updater.exe:*:Enabled:updater.exe" "C:\\AV-CLS\\WGET.EXE"="C:\\AV-CLS\\WGET.EXE:*:Enabled:WGET.EXE" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! checking for WinHound.com key WinHound.com key not present! checking for drsmartload2 key drsmartload2 key not present! spyaxe uninstaller NOT present Winhound uninstaller NOT present SpywareStrike uninstaller NOT present AlfaCleaner uninstaller NOT present SpyFalcon uninstaller NOT present SpywareQuake uninstaller NOT present SpywareSheriff uninstaller NOT present Trust Cleaner uninstaller NOT present SpyHeal uninstaller NOT present VirusBurst uninstaller NOT present BraveSentry uninstaller NOT present AntiVermins uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ amcompat.tlb nscompat.tlb ~~~ Icons in System32 ~~~ ts.ico ot.ico ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 740 'explorer.exe' Starting registry repairs Registry repairs complete ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SharedTask Export after registry fix (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright(C) 2006 BleepingComputer.com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Deleting files ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! 
|
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Mein Problem ist, in der Taskbar unten rechts erscheint immer eine Warnung(gelbes Dreieck) ich habe einen Virus auf meinem PC und soll ein Programm downloaden um diesen zu beseitigen. Leider habe ich das auch gemacht, und seither habe ich WinAntiVirusPro 2006 drauf, und kriege es nicht weg. Desweiteren ffnet sich bei jedem Start des IE ein Fenster mit der Meldung: W32Myzor.FK@yf sei ein Troyaner und ich msse ihn entfernen. Automatisch ffnet sich auch safeiepage.com und nicht meine Startseite.
Hier die Logfiles:
Logfile of HijackThis v1.99.1
Scan saved at 18:47:01, on 23.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\VideoCompressionCodec\isamonitor.exe
C:\Programme\VideoCompressionCodec\pmsngr.exe
C:\WINDOWS\Mixer.exe
C:\Programme\VideoCompressionCodec\isamini.exe
C:\Programme\VideoCompressionCodec\pmmon.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\TBONBin\tbon.exe
C:\WINDOWS\system32\LVComS.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Outlook Express\msimn.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Oliver Bucher\Eigene Dateien\Privat\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bluewin.ch/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bluewin.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Programme\VideoCompressionCodec\isaddon.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\de-ch\msntb.dll (file missing)
O3 - Toolbar: Protection Bar - {8aed5df3-6e0b-4930-b1a5-f8aa8d757497} - C:\Programme\VideoCompressionCodec\iesplugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [uwa6pcw] "C:\Programme\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
O4 - HKCU\..\Run: [CFDStart] C:\WINDOWS\WinMuschi.exe -m
O4 - HKCU\..\Run: [5-4-65-82] c:\programme\Webdialer\5-4-65-82.exe -m
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [tbon] C:\Programme\TBONBin\tbon.exe /r
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {8699D723-6DC6-47D3-B55C-489BA006B917} - http://213.69.158.80/payball/kramkiste/webinstall.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - C:\WINDOWS\system32\dpfwu.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Programme\WinAntiVirus Pro 2006\FWSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Oliver Bucher - 06-10-23 19:16:48.67 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Dokumente und Einstellungen\Oliver Bucher\Eigene Dateien\Privat"
((((((((((((((((((((((((((((((( Files Created from 2006-09-23 to 2006-10-23 ))))))))))))))))))))))))))))))))))
2006-10-20 00:00 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2006-10-20 00:00 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2006-10-20 00:00 6,144 --a------ C:\WINDOWS\system32\stera.exe
2006-10-20 00:00 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-10-20 00:00 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-10-20 00:00 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-23 18:51 -------- d-------- C:\Programme\CleanUp!
2006-10-20 20:20 -------- d-------- C:\Programme\SpywareHeal
2006-10-20 19:23 -------- d-a------ C:\Programme\Gemeinsame Dateien
2006-10-20 19:23 -------- d-------- C:\Programme\Kazaa
2006-10-20 17:43 -------- d-------- C:\Programme\Lavasoft
2006-10-20 17:43 -------- d-------- C:\Dokumente und Einstellungen\Oliver Bucher\Anwendungsdaten\Lavasoft
2006-10-20 17:10 10 --a------ C:\WINDOWS\smdat32m.sys
2006-10-20 06:37 -------- d-------- C:\Programme\TBONBin
2006-10-19 23:28 -------- d-------- C:\Programme\VideoCompressionCodec
2006-09-16 13:32 -------- d-------- C:\Programme\AntiVir PersonalEdition Classic
2006-09-13 07:02 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-03 19:35 -------- d-------- C:\Programme\MSN Messenger
2006-09-03 19:34 -------- d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2006-08-25 17:46 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-23 22:48 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-08-23 22:48 -------- d-------- C:\Programme\Google
2006-08-23 22:48 -------- d-------- C:\Dokumente und Einstellungen\Oliver Bucher\Anwendungsdaten\Google
2006-08-21 14:26 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 13:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 15:25 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CFDStart"="C:\\WINDOWS\\WinMuschi.exe -m"
"5-4-65-82"="c:\\programme\\Webdialer\\5-4-65-82.exe -m"
"MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"
"tbon"="C:\\Programme\\TBONBin\\tbon.exe /r"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"C-Media Mixer"="Mixer.exe /startup"
"NeroCheck"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"Microsoft Works Portfolio"="C:\\Programme\\Microsoft Works\\WksSb.exe /AllUsers"
"Microsoft Works Update Detection"="C:\\Programme\\Microsoft Works\\WkDetect.exe"
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"LogitechVideoRepair"="C:\\Programme\\Logitech\\Video\\ISStart.exe"
"LogitechVideoTray"="C:\\Programme\\Logitech\\Video\\LogiTray.exe"
"uwa6pcw"="\"C:\\Programme\\WinAntiVirus Pro 2006\\uwa6pcw.exe\" -c"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,80,00,00,00,00,00,00,00,00,02,00,00,c2,01,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,80,00,00,00,00,00,00,00,00,02,00,00,c2,01,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{64ba30a2-811a-4597-b0af-d551128be340}"="AppManager"
"{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamonitor.exe"="C:\\Programme\\VideoCompressionCodec\\isamonitor.exe"
"pmsngr.exe"="C:\\Programme\\VideoCompressionCodec\\pmsngr.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"contrabandists"="{dfa61db1-388e-4c87-8d56-540fa229bcb4}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 06-10-23 19:17:53.09
C:\ComboFix.txt ... 06-10-23 19:17
Datentrger in Laufwerk C: ist BOOT
Volumeseriennummer: 409F-65E4
Verzeichnis von C:\WINDOWS\system32
23.10.2006 19:07 2'206 wpa.dbl
20.10.2006 17:10 2 stera.log
04.10.2006 13:03 9'639'336 MRT.exe
13.09.2006 07:02 1'084'416 msxml3.dll
04.09.2006 08:12 1'494'016 shdocvw.dll
25.08.2006 17:46 617'472 comctl32.dll
21.08.2006 14:26 16'896 fltlib.dll
21.08.2006 11:14 23'040 fltmc.exe
16.08.2006 13:58 100'352 6to4svc.dll
29.07.2006 19:32 48'936 sirenacm.dll
28.07.2006 13:28 3'075'072 mshtml.dll
27.07.2006 15:25 679'424 inetcomm.dll
26.07.2006 17:05 1'709 lvcoinst.log
25.07.2006 22:33 615'936 urlmon.dll
Datentrger in Laufwerk C: ist BOOT
Volumeseriennummer: 409F-65E4
Verzeichnis von C:\DOKUME~1\OLIVER~1\LOKALE~1\Temp
23.10.2006 19:07 512 ~DF716E.tmp
23.10.2006 19:07 32'768 ~DF712C.tmp
23.10.2006 19:07 512 ~DF5014.tmp
23.10.2006 19:07 32'768 ~DF4FCC.tmp
4 Datei(en) 66'560 Bytes
0 Verzeichnis(se), 5'086'769'152 Bytes frei
Datentrger in Laufwerk C: ist BOOT
Volumeseriennummer: 409F-65E4
Verzeichnis von C:\WINDOWS
23.10.2006 19:27 45 tboninst.cfg
23.10.2006 19:07 0 0.log
23.10.2006 19:06 1'098'778 WindowsUpdate.log
23.10.2006 19:06 159 wiadebug.log
23.10.2006 19:06 50 wiaservc.log
23.10.2006 19:06 2'048 bootstat.dat
23.10.2006 19:05 32'630 SchedLgU.Txt
22.10.2006 21:55 54'156 QTFont.qfn
20.10.2006 17:10 10 smdat32m.sys
20.10.2006 00:03 222'927 setupapi.log
16.10.2006 23:21 110'068 wmsetup.log
14.10.2006 16:05 133'413 iis6.log
14.10.2006 16:05 329'968 tsoc.log
14.10.2006 16:05 1'393 imsins.log
14.10.2006 16:05 41'456 ocmsn.log
14.10.2006 16:05 290'303 comsetup.log
14.10.2006 16:05 176'997 ntdtcsetup.log
14.10.2006 16:05 13'101 KB924191.log
14.10.2006 16:05 414'845 ocgen.log
14.10.2006 16:05 42'675 msgsocm.log
14.10.2006 16:05 844'915 FaxSetup.log
14.10.2006 16:05 34'990 updspapi.log
14.10.2006 16:05 1'393 imsins.BAK
14.10.2006 16:05 12'957 KB922819.log
14.10.2006 16:05 12'124 KB923414.log
14.10.2006 16:05 12'118 KB924496.log
14.10.2006 16:04 9'586 KB923191.log
26.09.2006 21:40 11'610 KB925486.log
17.09.2006 19:48 1'409 QTFont.for
14.09.2006 22:20 13'424 KB920685.log
14.09.2006 22:20 17'206 KB920872.log
14.09.2006 22:19 13'617 KB919007.log
14.09.2006 22:19 10'044 KB922582.log
09.08.2006 23:45 16'191 KB920214.log
09.08.2006 23:45 15'898 KB921883.log
09.08.2006 23:45 15'715 KB922616.log
09.08.2006 23:45 16'181 KB921398.log
09.08.2006 23:44 19'462 KB918899.log
09.08.2006 23:44 12'101 KB920670.log
09.08.2006 23:43 12'256 KB917422.log
09.08.2006 23:43 12'512 KB920683.log
26.07.2006 17:53 88'430 Directx.log
26.07.2006 17:01 316'640 WMSysPr9.prx
26.07.2006 16:59 272 _delis32.ini
Datentrger in Laufwerk C: ist BOOT
Volumeseriennummer: 409F-65E4
Verzeichnis von C:\WINDOWS\Temp
Datentrger in Laufwerk C: ist BOOT
Volumeseriennummer: 409F-65E4
Verzeichnis von C:\WINDOWS\Downloaded Program Files
03.05.2006 21:44 318 WebCleaner.inf
03.05.2006 21:27 4'434'336 WebCleaner.dll
Datentrger in Laufwerk C: ist BOOT
Volumeseriennummer: 409F-65E4
Verzeichnis von C:\
23.10.2006 19:31 0 sys.txt
23.10.2006 19:30 653 down.txt
23.10.2006 19:29 108 tmp.txt
23.10.2006 19:27 13'953 system.txt
23.10.2006 19:26 433 systemtemp.txt
23.10.2006 19:22 99'323 system32.txt
23.10.2006 19:18 360 Combo.bat
23.10.2006 19:17 7'189 ComboFix.txt
23.10.2006 19:06 402'182'144 hiberfil.sys
23.10.2006 19:06 402'653'184 pagefile.sys
Ich hoffe diese Angaben helfen weiter. Besten Dank schon im Voraus.