Home » Viren, Trojaner & Malware Forum » Immer wieder kommender Virus » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2 3 4 5

Antworten

Immer wieder kommender Virus

29.10.2006, 20:53

Sabina

Ehrenmitglied

Beiträge: 29434

#31 ja, dann poste noch mal diese logs
__________
MfG Sabina

rund um die PC-Sicherheit

29.10.2006, 21:09

aofeng

Member

Themenstarter

Beiträge: 47

#32 sry das es länger gedauert hat wusste nicht das es schon auf seite 3 war -_-'

So hab das immer mit den letzten 3 monaten gemacht :

----- Root -----------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D05F-58A0

Verzeichnis von C:\

29.10.2006 21:06 43 filelist.txt
29.10.2006 20:15 14.600 ComboFix.txt
29.10.2006 19:59 234.409.984 hiberfil.sys
29.10.2006 19:59 352.321.536 pagefile.sys
29.10.2006 19:59 6.650 avenger.txt
29.10.2006 18:47 15.678 ComboFix2.txt
29.10.2006 15:45 10 _desktop.ini
29.10.2006 15:42 268 sqmdata19.sqm
29.10.2006 15:42 244 sqmnoopt19.sqm
28.10.2006 22:55 268 sqmdata18.sqm
28.10.2006 22:55 244 sqmnoopt18.sqm
28.10.2006 14:47 268 sqmdata17.sqm
28.10.2006 14:47 244 sqmnoopt17.sqm
28.10.2006 10:44 268 sqmdata16.sqm
28.10.2006 10:44 244 sqmnoopt16.sqm
28.10.2006 09:25 268 sqmdata15.sqm
28.10.2006 09:25 244 sqmnoopt15.sqm
27.10.2006 14:06 268 sqmdata14.sqm
27.10.2006 14:06 244 sqmnoopt14.sqm
27.10.2006 13:54 268 sqmdata13.sqm
27.10.2006 13:54 244 sqmnoopt13.sqm
26.10.2006 22:06 268 sqmdata12.sqm
26.10.2006 22:06 244 sqmnoopt12.sqm
26.10.2006 14:33 268 sqmdata11.sqm
26.10.2006 14:33 244 sqmnoopt11.sqm
26.10.2006 13:59 268 sqmdata10.sqm
26.10.2006 13:59 244 sqmnoopt10.sqm
26.10.2006 01:18 268 sqmdata09.sqm
26.10.2006 01:18 244 sqmnoopt09.sqm
25.10.2006 22:59 268 sqmdata08.sqm
25.10.2006 22:59 244 sqmnoopt08.sqm
24.10.2006 21:43 268 sqmdata07.sqm
24.10.2006 21:43 244 sqmnoopt07.sqm
24.10.2006 20:52 268 sqmdata06.sqm
24.10.2006 20:52 244 sqmnoopt06.sqm
24.10.2006 20:23 268 sqmdata05.sqm
24.10.2006 20:23 244 sqmnoopt05.sqm
24.10.2006 13:59 268 sqmdata04.sqm
24.10.2006 13:58 244 sqmnoopt04.sqm
23.10.2006 22:43 268 sqmdata03.sqm
23.10.2006 22:43 244 sqmnoopt03.sqm
23.10.2006 22:30 268 sqmdata02.sqm
23.10.2006 22:30 244 sqmnoopt02.sqm
23.10.2006 14:31 268 sqmdata01.sqm
23.10.2006 14:31 244 sqmnoopt01.sqm
23.10.2006 00:38 268 sqmdata00.sqm
23.10.2006 00:38 244 sqmnoopt00.sqm
17.10.2006 16:26 4 response.txt
01.10.2006 21:52 13.030 PDOXUSRS.NET
08.09.2006 18:51 5 MB.TXT
08.09.2006 18:41 0 MSDOS.SYS
08.09.2006 18:41 0 CONFIG.SYS
08.09.2006 18:41 0 AUTOEXEC.BAT
08.09.2006 18:41 0 IO.SYS
08.09.2006 18:33 211 boot.ini
03.08.2004 21:59 250.032 ntldr
03.08.2004 21:38 47.564 NTDETECT.COM
57 Datei(en) 587.089.587 Bytes
0 Verzeichnis(se), 11.361.017.856 Bytes frei

----- Windows --------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D05F-58A0

Verzeichnis von C:\WINDOWS

29.10.2006 20:07 13.636 setupapi.log
29.10.2006 20:05 27.136 Dll.dll
29.10.2006 20:05 33.876 rundl132.exe
29.10.2006 20:05 33.876 Logo1_.exe
29.10.2006 20:02 1.843.707 WindowsUpdate.log
29.10.2006 20:01 598 wincmd.ini
29.10.2006 19:59 0 0.log
29.10.2006 19:59 2.048 bootstat.dat
29.10.2006 19:58 32.472 SchedLgU.Txt
29.10.2006 17:30 231 system.ini
27.10.2006 12:29 32.118 KB908531.log
26.10.2006 22:02 110 winamp.ini
26.10.2006 17:21 9.728 cftmon.exe
26.10.2006 12:45 1.123 IE4 Error Log.txt
26.10.2006 01:13 2.560 _MSRSTRT.EXE
25.10.2006 23:23 390 QQPet.dat
18.10.2006 19:56 9.913 mozver.dat
18.10.2006 19:52 333 wininit.ini
17.10.2006 20:01 6.537 mgxoschk.ini
16.10.2006 15:22 461 wmsetup10.log
16.10.2006 12:38 1.830 spupdsvc.log
16.10.2006 12:30 529.703 iis6.log
16.10.2006 12:30 93.308 ntdtcsetup.log
16.10.2006 12:30 204.513 tsoc.log
16.10.2006 12:30 22.089 tabletoc.log
16.10.2006 12:30 24.759 ocmsn.log
16.10.2006 12:30 38.173 KB917734.log
16.10.2006 12:30 76.429 netfxocm.log
16.10.2006 12:30 30.744 MedCtrOC.log
16.10.2006 12:30 22.142 msgsocm.log
16.10.2006 12:30 430.619 FaxSetup.log
16.10.2006 12:30 143.588 msmqinst.log
15.10.2006 18:05 316.640 WMSysPr9.prx
14.10.2006 16:24 50 wiaservc.log
14.10.2006 16:24 430 wiadebug.log
14.10.2006 02:14 1.393 imsins.BAK
14.10.2006 02:14 42.540 KB899587.log
14.10.2006 02:14 20.350 updspapi.log
14.10.2006 02:14 41.710 KB924191.log
14.10.2006 02:14 41.288 KB922819.log
14.10.2006 02:14 39.042 KB885835.log
14.10.2006 02:14 38.178 KB885836.log
14.10.2006 02:13 39.155 KB923414.log
14.10.2006 02:13 38.837 KB920214.log
14.10.2006 02:13 35.936 KB921883.log
14.10.2006 02:13 38.691 KB911927.log
14.10.2006 02:13 37.875 KB922616.log
14.10.2006 02:12 38.191 KB901017.log
14.10.2006 02:12 38.512 KB899591.log
14.10.2006 02:12 38.050 KB920685.log
14.10.2006 02:12 38.694 KB896424.log
14.10.2006 02:12 38.683 KB893756.log
14.10.2006 02:12 37.658 KB911280.log
14.10.2006 02:12 37.121 KB911562.log
14.10.2006 02:12 34.388 KB896423.log
14.10.2006 02:11 36.812 KB900485.log
14.10.2006 02:11 35.037 KB873339.log
14.10.2006 02:11 36.618 KB924496.log
14.10.2006 02:11 36.880 KB921398.log
14.10.2006 02:11 35.048 KB887472.log
14.10.2006 02:11 36.367 KB896358.log
14.10.2006 02:11 29.430 KB910437.log
14.10.2006 02:10 24.860 KB911564.log
14.10.2006 02:10 32.587 KB920670.log
14.10.2006 02:10 32.028 KB891781.log
14.10.2006 02:09 32.784 KB918439.log
14.10.2006 02:09 37.884 KB902400.log
14.10.2006 02:09 29.637 KB890046.log
14.10.2006 02:08 30.465 KB920872.log
14.10.2006 02:08 28.583 KB899589.log
14.10.2006 02:08 28.616 KB919007.log
14.10.2006 02:08 28.901 KB914388.log
14.10.2006 02:07 27.965 KB917344.log
14.10.2006 02:07 28.020 KB905414.log
14.10.2006 02:07 27.228 KB917953.log
14.10.2006 02:07 27.009 KB901214.log
14.10.2006 02:06 24.742 KB923191.log
14.10.2006 02:06 26.899 KB917422.log
14.10.2006 02:06 20.609 KB922582.log
14.10.2006 02:06 23.045 KB888302.log
14.10.2006 02:05 25.050 KB900725.log
14.10.2006 02:05 22.812 KB925486.log
14.10.2006 02:05 22.526 KB912919.log
14.10.2006 02:05 16.045 KB886185.log
14.10.2006 02:04 22.001 KB916595.log
14.10.2006 02:04 13.481 KB885884.log
14.10.2006 02:04 22.022 KB904706.log
14.10.2006 02:04 21.203 KB901190.log
14.10.2006 02:03 21.312 KB905749.log
14.10.2006 02:03 21.472 KB913580.log
14.10.2006 02:02 19.567 KB896428.log
14.10.2006 02:02 20.285 KB911567.log
14.10.2006 02:02 20.259 KB894391.log
14.10.2006 02:02 17.783 KB908519.log
14.10.2006 02:02 17.998 KB920683.log
14.10.2006 02:01 17.557 KB914389.log
14.10.2006 02:01 19.227 KB890859.log
13.10.2006 22:44 10.046 KB893803v2.log
13.10.2006 02:04 7.055 KB898461.log
12.10.2006 22:46 1.215.353 setupapi.log.0.old
12.10.2006 13:43 335 nsreg.dat
12.10.2006 13:42 87.184 NSUninst.exe
12.10.2006 13:42 677 win.ini
12.10.2006 13:41 87.184 GREUninstall.exe
08.10.2006 11:47 400 ODBC.INI
21.09.2006 17:52 837 eReg.dat
09.09.2006 22:16 49.208 War3Unin.dat
09.09.2006 22:16 2.829 War3Unin.pif
09.09.2006 22:16 139.264 War3Unin.exe
08.09.2006 20:25 0 Sti_Trace.log
08.09.2006 20:21 0 setuperr.log
08.09.2006 20:08 5.456 ModemLog_Communications cable between two computers.txt
08.09.2006 19:40 32 {5DEFB7B0-15FF-471A-843D-6FD43F637020}.dat
08.09.2006 19:40 83 MININU.LOG
08.09.2006 19:40 264 _delis32.ini
08.09.2006 19:02 4.708 regopt.log
08.09.2006 19:02 1.096 muisetup.log
08.09.2006 18:46 8.192 REGLOCS.OLD
08.09.2006 18:41 0 control.ini
08.09.2006 18:40 4.161 ODBCINST.INI
08.09.2006 18:39 749 WindowsShell.Manifest
08.09.2006 18:37 1.022 sessmgr.setup.log
08.09.2006 18:36 37 vbaddin.ini
08.09.2006 18:36 36 vb.ini
08.09.2006 18:34 200 cmsetacl.log

----- System 32 (Achtung: Zeitfenster beachten!) ---
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D05F-58A0

Verzeichnis von C:\WINDOWS\system32

29.10.2006 17:31 200.144 FNTCACHE.DAT
29.10.2006 09:33 311.740 perfh009.dat
29.10.2006 09:33 40.128 perfc009.dat
29.10.2006 09:33 356.120 PerfStringBackup.INI
28.10.2006 14:56 2.560 BitCometRes.dll
26.10.2006 14:11 37.121 Launcher.exe
23.10.2006 00:36 534 ikhcore.log
21.10.2006 21:34 20.098 psapi.lib
15.10.2006 18:06 16.832 amcompat.tlb
15.10.2006 18:06 23.392 nscompat.tlb
15.10.2006 14:45 6.235 jupdate-1.5.0_06-b05.log
08.10.2006 00:14 2.206 wpa.dbl
04.10.2006 12:03 9.639.336 MRT.exe
25.09.2006 17:10 43.520 CmdLineExt03.dll
15.09.2006 21:52 91.904 S32EVNT1.DLL
13.09.2006 06:01 1.084.416 msxml3.dll
08.09.2006 20:33 0 h323log.txt
08.09.2006 19:40 32 {A58AE377-3327-42E1-86D3-D96F227F4692}.dat
08.09.2006 19:40 14 SR2.dat
08.09.2006 19:27 176.167 rmoc3260.dll
08.09.2006 19:27 5.632 pndx5032.dll
08.09.2006 19:27 6.656 pndx5016.dll
08.09.2006 19:27 278.528 pncrt.dll
08.09.2006 18:44 269 $winnt$.inf
08.09.2006 18:41 2.577 CONFIG.NT
08.09.2006 18:39 488 WindowsLogon.manifest
08.09.2006 18:39 488 logonui.exe.manifest
08.09.2006 18:39 749 wuaucpl.cpl.manifest
08.09.2006 18:39 749 nwc.cpl.manifest
08.09.2006 18:39 749 sapi.cpl.manifest
08.09.2006 18:39 749 cdplayer.exe.manifest
08.09.2006 18:39 749 ncpa.cpl.manifest
08.09.2006 18:37 21.640 emptyregdb.dat
04.09.2006 07:08 1.494.016 shdocvw.dll
25.08.2006 16:45 617.472 comctl32.dll
21.08.2006 13:21 16.896 fltlib.dll
21.08.2006 10:14 23.040 fltmc.exe
16.08.2006 12:58 100.352 6to4svc.dll

----- Prefetch -------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D05F-58A0

Verzeichnis von C:\WINDOWS\Prefetch

29.10.2006 21:06 12.334 FIND.EXE-0EC32F1E.pf
29.10.2006 21:06 13.976 CMD.EXE-087B4001.pf
29.10.2006 21:06 91.680 MSIMN.EXE-38BA891D.pf
29.10.2006 21:05 62.800 IEXPLORE.EXE-27122324.pf
29.10.2006 20:17 17.944 NOTEPAD.EXE-336351A9.pf
29.10.2006 20:16 11.490 NIRCMD.EXE-22AC7776.pf
29.10.2006 20:16 21.214 NIRCMD.EXE-1FB8FB94.pf
29.10.2006 20:15 18.684 VERCLSID.EXE-3667BD89.pf
29.10.2006 20:15 16.074 REGEDIT.EXE-1B606482.pf
29.10.2006 20:15 12.294 FINDSTR.EXE-0CA6274B.pf
29.10.2006 20:13 10.782 SWREG.EXE-3530D480.pf
29.10.2006 20:13 11.832 SORT.EXE-194AE83C.pf
29.10.2006 20:11 7.118 CHCP.COM-18156052.pf
29.10.2006 20:11 10.522 COMBOFIX.EXE-36397029.pf
29.10.2006 20:11 12.040 SC.EXE-2DC19A59.pf
29.10.2006 20:10 10.914 SWREG.EXE-298CB0F2.pf
29.10.2006 20:06 11.400 SWREG.EXE-1A3ECE95.pf
29.10.2006 20:06 10.636 NIRCMD.EXE-2752E0E8.pf
29.10.2006 20:06 11.080 COMBOFIX.EXE-0E615A53.pf
29.10.2006 20:05 35.152 REGCLEANR.EXE-0851E407.pf
29.10.2006 20:05 16.446 LOGO1_.EXE-087E2D4F.pf
29.10.2006 20:05 15.776 NET.EXE-01A53C2F.pf
29.10.2006 20:05 15.950 NET1.EXE-029B9DB4.pf
29.10.2006 20:05 23.316 TASKMGR.EXE-20256C55.pf
29.10.2006 20:01 35.690 TOTALCMD.EXE-08C82D3C.pf
29.10.2006 20:01 1.230.848 NTOSBOOT-B00DFAAD.pf
29.10.2006 19:58 61.084 LOGONUI.EXE-0AF22957.pf
29.10.2006 19:57 16.552 AVENGER.EXE-28E5741A.pf
29.10.2006 19:32 19.376 TIMPLATFROM.EXE-207C84E7.pf
29.10.2006 19:32 46.162 QQ.EXE-2BB567D5.pf
29.10.2006 19:32 16.240 TIMPLATFORM.EXE-07943E8A.pf
29.10.2006 19:17 47.412 HIJACKTHIS.EXE-2494719C.pf
29.10.2006 19:10 8.430 KILL.EXE-24AAEF62.pf
29.10.2006 19:09 11.798 WINSMD.EXE-2D3969FE.pf
29.10.2006 19:09 24.648 ADS2.EXE-31DE0878.pf
29.10.2006 19:09 26.136 DRWTSN32.EXE-2B4B52AC.pf
29.10.2006 19:05 28.278 WUAUCLT.EXE-399A8E72.pf
29.10.2006 18:55 93.102 EXPLORER.EXE-082F38A9.pf
29.10.2006 18:35 74.956 LUCOMS~1.EXE-02DB5950.pf
29.10.2006 18:35 17.832 AUPDATE.EXE-2253CB60.pf
29.10.2006 18:35 24.334 NDETECT.EXE-16E64095.pf
29.10.2006 18:16 45.138 DFRGNTFS.EXE-269967DF.pf
29.10.2006 18:16 17.034 DEFRAG.EXE-273F131E.pf
29.10.2006 18:16 255.954 Layout.ini
29.10.2006 17:34 49.838 WMIPRVSE.EXE-28F301A9.pf
29.10.2006 17:34 15.410 CCPWDSVC.EXE-25BE6B86.pf
29.10.2006 17:34 11.412 WSCNTFY.EXE-1B24F5EB.pf
29.10.2006 17:30 12.594 CTFMON.EXE-0E17969B.pf
29.10.2006 17:30 56.946 RUNDLL32.EXE-24AB1F88.pf
29.10.2006 16:44 35.056 DWWIN.EXE-30875ADC.pf
29.10.2006 16:44 21.386 RUNDLL32.EXE-146D9EC8.pf
29.10.2006 16:44 90.784 DUMPREP.EXE-1B46F901.pf
29.10.2006 15:47 65.062 QQEXTERNAL.EXE-30EA88A9.pf
29.10.2006 15:45 27.394 MAGICBOOK.EXE-1C526847.pf
29.10.2006 15:44 37.362 QQLIVEUPDATE.EXE-2C35A588.pf
29.10.2006 15:44 33.998 QQPET.EXE-0A051614.pf
29.10.2006 15:43 8.110 2SY.EXE-2E20BDE4.pf
29.10.2006 15:43 8.912 LAUNCHER.EXE-0A92A9EF.pf
29.10.2006 15:39 3.534 RUNDLL32.EXE-11C1D7CB.pf
29.10.2006 11:50 8.686 DAT.EXE-309100F2.pf
29.10.2006 11:39 23.304 A001.EXE-00824A78.pf
29.10.2006 10:49 15.686 CALC.EXE-02CD573A.pf
29.10.2006 10:37 19.238 A003.EXE-15B599EA.pf
29.10.2006 10:37 19.238 A002.EXE-394943C8.pf
29.10.2006 10:36 14.296 CONIME.EXE-13EEEA1A.pf
29.10.2006 10:34 26.422 RUNDLL32.EXE-12E27DD0.pf
29.10.2006 09:32 24.632 WMIADAP.EXE-2DF425B2.pf
29.10.2006 01:50 19.496 ADS3.EXE-37A025A4.pf
29.10.2006 01:50 22.602 ADS2.EXE-175EB80E.pf
29.10.2006 01:49 8.262 ADS1.EXE-226CD632.pf
29.10.2006 01:42 19.006 A003.EXE-3387269C.pf
29.10.2006 01:41 26.710 A002.EXE-064467A4.pf
29.10.2006 01:39 19.748 A001.EXE-04752BDD.pf
29.10.2006 01:32 4.122 2SY.EXE-33FEAC67.pf
29.10.2006 01:32 23.558 RUNDLL32.EXE-451FC2C0.pf
29.10.2006 01:28 31.486 AD-AWARE.EXE-26EC6526.pf
29.10.2006 01:15 16.488 DUBA_GOP.EXE-12E46CFC.pf
29.10.2006 00:44 16.532 DUBA_QQMSG.EXE-23DE24C0.pf
28.10.2006 22:46 9.892 ADS1.EXE-1D20D53A.pf
28.10.2006 22:26 19.550 ADS3.EXE-07ED85C8.pf
28.10.2006 15:24 87.046 REALPLAY.EXE-1BF219BD.pf
27.10.2006 22:40 25.760 REALSCHED.EXE-3282FD31.pf
82 Datei(en) 3.562.016 Bytes
0 Verzeichnis(se), 11.360.903.168 Bytes frei

----- Tasks ----------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D05F-58A0

Verzeichnis von C:\WINDOWS\tasks

29.10.2006 20:00 414 Symantec NetDetect.job
29.10.2006 19:59 6 SA.DAT
25.10.2006 15:35 418 Norton AntiVirus - Scan my computer.job
23.08.2001 13:00 65 desktop.ini
4 Datei(en) 903 Bytes
0 Verzeichnis(se), 11.360.903.168 Bytes frei

----- Windows/Temp -----------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D05F-58A0

Verzeichnis von C:\WINDOWS\Temp

----- Temp -----------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: D05F-58A0

Verzeichnis von C:\DOCUME~1\Aofeng\LOCALS~1\Temp

Zitat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"wm"="C:\\WINDOWS\\system32\\grtosts.exe"
"wow"="C:\\WINDOWS\\system32\\Launcher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"9"="C:\\WINDOWS\\system32\\vpcrm.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"wow"="C:\\WINDOWS\\system32\\Launcher.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
"wow"="C:\\WINDOWS\\system32\\Launcher.exe"

C:\WINDOWS\Dll.dll
C:\WINDOWS\rundl132.exe
C:\WINDOWS\Logo1_.exe
C:\WINDOWS\system32\Launcher.exe

Dieser Beitrag wurde am 30.10.2006 um 11:32 Uhr von Sabina editiert.

30.10.2006, 11:37

Sabina

Ehrenmitglied

Beiträge: 29434

#33 Avenger

Zitat

registry keys to delete:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run|wow
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run|wm
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run|9
HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run|wow
HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run|wow

Registry values to delete:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run|wow
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run|wm
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run|9
HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run|wow
HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run|wow

Files to delete:
C:\WINDOWS\Dll.dll
C:\WINDOWS\rundl132.exe
C:\WINDOWS\Logo1_.exe
C:\WINDOWS\system32\vpcrm.exe
C:\WINDOWS\system32\grtosts.exe
C:\WINDOWS\system32\Launcher.exe

**
poste das log vom avenger - nach neustart

**
poste noch mal combofix

**
poste noch mal die logs

Frage: kommst du heute auf meine Seite ?
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit

02.11.2006, 12:34

aofeng

Member

Themenstarter

Beiträge: 47

#34 sry das ich jetzt einpaar teage nicht da war es ist so das die viren mein internet wirgendwie lam gelegtr haben da kommt immer irgendso ein imaginesres Internet beim Taksmanger wenn ich unter prozesse gehe da kommen immer ur viele internet explorer unter system und die sind aber nie wirklich da aber die machen immer so viel speicher das der ganze computer sau lam ist .

02.11.2006, 13:17

Sabina

Ehrenmitglied

Beiträge: 29434

#35 hast du den avenger angewendet ? mache das bitte und poste den report nach neustart
dann gebe ich dir virenscanner
__________
MfG Sabina

rund um die PC-Sicherheit

02.11.2006, 22:37

aofeng

Member

Themenstarter

Beiträge: 47

#36 //////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run|wow

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run|wm

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run|wow

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run|wm

//////////////////////////////////////////

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\tfxvxnnn

*******************

Script file located at: \??\C:\lytiwtlg.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\Dll.dll deleted successfully.
File C:\WINDOWS\rundl132.exe deleted successfully.
File C:\WINDOWS\Logo1_.exe deleted successfully.
File C:\WINDOWS\system32\vpcrm.exe deleted successfully.

File C:\WINDOWS\system32\grtosts.exe not found!
Deletion of file C:\WINDOWS\system32\grtosts.exe failed!

Could not process line:
C:\WINDOWS\system32\grtosts.exe
Status: 0xc0000034

File C:\WINDOWS\system32\Launcher.exe deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run|9 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run|9 failed!
Status: 0xc0000034

Registry key HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run|wow not found!
Deletion of registry key HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run|wow failed!
Status: 0xc0000034

Registry key HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run|wow not found!
Deletion of registry key HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run|wow failed!
Status: 0xc0000034

Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run|9 deleted successfully.
Registry value HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run|wow deleted successfully.

Could not delete registry value HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run|wow
Deletion of registry value HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run|wow failed!
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

Und soll ich dir vielleicht nochmal solch einen Log status von den letzten 3 monaten geben?

02.11.2006, 23:55

Sabina

Ehrenmitglied

Beiträge: 29434

#37 poste noch mal die 6 logs von datfindbat

+
poste dises log
http://virus-protect.org/registry_stuff.html
__________
MfG Sabina

rund um die PC-Sicherheit

03.11.2006, 00:06

aofeng

Member

Themenstarter

Beiträge: 47

#38 ----- Root -----------------------------
Volume in drive C has no label.
Volume Serial Number is D05F-58A0

Directory of C:\

03.11.2006 00:03 43 filelist.txt
03.11.2006 00:02 9 _desktop.ini
02.11.2006 22:34 6.434 avenger.txt
02.11.2006 22:34 234.409.984 hiberfil.sys
02.11.2006 22:34 352.321.536 pagefile.sys
02.11.2006 15:42 435 profile.txt
29.10.2006 20:15 14.600 ComboFix.txt
29.10.2006 18:47 15.678 ComboFix2.txt
29.10.2006 15:42 268 sqmdata19.sqm
29.10.2006 15:42 244 sqmnoopt19.sqm
28.10.2006 22:55 268 sqmdata18.sqm
28.10.2006 22:55 244 sqmnoopt18.sqm
28.10.2006 14:47 268 sqmdata17.sqm
28.10.2006 14:47 244 sqmnoopt17.sqm
28.10.2006 10:44 268 sqmdata16.sqm
28.10.2006 10:44 244 sqmnoopt16.sqm
28.10.2006 09:25 268 sqmdata15.sqm
28.10.2006 09:25 244 sqmnoopt15.sqm
27.10.2006 14:06 268 sqmdata14.sqm
27.10.2006 14:06 244 sqmnoopt14.sqm
27.10.2006 13:54 268 sqmdata13.sqm
27.10.2006 13:54 244 sqmnoopt13.sqm
26.10.2006 22:06 268 sqmdata12.sqm
26.10.2006 22:06 244 sqmnoopt12.sqm
26.10.2006 14:33 268 sqmdata11.sqm
26.10.2006 14:33 244 sqmnoopt11.sqm
26.10.2006 13:59 268 sqmdata10.sqm
26.10.2006 13:59 244 sqmnoopt10.sqm
26.10.2006 01:18 268 sqmdata09.sqm
26.10.2006 01:18 244 sqmnoopt09.sqm
25.10.2006 22:59 268 sqmdata08.sqm
25.10.2006 22:59 244 sqmnoopt08.sqm
24.10.2006 21:43 268 sqmdata07.sqm
24.10.2006 21:43 244 sqmnoopt07.sqm
24.10.2006 20:52 268 sqmdata06.sqm
24.10.2006 20:52 244 sqmnoopt06.sqm
24.10.2006 20:23 268 sqmdata05.sqm
24.10.2006 20:23 244 sqmnoopt05.sqm
24.10.2006 13:59 268 sqmdata04.sqm
24.10.2006 13:58 244 sqmnoopt04.sqm
23.10.2006 22:43 268 sqmdata03.sqm
23.10.2006 22:43 244 sqmnoopt03.sqm
23.10.2006 22:30 268 sqmdata02.sqm
23.10.2006 22:30 244 sqmnoopt02.sqm
23.10.2006 14:31 268 sqmdata01.sqm
23.10.2006 14:31 244 sqmnoopt01.sqm
23.10.2006 00:38 268 sqmdata00.sqm
23.10.2006 00:38 244 sqmnoopt00.sqm
17.10.2006 16:26 4 response.txt
01.10.2006 21:52 13.030 PDOXUSRS.NET
08.09.2006 18:51 5 MB.TXT
08.09.2006 18:41 0 MSDOS.SYS
08.09.2006 18:41 0 CONFIG.SYS
08.09.2006 18:41 0 AUTOEXEC.BAT
08.09.2006 18:41 0 IO.SYS
08.09.2006 18:33 211 boot.ini
03.08.2004 21:59 250.032 ntldr
03.08.2004 21:38 47.564 NTDETECT.COM
58 File(s) 587.089.805 bytes
0 Dir(s) 11.425.988.608 bytes free

----- Windows --------------------------
Volume in drive C has no label.
Volume Serial Number is D05F-58A0

Directory of C:\WINDOWS

02.11.2006 23:59 6.537 mgxoschk.ini
02.11.2006 23:59 27.136 Dll.dll
02.11.2006 23:59 33.876 rundl132.exe
02.11.2006 23:59 33.876 Logo1_.exe
02.11.2006 22:41 10.336 setupapi.log
02.11.2006 22:36 1.054.938 WindowsUpdate.log
02.11.2006 22:34 0 0.log
02.11.2006 22:34 2 HOSTS
02.11.2006 22:34 2.048 bootstat.dat
02.11.2006 22:33 32.370 SchedLgU.Txt
02.11.2006 22:31 52 lddpjjdl.txt
02.11.2006 16:44 390 QQPet.dat
02.11.2006 16:30 45 ~TR.log
02.11.2006 16:29 71 SCRCFG.ini
02.11.2006 16:05 536.335 iis6.log
02.11.2006 16:05 2.446 comsetup.log
02.11.2006 16:05 95.081 ntdtcsetup.log
02.11.2006 16:05 209.104 tsoc.log
02.11.2006 16:05 1.917 imsins.log
02.11.2006 16:05 22.400 tabletoc.log
02.11.2006 16:05 25.184 ocmsn.log
02.11.2006 16:05 78.021 netfxocm.log
02.11.2006 16:05 31.463 MedCtrOC.log
02.11.2006 16:05 5.732 ocgen.log
02.11.2006 16:05 22.572 msgsocm.log
02.11.2006 16:05 437.411 FaxSetup.log
02.11.2006 16:05 145.430 msmqinst.log
02.11.2006 15:47 231 system.ini
02.11.2006 13:53 470 wmsetup.log
02.11.2006 11:43 13.880 KB918899.log
01.11.2006 22:14 120 setupact.log
01.11.2006 22:11 620 wincmd.ini
29.10.2006 23:41 50 wiaservc.log
29.10.2006 23:41 216 wiadebug.log
27.10.2006 12:29 32.118 KB908531.log
26.10.2006 22:02 110 winamp.ini
26.10.2006 17:21 9.728 cftmon.exe
26.10.2006 12:45 1.123 IE4 Error Log.txt
26.10.2006 01:13 2.560 _MSRSTRT.EXE
18.10.2006 19:56 9.913 mozver.dat
18.10.2006 19:52 333 wininit.ini
16.10.2006 15:22 461 wmsetup10.log
16.10.2006 12:38 1.830 spupdsvc.log
16.10.2006 12:30 38.173 KB917734.log
15.10.2006 18:05 316.640 WMSysPr9.prx
14.10.2006 02:14 1.393 imsins.BAK
14.10.2006 02:14 42.540 KB899587.log
14.10.2006 02:14 20.350 updspapi.log
14.10.2006 02:14 41.710 KB924191.log
14.10.2006 02:14 41.288 KB922819.log
14.10.2006 02:14 39.042 KB885835.log
14.10.2006 02:14 38.178 KB885836.log
14.10.2006 02:13 39.155 KB923414.log
14.10.2006 02:13 38.837 KB920214.log
14.10.2006 02:13 35.936 KB921883.log
14.10.2006 02:13 38.691 KB911927.log
14.10.2006 02:13 37.875 KB922616.log
14.10.2006 02:12 38.191 KB901017.log
14.10.2006 02:12 38.512 KB899591.log
14.10.2006 02:12 38.050 KB920685.log
14.10.2006 02:12 38.694 KB896424.log
14.10.2006 02:12 38.683 KB893756.log
14.10.2006 02:12 37.658 KB911280.log
14.10.2006 02:12 37.121 KB911562.log
14.10.2006 02:12 34.388 KB896423.log
14.10.2006 02:11 36.812 KB900485.log
14.10.2006 02:11 35.037 KB873339.log
14.10.2006 02:11 36.618 KB924496.log
14.10.2006 02:11 36.880 KB921398.log
14.10.2006 02:11 35.048 KB887472.log
14.10.2006 02:11 36.367 KB896358.log
14.10.2006 02:11 29.430 KB910437.log
14.10.2006 02:10 24.860 KB911564.log
14.10.2006 02:10 32.587 KB920670.log
14.10.2006 02:10 32.028 KB891781.log
14.10.2006 02:09 32.784 KB918439.log
14.10.2006 02:09 37.884 KB902400.log
14.10.2006 02:09 29.637 KB890046.log
14.10.2006 02:08 30.465 KB920872.log
14.10.2006 02:08 28.583 KB899589.log
14.10.2006 02:08 28.616 KB919007.log
14.10.2006 02:08 28.901 KB914388.log
14.10.2006 02:07 27.965 KB917344.log
14.10.2006 02:07 28.020 KB905414.log
14.10.2006 02:07 27.228 KB917953.log
14.10.2006 02:07 27.009 KB901214.log
14.10.2006 02:06 24.742 KB923191.log
14.10.2006 02:06 26.899 KB917422.log
14.10.2006 02:06 20.609 KB922582.log
14.10.2006 02:06 23.045 KB888302.log
14.10.2006 02:05 25.050 KB900725.log
14.10.2006 02:05 22.812 KB925486.log
14.10.2006 02:05 22.526 KB912919.log
14.10.2006 02:05 16.045 KB886185.log
14.10.2006 02:04 22.001 KB916595.log
14.10.2006 02:04 13.481 KB885884.log
14.10.2006 02:04 22.022 KB904706.log
14.10.2006 02:04 21.203 KB901190.log
14.10.2006 02:03 21.312 KB905749.log
14.10.2006 02:03 21.472 KB913580.log
14.10.2006 02:02 19.567 KB896428.log
14.10.2006 02:02 20.285 KB911567.log
14.10.2006 02:02 20.259 KB894391.log
14.10.2006 02:02 17.783 KB908519.log
14.10.2006 02:02 17.998 KB920683.log
14.10.2006 02:01 17.557 KB914389.log
14.10.2006 02:01 19.227 KB890859.log
13.10.2006 22:44 10.046 KB893803v2.log
13.10.2006 02:04 7.055 KB898461.log
12.10.2006 22:46 1.215.353 setupapi.log.0.old
12.10.2006 13:43 335 nsreg.dat
12.10.2006 13:42 87.184 NSUninst.exe
12.10.2006 13:42 677 win.ini
12.10.2006 13:41 87.184 GREUninstall.exe
08.10.2006 11:47 400 ODBC.INI
21.09.2006 17:52 837 eReg.dat
09.09.2006 22:16 49.208 War3Unin.dat
09.09.2006 22:16 2.829 War3Unin.pif
09.09.2006 22:16 139.264 War3Unin.exe
08.09.2006 20:25 0 Sti_Trace.log
08.09.2006 20:21 0 setuperr.log
08.09.2006 20:08 5.456 ModemLog_Communications cable between two computers.txt
08.09.2006 19:40 32 {5DEFB7B0-15FF-471A-843D-6FD43F637020}.dat
08.09.2006 19:40 83 MININU.LOG
08.09.2006 19:40 264 _delis32.ini
08.09.2006 19:02 4.708 regopt.log
08.09.2006 19:02 1.096 muisetup.log
08.09.2006 18:46 8.192 REGLOCS.OLD
08.09.2006 18:41 0 control.ini
08.09.2006 18:40 4.161 ODBCINST.INI
08.09.2006 18:39 749 WindowsShell.Manifest
08.09.2006 18:37 1.022 sessmgr.setup.log
08.09.2006 18:36 36 vb.ini
08.09.2006 18:36 37 vbaddin.ini
08.09.2006 18:34 200 cmsetacl.log

----- System 32 (Achtung: Zeitfenster beachten!) ---
Volume in drive C has no label.
Volume Serial Number is D05F-58A0

Directory of C:\WINDOWS\system32

02.11.2006 22:34 128.000 KB7567316.LOG
02.11.2006 22:30 52 relesoci.txt
02.11.2006 15:49 200.144 FNTCACHE.DAT
02.11.2006 14:19 51.200 dllms.dll
01.11.2006 10:45 128.000 11.LOG
01.11.2006 10:45 117.553 win32smd.exe
29.10.2006 09:33 311.740 perfh009.dat
29.10.2006 09:33 40.128 perfc009.dat
29.10.2006 09:33 356.120 PerfStringBackup.INI
28.10.2006 14:56 2.560 BitCometRes.dll
23.10.2006 00:36 534 ikhcore.log
21.10.2006 21:34 20.098 psapi.lib
15.10.2006 18:06 16.832 amcompat.tlb
15.10.2006 18:06 23.392 nscompat.tlb
15.10.2006 14:45 6.235 jupdate-1.5.0_06-b05.log
08.10.2006 00:14 2.206 wpa.dbl
04.10.2006 12:03 9.639.336 MRT.exe
25.09.2006 17:10 43.520 CmdLineExt03.dll
15.09.2006 21:52 91.904 S32EVNT1.DLL
13.09.2006 06:01 1.084.416 msxml3.dll
08.09.2006 20:33 0 h323log.txt
08.09.2006 19:40 32 {A58AE377-3327-42E1-86D3-D96F227F4692}.dat
08.09.2006 19:40 14 SR2.dat
08.09.2006 19:27 176.167 rmoc3260.dll
08.09.2006 19:27 5.632 pndx5032.dll
08.09.2006 19:27 6.656 pndx5016.dll
08.09.2006 19:27 278.528 pncrt.dll
08.09.2006 18:44 269 $winnt$.inf
08.09.2006 18:41 2.577 CONFIG.NT
08.09.2006 18:39 488 WindowsLogon.manifest
08.09.2006 18:39 488 logonui.exe.manifest
08.09.2006 18:39 749 wuaucpl.cpl.manifest
08.09.2006 18:39 749 nwc.cpl.manifest
08.09.2006 18:39 749 ncpa.cpl.manifest
08.09.2006 18:39 749 cdplayer.exe.manifest
08.09.2006 18:39 749 sapi.cpl.manifest
08.09.2006 18:37 21.640 emptyregdb.dat
04.09.2006 07:08 1.494.016 shdocvw.dll
25.08.2006 16:45 617.472 comctl32.dll
21.08.2006 13:21 16.896 fltlib.dll
21.08.2006 10:14 23.040 fltmc.exe
16.08.2006 12:58 100.352 6to4svc.dll

----- Prefetch -------------------------
Volume in drive C has no label.
Volume Serial Number is D05F-58A0

Directory of C:\WINDOWS\Prefetch

03.11.2006 00:03 12.232 FIND.EXE-0EC32F1E.pf
03.11.2006 00:03 19.586 CMD.EXE-087B4001.pf
03.11.2006 00:00 74.946 IEXPLORE.EXE-27122324.pf
03.11.2006 00:00 35.808 RUNDLL32.EXE-188DF14E.pf
03.11.2006 00:00 26.360 RUNDLL32.EXE-2711E1C2.pf
02.11.2006 23:59 29.490 ADDONINSTALL.EXE-2F220A64.pf
02.11.2006 23:59 15.048 REGEDIT.EXE-1B606482.pf
02.11.2006 23:59 23.526 LOGO1_.EXE-087E2D4F.pf
02.11.2006 23:59 15.106 NET.EXE-01A53C2F.pf
02.11.2006 23:59 15.144 NET1.EXE-029B9DB4.pf
02.11.2006 23:59 35.864 RUNDLL32.EXE-451FC2C0.pf
02.11.2006 23:57 27.802 AAWSEPERSONAL.EXE-0B4CF88D.pf
02.11.2006 23:52 36.356 WMIPRVSE.EXE-28F301A9.pf
02.11.2006 23:52 26.946 WUAUCLT.EXE-399A8E72.pf
02.11.2006 23:51 26.036 SWREG.EXE-298CB0F2.pf
02.11.2006 23:51 11.950 COMBOFIX.EXE-0E615A53.pf
02.11.2006 23:51 10.432 SWREG.EXE-1A3ECE95.pf
02.11.2006 23:51 10.142 NIRCMD.EXE-2752E0E8.pf
02.11.2006 23:46 28.204 TASKMGR.EXE-20256C55.pf
02.11.2006 23:45 81.432 MSIMN.EXE-38BA891D.pf
02.11.2006 23:28 68.886 SKYPE.EXE-30AE1A60.pf
02.11.2006 23:27 66.150 DWWIN.EXE-30875ADC.pf
02.11.2006 23:27 25.606 DRWTSN32.EXE-2B4B52AC.pf
02.11.2006 23:27 40.542 DUMPREP.EXE-1B46F901.pf
02.11.2006 23:27 74.774 NAVW32.EXE-24F56911.pf
02.11.2006 23:27 96.876 WINWORD.EXE-37F6AE09.pf
02.11.2006 22:45 33.090 SKYPESETUP.EXE-0A4F4D5D.pf
02.11.2006 22:45 27.372 SKYPESETUP.EXE-376D3F0D.pf
02.11.2006 22:44 46.772 MAGICBOOK.EXE-1C526847.pf
02.11.2006 22:44 97.766 QQPET.EXE-0A051614.pf
02.11.2006 22:43 70.858 QQLIVEUPDATE.EXE-2C35A588.pf
02.11.2006 22:43 25.762 TIMPLATFROM.EXE-207C84E7.pf
02.11.2006 22:43 55.764 QQ.EXE-2BB567D5.pf
02.11.2006 22:43 27.710 TIMPLATFORM.EXE-07943E8A.pf
02.11.2006 22:41 9.828 3SY.EXE-2585EF3E.pf
02.11.2006 22:41 13.154 0SY.EXE-37DA4539.pf
02.11.2006 22:36 1.114.190 NTOSBOOT-B00DFAAD.pf
02.11.2006 22:33 95.014 LOGONUI.EXE-0AF22957.pf
02.11.2006 22:33 15.060 WSCNTFY.EXE-1B24F5EB.pf
02.11.2006 22:31 23.932 AVENGER.EXE-28E5741A.pf
02.11.2006 22:29 118.366 EXPLORER.EXE-082F38A9.pf
02.11.2006 22:26 56.420 RUNDLL32.EXE-13404D23.pf
02.11.2006 20:30 81.520 LUCOMS~1.EXE-02DB5950.pf
02.11.2006 20:30 16.962 AUPDATE.EXE-2253CB60.pf
02.11.2006 20:30 27.546 NDETECT.EXE-16E64095.pf
02.11.2006 18:29 99.020 FIREFOX.EXE-1B8392AB.pf
02.11.2006 18:23 39.200 BOOTSTRAP.EXE-011DF518.pf
02.11.2006 18:23 8.428 MSIEXEC.EXE-2F8A8CAE.pf
02.11.2006 18:22 57.780 INSTALL_MESSENGER.EXE-310E465A.pf
02.11.2006 18:09 53.876 NMAIN.EXE-2BA406E0.pf
02.11.2006 17:33 23.570 CCPWDSVC.EXE-25BE6B86.pf
02.11.2006 17:33 25.386 CTFMON.EXE-0E17969B.pf
02.11.2006 17:33 41.370 CCAPP.EXE-1207B2A5.pf
02.11.2006 17:33 14.250 RUNDL132.EXE-306465DA.pf
02.11.2006 17:33 25.640 USERINIT.EXE-30B18140.pf
02.11.2006 17:33 10.600 WIN32SMD.EXE-035B19EE.pf
02.11.2006 17:33 7.848 LAUNCHER.EXE-0A92A9EF.pf
02.11.2006 17:33 14.424 STUP.EXE-2089974C.pf
02.11.2006 17:33 7.240 TINTSETP.EXE-39BF0732.pf
02.11.2006 17:33 9.654 VPCRM.EXE-1C46A5FC.pf
02.11.2006 17:18 21.814 CONIME.EXE-13EEEA1A.pf
02.11.2006 17:18 12.192 ATTRIB.EXE-39EAFB02.pf
02.11.2006 17:18 24.824 QQS003TP.EXE-3861E637.pf
02.11.2006 17:18 43.888 QQBETA3_440.EXE-371AF7EA.pf
02.11.2006 17:05 26.092 RUNDLL32.EXE-25E0AE6F.pf
02.11.2006 16:39 50.682 QQPET_UPDATE_0240.EXE-3614C10D.pf
02.11.2006 16:36 60.318 QQEXTERNAL.EXE-30EA88A9.pf
02.11.2006 16:33 30.438 QQLIVEUPDATE.EXE-18365BD3.pf
02.11.2006 16:30 25.258 STUP.EXE-261CA7C5.pf
02.11.2006 16:30 31.562 SS3.EXE-022DE6E2.pf
02.11.2006 16:30 20.104 VERCLSID.EXE-3667BD89.pf
02.11.2006 16:29 25.030 NOTEPAD.EXE-189578DA.pf
02.11.2006 16:29 28.420 QQMUSIC.EXE-283D77A3.pf
02.11.2006 16:29 23.784 QQPLAYERSVR.EXE-2E2AF30D.pf
02.11.2006 16:29 39.122 SETUP_QQ.EXE-21C7D3A5.pf
02.11.2006 16:29 21.820 VMPFULL_TENCENT.EXE-0C5C77B9.pf
02.11.2006 16:29 41.992 MTSAXINSTALLER.EXE-13BCBBAA.pf
02.11.2006 16:28 53.080 QQ2006BETA3.EXE-3961F1C6.pf
02.11.2006 16:09 16.838 UNWISE.EXE-1A3729EA.pf
02.11.2006 16:08 15.052 A~NSISU_.EXE-2D70E5B2.pf
02.11.2006 16:08 12.832 UNINST.EXE-263C87D4.pf
02.11.2006 16:05 14.774 AU_.EXE-18D931C6.pf
02.11.2006 16:05 19.094 UNINSTALL.EXE-18CD8B17.pf
02.11.2006 16:04 45.714 SYSOCMGR.EXE-31169C54.pf
02.11.2006 16:04 62.582 RUNDLL32.EXE-400F9B93.pf
02.11.2006 15:47 37.058 RUNDLL32.EXE-11C1D7CB.pf
02.11.2006 14:26 21.272 LANCER.ICD-2A3FF741.pf
02.11.2006 14:26 18.356 CLOKSPL.EXE-34A47D94.pf
02.11.2006 14:26 57.348 LANCER.EXE-35A15E3B.pf
02.11.2006 14:25 40.290 REGCLEANR.EXE-0851E407.pf
02.11.2006 14:20 42.910 AD-AWARE.EXE-294FC570.pf
02.11.2006 14:13 11.556 WINLOGON.EXE-32C57D49.pf
02.11.2006 14:13 12.542 CSRSS.EXE-12B63473.pf
02.11.2006 14:10 24.186 RUNDLL32.EXE-1831A4F3.pf
02.11.2006 14:10 20.744 CONTROL.EXE-013DBFB5.pf
02.11.2006 13:59 61.044 RSTRUI.EXE-03C49A96.pf
02.11.2006 13:53 18.530 RUNDLL32.EXE-33437D18.pf
02.11.2006 13:53 52.724 UNREGMP2.EXE-07CACB61.pf
02.11.2006 13:34 18.310 SVCHOST.EXE-3530F672.pf
02.11.2006 13:29 8.538 SVHOST32.EXE-35F91424.pf
02.11.2006 13:29 14.442 2SY.EXE-2E20BDE4.pf
02.11.2006 13:15 7.482 LOGON.SCR-151EFAEA.pf
01.11.2006 22:36 325.790 Layout.ini
01.11.2006 22:14 86.612 CLEANMGR.EXE-1F86EA8E.pf
01.11.2006 22:09 37.094 TOTALCMD.EXE-08C82D3C.pf
01.11.2006 21:44 53.336 DFRGNTFS.EXE-269967DF.pf
28.10.2006 15:24 87.046 REALPLAY.EXE-1BF219BD.pf
27.10.2006 22:40 25.760 REALSCHED.EXE-3282FD31.pf
108 File(s) 5.180.892 bytes
0 Dir(s) 11.425.861.632 bytes free

----- Tasks ----------------------------
Volume in drive C has no label.
Volume Serial Number is D05F-58A0

Directory of C:\WINDOWS\tasks

02.11.2006 22:34 414 Symantec NetDetect.job
02.11.2006 22:34 6 SA.DAT
25.10.2006 15:35 418 Norton AntiVirus - Scan my computer.job
23.08.2001 13:00 65 desktop.ini
4 File(s) 903 bytes
0 Dir(s) 11.425.869.824 bytes free

----- Windows/Temp -----------------------
Volume in drive C has no label.
Volume Serial Number is D05F-58A0

Directory of C:\WINDOWS\Temp

02.11.2006 22:41 39.424 4B.tmp
02.11.2006 17:33 0 Win11B.tmp
02.11.2006 17:16 0 Win106.tmp
02.11.2006 17:15 0 Win105.tmp
02.11.2006 17:14 0 Win104.tmp
02.11.2006 17:13 0 Win103.tmp
02.11.2006 16:51 0 WinED.tmp
02.11.2006 15:59 0 WinA.tmp
02.11.2006 13:25 16.384 Perflib_Perfdata_33c.dat
02.11.2006 12:29 0 $$a1C.tmp
02.11.2006 12:22 0 $$a14.tmp
02.11.2006 11:55 0 $$aD.tmp
02.11.2006 01:30 0 WinD.tmp
01.11.2006 17:38 0 WinF6.tmp
01.11.2006 14:45 0 $$aF5.tmp
01.11.2006 10:45 0 $$a8.tmp
01.11.2006 10:45 0 $$a7.tmp
31.10.2006 18:20 0 WinA4.tmp
31.10.2006 18:19 0 WinA3.tmp
31.10.2006 18:17 0 WinA1.tmp
31.10.2006 18:16 0 WinA0.tmp
31.10.2006 18:13 0 Win9A.tmp
31.10.2006 18:11 0 Win97.tmp
31.10.2006 18:10 0 Win96.tmp
31.10.2006 18:09 0 Win95.tmp
31.10.2006 18:07 0 Win93.tmp
31.10.2006 18:06 0 Win92.tmp
31.10.2006 17:52 0 Win72.tmp
31.10.2006 17:44 0 Win61.tmp
31.10.2006 17:37 0 Win4D.tmp
31.10.2006 17:36 0 Win49.tmp
31.10.2006 17:34 0 Win46.tmp
31.10.2006 17:33 0 Win44.tmp
31.10.2006 17:30 0 Win3C.tmp
31.10.2006 17:28 0 Win3A.tmp
31.10.2006 17:25 0 Win2E.tmp
31.10.2006 17:24 0 Win2C.tmp
31.10.2006 17:22 0 Win26.tmp
31.10.2006 00:29 0 WinF2.tmp
31.10.2006 00:28 0 WinF1.tmp
31.10.2006 00:27 0 WinF0.tmp
31.10.2006 00:26 0 WinEF.tmp
31.10.2006 00:25 0 WinEE.tmp
31.10.2006 00:23 0 WinEC.tmp
31.10.2006 00:22 0 WinEB.tmp
31.10.2006 00:21 0 WinEA.tmp
31.10.2006 00:20 0 WinE9.tmp
31.10.2006 00:19 0 WinE8.tmp
31.10.2006 00:18 0 WinE7.tmp
31.10.2006 00:17 0 WinE6.tmp
31.10.2006 00:16 0 WinE5.tmp
31.10.2006 00:15 0 WinE4.tmp
31.10.2006 00:14 0 WinE3.tmp
31.10.2006 00:13 0 WinE2.tmp
31.10.2006 00:12 0 WinE1.tmp
31.10.2006 00:11 0 WinE0.tmp
31.10.2006 00:10 0 WinDF.tmp
31.10.2006 00:09 0 WinDE.tmp
31.10.2006 00:08 0 WinDD.tmp
31.10.2006 00:07 0 WinDC.tmp
31.10.2006 00:06 0 WinDB.tmp
31.10.2006 00:05 0 WinDA.tmp
31.10.2006 00:04 0 WinD9.tmp
31.10.2006 00:03 0 WinD8.tmp
31.10.2006 00:02 0 WinD7.tmp
31.10.2006 00:01 0 WinD6.tmp
31.10.2006 00:00 0 WinD5.tmp
30.10.2006 23:59 0 WinD4.tmp
30.10.2006 23:58 0 WinD3.tmp
30.10.2006 23:57 0 WinD2.tmp
30.10.2006 23:56 0 WinD1.tmp
30.10.2006 23:55 0 WinD0.tmp
30.10.2006 23:54 0 WinCF.tmp
30.10.2006 23:53 0 WinCE.tmp
30.10.2006 23:51 0 WinCD.tmp
30.10.2006 23:50 0 WinCC.tmp
30.10.2006 23:49 0 WinCB.tmp
30.10.2006 23:48 0 WinCA.tmp
30.10.2006 23:47 0 WinC9.tmp
30.10.2006 23:45 0 WinC7.tmp
30.10.2006 23:44 0 WinC6.tmp
30.10.2006 23:43 0 WinC5.tmp
30.10.2006 23:42 0 WinC4.tmp
30.10.2006 23:41 0 WinC3.tmp
30.10.2006 23:40 0 WinC2.tmp
30.10.2006 23:38 0 WinC0.tmp
30.10.2006 23:37 0 WinBF.tmp
30.10.2006 23:36 0 WinBE.tmp
30.10.2006 23:35 0 WinBD.tmp
30.10.2006 23:34 0 WinBC.tmp
30.10.2006 23:33 0 WinBB.tmp
30.10.2006 23:32 0 WinBA.tmp
30.10.2006 23:31 0 WinB9.tmp
30.10.2006 23:30 0 WinB8.tmp
30.10.2006 23:29 0 WinB7.tmp
30.10.2006 23:28 0 WinB6.tmp
30.10.2006 23:27 0 WinB5.tmp
30.10.2006 23:26 0 WinB4.tmp
30.10.2006 23:25 0 WinB3.tmp
30.10.2006 23:24 0 WinB2.tmp
30.10.2006 23:23 0 WinB1.tmp
30.10.2006 23:22 0 WinB0.tmp
30.10.2006 23:21 0 WinAF.tmp
30.10.2006 23:20 0 WinAE.tmp
30.10.2006 23:19 0 WinAD.tmp
30.10.2006 23:18 0 WinAC.tmp
30.10.2006 23:17 0 WinAB.tmp
30.10.2006 23:16 0 WinAA.tmp
30.10.2006 23:15 0 WinA9.tmp
30.10.2006 23:14 0 WinA8.tmp
30.10.2006 23:12 0 WinA7.tmp
30.10.2006 23:11 0 WinA6.tmp
30.10.2006 23:10 0 WinA5.tmp
30.10.2006 23:09 0 WinA2.tmp
30.10.2006 23:07 0 Win9E.tmp
30.10.2006 23:06 0 Win9D.tmp
30.10.2006 23:05 0 Win9C.tmp
30.10.2006 23:04 0 Win9B.tmp
30.10.2006 23:02 0 Win99.tmp
30.10.2006 23:01 0 Win98.tmp
30.10.2006 22:51 0 Win94.tmp
30.10.2006 22:50 0 Win91.tmp
30.10.2006 22:48 0 Win90.tmp
30.10.2006 22:47 0 Win8F.tmp
30.10.2006 22:45 0 Win8E.tmp
30.10.2006 22:44 0 Win8D.tmp
30.10.2006 22:43 0 Win8C.tmp
30.10.2006 22:42 0 Win8B.tmp
30.10.2006 22:41 0 Win8A.tmp
30.10.2006 22:40 0 Win89.tmp
30.10.2006 22:39 0 Win88.tmp
30.10.2006 22:38 0 Win87.tmp
30.10.2006 22:37 0 Win86.tmp
30.10.2006 22:36 0 Win85.tmp
30.10.2006 22:35 0 Win84.tmp
30.10.2006 22:34 0 Win83.tmp
30.10.2006 22:33 0 Win81.tmp
30.10.2006 22:29 0 Win7B.tmp
30.10.2006 22:28 0 Win79.tmp
30.10.2006 22:27 0 Win78.tmp
30.10.2006 22:26 0 Win77.tmp
30.10.2006 22:25 0 Win76.tmp
30.10.2006 22:24 0 Win75.tmp
30.10.2006 22:23 0 Win74.tmp
30.10.2006 22:22 0 Win73.tmp
30.10.2006 22:20 0 Win71.tmp
30.10.2006 22:18 0 Win6C.tmp
30.10.2006 22:17 0 Win6B.tmp
30.10.2006 22:16 0 Win6A.tmp
30.10.2006 22:14 0 Win68.tmp
30.10.2006 22:13 0 Win67.tmp
30.10.2006 22:12 0 Win66.tmp
30.10.2006 22:11 0 Win65.tmp
30.10.2006 22:10 0 Win64.tmp
30.10.2006 22:08 0 Win63.tmp
30.10.2006 22:06 0 Win60.tmp
30.10.2006 22:05 0 Win5F.tmp
30.10.2006 22:04 0 Win5D.tmp
30.10.2006 22:03 0 Win59.tmp
30.10.2006 22:02 0 Win57.tmp
30.10.2006 22:00 0 Win55.tmp
30.10.2006 21:59 0 Win54.tmp
30.10.2006 21:58 0 Win51.tmp
30.10.2006 21:57 0 Win50.tmp
30.10.2006 17:56 374 $$a1.bat
30.10.2006 17:56 0 $$a1.tmp
30.10.2006 15:13 0 Win82.tmp
30.10.2006 15:11 0 Win80.tmp
30.10.2006 15:10 0 Win7F.tmp
30.10.2006 15:09 0 Win7E.tmp
30.10.2006 15:08 0 Win7D.tmp
30.10.2006 15:07 0 Win7C.tmp
30.10.2006 15:05 0 Win7A.tmp
30.10.2006 15:03 0 Win70.tmp
30.10.2006 15:02 0 Win6F.tmp
30.10.2006 15:01 0 Win6E.tmp
30.10.2006 15:00 0 Win6D.tmp
30.10.2006 14:55 0 Win69.tmp
30.10.2006 14:48 0 Win62.tmp
30.10.2006 14:44 0 Win5E.tmp
30.10.2006 14:42 0 Win5C.tmp
30.10.2006 14:41 0 Win5B.tmp
30.10.2006 14:40 0 Win5A.tmp
30.10.2006 14:38 0 Win58.tmp
30.10.2006 14:36 0 Win56.tmp
30.10.2006 14:33 0 Win53.tmp
30.10.2006 14:32 0 Win52.tmp
30.10.2006 14:29 0 Win4F.tmp
30.10.2006 14:26 0 Win4C.tmp
30.10.2006 14:25 0 Win4B.tmp
30.10.2006 14:24 0 Win4A.tmp
30.10.2006 14:22 0 Win48.tmp
30.10.2006 14:21 0 Win47.tmp
30.10.2006 14:19 0 Win45.tmp
30.10.2006 14:17 0 Win43.tmp
30.10.2006 14:16 0 Win42.tmp
30.10.2006 14:15 0 Win41.tmp
30.10.2006 14:14 0 Win40.tmp
30.10.2006 14:13 0 Win3F.tmp
30.10.2006 14:11 0 Win3E.tmp
30.10.2006 14:10 0 Win3D.tmp
30.10.2006 14:08 0 Win3B.tmp
30.10.2006 14:06 0 Win39.tmp
30.10.2006 14:05 0 Win38.tmp
30.10.2006 14:04 0 Win37.tmp
30.10.2006 14:03 0 Win36.tmp
30.10.2006 14:02 0 Win35.tmp
30.10.2006 14:00 0 Win33.tmp
30.10.2006 13:59 0 Win32.tmp
30.10.2006 13:58 0 Win31.tmp
30.10.2006 13:57 0 Win30.tmp
30.10.2006 13:56 0 Win2F.tmp
30.10.2006 13:54 0 Win2D.tmp
30.10.2006 13:52 0 Win2B.tmp
30.10.2006 13:51 0 Win2A.tmp
30.10.2006 13:50 0 Win29.tmp
30.10.2006 13:49 0 Win28.tmp
30.10.2006 13:48 0 Win27.tmp
30.10.2006 13:46 0 Win25.tmp
30.10.2006 13:44 0 Win24.tmp
30.10.2006 13:43 0 Win23.tmp
30.10.2006 13:42 0 Win22.tmp
30.10.2006 13:41 0 Win21.tmp
30.10.2006 13:38 0 Win1E.tmp
30.10.2006 13:37 0 Win1D.tmp
30.10.2006 13:36 0 Win1C.tmp
30.10.2006 13:35 0 Win1B.tmp
30.10.2006 13:33 0 Win19.tmp
30.10.2006 13:32 0 Win18.tmp
30.10.2006 13:31 0 Win17.tmp
30.10.2006 13:30 0 Win16.tmp
30.10.2006 13:29 0 Win15.tmp
30.10.2006 13:28 0 Win14.tmp
30.10.2006 13:27 0 Win13.tmp
30.10.2006 13:26 0 Win12.tmp
235 File(s) 56.182 bytes
0 Dir(s) 11.425.853.440 bytes free

----- Temp -----------------------------
Volume in drive C has no label.
Volume Serial Number is D05F-58A0

Directory of C:\DOCUME~1\Aofeng\LOCALS~1\Temp

02.11.2006 23:59 0 $$a76.tmp
02.11.2006 23:14 32.768 ~DFA4A2.tmp
02.11.2006 23:10 0 tem4C.tmp
02.11.2006 23:05 0 1CE3B6.dmp
02.11.2006 22:43 16.384 Perflib_Perfdata_ab0.dat
02.11.2006 22:43 58 _tmp_qq_proxy.ini
02.11.2006 22:40 0 $$a1.tmp
02.11.2006 18:49 0 tem1B4.tmp
02.11.2006 18:23 234 MsnMsgs.LOG
02.11.2006 18:09 0 $$a162.tmp
02.11.2006 18:08 0 $$a161.tmp
02.11.2006 17:34 16.384 ~DFB7D9.tmp
02.11.2006 14:20 0 $$a4.tmp
02.11.2006 14:20 300 $$a2.bat
02.11.2006 14:20 0 $$a2.tmp
02.11.2006 14:19 40.976 ys.dll
02.11.2006 14:18 21.260 1fky1.sys
02.11.2006 14:13 21.260 lym.sys
02.11.2006 14:02 21.260 di8g.sys
02.11.2006 13:54 21.260 l4.sys
02.11.2006 13:31 447 $$a6.bat
02.11.2006 13:31 0 $$a6.tmp
02.11.2006 13:29 261 $$a3.bat
02.11.2006 13:29 0 $$a3.tmp
02.11.2006 13:29 0 $$c2.tmp
02.11.2006 13:26 21.260 l701hght.sys
02.11.2006 13:22 0 $$a10.tmp
01.11.2006 22:15 0 $$aF.tmp
12.10.2004 11:14 57.344 InstHelp.dll
29 File(s) 271.456 bytes
0 Dir(s) 11.425.857.536 bytes free

Und jetzt das von dem anderen Programm:

doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
doesn't exist HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System
doesn't exist HKEY_LOCAL_MACHINE\SSYSTEM\CurrentControlSet\Services\windowsnetwork
doesn't exist HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
-----------------------
-----------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
"DependOnGroup"=hex(7):00
"DependOnService"=hex(7):4e,65,74,6d,61,6e,00,57,69,6e,4d,67,6d,74,00,00
"Description"="Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network."
"DisplayName"="Windows Firewall/Internet Connection Sharing (ICS)"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch]
"Epoch"=dword:00001947

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,69,70,6e,61,74,68,6c,70,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
"DoNotAllowExceptions"=dword:00000000
"DisableNotifications"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"G:\\PC\\DRIVERS\\ADSL\\alcatel\\200700\\Setup\\SetupST.exe"="G:\\PC\\DRIVERS\\ADSL\\alcatel\\200700\\Setup\\SetupST.exe:*:Enabled:SpeedTouch Setup Wizard"
"G:\\Setup Wizard\\SetupST.exe"="G:\\Setup Wizard\\SetupST.exe:*:Enabled:SpeedTouch Setup Wizard"
"E:\\games\\Mech\\MW4.ICD"="E:\\games\\Mech\\MW4.ICD:*:Enabled:MechWarrior IV"
"E:\\games\\Mech\\mw4x\\MW4x.exe"="E:\\games\\Mech\\mw4x\\MW4x.exe:*:Enabled:MechWarrior IV"
"C:\\Program Files\\NATEON\\BIN\\NateOnMain.exe"="C:\\Program Files\\NATEON\\BIN\\NateOnMain.exe:*:Enabled:NATE ON"
"D:\\Tencent\\qq\\QQ.exe"="D:\\Tencent\\qq\\QQ.exe:*:Enabled:QQ"
"D:\\Tencent\\QQGame\\QQGame.exe"="D:\\Tencent\\QQGame\\QQGame.exe:*:Enabled:QQGame"
"D:\\QQ??\\QQFO1.32_dl.exe"="D:\\QQ??\\QQFO1.32_dl.exe:*:Enabled:QQFO Tools for Downloading and AutoPack"
"C:\\Documents and Settings\\Meijie\\Local Settings\\Temp\\Rar$EX00.554\\«QQ??????????.exe"="C:\\Documents and Settings\\Meijie\\Local Settings\\Temp\\Rar$EX00.554\\«QQ??????????.exe:*:Enabled

??????????????"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"D:\\Tencent\\qq\\QQPet\\QQPet.exe"="D:\\Tencent\\qq\\QQPet\\QQPet.exe:*:Enabled:QQ??"
"D:\\BitComet\\BitComet.exe"="D:\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*

isabled:Internet Explorer"
"C:\\Program Files\\Common Files\\Synacast\\SynaLive\\PE.exe"="C:\\Program Files\\Common Files\\Synacast\\SynaLive\\PE.exe:*

isabled

E"
"E:\\games\\Warcraft III\\War3.exe"="E:\\games\\Warcraft III\\War3.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"16539:TCP"="16539:TCP:*:Enabled:BitComet 16539 TCP"
"16539:UDP"="16539:UDP:*:Enabled:BitComet 16539 UDP"
"3973:TCP"="3973:TCP:*:Enabled

pLive"
"6754:UDP"="6754:UDP:*:Enabled

pLive"
"23635:TCP"="23635:TCP:*:Enabled:BitComet 23635 TCP"
"23635:UDP"="23635:UDP:*:Enabled:BitComet 23635 UDP"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum]
"0"="Root\\LEGACY_SHAREDACCESS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Security Center"
"DependOnService"=hex(7):52,70,63,53,73,00,77,69,6e,6d,67,6d,74,00,00
"ObjectName"="LocalSystem"
"Description"="Monitors system security settings and configurations."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters]
"ServiceDll"=hex(2):25,53,59,53,54,45,4d,52,4f,4f,54,25,5c,73,79,73,74,65,6d,\
33,32,5c,77,73,63,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Enum]
"0"="Root\\LEGACY_WSCSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
"autodisconnect"=dword:0000000f
"enableforcedlogoff"=dword:00000001
"enablesecuritysignature"=dword:00000000
"requiresecuritysignature"=dword:00000000
"NullSessionPipes"=hex(7):43,4f,4d,4e,41,50,00,43,4f,4d,4e,4f,44,45,00,53,51,\
4c,5c,51,55,45,52,59,00,53,50,4f,4f,4c,53,53,00,4c,4c,53,52,50,43,00,62,72,\
6f,77,73,65,72,00,00
"NullSessionShares"=hex(7):43,4f,4d,43,46,47,00,44,46,53,24,00,00
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,73,72,76,73,76,63,2e,64,6c,6c,00
"Lmannounce"=dword:00000000
"Size"=dword:00000001
"Guid"=hex:fb,ff,9c,b6,e0,cf,88,46,99,64,37,7f,65,91,c8,2c
"AdjustedNullSessionPipes"=dword:00000001
"CachedOpenLimit"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters]
"enableplaintextpassword"=dword:00000000
"enablesecuritysignature"=dword:00000001
"requiresecuritysignature"=dword:00000000
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,77,6b,73,73,76,63,2e,64,6c,6c,00
"OtherDomains"=hex(7):00

[HKEY_CURRENT_USER\Software\Microsoft\OLE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]
"Type"=dword:00000020
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Messenger"
"DependOnService"=hex(7):4c,61,6e,6d,61,6e,57,6f,72,6b,73,74,61,74,69,6f,6e,00,\
4e,65,74,42,49,4f,53,00,50,6c,75,67,50,6c,61,79,00,52,70,63,53,53,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,6d,73,67,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
"Description"="Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start."
"DependOnService"=hex(7):52,50,43,53,53,00,00
"DisplayName"="Remote Registry"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,4c,6f,63,61,6c,53,65,72,\
76,69,63,65,00
"ObjectName"="NT AUTHORITY\\LocalService"
"Group"=""
"Start"=dword:00000002
"Type"=dword:00000020
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,e0,ad,08,\
00,01,00,00,00,e8,03,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,72,65,67,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum]
"0"="Root\\LEGACY_REMOTEREGISTRY\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]
"Type"=dword:00000010
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,\
74,6c,6e,74,73,76,72,2e,65,78,65,00
"DisplayName"="Telnet"
"DependOnService"=hex(7):52,50,43,53,53,00,54,43,50,49,50,00,4e,54,4c,4d,53,53,\
50,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"=hex(2):45,6e,61,62,6c,65,73,20,61,20,72,65,6d,6f,74,65,20,75,73,\
65,72,20,74,6f,20,6c,6f,67,20,6f,6e,20,74,6f,20,74,68,69,73,20,63,6f,6d,70,\
75,74,65,72,20,61,6e,64,20,72,75,6e,20,70,72,6f,67,72,61,6d,73,2c,20,61,6e,\
64,20,73,75,70,70,6f,72,74,73,20,76,61,72,69,6f,75,73,20,54,43,50,2f,49,50,\
20,54,65,6c,6e,65,74,20,63,6c,69,65,6e,74,73,2c,20,69,6e,63,6c,75,64,69,6e,\
67,20,55,4e,49,58,2d,62,61,73,65,64,20,61,6e,64,20,57,69,6e,64,6f,77,73,2d,\
62,61,73,65,64,20,63,6f,6d,70,75,74,65,72,73,2e,20,49,66,20,74,68,69,73,20,\
73,65,72,76,69,63,65,20,69,73,20,73,74,6f,70,70,65,64,2c,20,72,65,6d,6f,74,\
65,20,75,73,65,72,20,61,63,63,65,73,73,20,74,6f,20,70,72,6f,67,72,61,6d,73,\
20,6d,69,67,68,74,20,62,65,20,75,6e,61,76,61,69,6c,61,62,6c,65,2e,20,49,66,\
20,74,68,69,73,20,73,65,72,76,69,63,65,20,69,73,20,64,69,73,61,62,6c,65,64,\
2c,20,61,6e,79,20,73,65,72,76,69,63,65,73,20,74,68,61,74,20,65,78,70,6c,69,\
63,69,74,6c,79,20,64,65,70,65,6e,64,20,6f,6e,20,69,74,20,77,69,6c,6c,20,66,\
61,69,6c,20,74,6f,20,73,74,61,72,74,2e,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
14,00,00,00,02,00,48,00,03,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\
00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\
63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001
"LsaPid"=dword:000004e4
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
"enabledcom"="y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
"ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\
50,72,6f,76,69,64,65,72,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
"Pattern"=hex:3d,08,97,d4,80,d4,46,0e,56,4d,ee,e9,51,49,3a,bd,35,32,34,32,62,\
31,35,36,00,fd,07,00,b1,44,00,00,34,fa,07,00,56,82,7c,75,20,fa,07,00,40,fd,\
07,00,4c,fd,07,00,17,74,41,43,be,9b,42,60,45,8c,d2,52

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
"GrafBlumGroup"=hex:de,e2,c8,85,28,3c,65,d8,50

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
"Lookup"=hex:1f,09,94,81,f2,2d

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
"SkewMatrix"=hex:68,fe,96,b9,2b,d4,7d,81,f1,65,55,4e,dd,4d,6e,10

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
"Time"=hex:b0,ab,4d,b0,2b,d9,c6,01

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,5e,94,25,ad,79,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,5e,94,25,ad,79,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,5e,94,25,ad,79,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

03.11.2006, 00:19

Sabina

Ehrenmitglied

Beiträge: 29434

#39 ««
Cleanup anwenden und die temporaeren Dateien loeschen
http://virus-protect.org/cleanup.html

««
Klicke: Start -Ausfuehren- schreib rein: cmd
dann kopiere in das schwarze DOS-Fenster:

del %windir%\temp\*.* /f

klicke "enter"
schreibe Y

««
Avenger

Zitat

Files to delete:
C:\WINDOWS\system32\relesoci.txt
C:\WINDOWS\system32\dllms.dll
C:\WINDOWS\system32\11.LOG
C:\WINDOWS\system32\win32smd.exe
C:\WINDOWS\mgxoschk.ini
C:\WINDOWS\Dll.dll
C:\WINDOWS\rundl132.exe
C:\WINDOWS\Logo1_.exe
C:\WINDOWS\HOSTS
C:\WINDOWS\lddpjjdl.txt
C:\WINDOWS\QQPet.dat
C:\WINDOWS\Temp\4B.tmp
C:\WINDOWS\Temp\$$a1.bat
C:\WINDOWS\Temp\$$a1.tmp

poste das log vom avenger nach neustart+ noch mal die 6 logs
__________
MfG Sabina

rund um die PC-Sicherheit

Dieser Beitrag wurde am 03.11.2006 um 01:11 Uhr von Sabina editiert.

03.11.2006, 00:56

aofeng

Member

Themenstarter

Beiträge: 47

#40 Also die Temps files gehen ja gar nicht mehr da ich sie alle mit cleanup eliminiert habe hab da 500´mb vernichtet mit dem Programm !! Ist das normal?
weil mir kommt das recht viel vor

Aja und das mit dem Ausführen von dieser cmd datei geht aber das war ich eigegen habe konnte er nicht finden

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\sngypntd

*******************

Script file located at: \??\C:\kaherhgo.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\relesoci.txt deleted successfully.
File C:\WINDOWS\system32\dllms.dll deleted successfully.
File C:\WINDOWS\system32\11.LOG deleted successfully.
File C:\WINDOWS\system32\win32smd.exe deleted successfully.
File C:\WINDOWS\mgxoschk.ini deleted successfully.
File C:\WINDOWS\Dll.dll deleted successfully.
File C:\WINDOWS\rundl132.exe deleted successfully.
File C:\WINDOWS\Logo1_.exe deleted successfully.
File C:\WINDOWS\HOSTS deleted successfully.
File C:\WINDOWS\lddpjjdl.txt deleted successfully.
File C:\WINDOWS\QQPet.dat deleted successfully.

File C:\WINDOWS\Temp\4B.tmp not found!
Deletion of file C:\WINDOWS\Temp\4B.tmp failed!

Could not process line:
C:\WINDOWS\Temp\4B.tmp
Status: 0xc0000034

File C:\WINDOWS\Temp\$$a1.bat deleted successfully.
File C:\WINDOWS\Temp\$$a1.tmp deleted successfully.

gut jetzt die logs :

----- Root -----------------------------
Volume in drive C has no label.
Volume Serial Number is D05F-58A0

Directory of C:\

03.11.2006 00:55 43 filelist.txt
03.11.2006 00:52 234.409.984 hiberfil.sys
03.11.2006 00:52 352.321.536 pagefile.sys
03.11.2006 00:51 19.400 avenger.txt
03.11.2006 00:02 9 _desktop.ini
02.11.2006 15:42 435 profile.txt
29.10.2006 20:15 14.600 ComboFix.txt
29.10.2006 18:47 15.678 ComboFix2.txt
29.10.2006 15:42 268 sqmdata19.sqm
29.10.2006 15:42 244 sqmnoopt19.sqm
28.10.2006 22:55 268 sqmdata18.sqm
28.10.2006 22:55 244 sqmnoopt18.sqm
28.10.2006 14:47 268 sqmdata17.sqm
28.10.2006 14:47 244 sqmnoopt17.sqm
28.10.2006 10:44 268 sqmdata16.sqm
28.10.2006 10:44 244 sqmnoopt16.sqm
28.10.2006 09:25 268 sqmdata15.sqm
28.10.2006 09:25 244 sqmnoopt15.sqm
27.10.2006 14:06 268 sqmdata14.sqm
27.10.2006 14:06 244 sqmnoopt14.sqm
27.10.2006 13:54 268 sqmdata13.sqm
27.10.2006 13:54 244 sqmnoopt13.sqm
26.10.2006 22:06 268 sqmdata12.sqm
26.10.2006 22:06 244 sqmnoopt12.sqm
26.10.2006 14:33 268 sqmdata11.sqm
26.10.2006 14:33 244 sqmnoopt11.sqm
26.10.2006 13:59 268 sqmdata10.sqm
26.10.2006 13:59 244 sqmnoopt10.sqm
26.10.2006 01:18 268 sqmdata09.sqm
26.10.2006 01:18 244 sqmnoopt09.sqm
25.10.2006 22:59 268 sqmdata08.sqm
25.10.2006 22:59 244 sqmnoopt08.sqm
24.10.2006 21:43 268 sqmdata07.sqm
24.10.2006 21:43 244 sqmnoopt07.sqm
24.10.2006 20:52 268 sqmdata06.sqm
24.10.2006 20:52 244 sqmnoopt06.sqm
24.10.2006 20:23 268 sqmdata05.sqm
24.10.2006 20:23 244 sqmnoopt05.sqm
24.10.2006 13:59 268 sqmdata04.sqm
24.10.2006 13:58 244 sqmnoopt04.sqm
23.10.2006 22:43 268 sqmdata03.sqm
23.10.2006 22:43 244 sqmnoopt03.sqm
23.10.2006 22:30 268 sqmdata02.sqm
23.10.2006 22:30 244 sqmnoopt02.sqm
23.10.2006 14:31 268 sqmdata01.sqm
23.10.2006 14:31 244 sqmnoopt01.sqm
23.10.2006 00:38 268 sqmdata00.sqm
23.10.2006 00:38 244 sqmnoopt00.sqm
17.10.2006 16:26 4 response.txt
01.10.2006 21:52 13.030 PDOXUSRS.NET
08.09.2006 18:51 5 MB.TXT
08.09.2006 18:41 0 MSDOS.SYS
08.09.2006 18:41 0 CONFIG.SYS
08.09.2006 18:41 0 AUTOEXEC.BAT
08.09.2006 18:41 0 IO.SYS
08.09.2006 18:33 211 boot.ini
03.08.2004 21:59 250.032 ntldr
03.08.2004 21:38 47.564 NTDETECT.COM
58 File(s) 587.102.771 bytes
0 Dir(s) 11.369.115.648 bytes free

----- Windows --------------------------
Volume in drive C has no label.
Volume Serial Number is D05F-58A0

Directory of C:\WINDOWS

03.11.2006 00:52 0 0.log
03.11.2006 00:52 1.061.716 WindowsUpdate.log
03.11.2006 00:52 2.048 bootstat.dat
03.11.2006 00:51 32.370 SchedLgU.Txt
03.11.2006 00:47 4.492 dkacjthe.txt
03.11.2006 00:19 110 winamp.ini
03.11.2006 00:11 590 wincmd.ini
02.11.2006 22:41 10.336 setupapi.log
02.11.2006 16:30 45 ~TR.log
02.11.2006 16:29 71 SCRCFG.ini
02.11.2006 16:05 536.335 iis6.log
02.11.2006 16:05 2.446 comsetup.log
02.11.2006 16:05 95.081 ntdtcsetup.log
02.11.2006 16:05 209.104 tsoc.log
02.11.2006 16:05 22.400 tabletoc.log
02.11.2006 16:05 1.917 imsins.log
02.11.2006 16:05 25.184 ocmsn.log
02.11.2006 16:05 78.021 netfxocm.log
02.11.2006 16:05 31.463 MedCtrOC.log
02.11.2006 16:05 5.732 ocgen.log
02.11.2006 16:05 22.572 msgsocm.log
02.11.2006 16:05 437.411 FaxSetup.log
02.11.2006 16:05 145.430 msmqinst.log
02.11.2006 15:47 231 system.ini
02.11.2006 13:53 470 wmsetup.log
02.11.2006 11:43 13.880 KB918899.log
01.11.2006 22:14 120 setupact.log
29.10.2006 23:41 50 wiaservc.log
29.10.2006 23:41 216 wiadebug.log
27.10.2006 12:29 32.118 KB908531.log
26.10.2006 17:21 9.728 cftmon.exe
26.10.2006 12:45 1.123 IE4 Error Log.txt
26.10.2006 01:13 2.560 _MSRSTRT.EXE
18.10.2006 19:56 9.913 mozver.dat
18.10.2006 19:52 333 wininit.ini
16.10.2006 15:22 461 wmsetup10.log
16.10.2006 12:38 1.830 spupdsvc.log
16.10.2006 12:30 38.173 KB917734.log
15.10.2006 18:05 316.640 WMSysPr9.prx
14.10.2006 02:14 1.393 imsins.BAK
14.10.2006 02:14 42.540 KB899587.log
14.10.2006 02:14 20.350 updspapi.log
14.10.2006 02:14 41.710 KB924191.log
14.10.2006 02:14 41.288 KB922819.log
14.10.2006 02:14 39.042 KB885835.log
14.10.2006 02:14 38.178 KB885836.log
14.10.2006 02:13 39.155 KB923414.log
14.10.2006 02:13 38.837 KB920214.log
14.10.2006 02:13 35.936 KB921883.log
14.10.2006 02:13 38.691 KB911927.log
14.10.2006 02:13 37.875 KB922616.log
14.10.2006 02:12 38.191 KB901017.log
14.10.2006 02:12 38.512 KB899591.log
14.10.2006 02:12 38.050 KB920685.log
14.10.2006 02:12 38.694 KB896424.log
14.10.2006 02:12 38.683 KB893756.log
14.10.2006 02:12 37.658 KB911280.log
14.10.2006 02:12 37.121 KB911562.log
14.10.2006 02:12 34.388 KB896423.log
14.10.2006 02:11 36.812 KB900485.log
14.10.2006 02:11 35.037 KB873339.log
14.10.2006 02:11 36.618 KB924496.log
14.10.2006 02:11 36.880 KB921398.log
14.10.2006 02:11 35.048 KB887472.log
14.10.2006 02:11 36.367 KB896358.log
14.10.2006 02:11 29.430 KB910437.log
14.10.2006 02:10 24.860 KB911564.log
14.10.2006 02:10 32.587 KB920670.log
14.10.2006 02:10 32.028 KB891781.log
14.10.2006 02:09 32.784 KB918439.log
14.10.2006 02:09 37.884 KB902400.log
14.10.2006 02:09 29.637 KB890046.log
14.10.2006 02:08 30.465 KB920872.log
14.10.2006 02:08 28.583 KB899589.log
14.10.2006 02:08 28.616 KB919007.log
14.10.2006 02:08 28.901 KB914388.log
14.10.2006 02:07 27.965 KB917344.log
14.10.2006 02:07 28.020 KB905414.log
14.10.2006 02:07 27.228 KB917953.log
14.10.2006 02:07 27.009 KB901214.log
14.10.2006 02:06 24.742 KB923191.log
14.10.2006 02:06 26.899 KB917422.log
14.10.2006 02:06 20.609 KB922582.log
14.10.2006 02:06 23.045 KB888302.log
14.10.2006 02:05 25.050 KB900725.log
14.10.2006 02:05 22.812 KB925486.log
14.10.2006 02:05 22.526 KB912919.log
14.10.2006 02:05 16.045 KB886185.log
14.10.2006 02:04 22.001 KB916595.log
14.10.2006 02:04 13.481 KB885884.log
14.10.2006 02:04 22.022 KB904706.log
14.10.2006 02:04 21.203 KB901190.log
14.10.2006 02:03 21.312 KB905749.log
14.10.2006 02:03 21.472 KB913580.log
14.10.2006 02:02 19.567 KB896428.log
14.10.2006 02:02 20.285 KB911567.log
14.10.2006 02:02 20.259 KB894391.log
14.10.2006 02:02 17.783 KB908519.log
14.10.2006 02:02 17.998 KB920683.log
14.10.2006 02:01 17.557 KB914389.log
14.10.2006 02:01 19.227 KB890859.log
13.10.2006 22:44 10.046 KB893803v2.log
13.10.2006 02:04 7.055 KB898461.log
12.10.2006 22:46 1.215.353 setupapi.log.0.old
12.10.2006 13:43 335 nsreg.dat
12.10.2006 13:42 87.184 NSUninst.exe
12.10.2006 13:42 677 win.ini
12.10.2006 13:41 87.184 GREUninstall.exe
08.10.2006 11:47 400 ODBC.INI
21.09.2006 17:52 837 eReg.dat
09.09.2006 22:16 49.208 War3Unin.dat
09.09.2006 22:16 2.829 War3Unin.pif
09.09.2006 22:16 139.264 War3Unin.exe
08.09.2006 20:25 0 Sti_Trace.log
08.09.2006 20:21 0 setuperr.log
08.09.2006 20:08 5.456 ModemLog_Communications cable between two computers.txt
08.09.2006 19:40 32 {5DEFB7B0-15FF-471A-843D-6FD43F637020}.dat
08.09.2006 19:40 83 MININU.LOG
08.09.2006 19:40 264 _delis32.ini
08.09.2006 19:02 4.708 regopt.log
08.09.2006 19:02 1.096 muisetup.log
08.09.2006 18:46 8.192 REGLOCS.OLD
08.09.2006 18:41 0 control.ini
08.09.2006 18:40 4.161 ODBCINST.INI
08.09.2006 18:39 749 WindowsShell.Manifest
08.09.2006 18:37 1.022 sessmgr.setup.log
08.09.2006 18:36 37 vbaddin.ini
08.09.2006 18:36 36 vb.ini
08.09.2006 18:34 200 cmsetacl.log

----- System 32 (Achtung: Zeitfenster beachten!) ---
Volume in drive C has no label.
Volume Serial Number is D05F-58A0

Directory of C:\WINDOWS\system32

02.11.2006 22:34 128.000 KB7567316.LOG
02.11.2006 15:49 200.144 FNTCACHE.DAT
29.10.2006 09:33 311.740 perfh009.dat
29.10.2006 09:33 40.128 perfc009.dat
29.10.2006 09:33 356.120 PerfStringBackup.INI
28.10.2006 14:56 2.560 BitCometRes.dll
23.10.2006 00:36 534 ikhcore.log
21.10.2006 21:34 20.098 psapi.lib
15.10.2006 18:06 16.832 amcompat.tlb
15.10.2006 18:06 23.392 nscompat.tlb
15.10.2006 14:45 6.235 jupdate-1.5.0_06-b05.log
08.10.2006 00:14 2.206 wpa.dbl
04.10.2006 12:03 9.639.336 MRT.exe
25.09.2006 17:10 43.520 CmdLineExt03.dll
15.09.2006 21:52 91.904 S32EVNT1.DLL
13.09.2006 06:01 1.084.416 msxml3.dll
08.09.2006 20:33 0 h323log.txt
08.09.2006 19:40 32 {A58AE377-3327-42E1-86D3-D96F227F4692}.dat
08.09.2006 19:40 14 SR2.dat
08.09.2006 19:27 176.167 rmoc3260.dll
08.09.2006 19:27 5.632 pndx5032.dll
08.09.2006 19:27 6.656 pndx5016.dll
08.09.2006 19:27 278.528 pncrt.dll
08.09.2006 18:44 269 $winnt$.inf
08.09.2006 18:41 2.577 CONFIG.NT
08.09.2006 18:39 488 logonui.exe.manifest
08.09.2006 18:39 488 WindowsLogon.manifest
08.09.2006 18:39 749 sapi.cpl.manifest
08.09.2006 18:39 749 cdplayer.exe.manifest
08.09.2006 18:39 749 ncpa.cpl.manifest
08.09.2006 18:39 749 nwc.cpl.manifest
08.09.2006 18:39 749 wuaucpl.cpl.manifest
08.09.2006 18:37 21.640 emptyregdb.dat
04.09.2006 07:08 1.494.016 shdocvw.dll
25.08.2006 16:45 617.472 comctl32.dll
25.08.2006 04:47 1.309.432 pxsfs.dll
25.08.2006 04:47 379.640 pxwave.dll
25.08.2006 04:47 477.944 pxdrv.dll
25.08.2006 04:47 129.784 pxafs.dll
25.08.2006 04:47 67.240 pxhpinst.exe
25.08.2006 04:47 115.880 pxinsi64.exe
25.08.2006 04:47 62.632 pxinsa64.exe
25.08.2006 04:47 63.144 pxcpya64.exe
25.08.2006 04:47 514.808 px.dll
25.08.2006 04:47 39.672 vxblock.dll
25.08.2006 04:47 183.032 pxmas.dll
21.08.2006 13:21 16.896 fltlib.dll
21.08.2006 10:14 23.040 fltmc.exe
16.08.2006 12:58 100.352 6to4svc.dll

----- Prefetch -------------------------
Volume in drive C has no label.
Volume Serial Number is D05F-58A0

Directory of C:\WINDOWS\Prefetch

03.11.2006 00:55 12.782 FIND.EXE-0EC32F1E.pf
03.11.2006 00:55 19.640 CMD.EXE-087B4001.pf
03.11.2006 00:55 27.260 VERCLSID.EXE-3667BD89.pf
03.11.2006 00:53 90.192 IEXPLORE.EXE-27122324.pf
03.11.2006 00:53 27.174 WUAUCLT.EXE-399A8E72.pf
03.11.2006 00:53 1.122.236 NTOSBOOT-B00DFAAD.pf
03.11.2006 00:51 15.060 WSCNTFY.EXE-1B24F5EB.pf
03.11.2006 00:50 23.712 AVENGER.EXE-36462536.pf
03.11.2006 00:47 94.794 LOGONUI.EXE-0AF22957.pf
03.11.2006 00:31 27.696 CLEANUP.EXE-163B2453.pf
03.11.2006 00:30 58.288 CLEANUP452.EXE-3A129D0E.pf
03.11.2006 00:30 79.230 LUCOMS~1.EXE-02DB5950.pf
03.11.2006 00:30 14.146 AUPDATE.EXE-2253CB60.pf
03.11.2006 00:30 27.460 NDETECT.EXE-16E64095.pf
03.11.2006 00:27 48.384 REGCLEANR.EXE-0851E407.pf
03.11.2006 00:27 23.330 LOGO1_.EXE-087E2D4F.pf
03.11.2006 00:27 15.082 NET.EXE-01A53C2F.pf
03.11.2006 00:27 14.990 NET1.EXE-029B9DB4.pf
03.11.2006 00:27 29.296 TASKMGR.EXE-20256C55.pf
03.11.2006 00:24 59.416 WINAMP.EXE-0D0189CA.pf
03.11.2006 00:24 18.412 EMUSICCLIENT.EXE-0F2E0573.pf
03.11.2006 00:24 4.688 WINAMPA.EXE-0536E33F.pf
03.11.2006 00:24 31.352 EMUSIC-7PLUS.EXE-16DC8954.pf
03.11.2006 00:24 32.140 PXSETUP.EXE-12EC2EB3.pf
03.11.2006 00:24 7.546 PXHPINST.EXE-19CAC65A.pf
03.11.2006 00:23 43.750 WINAMP531_FULL_EMUSIC-7PLUS.E-32E04090.pf
03.11.2006 00:20 20.986 A~NSISU_.EXE-194A959F.pf
03.11.2006 00:19 13.156 UNINSTWA.EXE-2842666A.pf
03.11.2006 00:10 36.570 TOTALCMD.EXE-08C82D3C.pf
03.11.2006 00:09 50.488 NOTEPAD.EXE-336351A9.pf
03.11.2006 00:09 24.366 HIJACKTHIS.EXE-2494719C.pf
03.11.2006 00:05 16.004 REGEDIT.EXE-1B606482.pf
03.11.2006 00:05 116.130 EXPLORER.EXE-082F38A9.pf
03.11.2006 00:00 35.808 RUNDLL32.EXE-188DF14E.pf
03.11.2006 00:00 26.360 RUNDLL32.EXE-2711E1C2.pf
02.11.2006 23:59 29.490 ADDONINSTALL.EXE-2F220A64.pf
02.11.2006 23:59 35.864 RUNDLL32.EXE-451FC2C0.pf
02.11.2006 23:57 27.802 AAWSEPERSONAL.EXE-0B4CF88D.pf
02.11.2006 23:52 36.356 WMIPRVSE.EXE-28F301A9.pf
02.11.2006 23:51 26.036 SWREG.EXE-298CB0F2.pf
02.11.2006 23:51 11.950 COMBOFIX.EXE-0E615A53.pf
02.11.2006 23:51 10.432 SWREG.EXE-1A3ECE95.pf
02.11.2006 23:51 10.142 NIRCMD.EXE-2752E0E8.pf
02.11.2006 23:45 81.432 MSIMN.EXE-38BA891D.pf
02.11.2006 23:28 68.886 SKYPE.EXE-30AE1A60.pf
02.11.2006 23:27 66.150 DWWIN.EXE-30875ADC.pf
02.11.2006 23:27 25.606 DRWTSN32.EXE-2B4B52AC.pf
02.11.2006 23:27 40.542 DUMPREP.EXE-1B46F901.pf
02.11.2006 23:27 74.774 NAVW32.EXE-24F56911.pf
02.11.2006 23:27 96.876 WINWORD.EXE-37F6AE09.pf
02.11.2006 22:45 33.090 SKYPESETUP.EXE-0A4F4D5D.pf
02.11.2006 22:45 27.372 SKYPESETUP.EXE-376D3F0D.pf
02.11.2006 22:44 46.772 MAGICBOOK.EXE-1C526847.pf
02.11.2006 22:44 97.766 QQPET.EXE-0A051614.pf
02.11.2006 22:43 70.858 QQLIVEUPDATE.EXE-2C35A588.pf
02.11.2006 22:43 25.762 TIMPLATFROM.EXE-207C84E7.pf
02.11.2006 22:43 55.764 QQ.EXE-2BB567D5.pf
02.11.2006 22:43 27.710 TIMPLATFORM.EXE-07943E8A.pf
02.11.2006 22:41 9.828 3SY.EXE-2585EF3E.pf
02.11.2006 22:41 13.154 0SY.EXE-37DA4539.pf
02.11.2006 22:31 23.932 AVENGER.EXE-28E5741A.pf
02.11.2006 22:26 56.420 RUNDLL32.EXE-13404D23.pf
02.11.2006 18:29 99.020 FIREFOX.EXE-1B8392AB.pf
02.11.2006 18:23 39.200 BOOTSTRAP.EXE-011DF518.pf
02.11.2006 18:23 8.428 MSIEXEC.EXE-2F8A8CAE.pf
02.11.2006 18:22 57.780 INSTALL_MESSENGER.EXE-310E465A.pf
02.11.2006 18:09 53.876 NMAIN.EXE-2BA406E0.pf
02.11.2006 17:33 23.570 CCPWDSVC.EXE-25BE6B86.pf
02.11.2006 17:33 25.386 CTFMON.EXE-0E17969B.pf
02.11.2006 17:33 41.370 CCAPP.EXE-1207B2A5.pf
02.11.2006 17:33 14.250 RUNDL132.EXE-306465DA.pf
02.11.2006 17:33 25.640 USERINIT.EXE-30B18140.pf
02.11.2006 17:33 10.600 WIN32SMD.EXE-035B19EE.pf
02.11.2006 17:33 7.848 LAUNCHER.EXE-0A92A9EF.pf
02.11.2006 17:33 14.424 STUP.EXE-2089974C.pf
02.11.2006 17:33 7.240 TINTSETP.EXE-39BF0732.pf
02.11.2006 17:33 9.654 VPCRM.EXE-1C46A5FC.pf
02.11.2006 17:18 21.814 CONIME.EXE-13EEEA1A.pf
02.11.2006 17:18 12.192 ATTRIB.EXE-39EAFB02.pf
02.11.2006 17:18 24.824 QQS003TP.EXE-3861E637.pf
02.11.2006 17:18 43.888 QQBETA3_440.EXE-371AF7EA.pf
02.11.2006 17:05 26.092 RUNDLL32.EXE-25E0AE6F.pf
02.11.2006 16:39 50.682 QQPET_UPDATE_0240.EXE-3614C10D.pf
02.11.2006 16:36 60.318 QQEXTERNAL.EXE-30EA88A9.pf
02.11.2006 16:33 30.438 QQLIVEUPDATE.EXE-18365BD3.pf
02.11.2006 16:30 25.258 STUP.EXE-261CA7C5.pf
02.11.2006 16:30 31.562 SS3.EXE-022DE6E2.pf
02.11.2006 16:29 25.030 NOTEPAD.EXE-189578DA.pf
02.11.2006 16:29 28.420 QQMUSIC.EXE-283D77A3.pf
02.11.2006 16:29 23.784 QQPLAYERSVR.EXE-2E2AF30D.pf
02.11.2006 16:29 39.122 SETUP_QQ.EXE-21C7D3A5.pf
02.11.2006 16:29 21.820 VMPFULL_TENCENT.EXE-0C5C77B9.pf
02.11.2006 16:29 41.992 MTSAXINSTALLER.EXE-13BCBBAA.pf
02.11.2006 16:28 53.080 QQ2006BETA3.EXE-3961F1C6.pf
02.11.2006 16:09 16.838 UNWISE.EXE-1A3729EA.pf
02.11.2006 16:08 15.052 A~NSISU_.EXE-2D70E5B2.pf
02.11.2006 16:08 12.832 UNINST.EXE-263C87D4.pf
02.11.2006 16:05 14.774 AU_.EXE-18D931C6.pf
02.11.2006 16:05 19.094 UNINSTALL.EXE-18CD8B17.pf
02.11.2006 16:04 45.714 SYSOCMGR.EXE-31169C54.pf
02.11.2006 16:04 62.582 RUNDLL32.EXE-400F9B93.pf
02.11.2006 15:47 37.058 RUNDLL32.EXE-11C1D7CB.pf
02.11.2006 14:26 21.272 LANCER.ICD-2A3FF741.pf
02.11.2006 14:26 18.356 CLOKSPL.EXE-34A47D94.pf
02.11.2006 14:26 57.348 LANCER.EXE-35A15E3B.pf
02.11.2006 14:20 42.910 AD-AWARE.EXE-294FC570.pf
02.11.2006 14:13 11.556 WINLOGON.EXE-32C57D49.pf
02.11.2006 14:13 12.542 CSRSS.EXE-12B63473.pf
02.11.2006 14:10 24.186 RUNDLL32.EXE-1831A4F3.pf
02.11.2006 14:10 20.744 CONTROL.EXE-013DBFB5.pf
02.11.2006 13:59 61.044 RSTRUI.EXE-03C49A96.pf
02.11.2006 13:53 18.530 RUNDLL32.EXE-33437D18.pf
02.11.2006 13:53 52.724 UNREGMP2.EXE-07CACB61.pf
02.11.2006 13:34 18.310 SVCHOST.EXE-3530F672.pf
02.11.2006 13:29 8.538 SVHOST32.EXE-35F91424.pf
02.11.2006 13:29 14.442 2SY.EXE-2E20BDE4.pf
02.11.2006 13:15 7.482 LOGON.SCR-151EFAEA.pf
01.11.2006 22:36 325.790 Layout.ini
01.11.2006 22:14 86.612 CLEANMGR.EXE-1F86EA8E.pf
01.11.2006 21:44 53.336 DFRGNTFS.EXE-269967DF.pf
28.10.2006 15:24 87.046 REALPLAY.EXE-1BF219BD.pf
27.10.2006 22:40 25.760 REALSCHED.EXE-3282FD31.pf
122 File(s) 5.629.764 bytes
0 Dir(s) 11.368.988.672 bytes free

----- Tasks ----------------------------
Volume in drive C has no label.
Volume Serial Number is D05F-58A0

Directory of C:\WINDOWS\tasks

03.11.2006 00:52 414 Symantec NetDetect.job
03.11.2006 00:52 6 SA.DAT
25.10.2006 15:35 418 Norton AntiVirus - Scan my computer.job
23.08.2001 13:00 65 desktop.ini
4 File(s) 903 bytes
0 Dir(s) 11.368.996.864 bytes free

----- Windows/Temp -----------------------
Volume in drive C has no label.
Volume Serial Number is D05F-58A0

Directory of C:\WINDOWS\Temp

03.11.2006 00:49 16.384 Perflib_Perfdata_97c.dat
03.11.2006 00:30 0 $$a88.tmp
03.11.2006 00:30 0 $$a87.tmp
03.11.2006 00:30 0 $$a86.tmp
02.11.2006 17:33 0 Win11B.tmp
02.11.2006 17:16 0 Win106.tmp
02.11.2006 17:15 0 Win105.tmp
02.11.2006 17:14 0 Win104.tmp
02.11.2006 17:13 0 Win103.tmp
02.11.2006 16:51 0 WinED.tmp
02.11.2006 15:59 0 WinA.tmp
02.11.2006 13:25 16.384 Perflib_Perfdata_33c.dat
02.11.2006 12:29 0 $$a1C.tmp
02.11.2006 12:22 0 $$a14.tmp
02.11.2006 11:55 0 $$aD.tmp
02.11.2006 01:30 0 WinD.tmp
01.11.2006 17:38 0 WinF6.tmp
01.11.2006 14:45 0 $$aF5.tmp
01.11.2006 10:45 0 $$a8.tmp
01.11.2006 10:45 0 $$a7.tmp
31.10.2006 18:20 0 WinA4.tmp
31.10.2006 18:19 0 WinA3.tmp
31.10.2006 18:17 0 WinA1.tmp
31.10.2006 18:16 0 WinA0.tmp
31.10.2006 18:13 0 Win9A.tmp
31.10.2006 18:11 0 Win97.tmp
31.10.2006 18:10 0 Win96.tmp
31.10.2006 18:09 0 Win95.tmp
31.10.2006 18:07 0 Win93.tmp
31.10.2006 18:06 0 Win92.tmp
31.10.2006 17:52 0 Win72.tmp
31.10.2006 17:44 0 Win61.tmp
31.10.2006 17:37 0 Win4D.tmp
31.10.2006 17:36 0 Win49.tmp
31.10.2006 17:34 0 Win46.tmp
31.10.2006 17:33 0 Win44.tmp
31.10.2006 17:30 0 Win3C.tmp
31.10.2006 17:28 0 Win3A.tmp
31.10.2006 17:25 0 Win2E.tmp
31.10.2006 17:24 0 Win2C.tmp
31.10.2006 17:22 0 Win26.tmp
31.10.2006 00:29 0 WinF2.tmp
31.10.2006 00:28 0 WinF1.tmp
31.10.2006 00:27 0 WinF0.tmp
31.10.2006 00:26 0 WinEF.tmp
31.10.2006 00:25 0 WinEE.tmp
31.10.2006 00:23 0 WinEC.tmp
31.10.2006 00:22 0 WinEB.tmp
31.10.2006 00:21 0 WinEA.tmp
31.10.2006 00:20 0 WinE9.tmp
31.10.2006 00:19 0 WinE8.tmp
31.10.2006 00:18 0 WinE7.tmp
31.10.2006 00:17 0 WinE6.tmp
31.10.2006 00:16 0 WinE5.tmp
31.10.2006 00:15 0 WinE4.tmp
31.10.2006 00:14 0 WinE3.tmp
31.10.2006 00:13 0 WinE2.tmp
31.10.2006 00:12 0 WinE1.tmp
31.10.2006 00:11 0 WinE0.tmp
31.10.2006 00:10 0 WinDF.tmp
31.10.2006 00:09 0 WinDE.tmp
31.10.2006 00:08 0 WinDD.tmp
31.10.2006 00:07 0 WinDC.tmp
31.10.2006 00:06 0 WinDB.tmp
31.10.2006 00:05 0 WinDA.tmp
31.10.2006 00:04 0 WinD9.tmp
31.10.2006 00:03 0 WinD8.tmp
31.10.2006 00:02 0 WinD7.tmp
31.10.2006 00:01 0 WinD6.tmp
31.10.2006 00:00 0 WinD5.tmp
30.10.2006 23:59 0 WinD4.tmp
30.10.2006 23:58 0 WinD3.tmp
30.10.2006 23:57 0 WinD2.tmp
30.10.2006 23:56 0 WinD1.tmp
30.10.2006 23:55 0 WinD0.tmp
30.10.2006 23:54 0 WinCF.tmp
30.10.2006 23:53 0 WinCE.tmp
30.10.2006 23:51 0 WinCD.tmp
30.10.2006 23:50 0 WinCC.tmp
30.10.2006 23:49 0 WinCB.tmp
30.10.2006 23:48 0 WinCA.tmp
30.10.2006 23:47 0 WinC9.tmp
30.10.2006 23:45 0 WinC7.tmp
30.10.2006 23:44 0 WinC6.tmp
30.10.2006 23:43 0 WinC5.tmp
30.10.2006 23:42 0 WinC4.tmp
30.10.2006 23:41 0 WinC3.tmp
30.10.2006 23:40 0 WinC2.tmp
30.10.2006 23:38 0 WinC0.tmp
30.10.2006 23:37 0 WinBF.tmp
30.10.2006 23:36 0 WinBE.tmp
30.10.2006 23:35 0 WinBD.tmp
30.10.2006 23:34 0 WinBC.tmp
30.10.2006 23:33 0 WinBB.tmp
30.10.2006 23:32 0 WinBA.tmp
30.10.2006 23:31 0 WinB9.tmp
30.10.2006 23:30 0 WinB8.tmp
30.10.2006 23:29 0 WinB7.tmp
30.10.2006 23:28 0 WinB6.tmp
30.10.2006 23:27 0 WinB5.tmp
30.10.2006 23:26 0 WinB4.tmp
30.10.2006 23:25 0 WinB3.tmp
30.10.2006 23:24 0 WinB2.tmp
30.10.2006 23:23 0 WinB1.tmp
30.10.2006 23:22 0 WinB0.tmp
30.10.2006 23:21 0 WinAF.tmp
30.10.2006 23:20 0 WinAE.tmp
30.10.2006 23:19 0 WinAD.tmp
30.10.2006 23:18 0 WinAC.tmp
30.10.2006 23:17 0 WinAB.tmp
30.10.2006 23:16 0 WinAA.tmp
30.10.2006 23:15 0 WinA9.tmp
30.10.2006 23:14 0 WinA8.tmp
30.10.2006 23:12 0 WinA7.tmp
30.10.2006 23:11 0 WinA6.tmp
30.10.2006 23:10 0 WinA5.tmp
30.10.2006 23:09 0 WinA2.tmp
30.10.2006 23:07 0 Win9E.tmp
30.10.2006 23:06 0 Win9D.tmp
30.10.2006 23:05 0 Win9C.tmp
30.10.2006 23:04 0 Win9B.tmp
30.10.2006 23:02 0 Win99.tmp
30.10.2006 23:01 0 Win98.tmp
30.10.2006 22:51 0 Win94.tmp
30.10.2006 22:50 0 Win91.tmp
30.10.2006 22:48 0 Win90.tmp
30.10.2006 22:47 0 Win8F.tmp
30.10.2006 22:45 0 Win8E.tmp
30.10.2006 22:44 0 Win8D.tmp
30.10.2006 22:43 0 Win8C.tmp
30.10.2006 22:42 0 Win8B.tmp
30.10.2006 22:41 0 Win8A.tmp
30.10.2006 22:40 0 Win89.tmp
30.10.2006 22:39 0 Win88.tmp
30.10.2006 22:38 0 Win87.tmp
30.10.2006 22:37 0 Win86.tmp
30.10.2006 22:36 0 Win85.tmp
30.10.2006 22:35 0 Win84.tmp
30.10.2006 22:34 0 Win83.tmp
30.10.2006 22:33 0 Win81.tmp
30.10.2006 22:29 0 Win7B.tmp
30.10.2006 22:28 0 Win79.tmp
30.10.2006 22:27 0 Win78.tmp
30.10.2006 22:26 0 Win77.tmp
30.10.2006 22:25 0 Win76.tmp
30.10.2006 22:24 0 Win75.tmp
30.10.2006 22:23 0 Win74.tmp
30.10.2006 22:22 0 Win73.tmp
30.10.2006 22:20 0 Win71.tmp
30.10.2006 22:18 0 Win6C.tmp
30.10.2006 22:17 0 Win6B.tmp
30.10.2006 22:16 0 Win6A.tmp
30.10.2006 22:14 0 Win68.tmp
30.10.2006 22:13 0 Win67.tmp
30.10.2006 22:12 0 Win66.tmp
30.10.2006 22:11 0 Win65.tmp
30.10.2006 22:10 0 Win64.tmp
30.10.2006 22:08 0 Win63.tmp
30.10.2006 22:06 0 Win60.tmp
30.10.2006 22:05 0 Win5F.tmp
30.10.2006 22:04 0 Win5D.tmp
30.10.2006 22:03 0 Win59.tmp
30.10.2006 22:02 0 Win57.tmp
30.10.2006 22:00 0 Win55.tmp
30.10.2006 21:59 0 Win54.tmp
30.10.2006 21:58 0 Win51.tmp
30.10.2006 21:57 0 Win50.tmp
30.10.2006 15:13 0 Win82.tmp
30.10.2006 15:11 0 Win80.tmp
30.10.2006 15:10 0 Win7F.tmp
30.10.2006 15:09 0 Win7E.tmp
30.10.2006 15:08 0 Win7D.tmp
30.10.2006 15:07 0 Win7C.tmp
30.10.2006 15:05 0 Win7A.tmp
30.10.2006 15:03 0 Win70.tmp
30.10.2006 15:02 0 Win6F.tmp
30.10.2006 15:01 0 Win6E.tmp
30.10.2006 15:00 0 Win6D.tmp
30.10.2006 14:55 0 Win69.tmp
30.10.2006 14:48 0 Win62.tmp
30.10.2006 14:44 0 Win5E.tmp
30.10.2006 14:42 0 Win5C.tmp
30.10.2006 14:41 0 Win5B.tmp
30.10.2006 14:40 0 Win5A.tmp
30.10.2006 14:38 0 Win58.tmp
30.10.2006 14:36 0 Win56.tmp
30.10.2006 14:33 0 Win53.tmp
30.10.2006 14:32 0 Win52.tmp
30.10.2006 14:29 0 Win4F.tmp
30.10.2006 14:26 0 Win4C.tmp
30.10.2006 14:25 0 Win4B.tmp
30.10.2006 14:24 0 Win4A.tmp
30.10.2006 14:22 0 Win48.tmp
30.10.2006 14:21 0 Win47.tmp
30.10.2006 14:19 0 Win45.tmp
30.10.2006 14:17 0 Win43.tmp
30.10.2006 14:16 0 Win42.tmp
30.10.2006 14:15 0 Win41.tmp
30.10.2006 14:14 0 Win40.tmp
30.10.2006 14:13 0 Win3F.tmp
30.10.2006 14:11 0 Win3E.tmp
30.10.2006 14:10 0 Win3D.tmp
30.10.2006 14:08 0 Win3B.tmp
30.10.2006 14:06 0 Win39.tmp
30.10.2006 14:05 0 Win38.tmp
30.10.2006 14:04 0 Win37.tmp
30.10.2006 14:03 0 Win36.tmp
30.10.2006 14:02 0 Win35.tmp
30.10.2006 14:00 0 Win33.tmp
30.10.2006 13:59 0 Win32.tmp
30.10.2006 13:58 0 Win31.tmp
30.10.2006 13:57 0 Win30.tmp
30.10.2006 13:56 0 Win2F.tmp
30.10.2006 13:54 0 Win2D.tmp
30.10.2006 13:52 0 Win2B.tmp
30.10.2006 13:51 0 Win2A.tmp
30.10.2006 13:50 0 Win29.tmp
30.10.2006 13:49 0 Win28.tmp
30.10.2006 13:48 0 Win27.tmp
30.10.2006 13:46 0 Win25.tmp
30.10.2006 13:44 0 Win24.tmp
30.10.2006 13:43 0 Win23.tmp
30.10.2006 13:42 0 Win22.tmp
30.10.2006 13:41 0 Win21.tmp
30.10.2006 13:38 0 Win1E.tmp
30.10.2006 13:37 0 Win1D.tmp
30.10.2006 13:36 0 Win1C.tmp
30.10.2006 13:35 0 Win1B.tmp
30.10.2006 13:33 0 Win19.tmp
30.10.2006 13:32 0 Win18.tmp
30.10.2006 13:31 0 Win17.tmp
30.10.2006 13:30 0 Win16.tmp
30.10.2006 13:29 0 Win15.tmp
30.10.2006 13:28 0 Win14.tmp
30.10.2006 13:27 0 Win13.tmp
30.10.2006 13:26 0 Win12.tmp
236 File(s) 32.768 bytes
0 Dir(s) 11.368.980.480 bytes free

----- Temp -----------------------------
Volume in drive C has no label.
Volume Serial Number is D05F-58A0

Directory of C:\DOCUME~1\Aofeng\LOCALS~1\Temp

03.11.2006 00:48 0 $$a5.tmp
03.11.2006 00:27 0 $$a85.tmp
03.11.2006 00:19 0 $$a7D.tmp
03.11.2006 00:19 0 $$a7C.tmp
03.11.2006 00:10 0 $$a7B.tmp
02.11.2006 23:59 0 $$a76.tmp
02.11.2006 23:10 0 tem4C.tmp
02.11.2006 23:05 0 1CE3B6.dmp
02.11.2006 22:43 58 _tmp_qq_proxy.ini
02.11.2006 22:40 0 $$a1.tmp
02.11.2006 18:49 0 tem1B4.tmp
02.11.2006 18:23 234 MsnMsgs.LOG
02.11.2006 18:09 0 $$a162.tmp
02.11.2006 18:08 0 $$a161.tmp
02.11.2006 17:34 16.384 ~DFB7D9.tmp
02.11.2006 14:20 0 $$a4.tmp
02.11.2006 14:20 300 $$a2.bat
02.11.2006 14:20 0 $$a2.tmp
02.11.2006 14:19 40.976 ys.dll
02.11.2006 14:18 21.260 1fky1.sys
02.11.2006 14:13 21.260 lym.sys
02.11.2006 14:02 21.260 di8g.sys
02.11.2006 13:54 21.260 l4.sys
02.11.2006 13:31 447 $$a6.bat
02.11.2006 13:31 0 $$a6.tmp
02.11.2006 13:29 261 $$a3.bat
02.11.2006 13:29 0 $$a3.tmp
02.11.2006 13:29 0 $$c2.tmp
02.11.2006 13:26 21.260 l701hght.sys
02.11.2006 13:22 0 $$a10.tmp
01.11.2006 22:15 0 $$aF.tmp
12.10.2004 11:14 57.344 InstHelp.dll
32 File(s) 222.304 bytes
0 Dir(s) 11.368.984.576 bytes free

Dieser Beitrag wurde am 03.11.2006 um 01:12 Uhr von Sabina editiert.

03.11.2006, 01:00

Sabina

Ehrenmitglied

Beiträge: 29434

#41 ich verstehe nicht, warum du es nicht hinbekommst mit Cleanup alle temporaeren Dateien zu loeschen - denn dort kommen die viren immer wieder neu auf den rechner !!!!!!!!!!!!!!!!!!!!!

Avenger

Zitat

Files to delete:
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a76.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp~DFA4A2.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\tem4C.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\1CE3B6.dmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a1.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\tem1B4.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a162.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a161.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp~DFB7D9.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a4.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a2.bat
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a2.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\ys.dll
C:\Documents and Settings\Aofeng\Local Settings\Temp\1fky1.sys
C:\Documents and Settings\Aofeng\Local Settings\Temp\lym.sys
C:\Documents and Settings\Aofeng\Local Settings\Temp\di8g.sys
C:\Documents and Settings\Aofeng\Local Settings\Temp\l4.sys
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a6.bat
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a6.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a3.bat
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a3.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$c2.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\l701hght.sys
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a10.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$aF.tmp

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\Documents and Settings\Aofeng\Local Settings\Temp >>files.txt
notepad files.txt

__________
MfG Sabina

rund um die PC-Sicherheit

Dieser Beitrag wurde am 03.11.2006 um 01:09 Uhr von Sabina editiert.

03.11.2006, 01:08

aofeng

Member

Themenstarter

Beiträge: 47

#42 es kommt zwar schon diese date die du meinst doch wenn ich sie anklicke erscheit ganz schnell ein dos programm glaub ich und es ist dan wieder weg und das ganz schnell !

03.11.2006, 01:10

Sabina

Ehrenmitglied

Beiträge: 29434

#43 Avenger

Zitat

Files to delete:
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a76.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp~DFA4A2.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\tem4C.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\1CE3B6.dmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a1.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\tem1B4.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a162.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a161.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp~DFB7D9.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a4.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a2.bat
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a2.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\ys.dll
C:\Documents and Settings\Aofeng\Local Settings\Temp\1fky1.sys
C:\Documents and Settings\Aofeng\Local Settings\Temp\lym.sys
C:\Documents and Settings\Aofeng\Local Settings\Temp\di8g.sys
C:\Documents and Settings\Aofeng\Local Settings\Temp\l4.sys
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a6.bat
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a6.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a3.bat
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a3.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$c2.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\l701hght.sys
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a10.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$aF.tmp

poste das log vom Avenger + die 6 logs noch mal

__________
MfG Sabina

rund um die PC-Sicherheit

03.11.2006, 01:29

aofeng

Member

Themenstarter

Beiträge: 47

#44 also wenn du mich fragst glaub ich eher das der virus von irgend nem server kommt der permanet verscuht die IP adresse der rehner reinzukommen um dort die files rüber zu schicken. So das wenn einer der Rechner die schon mal infiziert waren und die IP bekannt ist einfach mit internet verbunden ist kommt das alles rein glaub ich halt aber ic hweis nicht ob das über haupt geht da schon wieder dieser Logo Schei... virus wieder da ist

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\wlkxtqej

*******************

Script file located at: \??\C:\bhwrtibp.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a76.tmp deleted successfully.

File C:\Documents and Settings\Aofeng\Local Settings\Temp~DFA4A2.tmp not found!
Deletion of file C:\Documents and Settings\Aofeng\Local Settings\Temp~DFA4A2.tmp failed!

Could not process line:
C:\Documents and Settings\Aofeng\Local Settings\Temp~DFA4A2.tmp
Status: 0xc0000034

File C:\Documents and Settings\Aofeng\Local Settings\Temp\tem4C.tmp deleted successfully.
File C:\Documents and Settings\Aofeng\Local Settings\Temp\1CE3B6.dmp deleted successfully.
File C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a1.tmp deleted successfully.
File C:\Documents and Settings\Aofeng\Local Settings\Temp\tem1B4.tmp deleted successfully.
File C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a162.tmp deleted successfully.
File C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a161.tmp deleted successfully.

File C:\Documents and Settings\Aofeng\Local Settings\Temp~DFB7D9.tmp not found!
Deletion of file C:\Documents and Settings\Aofeng\Local Settings\Temp~DFB7D9.tmp failed!

Could not process line:
C:\Documents and Settings\Aofeng\Local Settings\Temp~DFB7D9.tmp
Status: 0xc0000034

File C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a4.tmp deleted successfully.
File C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a2.bat deleted successfully.
File C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a2.tmp deleted successfully.
File C:\Documents and Settings\Aofeng\Local Settings\Temp\ys.dll deleted successfully.
File C:\Documents and Settings\Aofeng\Local Settings\Temp\1fky1.sys deleted successfully.
File C:\Documents and Settings\Aofeng\Local Settings\Temp\lym.sys deleted successfully.
File C:\Documents and Settings\Aofeng\Local Settings\Temp\di8g.sys deleted successfully.
File C:\Documents and Settings\Aofeng\Local Settings\Temp\l4.sys deleted successfully.
File C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a6.bat deleted successfully.
File C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a6.tmp deleted successfully.
File C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a3.bat deleted successfully.
File C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a3.tmp deleted successfully.
File C:\Documents and Settings\Aofeng\Local Settings\Temp\$$c2.tmp deleted successfully.
File C:\Documents and Settings\Aofeng\Local Settings\Temp\l701hght.sys deleted successfully.
File C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a10.tmp deleted successfully.
File C:\Documents and Settings\Aofeng\Local Settings\Temp\$$aF.tmp deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

die Logs:

----- Root -----------------------------
Volume in drive C has no label.
Volume Serial Number is D05F-58A0

Directory of C:\

03.11.2006 01:24 43 filelist.txt
03.11.2006 01:23 234.409.984 hiberfil.sys
03.11.2006 01:23 352.321.536 pagefile.sys
03.11.2006 01:23 6.258 avenger.txt
03.11.2006 01:06 0 files.txt
03.11.2006 00:02 9 _desktop.ini
02.11.2006 15:42 435 profile.txt
29.10.2006 20:15 14.600 ComboFix.txt
29.10.2006 18:47 15.678 ComboFix2.txt
29.10.2006 15:42 268 sqmdata19.sqm
29.10.2006 15:42 244 sqmnoopt19.sqm
28.10.2006 22:55 268 sqmdata18.sqm
28.10.2006 22:55 244 sqmnoopt18.sqm
28.10.2006 14:47 268 sqmdata17.sqm
28.10.2006 14:47 244 sqmnoopt17.sqm
28.10.2006 10:44 268 sqmdata16.sqm
28.10.2006 10:44 244 sqmnoopt16.sqm
28.10.2006 09:25 268 sqmdata15.sqm
28.10.2006 09:25 244 sqmnoopt15.sqm
27.10.2006 14:06 268 sqmdata14.sqm
27.10.2006 14:06 244 sqmnoopt14.sqm
27.10.2006 13:54 268 sqmdata13.sqm
27.10.2006 13:54 244 sqmnoopt13.sqm
26.10.2006 22:06 268 sqmdata12.sqm
26.10.2006 22:06 244 sqmnoopt12.sqm
26.10.2006 14:33 268 sqmdata11.sqm
26.10.2006 14:33 244 sqmnoopt11.sqm
26.10.2006 13:59 268 sqmdata10.sqm
26.10.2006 13:59 244 sqmnoopt10.sqm
26.10.2006 01:18 268 sqmdata09.sqm
26.10.2006 01:18 244 sqmnoopt09.sqm
25.10.2006 22:59 268 sqmdata08.sqm
25.10.2006 22:59 244 sqmnoopt08.sqm
24.10.2006 21:43 268 sqmdata07.sqm
24.10.2006 21:43 244 sqmnoopt07.sqm
24.10.2006 20:52 268 sqmdata06.sqm
24.10.2006 20:52 244 sqmnoopt06.sqm
24.10.2006 20:23 268 sqmdata05.sqm
24.10.2006 20:23 244 sqmnoopt05.sqm
24.10.2006 13:59 268 sqmdata04.sqm
24.10.2006 13:58 244 sqmnoopt04.sqm
23.10.2006 22:43 268 sqmdata03.sqm
23.10.2006 22:43 244 sqmnoopt03.sqm
23.10.2006 22:30 268 sqmdata02.sqm
23.10.2006 22:30 244 sqmnoopt02.sqm
23.10.2006 14:31 268 sqmdata01.sqm
23.10.2006 14:31 244 sqmnoopt01.sqm
23.10.2006 00:38 268 sqmdata00.sqm
23.10.2006 00:38 244 sqmnoopt00.sqm
17.10.2006 16:26 4 response.txt
01.10.2006 21:52 13.030 PDOXUSRS.NET
08.09.2006 18:51 5 MB.TXT
08.09.2006 18:41 0 MSDOS.SYS
08.09.2006 18:41 0 AUTOEXEC.BAT
08.09.2006 18:41 0 IO.SYS
08.09.2006 18:41 0 CONFIG.SYS
08.09.2006 18:33 211 boot.ini
03.08.2004 21:59 250.032 ntldr
03.08.2004 21:38 47.564 NTDETECT.COM
59 File(s) 587.089.629 bytes
0 Dir(s) 11.355.340.800 bytes free

----- Windows --------------------------
Volume in drive C has no label.
Volume Serial Number is D05F-58A0

Directory of C:\WINDOWS

03.11.2006 01:23 0 0.log
03.11.2006 01:23 1.064.125 WindowsUpdate.log
03.11.2006 01:23 27.136 Dll.dll
03.11.2006 01:23 2.048 bootstat.dat
03.11.2006 01:22 32.370 SchedLgU.Txt
03.11.2006 01:16 640 wincmd.ini
03.11.2006 01:14 33.876 rundl132.exe
03.11.2006 01:14 33.876 Logo1_.exe
03.11.2006 00:47 4.492 dkacjthe.txt
03.11.2006 00:19 110 winamp.ini
02.11.2006 22:41 10.336 setupapi.log
02.11.2006 16:30 45 ~TR.log
02.11.2006 16:29 71 SCRCFG.ini
02.11.2006 16:05 536.335 iis6.log
02.11.2006 16:05 2.446 comsetup.log
02.11.2006 16:05 95.081 ntdtcsetup.log
02.11.2006 16:05 209.104 tsoc.log
02.11.2006 16:05 22.400 tabletoc.log
02.11.2006 16:05 1.917 imsins.log
02.11.2006 16:05 25.184 ocmsn.log
02.11.2006 16:05 78.021 netfxocm.log
02.11.2006 16:05 31.463 MedCtrOC.log
02.11.2006 16:05 5.732 ocgen.log
02.11.2006 16:05 22.572 msgsocm.log
02.11.2006 16:05 437.411 FaxSetup.log
02.11.2006 16:05 145.430 msmqinst.log
02.11.2006 15:47 231 system.ini
02.11.2006 13:53 470 wmsetup.log
02.11.2006 11:43 13.880 KB918899.log
01.11.2006 22:14 120 setupact.log
29.10.2006 23:41 50 wiaservc.log
29.10.2006 23:41 216 wiadebug.log
27.10.2006 12:29 32.118 KB908531.log
26.10.2006 17:21 9.728 cftmon.exe
26.10.2006 12:45 1.123 IE4 Error Log.txt
26.10.2006 01:13 2.560 _MSRSTRT.EXE
18.10.2006 19:56 9.913 mozver.dat
18.10.2006 19:52 333 wininit.ini
16.10.2006 15:22 461 wmsetup10.log
16.10.2006 12:38 1.830 spupdsvc.log
16.10.2006 12:30 38.173 KB917734.log
15.10.2006 18:05 316.640 WMSysPr9.prx
14.10.2006 02:14 1.393 imsins.BAK
14.10.2006 02:14 42.540 KB899587.log
14.10.2006 02:14 20.350 updspapi.log
14.10.2006 02:14 41.710 KB924191.log
14.10.2006 02:14 41.288 KB922819.log
14.10.2006 02:14 39.042 KB885835.log
14.10.2006 02:14 38.178 KB885836.log
14.10.2006 02:13 39.155 KB923414.log
14.10.2006 02:13 38.837 KB920214.log
14.10.2006 02:13 35.936 KB921883.log
14.10.2006 02:13 38.691 KB911927.log
14.10.2006 02:13 37.875 KB922616.log
14.10.2006 02:12 38.191 KB901017.log
14.10.2006 02:12 38.512 KB899591.log
14.10.2006 02:12 38.050 KB920685.log
14.10.2006 02:12 38.694 KB896424.log
14.10.2006 02:12 38.683 KB893756.log
14.10.2006 02:12 37.658 KB911280.log
14.10.2006 02:12 37.121 KB911562.log
14.10.2006 02:12 34.388 KB896423.log
14.10.2006 02:11 36.812 KB900485.log
14.10.2006 02:11 35.037 KB873339.log
14.10.2006 02:11 36.618 KB924496.log
14.10.2006 02:11 36.880 KB921398.log
14.10.2006 02:11 35.048 KB887472.log
14.10.2006 02:11 36.367 KB896358.log
14.10.2006 02:11 29.430 KB910437.log
14.10.2006 02:10 24.860 KB911564.log
14.10.2006 02:10 32.587 KB920670.log
14.10.2006 02:10 32.028 KB891781.log
14.10.2006 02:09 32.784 KB918439.log
14.10.2006 02:09 37.884 KB902400.log
14.10.2006 02:09 29.637 KB890046.log
14.10.2006 02:08 30.465 KB920872.log
14.10.2006 02:08 28.583 KB899589.log
14.10.2006 02:08 28.616 KB919007.log
14.10.2006 02:08 28.901 KB914388.log
14.10.2006 02:07 27.965 KB917344.log
14.10.2006 02:07 28.020 KB905414.log
14.10.2006 02:07 27.228 KB917953.log
14.10.2006 02:07 27.009 KB901214.log
14.10.2006 02:06 24.742 KB923191.log
14.10.2006 02:06 26.899 KB917422.log
14.10.2006 02:06 20.609 KB922582.log
14.10.2006 02:06 23.045 KB888302.log
14.10.2006 02:05 25.050 KB900725.log
14.10.2006 02:05 22.812 KB925486.log
14.10.2006 02:05 22.526 KB912919.log
14.10.2006 02:05 16.045 KB886185.log
14.10.2006 02:04 22.001 KB916595.log
14.10.2006 02:04 13.481 KB885884.log
14.10.2006 02:04 22.022 KB904706.log
14.10.2006 02:04 21.203 KB901190.log
14.10.2006 02:03 21.312 KB905749.log
14.10.2006 02:03 21.472 KB913580.log
14.10.2006 02:02 19.567 KB896428.log
14.10.2006 02:02 20.285 KB911567.log
14.10.2006 02:02 20.259 KB894391.log
14.10.2006 02:02 17.783 KB908519.log
14.10.2006 02:02 17.998 KB920683.log
14.10.2006 02:01 17.557 KB914389.log
14.10.2006 02:01 19.227 KB890859.log
13.10.2006 22:44 10.046 KB893803v2.log
13.10.2006 02:04 7.055 KB898461.log
12.10.2006 22:46 1.215.353 setupapi.log.0.old
12.10.2006 13:43 335 nsreg.dat
12.10.2006 13:42 87.184 NSUninst.exe
12.10.2006 13:42 677 win.ini
12.10.2006 13:41 87.184 GREUninstall.exe
08.10.2006 11:47 400 ODBC.INI
21.09.2006 17:52 837 eReg.dat
09.09.2006 22:16 49.208 War3Unin.dat
09.09.2006 22:16 2.829 War3Unin.pif
09.09.2006 22:16 139.264 War3Unin.exe
08.09.2006 20:25 0 Sti_Trace.log
08.09.2006 20:21 0 setuperr.log
08.09.2006 20:08 5.456 ModemLog_Communications cable between two computers.txt
08.09.2006 19:40 32 {5DEFB7B0-15FF-471A-843D-6FD43F637020}.dat
08.09.2006 19:40 83 MININU.LOG
08.09.2006 19:40 264 _delis32.ini
08.09.2006 19:02 4.708 regopt.log
08.09.2006 19:02 1.096 muisetup.log
08.09.2006 18:46 8.192 REGLOCS.OLD
08.09.2006 18:41 0 control.ini
08.09.2006 18:40 4.161 ODBCINST.INI
08.09.2006 18:39 749 WindowsShell.Manifest
08.09.2006 18:37 1.022 sessmgr.setup.log
08.09.2006 18:36 37 vbaddin.ini
08.09.2006 18:36 36 vb.ini
08.09.2006 18:34 200 cmsetacl.log

----- System 32 (Achtung: Zeitfenster beachten!) ---
Volume in drive C has no label.
Volume Serial Number is D05F-58A0

Directory of C:\WINDOWS\system32

02.11.2006 22:34 128.000 KB7567316.LOG
02.11.2006 15:49 200.144 FNTCACHE.DAT
29.10.2006 09:33 311.740 perfh009.dat
29.10.2006 09:33 40.128 perfc009.dat
29.10.2006 09:33 356.120 PerfStringBackup.INI
28.10.2006 14:56 2.560 BitCometRes.dll
23.10.2006 00:36 534 ikhcore.log
21.10.2006 21:34 20.098 psapi.lib
15.10.2006 18:06 16.832 amcompat.tlb
15.10.2006 18:06 23.392 nscompat.tlb
15.10.2006 14:45 6.235 jupdate-1.5.0_06-b05.log
08.10.2006 00:14 2.206 wpa.dbl
04.10.2006 12:03 9.639.336 MRT.exe
25.09.2006 17:10 43.520 CmdLineExt03.dll
15.09.2006 21:52 91.904 S32EVNT1.DLL
13.09.2006 06:01 1.084.416 msxml3.dll
08.09.2006 20:33 0 h323log.txt
08.09.2006 19:40 32 {A58AE377-3327-42E1-86D3-D96F227F4692}.dat
08.09.2006 19:40 14 SR2.dat
08.09.2006 19:27 176.167 rmoc3260.dll
08.09.2006 19:27 5.632 pndx5032.dll
08.09.2006 19:27 6.656 pndx5016.dll
08.09.2006 19:27 278.528 pncrt.dll
08.09.2006 18:44 269 $winnt$.inf
08.09.2006 18:41 2.577 CONFIG.NT
08.09.2006 18:39 488 logonui.exe.manifest
08.09.2006 18:39 488 WindowsLogon.manifest
08.09.2006 18:39 749 sapi.cpl.manifest
08.09.2006 18:39 749 cdplayer.exe.manifest
08.09.2006 18:39 749 ncpa.cpl.manifest
08.09.2006 18:39 749 nwc.cpl.manifest
08.09.2006 18:39 749 wuaucpl.cpl.manifest
08.09.2006 18:37 21.640 emptyregdb.dat
04.09.2006 07:08 1.494.016 shdocvw.dll
25.08.2006 16:45 617.472 comctl32.dll
25.08.2006 04:47 1.309.432 pxsfs.dll
25.08.2006 04:47 379.640 pxwave.dll
25.08.2006 04:47 477.944 pxdrv.dll
25.08.2006 04:47 129.784 pxafs.dll
25.08.2006 04:47 67.240 pxhpinst.exe
25.08.2006 04:47 115.880 pxinsi64.exe
25.08.2006 04:47 62.632 pxinsa64.exe
25.08.2006 04:47 63.144 pxcpya64.exe
25.08.2006 04:47 514.808 px.dll
25.08.2006 04:47 39.672 vxblock.dll
25.08.2006 04:47 183.032 pxmas.dll
21.08.2006 13:21 16.896 fltlib.dll
21.08.2006 10:14 23.040 fltmc.exe
16.08.2006 12:58 100.352 6to4svc.dll

----- Prefetch -------------------------
Volume in drive C has no label.
Volume Serial Number is D05F-58A0

Directory of C:\WINDOWS\Prefetch

03.11.2006 01:22 86.768 LOGONUI.EXE-0AF22957.pf
03.11.2006 01:22 14.668 WSCNTFY.EXE-1B24F5EB.pf
03.11.2006 01:22 24.262 AVENGER.EXE-36462536.pf
03.11.2006 01:21 25.570 VERCLSID.EXE-3667BD89.pf
03.11.2006 01:17 81.794 IEXPLORE.EXE-27122324.pf
03.11.2006 01:17 74.632 NAVW32.EXE-24F56911.pf
03.11.2006 01:17 24.870 DRWTSN32.EXE-2B4B52AC.pf
03.11.2006 01:16 55.228 NMAIN.EXE-2BA406E0.pf
03.11.2006 01:16 16.934 CMD.EXE-087B4001.pf
03.11.2006 01:16 27.108 TASKMGR.EXE-20256C55.pf
03.11.2006 01:15 43.036 TOTALCMD.EXE-08C82D3C.pf
03.11.2006 01:14 97.838 WINWORD.EXE-37F6AE09.pf
03.11.2006 01:14 23.178 LOGO1_.EXE-087E2D4F.pf
03.11.2006 01:14 15.098 NET.EXE-01A53C2F.pf
03.11.2006 01:14 14.990 NET1.EXE-029B9DB4.pf
03.11.2006 01:07 51.678 NOTEPAD.EXE-336351A9.pf
03.11.2006 00:55 12.782 FIND.EXE-0EC32F1E.pf
03.11.2006 00:53 27.174 WUAUCLT.EXE-399A8E72.pf
03.11.2006 00:53 1.122.236 NTOSBOOT-B00DFAAD.pf
03.11.2006 00:31 27.696 CLEANUP.EXE-163B2453.pf
03.11.2006 00:30 58.288 CLEANUP452.EXE-3A129D0E.pf
03.11.2006 00:30 79.230 LUCOMS~1.EXE-02DB5950.pf
03.11.2006 00:30 14.146 AUPDATE.EXE-2253CB60.pf
03.11.2006 00:30 27.460 NDETECT.EXE-16E64095.pf
03.11.2006 00:27 48.384 REGCLEANR.EXE-0851E407.pf
03.11.2006 00:24 59.416 WINAMP.EXE-0D0189CA.pf
03.11.2006 00:24 18.412 EMUSICCLIENT.EXE-0F2E0573.pf
03.11.2006 00:24 4.688 WINAMPA.EXE-0536E33F.pf
03.11.2006 00:24 31.352 EMUSIC-7PLUS.EXE-16DC8954.pf
03.11.2006 00:24 32.140 PXSETUP.EXE-12EC2EB3.pf
03.11.2006 00:24 7.546 PXHPINST.EXE-19CAC65A.pf
03.11.2006 00:23 43.750 WINAMP531_FULL_EMUSIC-7PLUS.E-32E04090.pf
03.11.2006 00:20 20.986 A~NSISU_.EXE-194A959F.pf
03.11.2006 00:19 13.156 UNINSTWA.EXE-2842666A.pf
03.11.2006 00:09 24.366 HIJACKTHIS.EXE-2494719C.pf
03.11.2006 00:05 16.004 REGEDIT.EXE-1B606482.pf
03.11.2006 00:05 116.130 EXPLORER.EXE-082F38A9.pf
03.11.2006 00:00 35.808 RUNDLL32.EXE-188DF14E.pf
03.11.2006 00:00 26.360 RUNDLL32.EXE-2711E1C2.pf
02.11.2006 23:59 29.490 ADDONINSTALL.EXE-2F220A64.pf
02.11.2006 23:59 35.864 RUNDLL32.EXE-451FC2C0.pf
02.11.2006 23:57 27.802 AAWSEPERSONAL.EXE-0B4CF88D.pf
02.11.2006 23:52 36.356 WMIPRVSE.EXE-28F301A9.pf
02.11.2006 23:51 26.036 SWREG.EXE-298CB0F2.pf
02.11.2006 23:51 11.950 COMBOFIX.EXE-0E615A53.pf
02.11.2006 23:51 10.432 SWREG.EXE-1A3ECE95.pf
02.11.2006 23:51 10.142 NIRCMD.EXE-2752E0E8.pf
02.11.2006 23:45 81.432 MSIMN.EXE-38BA891D.pf
02.11.2006 23:28 68.886 SKYPE.EXE-30AE1A60.pf
02.11.2006 23:27 66.150 DWWIN.EXE-30875ADC.pf
02.11.2006 23:27 40.542 DUMPREP.EXE-1B46F901.pf
02.11.2006 22:45 33.090 SKYPESETUP.EXE-0A4F4D5D.pf
02.11.2006 22:45 27.372 SKYPESETUP.EXE-376D3F0D.pf
02.11.2006 22:44 46.772 MAGICBOOK.EXE-1C526847.pf
02.11.2006 22:44 97.766 QQPET.EXE-0A051614.pf
02.11.2006 22:43 70.858 QQLIVEUPDATE.EXE-2C35A588.pf
02.11.2006 22:43 25.762 TIMPLATFROM.EXE-207C84E7.pf
02.11.2006 22:43 55.764 QQ.EXE-2BB567D5.pf
02.11.2006 22:43 27.710 TIMPLATFORM.EXE-07943E8A.pf
02.11.2006 22:41 9.828 3SY.EXE-2585EF3E.pf
02.11.2006 22:41 13.154 0SY.EXE-37DA4539.pf
02.11.2006 22:31 23.932 AVENGER.EXE-28E5741A.pf
02.11.2006 22:26 56.420 RUNDLL32.EXE-13404D23.pf
02.11.2006 18:29 99.020 FIREFOX.EXE-1B8392AB.pf
02.11.2006 18:23 39.200 BOOTSTRAP.EXE-011DF518.pf
02.11.2006 18:23 8.428 MSIEXEC.EXE-2F8A8CAE.pf
02.11.2006 18:22 57.780 INSTALL_MESSENGER.EXE-310E465A.pf
02.11.2006 17:33 23.570 CCPWDSVC.EXE-25BE6B86.pf
02.11.2006 17:33 25.386 CTFMON.EXE-0E17969B.pf
02.11.2006 17:33 41.370 CCAPP.EXE-1207B2A5.pf
02.11.2006 17:33 14.250 RUNDL132.EXE-306465DA.pf
02.11.2006 17:33 25.640 USERINIT.EXE-30B18140.pf
02.11.2006 17:33 10.600 WIN32SMD.EXE-035B19EE.pf
02.11.2006 17:33 7.848 LAUNCHER.EXE-0A92A9EF.pf
02.11.2006 17:33 14.424 STUP.EXE-2089974C.pf
02.11.2006 17:33 7.240 TINTSETP.EXE-39BF0732.pf
02.11.2006 17:33 9.654 VPCRM.EXE-1C46A5FC.pf
02.11.2006 17:18 21.814 CONIME.EXE-13EEEA1A.pf
02.11.2006 17:18 12.192 ATTRIB.EXE-39EAFB02.pf
02.11.2006 17:18 24.824 QQS003TP.EXE-3861E637.pf
02.11.2006 17:18 43.888 QQBETA3_440.EXE-371AF7EA.pf
02.11.2006 17:05 26.092 RUNDLL32.EXE-25E0AE6F.pf
02.11.2006 16:39 50.682 QQPET_UPDATE_0240.EXE-3614C10D.pf
02.11.2006 16:36 60.318 QQEXTERNAL.EXE-30EA88A9.pf
02.11.2006 16:33 30.438 QQLIVEUPDATE.EXE-18365BD3.pf
02.11.2006 16:30 25.258 STUP.EXE-261CA7C5.pf
02.11.2006 16:30 31.562 SS3.EXE-022DE6E2.pf
02.11.2006 16:29 25.030 NOTEPAD.EXE-189578DA.pf
02.11.2006 16:29 28.420 QQMUSIC.EXE-283D77A3.pf
02.11.2006 16:29 23.784 QQPLAYERSVR.EXE-2E2AF30D.pf
02.11.2006 16:29 39.122 SETUP_QQ.EXE-21C7D3A5.pf
02.11.2006 16:29 21.820 VMPFULL_TENCENT.EXE-0C5C77B9.pf
02.11.2006 16:29 41.992 MTSAXINSTALLER.EXE-13BCBBAA.pf
02.11.2006 16:28 53.080 QQ2006BETA3.EXE-3961F1C6.pf
02.11.2006 16:09 16.838 UNWISE.EXE-1A3729EA.pf
02.11.2006 16:08 15.052 A~NSISU_.EXE-2D70E5B2.pf
02.11.2006 16:08 12.832 UNINST.EXE-263C87D4.pf
02.11.2006 16:05 14.774 AU_.EXE-18D931C6.pf
02.11.2006 16:05 19.094 UNINSTALL.EXE-18CD8B17.pf
02.11.2006 16:04 45.714 SYSOCMGR.EXE-31169C54.pf
02.11.2006 16:04 62.582 RUNDLL32.EXE-400F9B93.pf
02.11.2006 15:47 37.058 RUNDLL32.EXE-11C1D7CB.pf
02.11.2006 14:26 21.272 LANCER.ICD-2A3FF741.pf
02.11.2006 14:26 18.356 CLOKSPL.EXE-34A47D94.pf
02.11.2006 14:26 57.348 LANCER.EXE-35A15E3B.pf
02.11.2006 14:20 42.910 AD-AWARE.EXE-294FC570.pf
02.11.2006 14:13 11.556 WINLOGON.EXE-32C57D49.pf
02.11.2006 14:13 12.542 CSRSS.EXE-12B63473.pf
02.11.2006 14:10 24.186 RUNDLL32.EXE-1831A4F3.pf
02.11.2006 14:10 20.744 CONTROL.EXE-013DBFB5.pf
02.11.2006 13:59 61.044 RSTRUI.EXE-03C49A96.pf
02.11.2006 13:53 18.530 RUNDLL32.EXE-33437D18.pf
02.11.2006 13:53 52.724 UNREGMP2.EXE-07CACB61.pf
02.11.2006 13:34 18.310 SVCHOST.EXE-3530F672.pf
02.11.2006 13:29 8.538 SVHOST32.EXE-35F91424.pf
02.11.2006 13:29 14.442 2SY.EXE-2E20BDE4.pf
02.11.2006 13:15 7.482 LOGON.SCR-151EFAEA.pf
01.11.2006 22:36 325.790 Layout.ini
01.11.2006 22:14 86.612 CLEANMGR.EXE-1F86EA8E.pf
01.11.2006 21:44 53.336 DFRGNTFS.EXE-269967DF.pf
28.10.2006 15:24 87.046 REALPLAY.EXE-1BF219BD.pf
27.10.2006 22:40 25.760 REALSCHED.EXE-3282FD31.pf
122 File(s) 5.615.870 bytes
0 Dir(s) 11.354.636.288 bytes free

----- Tasks ----------------------------
Volume in drive C has no label.
Volume Serial Number is D05F-58A0

Directory of C:\WINDOWS\tasks

03.11.2006 01:23 414 Symantec NetDetect.job
03.11.2006 01:23 6 SA.DAT
25.10.2006 15:35 418 Norton AntiVirus - Scan my computer.job
23.08.2001 13:00 65 desktop.ini
4 File(s) 903 bytes
0 Dir(s) 11.355.222.016 bytes free

----- Windows/Temp -----------------------
Volume in drive C has no label.
Volume Serial Number is D05F-58A0

Directory of C:\WINDOWS\Temp

03.11.2006 01:23 16.384 Perflib_Perfdata_82c.dat
03.11.2006 00:49 16.384 Perflib_Perfdata_97c.dat
03.11.2006 00:30 0 $$a88.tmp
03.11.2006 00:30 0 $$a87.tmp
03.11.2006 00:30 0 $$a86.tmp
02.11.2006 17:33 0 Win11B.tmp
02.11.2006 17:16 0 Win106.tmp
02.11.2006 17:15 0 Win105.tmp
02.11.2006 17:14 0 Win104.tmp
02.11.2006 17:13 0 Win103.tmp
02.11.2006 16:51 0 WinED.tmp
02.11.2006 15:59 0 WinA.tmp
02.11.2006 13:25 16.384 Perflib_Perfdata_33c.dat
02.11.2006 12:29 0 $$a1C.tmp
02.11.2006 12:22 0 $$a14.tmp
02.11.2006 11:55 0 $$aD.tmp
02.11.2006 01:30 0 WinD.tmp
01.11.2006 17:38 0 WinF6.tmp
01.11.2006 14:45 0 $$aF5.tmp
01.11.2006 10:45 0 $$a8.tmp
01.11.2006 10:45 0 $$a7.tmp
31.10.2006 18:20 0 WinA4.tmp
31.10.2006 18:19 0 WinA3.tmp
31.10.2006 18:17 0 WinA1.tmp
31.10.2006 18:16 0 WinA0.tmp
31.10.2006 18:13 0 Win9A.tmp
31.10.2006 18:11 0 Win97.tmp
31.10.2006 18:10 0 Win96.tmp
31.10.2006 18:09 0 Win95.tmp
31.10.2006 18:07 0 Win93.tmp
31.10.2006 18:06 0 Win92.tmp
31.10.2006 17:52 0 Win72.tmp
31.10.2006 17:44 0 Win61.tmp
31.10.2006 17:37 0 Win4D.tmp
31.10.2006 17:36 0 Win49.tmp
31.10.2006 17:34 0 Win46.tmp
31.10.2006 17:33 0 Win44.tmp
31.10.2006 17:30 0 Win3C.tmp
31.10.2006 17:28 0 Win3A.tmp
31.10.2006 17:25 0 Win2E.tmp
31.10.2006 17:24 0 Win2C.tmp
31.10.2006 17:22 0 Win26.tmp
31.10.2006 00:29 0 WinF2.tmp
31.10.2006 00:28 0 WinF1.tmp
31.10.2006 00:27 0 WinF0.tmp
31.10.2006 00:26 0 WinEF.tmp
31.10.2006 00:25 0 WinEE.tmp
31.10.2006 00:23 0 WinEC.tmp
31.10.2006 00:22 0 WinEB.tmp
31.10.2006 00:21 0 WinEA.tmp
31.10.2006 00:20 0 WinE9.tmp
31.10.2006 00:19 0 WinE8.tmp
31.10.2006 00:18 0 WinE7.tmp
31.10.2006 00:17 0 WinE6.tmp
31.10.2006 00:16 0 WinE5.tmp
31.10.2006 00:15 0 WinE4.tmp
31.10.2006 00:14 0 WinE3.tmp
31.10.2006 00:13 0 WinE2.tmp
31.10.2006 00:12 0 WinE1.tmp
31.10.2006 00:11 0 WinE0.tmp
31.10.2006 00:10 0 WinDF.tmp
31.10.2006 00:09 0 WinDE.tmp
31.10.2006 00:08 0 WinDD.tmp
31.10.2006 00:07 0 WinDC.tmp
31.10.2006 00:06 0 WinDB.tmp
31.10.2006 00:05 0 WinDA.tmp
31.10.2006 00:04 0 WinD9.tmp
31.10.2006 00:03 0 WinD8.tmp
31.10.2006 00:02 0 WinD7.tmp
31.10.2006 00:01 0 WinD6.tmp
31.10.2006 00:00 0 WinD5.tmp
30.10.2006 23:59 0 WinD4.tmp
30.10.2006 23:58 0 WinD3.tmp
30.10.2006 23:57 0 WinD2.tmp
30.10.2006 23:56 0 WinD1.tmp
30.10.2006 23:55 0 WinD0.tmp
30.10.2006 23:54 0 WinCF.tmp
30.10.2006 23:53 0 WinCE.tmp
30.10.2006 23:51 0 WinCD.tmp
30.10.2006 23:50 0 WinCC.tmp
30.10.2006 23:49 0 WinCB.tmp
30.10.2006 23:48 0 WinCA.tmp
30.10.2006 23:47 0 WinC9.tmp
30.10.2006 23:45 0 WinC7.tmp
30.10.2006 23:44 0 WinC6.tmp
30.10.2006 23:43 0 WinC5.tmp
30.10.2006 23:42 0 WinC4.tmp
30.10.2006 23:41 0 WinC3.tmp
30.10.2006 23:40 0 WinC2.tmp
30.10.2006 23:38 0 WinC0.tmp
30.10.2006 23:37 0 WinBF.tmp
30.10.2006 23:36 0 WinBE.tmp
30.10.2006 23:35 0 WinBD.tmp
30.10.2006 23:34 0 WinBC.tmp
30.10.2006 23:33 0 WinBB.tmp
30.10.2006 23:32 0 WinBA.tmp
30.10.2006 23:31 0 WinB9.tmp
30.10.2006 23:30 0 WinB8.tmp
30.10.2006 23:29 0 WinB7.tmp
30.10.2006 23:28 0 WinB6.tmp
30.10.2006 23:27 0 WinB5.tmp
30.10.2006 23:26 0 WinB4.tmp
30.10.2006 23:25 0 WinB3.tmp
30.10.2006 23:24 0 WinB2.tmp
30.10.2006 23:23 0 WinB1.tmp
30.10.2006 23:22 0 WinB0.tmp
30.10.2006 23:21 0 WinAF.tmp
30.10.2006 23:20 0 WinAE.tmp
30.10.2006 23:19 0 WinAD.tmp
30.10.2006 23:18 0 WinAC.tmp
30.10.2006 23:17 0 WinAB.tmp
30.10.2006 23:16 0 WinAA.tmp
30.10.2006 23:15 0 WinA9.tmp
30.10.2006 23:14 0 WinA8.tmp
30.10.2006 23:12 0 WinA7.tmp
30.10.2006 23:11 0 WinA6.tmp
30.10.2006 23:10 0 WinA5.tmp
30.10.2006 23:09 0 WinA2.tmp
30.10.2006 23:07 0 Win9E.tmp
30.10.2006 23:06 0 Win9D.tmp
30.10.2006 23:05 0 Win9C.tmp
30.10.2006 23:04 0 Win9B.tmp
30.10.2006 23:02 0 Win99.tmp
30.10.2006 23:01 0 Win98.tmp
30.10.2006 22:51 0 Win94.tmp
30.10.2006 22:50 0 Win91.tmp
30.10.2006 22:48 0 Win90.tmp
30.10.2006 22:47 0 Win8F.tmp
30.10.2006 22:45 0 Win8E.tmp
30.10.2006 22:44 0 Win8D.tmp
30.10.2006 22:43 0 Win8C.tmp
30.10.2006 22:42 0 Win8B.tmp
30.10.2006 22:41 0 Win8A.tmp
30.10.2006 22:40 0 Win89.tmp
30.10.2006 22:39 0 Win88.tmp
30.10.2006 22:38 0 Win87.tmp
30.10.2006 22:37 0 Win86.tmp
30.10.2006 22:36 0 Win85.tmp
30.10.2006 22:35 0 Win84.tmp
30.10.2006 22:34 0 Win83.tmp
30.10.2006 22:33 0 Win81.tmp
30.10.2006 22:29 0 Win7B.tmp
30.10.2006 22:28 0 Win79.tmp
30.10.2006 22:27 0 Win78.tmp
30.10.2006 22:26 0 Win77.tmp
30.10.2006 22:25 0 Win76.tmp
30.10.2006 22:24 0 Win75.tmp
30.10.2006 22:23 0 Win74.tmp
30.10.2006 22:22 0 Win73.tmp
30.10.2006 22:20 0 Win71.tmp
30.10.2006 22:18 0 Win6C.tmp
30.10.2006 22:17 0 Win6B.tmp
30.10.2006 22:16 0 Win6A.tmp
30.10.2006 22:14 0 Win68.tmp
30.10.2006 22:13 0 Win67.tmp
30.10.2006 22:12 0 Win66.tmp
30.10.2006 22:11 0 Win65.tmp
30.10.2006 22:10 0 Win64.tmp
30.10.2006 22:08 0 Win63.tmp
30.10.2006 22:06 0 Win60.tmp
30.10.2006 22:05 0 Win5F.tmp
30.10.2006 22:04 0 Win5D.tmp
30.10.2006 22:03 0 Win59.tmp
30.10.2006 22:02 0 Win57.tmp
30.10.2006 22:00 0 Win55.tmp
30.10.2006 21:59 0 Win54.tmp
30.10.2006 21:58 0 Win51.tmp
30.10.2006 21:57 0 Win50.tmp
30.10.2006 15:13 0 Win82.tmp
30.10.2006 15:11 0 Win80.tmp
30.10.2006 15:10 0 Win7F.tmp
30.10.2006 15:09 0 Win7E.tmp
30.10.2006 15:08 0 Win7D.tmp
30.10.2006 15:07 0 Win7C.tmp
30.10.2006 15:05 0 Win7A.tmp
30.10.2006 15:03 0 Win70.tmp
30.10.2006 15:02 0 Win6F.tmp
30.10.2006 15:01 0 Win6E.tmp
30.10.2006 15:00 0 Win6D.tmp
30.10.2006 14:55 0 Win69.tmp
30.10.2006 14:48 0 Win62.tmp
30.10.2006 14:44 0 Win5E.tmp
30.10.2006 14:42 0 Win5C.tmp
30.10.2006 14:41 0 Win5B.tmp
30.10.2006 14:40 0 Win5A.tmp
30.10.2006 14:38 0 Win58.tmp
30.10.2006 14:36 0 Win56.tmp
30.10.2006 14:33 0 Win53.tmp
30.10.2006 14:32 0 Win52.tmp
30.10.2006 14:29 0 Win4F.tmp
30.10.2006 14:26 0 Win4C.tmp
30.10.2006 14:25 0 Win4B.tmp
30.10.2006 14:24 0 Win4A.tmp
30.10.2006 14:22 0 Win48.tmp
30.10.2006 14:21 0 Win47.tmp
30.10.2006 14:19 0 Win45.tmp
30.10.2006 14:17 0 Win43.tmp
30.10.2006 14:16 0 Win42.tmp
30.10.2006 14:15 0 Win41.tmp
30.10.2006 14:14 0 Win40.tmp
30.10.2006 14:13 0 Win3F.tmp
30.10.2006 14:11 0 Win3E.tmp
30.10.2006 14:10 0 Win3D.tmp
30.10.2006 14:08 0 Win3B.tmp
30.10.2006 14:06 0 Win39.tmp
30.10.2006 14:05 0 Win38.tmp
30.10.2006 14:04 0 Win37.tmp
30.10.2006 14:03 0 Win36.tmp
30.10.2006 14:02 0 Win35.tmp
30.10.2006 14:00 0 Win33.tmp
30.10.2006 13:59 0 Win32.tmp
30.10.2006 13:58 0 Win31.tmp
30.10.2006 13:57 0 Win30.tmp
30.10.2006 13:56 0 Win2F.tmp
30.10.2006 13:54 0 Win2D.tmp
30.10.2006 13:52 0 Win2B.tmp
30.10.2006 13:51 0 Win2A.tmp
30.10.2006 13:50 0 Win29.tmp
30.10.2006 13:49 0 Win28.tmp
30.10.2006 13:48 0 Win27.tmp
30.10.2006 13:46 0 Win25.tmp
30.10.2006 13:44 0 Win24.tmp
30.10.2006 13:43 0 Win23.tmp
30.10.2006 13:42 0 Win22.tmp
30.10.2006 13:41 0 Win21.tmp
30.10.2006 13:38 0 Win1E.tmp
30.10.2006 13:37 0 Win1D.tmp
30.10.2006 13:36 0 Win1C.tmp
30.10.2006 13:35 0 Win1B.tmp
30.10.2006 13:33 0 Win19.tmp
30.10.2006 13:32 0 Win18.tmp
30.10.2006 13:31 0 Win17.tmp
30.10.2006 13:30 0 Win16.tmp
30.10.2006 13:29 0 Win15.tmp
30.10.2006 13:28 0 Win14.tmp
30.10.2006 13:27 0 Win13.tmp
30.10.2006 13:26 0 Win12.tmp
237 File(s) 49.152 bytes
0 Dir(s) 11.354.218.496 bytes free

----- Temp -----------------------------
Volume in drive C has no label.
Volume Serial Number is D05F-58A0

Directory of C:\DOCUME~1\Aofeng\LOCALS~1\Temp

03.11.2006 01:24 984.064 ~tmp2
03.11.2006 01:16 0 $$a1A.tmp
03.11.2006 01:14 0 $$a16.tmp
03.11.2006 00:48 0 $$a5.tmp
03.11.2006 00:27 0 $$a85.tmp
03.11.2006 00:19 0 $$a7D.tmp
03.11.2006 00:19 0 $$a7C.tmp
03.11.2006 00:10 0 $$a7B.tmp
02.11.2006 22:43 58 _tmp_qq_proxy.ini
02.11.2006 18:23 234 MsnMsgs.LOG
02.11.2006 17:34 16.384 ~DFB7D9.tmp
12.10.2004 11:14 57.344 InstHelp.dll
12 File(s) 1.058.084 bytes
0 Dir(s) 11.354.222.592 bytes free

03.11.2006, 01:39

Sabina

Ehrenmitglied

Beiträge: 29434

#45

Zitat

Files to delete:
C:\WINDOWS\Dll.dll
C:\WINDOWS\rundl132.exe
C:\WINDOWS\Logo1_.exe
C:\WINDOWS\dkacjthe.txt
C:\Documents and Settings\Aofeng\Local Settings\Temp\~tmp2
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a1A.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a16.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a5.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a85.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a7D.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a7C.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\$$a7B.tmp
C:\Documents and Settings\Aofeng\Local Settings\Temp\_tmp_qq_proxy.ini
C:\Documents and Settings\Aofeng\Local Settings\Temp\MsnMsgs.LOG
C:\Documents and Settings\Aofeng\Local Settings\Temp\~DFB7D9.tmp
C:\WINDOWS\Temp\$$a88.tmp
C:\WINDOWS\Temp\$$a87.tmp
C:\WINDOWS\Temp\$$a86.tmp
C:\WINDOWS\Temp\Win11B.tmp
C:\WINDOWS\Temp\Win106.tmp
C:\WINDOWS\Temp\Win105.tmp
C:\WINDOWS\Temp\Win104.tmp
C:\WINDOWS\Temp\Win103.tmp
C:\WINDOWS\Temp\WinED.tmp
C:\WINDOWS\Temp\WinA.tmp
C:\WINDOWS\Temp\Perflib_Perfdata_33c.dat
C:\WINDOWS\Temp\$$a1C.tmp
C:\WINDOWS\Temp\$$a14.tmp
C:\WINDOWS\Temp\$$aD.tmp
C:\WINDOWS\Temp\WinD.tmp
C:\WINDOWS\Temp\WinF6.tmp
C:\WINDOWS\Temp\$$aF5.tmp
C:\WINDOWS\Temp\$$a8.tmp
C:\WINDOWS\Temp\$$a7.tmp
C:\WINDOWS\Temp\WinA4.tmp
C:\WINDOWS\Temp\WinA3.tmp
C:\WINDOWS\Temp\WinA1.tmp
C:\WINDOWS\Temp\WinA0.tmp
C:\WINDOWS\Temp\Win9A.tmp
C:\WINDOWS\Temp\Win97.tmp
C:\WINDOWS\Temp\Win96.tmp
C:\WINDOWS\Temp\Win95.tmp
C:\WINDOWS\Temp\Win93.tmp
C:\WINDOWS\Temp\Win92.tmp
C:\WINDOWS\Temp\Win72.tmp
C:\WINDOWS\Temp\Win61.tmp
C:\WINDOWS\Temp\Win4D.tmp
C:\WINDOWS\Temp\Win49.tmp
C:\WINDOWS\Temp\Win46.tmp
C:\WINDOWS\Temp\Win44.tmp
C:\WINDOWS\Temp\Win3C.tmp
C:\WINDOWS\Temp\Win3A.tmp
C:\WINDOWS\Temp\Win2E.tmp
C:\WINDOWS\Temp\Win2C.tmp
C:\WINDOWS\Temp\Win26.tmp
C:\WINDOWS\Temp\WinF2.tmp
C:\WINDOWS\Temp\WinF1.tmp
C:\WINDOWS\Temp\WinF0.tmp
C:\WINDOWS\Temp\WinEF.tmp

poste das log vom avenger + noch mal die 6 logs

Hijackthis
http://computercops.biz/zx/Merijn/hijackthis.zip
http://virus-protect.org/hjtkurz.html
Lade/entpacke HijackThis in einem Ordner
--> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
__________
MfG Sabina

rund um die PC-Sicherheit

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2 3 4 5