Dialer, Trojaner und sonstiges unnötiges Zeugs

#0
08.11.2006, 01:42
Member

Beiträge: 11
#1 Hallo,

ich hab mir so einiges eingefangen und mit den diversesten removetools nicht wegbekommen.
unter anderem schreit der trojan alerter immer wieder Adware.Adjum.100 found.
der schreibt dann folgendes,wenn ich ihn cleanen will:
"Cleaning module Trshlex.dll in process explorer.exe
Module Trshlex.dll successfully unloaded from process explorer.exe (1184)

Exception: Access violation at address 004B7A19 in module 'THGuard.exe'. Read of address 00000004
Trojan cleaning finished."

in meinem c:\windows\temp verzeichnis sind diese komischen winE7.tmp usw. dateien.
Wenn ich versuche,die zu löschen,dann schliesst sich meistens der explorer automatisch.

Hat jemand bitte einen hilfreichen tipp, bin echt schon verzweifelt :-(

Logfile of HijackThis v1.99.1
Scan saved at 01:37:13, on 08.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Astellia\mysql\bin\mysqld-nt.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\washiema\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy33:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 172.23.4.*;172.23.5.*;172.23.48.*;172.23.49.*;172.23.52.*;172.23.53.*;172.23.56.*;
172.23.57.*;172.23.60.*;172.23.61.*;172.23.60.152;172.23.97.162;172.23.34.111;172.23.111
.*;172.23.2.21;aupdapp*;172.23.34.107;*
staging.*;peoplesoft.*;activation.*,172.23.200.130;;;;;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D2401F5-0254-4793-B2E0-6185EC9C4790} - C:\WINDOWS\system32\jkkjg.dll (file missing)
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt1.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\vcvvccht.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O14 - IERESET.INF: START_PAGE_URL=http://intranet.h3g.at
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = at-work.local
O17 - HKLM\Software\..\Telephony: DomainName = at-work.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = at-work.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = at-work.local
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySql - Unknown owner - C:/Program Files/Astellia/mysql/bin/mysqld-nt.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Unknown owner - C:\Program Files\OfficeScan NT\ntrtscan.exe (file missing)
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\bin\ONRSD.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\WINDOWS\Pointdev\VNC\WinVNC.exe" -service (file missing)
Dieser Beitrag wurde am 08.11.2006 um 14:24 Uhr von Sabina editiert.
Seitenanfang Seitenende
08.11.2006, 14:23
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 ««
stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

««
Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html

««
poste dieses log
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
08.11.2006, 16:35
Member

Themenstarter

Beiträge: 11
#3

Zitat

Sabina postete
««
stelle den CleanUp genauso ein, wie hier angegeben:
http://virus-protect.org/cleanup.html

Done
««

Zitat

Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html

Volume in drive C has no label.
Volume Serial Number is 001F-C7AB

Directory of C:\WINDOWS\system32

08.11.2006 16:00 8.860 Fxxplfnt.tmp
08.11.2006 10:15 1.688 TRJ_NTAUTO.TMP
07.11.2006 23:54 0 tmp.txt
07.11.2006 23:54 864 tmp.reg
07.11.2006 23:19 1.152 windrv.sys
07.11.2006 10:18 60.436 vcvvccht.dll
06.11.2006 19:42 251.488 trjscan.trb
06.11.2006 17:25 59.392 streamhlp.dll
06.11.2006 09:15 399.298 perfh009.dat
06.11.2006 09:15 61.808 perfc009.dat
06.11.2006 09:15 468.340 PerfStringBackup.INI
06.11.2006 09:07 2.206 wpa.dbl
01.11.2006 20:10 15.872 winrkq32.VIR
31.10.2006 10:46 3.036 jupdate-1.4.2_03-b02.log
23.10.2006 00:28 832.064 rmvtrjan.trb
23.10.2006 00:25 1.622.592 rmt.trb
12.10.2006 14:05 265.416 FNTCACHE.DAT
11.10.2006 14:21 3.090 jupdate-1.4.2_06-b03.log
09.10.2006 15:25 3.360 esnecil.ind
04.10.2006 20:16 3.360 esnecil.nlp
02.10.2006 21:13 15.360 BASSMOD.dll
29.09.2006 10:13 2.430 $winnt$.inf
24.09.2006 02:42 65.536 QuickTimeVR.qtx
24.09.2006 02:42 49.152 QuickTime.qts
07.09.2006 12:54 57.384 avsda.dll
29.08.2006 15:01 561.152 ACDSee.scr
29.07.2006 18:32 48.936 sirenacm.dll
28.07.2006 03:28 3.054.080 mshtml.dll
25.07.2006 21:33 613.888 urlmon.dll
21.07.2006 09:24 72.704 hlink.dll
14.07.2006 16:31 332.288 netapi32.dll
14.07.2006 16:25 546.304 hhctrl.ocx
14.07.2006 13:51 108.144 GEARAspi.dll
13.07.2006 14:33 8.453.632 shell32.dll
06.07.2006 17:21 6.757.792 MRT.exe
05.07.2006 11:55 984.064 kernel32.dll
26.06.2006 18:37 148.480 dnsapi.dll
26.06.2006 18:37 8.192 rasadhlp.dll
23.06.2006 12:02 658.944 wininet.dll
23.06.2006 12:02 1.494.016 shdocvw.dll
23.06.2006 12:02 448.512 mshtmled.dll
23.06.2006 12:02 146.432 msrating.dll
23.06.2006 12:02 474.112 shlwapi.dll
23.06.2006 12:02 39.424 pngfilt.dll
23.06.2006 12:02 532.480 mstime.dll
23.06.2006 12:02 96.256 inseng.dll
23.06.2006 12:02 16.384 jsproxy.dll
23.06.2006 12:02 205.312 dxtrans.dll
23.06.2006 12:02 357.888 dxtmsft.dll
23.06.2006 12:02 251.392 iepeers.dll
23.06.2006 12:02 55.808 extmgr.dll
23.06.2006 12:02 1.054.208 danim.dll
23.06.2006 12:02 1.022.976 browseui.dll
23.06.2006 12:02 151.040 cdfview.dll
23.06.2006 09:34 24.576 xpsp3res.dll


Volume in drive C has no label.
Volume Serial Number is 001F-C7AB

Directory of C:\DOCUME~1\washiema\LOCALS~1\Temp

08.11.2006 16:28 289 datFind.zip
04.10.2006 09:23 668 datFind.bat
2 File(s) 957 bytes
0 Dir(s) 19.219.013.632 bytes free

Volume in drive C has no label.
Volume Serial Number is 001F-C7AB

Directory of C:\WINDOWS

08.11.2006 16:19 159 wiadebug.log
08.11.2006 16:19 50 wiaservc.log
08.11.2006 16:18 0 0.log
08.11.2006 16:18 2.048 bootstat.dat
08.11.2006 16:17 467 SMSCFG.ini
08.11.2006 15:42 13.748 ModemLog_GlobeTrotter 3G+ Modem Interface.txt
08.11.2006 10:15 2.866.701 setupapi.log
08.11.2006 02:28 25.874 SchedLgU.Txt
08.11.2006 02:28 2.054.160 WindowsUpdate.log
08.11.2006 00:30 1.409 QTFont.for
08.11.2006 00:30 54.156 QTFont.qfn
07.11.2006 23:51 2.212 setupact.log
07.11.2006 23:49 460.636 ntbtlog.txt
07.11.2006 21:40 1.059 win.ini
07.11.2006 21:40 260 system.ini
07.11.2006 21:06 224.907 SetupWLD.log
07.11.2006 20:58 4.950 chipset.log
07.11.2006 01:32 10 popcinfo.dat
02.11.2006 21:19 50.880 wmsetup.log
02.11.2006 14:50 2.877 KB893803v2Uninst.log
02.11.2006 14:50 160.082 comsetup.log
02.11.2006 14:50 520.872 iis6.log
02.11.2006 14:50 95.359 ntdtcsetup.log
02.11.2006 14:50 23.022 tabletoc.log
02.11.2006 14:50 1.374 imsins.log
02.11.2006 14:50 214.757 tsoc.log
02.11.2006 14:50 24.825 ocmsn.log
02.11.2006 14:49 78.600 netfxocm.log
02.11.2006 14:49 218.852 ocgen.log
02.11.2006 14:49 31.237 MedCtrOC.log
02.11.2006 14:49 22.501 msgsocm.log
02.11.2006 14:49 444.368 FaxSetup.log
02.11.2006 14:49 142.752 msmqinst.log
02.11.2006 14:45 0 VPC32.INI
18.10.2006 09:47 3.936 KB924191.log
18.10.2006 09:47 3.849 KB922819.log
18.10.2006 09:47 3.765 KB923414.log
18.10.2006 09:47 3.684 KB920214.log
18.10.2006 09:47 3.602 KB920685.log
18.10.2006 09:47 3.522 KB924496.log
18.10.2006 09:47 3.824 KB920872.log
18.10.2006 09:47 3.351 KB919007.log
18.10.2006 09:46 3.352 KB923191.log
18.10.2006 09:46 3.656 KB925486.log
18.10.2006 09:28 1.760.623 setupapi.log.0.old
13.10.2006 19:23 4.777 LVEventLog.log
12.10.2006 12:25 1.588 DirectX.log
11.10.2006 15:50 894 idmviewer.log
10.10.2006 17:49 334 GEARInstall.log
09.10.2006 17:56 1.448 COM+.log
04.10.2006 20:16 205 my.ini
04.10.2006 20:12 64 Crypkey.ini
04.10.2006 16:55 72 init.ini
04.10.2006 08:27 904 EventSystem.log
03.10.2006 11:06 4.348 DPINST.LOG
02.10.2006 23:21 459 wmsetup10.log
02.10.2006 18:32 3.469 mozver.dat
02.10.2006 16:27 0 nsreg.dat
02.10.2006 16:14 2.038 OEWABLog.txt
02.10.2006 15:19 2.191 vminst.log
02.10.2006 15:19 520 ODBC.INI
02.10.2006 15:19 4.512 ODBCINST.INI
02.10.2006 15:17 218 ORAODBC.INI
02.10.2006 10:41 2.736 spupdsvc.log
29.09.2006 11:11 1.374 imsins.BAK
29.09.2006 11:11 16.812 KB917734.log
29.09.2006 11:09 15.688 KB921883.log
29.09.2006 11:09 24.759 updspapi.log
29.09.2006 11:09 14.856 KB922616.log
29.09.2006 11:08 14.954 KB911280.log
29.09.2006 11:06 15.180 KB917159.log
29.09.2006 11:05 15.237 KB921398.log
29.09.2006 11:05 17.932 KB918899.log
29.09.2006 11:04 10.688 KB920670.log
29.09.2006 11:04 10.885 KB918439.log
29.09.2006 11:02 10.680 KB914388.log
29.09.2006 11:02 9.368 KB917344.log
29.09.2006 11:02 9.511 KB917953.log
29.09.2006 11:02 9.327 KB917422.log
29.09.2006 11:01 8.819 KB916595.log
29.09.2006 11:01 10.053 KB913580.log
29.09.2006 11:01 8.683 KB920683.log
29.09.2006 11:01 8.307 KB914389.log
29.09.2006 10:13 18.922 setuplog.txt
29.09.2006 10:13 509 setuperr.log
29.09.2006 09:35 7.890 sessmgr.setup.log
29.09.2006 09:35 2.165 DtcInstall.log
29.09.2006 09:35 6.840 regopt.log
27.04.2006 12:26 8.293 KB908521.log
27.04.2006 12:22 7.165 KB904942.log
27.04.2006 12:20 63 vbaddin.ini
27.04.2006 12:19 60.926 KB911565.log
26.04.2006 15:53 316.640 WMSysPr9.prx
26.04.2006 14:34 55.703 ofcscan.ini
26.04.2006 14:21 24.801 KB911927.log
26.04.2006 14:21 24.313 KB901017.log
26.04.2006 14:20 24.752 KB896424.log
26.04.2006 14:20 23.912 KB911562.log
26.04.2006 14:20 31.972 KB900485.log
26.04.2006 14:19 18.582 KB910437.log
26.04.2006 14:19 45.479 KB911564.log
26.04.2006 14:19 26.806 KB912812.log
26.04.2006 14:18 23.601 KB902400.log
26.04.2006 14:17 14.512 KB899589.log
26.04.2006 14:17 14.832 KB905414.log
26.04.2006 14:17 14.950 KB900725.log
26.04.2006 14:17 12.970 KB912919.log
26.04.2006 14:16 12.170 KB904706.log
26.04.2006 14:16 12.734 KB908531.log
26.04.2006 14:16 12.210 KB905749.log
26.04.2006 14:16 11.584 KB911567.log
26.04.2006 14:15 11.157 KB908519.log
26.04.2006 14:15 7.945 KB913446.log
26.04.2006 14:03 2.918 cfgall.ini
25.08.2005 09:00 522 TMFilter.log
24.08.2005 17:14 18.253 KB899587.log
24.08.2005 17:14 17.746 KB899591.log

Volume in drive C has no label.
Volume Serial Number is 001F-C7AB

Directory of C:\WINDOWS\TEMP



Volume in drive C has no label.
Volume Serial Number is 001F-C7AB

Directory of C:\WINDOWS\Downloaded Program Files

24.06.2005 13:27 65 desktop.ini
20.01.2000 14:25 1.162 Microsoft XML Parser for Java.osd
2 File(s) 1.227 bytes
0 Dir(s) 19.219.001.344 bytes free


Zitat

««
poste dieses log
http://virus-protect.org/artikel/tools/combofix.html

washiema - 06-11-08 16:16:30,80 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Program Files\Mozilla Firefox"

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\washiema\Application Data\Dxcknwrd.dll
C:\Documents and Settings\washiema\Application Data\Dxcuknwrd.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components
C:\Program Files\Common Files\{001FC7AB-031E-3079-0526-05050426002b}
C:\Program Files\Common Files\{301FC7AB-031E-3079-0526-05050426002b}


((((((((((((((((((((((((((((((( Files Created from 2006-10-08 to 2006-11-08 ))))))))))))))))))))))))))))))))))


2006-11-08 01:32 0 --a------ C:\backup.reg
2006-11-08 01:30 249 --a------ C:\avexport.bat
2006-11-08 01:30 126,976 --a------ C:\zip.exe
2006-11-07 23:40 864 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-07 23:19 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2006-11-07 21:05 466,944 --a------ C:\WINDOWS\system32\w29NCPA.dll
2006-11-07 21:05 3,281,408 --a------ C:\WINDOWS\system32\drivers\w29n51.sys
2006-11-07 20:16 44,035 --a------ C:\WINDOWS\system32\drivers\btwhid.sys
2006-11-07 20:16 17,516 --a------ C:\WINDOWS\system32\drivers\frmupgr.sys
2006-11-07 10:18 60,436 --a------ C:\WINDOWS\system32\vcvvccht.dll
2006-11-06 19:41 3,440 --a------ C:\WINDOWS\undo.reg
2006-11-06 19:41 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2006-11-02 21:19 10,368 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2006-11-02 15:04 57,384 --a------ C:\WINDOWS\system32\avsda.dll
2006-11-02 15:04 32,768 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2006-11-02 15:04 14,848 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2006-11-01 20:10 15,872 --a------ C:\WINDOWS\system32\winrkq32.VIR
2006-10-29 21:00 61,440 --a------ C:\WINDOWS\system32\W32N50.dll
2006-10-29 21:00 16,292 --a------ C:\WINDOWS\system32\PCANDIS5.SYS
2006-10-29 19:25 607,232 --a------ C:\WINDOWS\system32\drivers\MA111nd5.sys
2006-10-23 17:22 69,632 --a------ C:\WINDOWS\aaRemove.exe
2006-10-21 12:51 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2006-10-21 12:51 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2006-10-21 12:51 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2006-10-12 12:27 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2006-10-12 12:27 15,360 --a------ C:\WINDOWS\system32\drivers\MPE.sys
2006-10-12 12:26 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2006-10-12 12:26 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-10-12 12:26 51,072 -ra------ C:\WINDOWS\system32\drivers\M9207_543.sys
2006-10-12 12:26 363,520 --a------ C:\WINDOWS\system32\PsisDecd.dll
2006-10-12 12:26 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2006-10-12 12:26 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2006-10-12 12:26 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2006-10-12 12:26 11,776 --a------ C:\WINDOWS\system32\drivers\BdaSup.sys
2006-10-12 12:26 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2006-10-12 12:26 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2006-10-11 15:50 328,704 --a------ C:\WINDOWS\IsUn0407.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-08 16:17 -------- d-------- C:\Program Files\Symantec AntiVirus
2006-11-08 16:17 -------- d-------- C:\Program Files\Common Files
2006-11-08 16:15 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-08 15:45 -------- d-------- C:\Program Files\CleanUp!
2006-11-08 01:09 0 --a------ C:\AUTOEXEC.BAT
2006-11-08 00:18 -------- d-------- C:\Program Files\Trisnap Technologies
2006-11-07 21:05 -------- d-------- C:\Program Files\Intel
2006-11-07 20:55 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-07 20:55 -------- d-------- C:\Program Files\Broadcom
2006-11-07 20:11 -------- d-------- C:\Program Files\Hewlett-Packard
2006-11-07 15:12 -------- d-------- C:\Program Files\Trojan Remover
2006-11-06 21:09 -------- d-------- C:\Program Files\Trillian
2006-11-06 19:42 -------- d-------- C:\Documents and Settings\washiema\Application Data\Simply Super Software
2006-11-06 19:17 -------- d-------- C:\Documents and Settings\washiema\Application Data\TrojanHunter
2006-11-06 17:29 -------- d-------- C:\Program Files\TrojanHunter 4.6
2006-11-04 18:02 -------- d-------- C:\Program Files\Apple Software Update
2006-11-03 17:14 -------- d-------- C:\Program Files\NetSpeedMonitor
2006-11-02 21:27 -------- d-------- C:\Documents and Settings\washiema\Application Data\ACD Systems
2006-11-02 21:20 -------- d-------- C:\Program Files\Common Files\ACD Systems
2006-11-02 17:45 -------- d-------- C:\Program Files\Windows Media Player
2006-11-02 15:04 -------- d-------- C:\Program Files\AntiVir PersonalEdition Classic
2006-11-02 14:47 -------- d-------- C:\Program Files\Movie Maker
2006-11-01 20:52 -------- d-------- C:\Program Files\VSAdd-in
2006-11-01 20:28 -------- d-------- C:\Program Files\Windows NT
2006-11-01 20:28 -------- d-------- C:\Program Files\NetMeeting
2006-11-01 20:23 -------- d-------- C:\Program Files\Lavasoft
2006-11-01 20:23 -------- d-------- C:\Documents and Settings\washiema\Application Data\Lavasoft
2006-11-01 19:49 -------- d-------- C:\Program Files\PopCap Games
2006-11-01 18:27 -------- d-a------ C:\Documents and Settings\washiema\Application Data\Identities
2006-11-01 18:27 -------- d-------- C:\Documents and Settings\washiema\Application Data\Zylom
2006-11-01 11:03 -------- d-------- C:\Program Files\POP Peeper
2006-10-31 18:59 -------- d-------- C:\Documents and Settings\washiema\Application Data\POP Peeper
2006-10-31 10:46 -------- d-------- C:\Program Files\Java
2006-10-31 10:43 -------- d-------- C:\Program Files\Nokia
2006-10-30 13:31 -------- d-------- C:\Program Files\PLSQL Developer
2006-10-30 13:20 -------- d-------- C:\Documents and Settings\washiema\Application Data\Apple Computer
2006-10-29 21:00 -------- d-------- C:\Program Files\NETGEAR
2006-10-25 18:11 -------- d-------- C:\Program Files\WinSCP3
2006-10-25 08:48 -------- d-------- C:\Program Files\sipgate X-Lite
2006-10-24 19:03 -------- d-------- C:\Program Files\MSN Messenger
2006-10-23 17:42 -------- d-------- C:\Documents and Settings\washiema\Application Data\PLSQL Developer
2006-10-21 14:09 -------- d-------- C:\Program Files\WinZip
2006-10-21 13:23 -------- d-------- C:\Program Files\ACD Systems
2006-10-18 13:50 -------- d-------- C:\Documents and Settings\washiema\Application Data\Ethereal
2006-10-18 13:45 -------- d-------- C:\Program Files\Ethereal
2006-10-18 13:43 -------- d-------- C:\Program Files\WinPcap
2006-10-17 20:05 -------- d-------- C:\Program Files\Common Files\Autodata Limited Shared
2006-10-13 19:23 -------- d-------- C:\Program Files\DTV
2006-10-13 15:20 -------- d-------- C:\Documents and Settings\washiema\Application Data\Macromedia
2006-10-11 15:02 -------- d-------- C:\Documents and Settings\washiema\Application Data\ICAClient
2006-10-11 14:21 -------- d-------- C:\Program Files\Citrix
2006-10-10 19:27 -------- d-a------ C:\Documents and Settings\washiema\Application Data\Microsoft
2006-10-10 17:49 -------- d-------- C:\Program Files\iTunes
2006-10-10 17:49 -------- d-------- C:\Program Files\iPod
2006-10-10 17:48 -------- d-------- C:\Program Files\QuickTime
2006-10-09 15:43 -------- d-------- C:\Documents and Settings\washiema\Application Data\Astellia
2006-10-04 20:15 -------- d-------- C:\Program Files\Astellia
2006-10-04 16:54 -------- d-------- C:\Program Files\Option
2006-10-04 16:54 -------- d-------- C:\Program Files\Common Files\Funk Software
2006-10-03 16:43 -------- d-a------ C:\Documents and Settings\washiema\Application Data\AdobeUM
2006-10-03 11:08 -------- d-------- C:\Documents and Settings\washiema\Application Data\Nokia
2006-10-03 11:06 -------- d-------- C:\Program Files\Common Files\PCSuite
2006-10-03 11:06 -------- d-------- C:\Program Files\Common Files\Nokia
2006-10-03 11:06 -------- d-------- C:\Documents and Settings\washiema\Application Data\PC Suite
2006-10-03 09:38 -------- d-------- C:\Documents and Settings\washiema\Application Data\Hummingbird
2006-10-03 09:37 -------- d-------- C:\Program Files\Hummingbird
2006-10-03 09:37 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-02 21:37 -------- d-------- C:\Documents and Settings\washiema\Application Data\IDMComp
2006-10-02 21:32 -------- d-------- C:\Program Files\SecureCRT
2006-10-02 21:32 -------- d-------- C:\Program Files\IDM Computer Solutions
2006-10-02 21:31 -------- d-------- C:\Documents and Settings\washiema\Application Data\VanDyke
2006-10-02 21:13 15360 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-10-02 20:29 -------- d-------- C:\Program Files\FileZilla
2006-10-02 19:38 -------- d-------- C:\Documents and Settings\washiema\Application Data\Sun
2006-10-02 17:40 -------- d-------- C:\Program Files\Agent
2006-10-02 16:28 -------- d-------- C:\Program Files\DU Meter
2006-10-02 16:27 -------- d-------- C:\Documents and Settings\washiema\Application Data\Talkback
2006-10-02 16:26 -------- d-------- C:\Documents and Settings\washiema\Application Data\Mozilla
2006-10-02 15:20 -------- d-------- C:\Program Files\Starbase
2006-10-02 15:19 -------- d-------- C:\Program Files\Common Files\Crystal Decisions
2006-10-02 15:19 -------- d-------- C:\Program Files\AR System
2006-10-02 15:17 -------- d-------- C:\Program Files\Oracle
2006-09-29 11:17 -------- d-------- C:\Program Files\xerox
2006-09-29 11:17 -------- d-------- C:\Program Files\WinRAR
2006-09-29 11:17 -------- d-------- C:\Program Files\WIDCOMM
2006-09-29 11:17 -------- d-------- C:\Program Files\Symantec
2006-09-29 11:17 -------- d-------- C:\Program Files\RSA Security
2006-09-29 11:17 -------- d-------- C:\Program Files\Outlook Express
2006-09-29 11:17 -------- d-------- C:\Program Files\OfficeUpdate11
2006-09-29 11:17 -------- d-------- C:\Program Files\OfficeScan NT
2006-09-29 11:16 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-09-29 11:16 -------- d-------- C:\Program Files\Microsoft.NET
2006-09-29 11:16 -------- d-------- C:\Program Files\Microsoft Works
2006-09-29 11:16 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-09-29 11:15 -------- d-------- C:\Program Files\Microsoft Office
2006-09-29 11:13 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-29 11:13 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-29 11:13 -------- d-------- C:\Program Files\Messenger
2006-09-29 11:12 -------- d-------- C:\Program Files\HPQ
2006-09-29 11:12 -------- d-------- C:\Program Files\Common Files\System
2006-09-29 11:12 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-29 11:12 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-09-29 11:12 -------- d-------- C:\Program Files\Common Files\Services
2006-09-29 11:12 -------- d-------- C:\Program Files\Common Files\ODBC
2006-09-29 11:12 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-09-29 11:12 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-29 11:11 -------- d-------- C:\Program Files\Common Files\Java
2006-09-29 11:10 -------- d-------- C:\Program Files\Common Files\Deterministic Networks
2006-09-29 11:10 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-09-29 11:10 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-29 11:10 -------- d-------- C:\Program Files\Cisco Systems
2006-09-29 11:10 -------- d-------- C:\Program Files\ATI Technologies
2006-09-29 11:10 -------- d-------- C:\Program Files\Analog Devices
2006-09-29 11:10 -------- d-------- C:\Program Files\Adobe
2006-09-29 11:08 -------- d-a------ C:\Documents and Settings\washiema\Application Data\Adobe
2006-09-29 11:05 -------- d-------- C:\Program Files\Internet Explorer
2006-08-29 15:01 561152 --a------ C:\WINDOWS\system32\ACDSee.scr


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"POP Peeper"="\"C:\\Program Files\\POP Peeper\\POPPeeper.exe\" -min"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"DU Meter"="C:\\Program Files\\DU Meter\\DUMeter.exe"
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.6\\THGuard.exe\""
"TrojanScanner"="C:\\Program Files\\Trojan Remover\\Trjscan.exe"
"SNM"="C:\\Program Files\\SpyNoMore\\SNM.exe /startup"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoWindowsUpdate"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DU Meter (2).lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\DU Meter (2).lnk"
"backup"="C:\\WINDOWS\\pss\\DU Meter (2).lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\DUMETE~1\\DUMeter.exe "
"item"="DU Meter (2)"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PcSync2"
"hkey"="HKCU"
"command"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ServiceLayer"=dword:00000003
"SavRoam"=dword:00000002
"Crypkey License"=dword:00000002

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-11-08 16:17:39.61
C:\ComboFix.txt ... 06-11-08 16:17


scheint was gefunden zu haben.

Meine Antivirussw hat soeben wieder gemeckert...

C:\windows\system32\vcvvccht.dll

Ist Das Trojanische Pferd TR/BHO.G3

grrrrrrr, das gibts ja ned :-(
Seitenanfang Seitenende
08.11.2006, 16:57
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 gdfde

Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

Registry values to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|SNM

registry keys to delete:
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1D2401F5-0254-4793-B2E0-6185EC9C4790}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{39f25b12-74ff-4079-a51f-1d70f5b08b84}
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F18F04B0-9CF1-4b93-B004-77A288BEE28B}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D2401F5-0254-4793-B2E0-6185EC9C4790}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39f25b12-74ff-4079-a51f-1d70f5b08b84}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F18F04B0-9CF1-4b93-B004-77A288BEE28B}

Files to delete:
C:\WINDOWS\system32\Fxxplfnt.tmp
C:\WINDOWS\system32\vcvvccht.dll
C:\WINDOWS\system32\winrkq32.VIR
C:\Documents and Settings\washiema\Application Data\Dxcknwrd.dll
C:\Documents and Settings\washiema\Application Data\Dxcuknwrd.dll

Folders to delete:
C:\Program Files\VSAdd-in
C:\Program Files\SpyNoMore
C:\WINDOWS\system32\components
C:\Program Files\Common Files\{001FC7AB-031E-3079-0526-05050426002b}
Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

**
poste das log, was nach dem neustart vom avenger erscheint
+
poste das neue log vom HijackThis
__________
MfG Sabina

rund um die PC-Sicherheit
Dieser Beitrag wurde am 08.11.2006 um 17:01 Uhr von Sabina editiert.
Seitenanfang Seitenende
08.11.2006, 18:11
Member

Themenstarter

Beiträge: 11
#5 here you go, sabina.
die adware.adjum.100 meldung kommt jetzt immer noch grrrrrr

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not open export batch. Registry operations will not be backed up!
Error code: 0


Error: could not open export batch. Registry operations will not be backed up!
Error code: 0


Error: could not open export batch. Registry operations will not be backed up!
Error code: 0


Error: could not create zip file.
Error code: 0


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ybwcalnj

*******************

Script file located at: \??\C:\WINDOWS\cafjmvdb.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\Fxxplfnt.tmp deleted successfully.
File C:\WINDOWS\system32\vcvvccht.dll deleted successfully.
File C:\WINDOWS\system32\winrkq32.VIR deleted successfully.


File C:\Documents and Settings\washiema\Application Data\Dxcknwrd.dll not found!
Deletion of file C:\Documents and Settings\washiema\Application Data\Dxcknwrd.dll failed!

Could not process line:
C:\Documents and Settings\washiema\Application Data\Dxcknwrd.dll
Status: 0xc0000034



File C:\Documents and Settings\washiema\Application Data\Dxcuknwrd.dll not found!
Deletion of file C:\Documents and Settings\washiema\Application Data\Dxcuknwrd.dll failed!

Could not process line:
C:\Documents and Settings\washiema\Application Data\Dxcuknwrd.dll
Status: 0xc0000034

Folder C:\Program Files\VSAdd-in deleted successfully.


Folder C:\Program Files\SpyNoMore not found!
Deletion of folder C:\Program Files\SpyNoMore failed!

Could not process line:
C:\Program Files\SpyNoMore
Status: 0xc0000034



Folder C:\WINDOWS\system32\components not found!
Deletion of folder C:\WINDOWS\system32\components failed!

Could not process line:
C:\WINDOWS\system32\components
Status: 0xc0000034



Folder C:\Program Files\Common Files\{001FC7AB-031E-3079-0526-05050426002b} not found!
Deletion of folder C:\Program Files\Common Files\{001FC7AB-031E-3079-0526-05050426002b} failed!

Could not process line:
C:\Program Files\Common Files\{001FC7AB-031E-3079-0526-05050426002b}
Status: 0xc0000034

Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|SNM deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1D2401F5-0254-4793-B2E0-6185EC9C4790} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{39f25b12-74ff-4079-a51f-1d70f5b08b84} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F18F04B0-9CF1-4b93-B004-77A288BEE28B} deleted successfully.
Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D2401F5-0254-4793-B2E0-6185EC9C4790} deleted successfully.
Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39f25b12-74ff-4079-a51f-1d70f5b08b84} deleted successfully.
Registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F18F04B0-9CF1-4b93-B004-77A288BEE28B} deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



Logfile of HijackThis v1.99.1
Scan saved at 18:13:12, on 08.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Astellia\mysql\bin\mysqld-nt.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\washiema\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy33:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 172.23.4.*;172.23.5.*;172.23.48.*;172.23.49.*;172.23.52.*;172.23.53.*;172.23.56.*;
172.23.57.*;172.23.60.*;172.23.61.*;172.23.60.152;172.23.97.162;172.23.34.111;
172.23.111.*;172.23.2.21;aupdapp*;172.23.34.107;*
staging.*;peoplesoft.*;activation.*,172.23.200.130;;;;;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O14 - IERESET.INF: START_PAGE_URL=http://intranet.h3g.at
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = at-work.local
O17 - HKLM\Software\..\Telephony: DomainName = at-work.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = at-work.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = at-work.local
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySql - Unknown owner - C:/Program Files/Astellia/mysql/bin/mysqld-nt.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Unknown owner - C:\Program Files\OfficeScan NT\ntrtscan.exe (file missing)
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\bin\ONRSD.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\WINDOWS\Pointdev\VNC\WinVNC.exe" -service (file missing)
Dieser Beitrag wurde am 08.11.2006 um 18:29 Uhr von Sabina editiert.
Seitenanfang Seitenende
08.11.2006, 18:30
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 gdfde

scanne und poste den scanreport
http://virus-protect.org/artikel/tools/superantispyware.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
09.11.2006, 00:00
Member

Themenstarter

Beiträge: 11
#7 here u go

Application Version : 3.3.1020

Core Rules Database Version : 3123
Trace Rules Database Version: 1143

Scan type : Complete Scan
Total Scan Time : 00:35:26

Memory items scanned : 527
Memory Thread detected : 0
Registry items scanned : 6165
Registry Thread detected : 9
File items scanned : 27950
File Thread detected : 2

Trojan.cmdService
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc

Trojan.Downloader-PATDUM
C:\VUNDOFIX BACKUPS\JKKJG.DLL.BAD

Malware.SpywareHeal
C:\ZIPS\SPYHEAL_SETUP.EXE
Seitenanfang Seitenende
09.11.2006, 00:01
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 ServiceFilter.zip
http://virus-protect.org/artikel/tools/ServiceFilter.zip

- entzippen
- doppelklick auf die datei ServiceFilter.vbs
- versions-nummer bestätigen
- scannen
- öffnen von wordpad oder editor erlauben
- POST_THIS.TXT abkopieren
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
09.11.2006, 00:23
Member

Themenstarter

Beiträge: 11
#9 bitte schön

The script did not recognize the services listed below.
This does not mean that they are a problem.

To copy the entire contents of this document for posting:
At the top of this window click "Edit" then "Select All"
Next click "Edit" again then "Copy"
Now right click in the forum post box then click "Paste"

########################################

ServiceFilter 1.1
by rand1038

Microsoft Windows XP Professional
Version: 5.1.2600 Service Pack 2
Nov 9, 2006 00:24:17


---> Begin Service Listing <---

Unknown Service # 1
Service Name: AntiVirScheduler
Display Name: AntiVir PersonalEdition Classic Planer
Start Mode: Auto
Start Name: LocalSystem
Description: Dienst zur Steuerung von AntiVir Prüfaufträgen und ...
Service Type: Own Process
Path: c:\program files\antivir personaledition classic\sched.exe
State: Running
Process ID: 808
Started: True
Exit Code: 0
Accept Pause: True
Accept Stop: True

Unknown Service # 2
Service Name: AntiVirService
Display Name: AntiVir PersonalEdition Classic Guard
Start Mode: Auto
Start Name: LocalSystem
Description: Bietet permanenten Schutz vor Viren und Malware mit der AntiVir ...
Service Type: Own Process
Path: c:\program files\antivir personaledition classic\avguard.exe
State: Running
Process ID: 908
Started: True
Exit Code: 0
Accept Pause: False
Accept Stop: True

Unknown Service #3
Service Name: aspnet_state
Display Name: ASP.NET State Service
Start Mode: Manual
Start Name: NT AUTHORITY\NetworkService
Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, ...
Service Type: Own Process
Path: c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False

Unknown Service # 4
Service Name: btwdins
Display Name: Bluetooth Service
Start Mode: Auto
Start Name: LocalSystem
Description: Dient zum Installieren und Entfernen von ...
Service Type: Own Process
Path: c:\program files\widcomm\bluetooth software\bin\btwdins.exe
State: Running
Process ID: 1088
Started: True
Exit Code: 0
Accept Pause: False
Accept Stop: True

Unknown Service # 5
Service Name: C-DillaSrv
Display Name: C-DillaSrv
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\windows\system32\drivers\cdantsrv.exe
State: Running
Process ID: 1348
Started: True
Exit Code: 0
Accept Pause: False
Accept Stop: True

Unknown Service # 6
Service Name: CcmExec
Display Name: SMS Agent Host
Start Mode: Auto
Start Name: LocalSystem
Description: Provides change and configuration services for computer management ...
Service Type: Own Process
Path: c:\windows\system32\ccm\ccmexec.exe
State: Running
Process ID: 796
Started: True
Exit Code: 0
Accept Pause: False
Accept Stop: True

Unknown Service # 7
Service Name: clr_optimization_v2.0.50727_32
Display Name: .NET Runtime Optimization Service v2.0.50727_X86
Start Mode: Manual
Start Name: LocalSystem
Description: Microsoft .NET Framework ...
Service Type: Own Process
Path: c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False

Unknown Service # 8
Service Name: Crypkey License
Display Name: Crypkey License
Start Mode: Disabled
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: crypserv.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False

Unknown Service #9
Service Name: CVPND
Display Name: Cisco Systems, Inc. VPN Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\program files\cisco systems\vpn client\cvpnd.exe"
State: Running
Process ID: 1400
Started: True
Exit Code: 0
Accept Pause: True
Accept Stop: True

Unknown Service #10
Service Name: DefWatch
Display Name: Symantec AntiVirus Definition Watcher
Start Mode: Auto
Start Name: LocalSystem
Description: Monitors and maintains virus ...
Service Type: Own Process
Path: "c:\program files\symantec antivirus\defwatch.exe"
State: Running
Process ID: 1676
Started: True
Exit Code: 0
Accept Pause: False
Accept Stop: True

Unknown Service # 11
Service Name: iPod Service
Display Name: iPod Service
Start Mode: Manual
Start Name: LocalSystem
Description: iPod hardware management ...
Service Type: Own Process
Path: "c:\program files\ipod\bin\ipodservice.exe"
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False

Unknown Service #12
Service Name: MySql
Display Name: MySql
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:/program files/astellia/mysql/bin/mysqld-nt.exe
State: Running
Process ID: 1796
Started: True
Exit Code: 0
Accept Pause: True
Accept Stop: True

Unknown Service # 13
Service Name: ntrtscan
Display Name: OfficeScanNT RealTime Scan
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\program files\officescan nt\ntrtscan.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 0
Accept Pause: False
Accept Stop: False

Unknown Service # 14
Service Name: OracleOraHome92ClientCache
Display Name: OracleOraHome92ClientCache
Start Mode: Manual
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\oracle\ora92\bin\onrsd.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False

Unknown Service # 15
Service Name: SavRoam
Display Name: SAVRoam
Start Mode: Disabled
Start Name: LocalSystem
Description: Symantec AntiVirus Roaming ...
Service Type: Own Process
Path: "c:\program files\symantec antivirus\savroam.exe"
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False

Unknown Service # 16
Service Name: ServiceLayer
Display Name: ServiceLayer
Start Mode: Disabled
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\program files\common files\pcsuite\services\servicelayer.exe"
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False

Unknown Service # 17
Service Name: SPBBCSvc
Display Name: Symantec SPBBCSvc
Start Mode: Manual
Start Name: LocalSystem
Description: Symantec ...
Service Type: Own Process
Path: "c:\program files\common files\symantec shared\spbbc\spbbcsvc.exe"
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False

Unknown Service #18
Service Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Start Mode: Manual
Start Name: LocalSystem
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this ...
Service Type: Own Process
Path: c:\windows\system32\dllhost.exe /processid:{9ce0b860-3762-411a-9dea-c6ca1873cfeb}
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False

Unknown Service # 19
Service Name: Symantec AntiVirus
Display Name: Symantec AntiVirus
Start Mode: Auto
Start Name: LocalSystem
Description: Provides real-time virus scanning, reporting, and management functionality for Symantec ...
Service Type: Own Process
Path: "c:\program files\symantec antivirus\rtvscan.exe"
State: Running
Process ID: 156
Started: True
Exit Code: 0
Accept Pause: False
Accept Stop: True

Unknown Service # 20
Service Name: SysEnforce
Display Name: SysEnforce
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\progra~1\trisna~1\ssi\sysenf~1.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 0
Accept Pause: False
Accept Stop: False

Unknown Service # 21
Service Name: usnsvc
Display Name: Messenger Sharing USN Journal Reader-Service
Start Mode: Manual
Start Name: LocalSystem
Description: Ein von Messenger installierter Service, der Freigabeszenarien ...
Service Type: Own Process
Path: c:\windows\system32\svchost.exe -k usnsvc
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False

Unknown Service #22
Service Name: winvnc
Display Name: VNC Server
Start Mode: Manual
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\windows\pointdev\vnc\winvnc.exe" -service
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False

---> End Service Listing <---

There are 112 Win32 services on this machine.
22 were unrecognized.

Script Execution Time: 2,171997 seconds.
Seitenanfang Seitenende
09.11.2006, 10:10
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 ueberpruefe, ob noch etwas von SPYHEAL auf dem Rechner zu finden ist.
Ansonsten muesste wieder alles mehr oder weniger o.k. sein
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
09.11.2006, 16:27
Member

Themenstarter

Beiträge: 11
#11 spyheal hab ich nicht merh gefunden, aber dieses bloody adware.adjump.100 trojanerzeugs ist wieder gekommen grrrrr
Seitenanfang Seitenende
09.11.2006, 16:29
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 poste noch mal die 6 logs von datfindbat, es scheint noch nicht alles sauber zu sein ;)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
09.11.2006, 16:41
Member

Themenstarter

Beiträge: 11
#13 Volume in drive C has no label.
Volume Serial Number is 001F-C7AB

Directory of C:\WINDOWS\system32

09.11.2006 10:58 8.860 Fxxplfnt.tmp
09.11.2006 10:48 1.688 TRJ_NTAUTO.TMP
08.11.2006 19:01 0 CMMGR32.EXE
07.11.2006 23:54 0 tmp.txt
07.11.2006 23:54 864 tmp.reg
07.11.2006 23:19 1.152 windrv.sys
06.11.2006 19:42 251.488 trjscan.trb
06.11.2006 17:25 59.392 streamhlp.dll
06.11.2006 09:15 399.298 perfh009.dat
06.11.2006 09:15 61.808 perfc009.dat
06.11.2006 09:15 468.340 PerfStringBackup.INI
06.11.2006 09:07 2.206 wpa.dbl
31.10.2006 10:46 3.036 jupdate-1.4.2_03-b02.log
23.10.2006 00:28 832.064 rmvtrjan.trb
23.10.2006 00:25 1.622.592 rmt.trb
12.10.2006 14:05 265.416 FNTCACHE.DAT
11.10.2006 14:21 3.090 jupdate-1.4.2_06-b03.log
09.10.2006 15:25 3.360 esnecil.ind
04.10.2006 20:16 3.360 esnecil.nlp
02.10.2006 21:13 15.360 BASSMOD.dll
29.09.2006 10:13 2.430 $winnt$.inf
24.09.2006 02:42 65.536 QuickTimeVR.qtx
24.09.2006 02:42 49.152 QuickTime.qts
07.09.2006 12:54 57.384 avsda.dll
29.08.2006 15:01 561.152 ACDSee.scr
29.07.2006 18:32 48.936 sirenacm.dll
28.07.2006 03:28 3.054.080 mshtml.dll
25.07.2006 21:33 613.888 urlmon.dll
21.07.2006 09:24 72.704 hlink.dll
14.07.2006 16:31 332.288 netapi32.dll
14.07.2006 16:25 546.304 hhctrl.ocx
14.07.2006 13:51 108.144 GEARAspi.dll
13.07.2006 14:33 8.453.632 shell32.dll
06.07.2006 17:21 6.757.792 MRT.exe
05.07.2006 11:55 984.064 kernel32.dll
26.06.2006 18:37 148.480 dnsapi.dll
26.06.2006 18:37 8.192 rasadhlp.dll
23.06.2006 12:02 658.944 wininet.dll
23.06.2006 12:02 39.424 pngfilt.dll
23.06.2006 12:02 474.112 shlwapi.dll
23.06.2006 12:02 448.512 mshtmled.dll
23.06.2006 12:02 146.432 msrating.dll
23.06.2006 12:02 532.480 mstime.dll
23.06.2006 12:02 1.494.016 shdocvw.dll
23.06.2006 12:02 96.256 inseng.dll
23.06.2006 12:02 205.312 dxtrans.dll
23.06.2006 12:02 357.888 dxtmsft.dll
23.06.2006 12:02 251.392 iepeers.dll
23.06.2006 12:02 1.054.208 danim.dll
23.06.2006 12:02 16.384 jsproxy.dll
23.06.2006 12:02 55.808 extmgr.dll
23.06.2006 12:02 1.022.976 browseui.dll
23.06.2006 12:02 151.040 cdfview.dll
23.06.2006 09:34 24.576 xpsp3res.dll
22.06.2006 11:47 181.248 rasmans.dll
17.06.2006 01:46 345.088 trupd.trb
01.06.2006 19:47 27.648 jgpl400.dll
01.06.2006 19:47 163.840 jgdw400.dll
19.05.2006 13:59 111.616 dhcpcsvc.dll
19.05.2006 13:59 94.720 iphlpapi.dll
18.05.2006 06:24 450.560 jscript.dll
09.05.2006 09:50 198.616 iuengine.dll
09.05.2006 09:50 124.376 wuauclt.exe
09.05.2006 09:50 465.368 wuapi.dll
09.05.2006 09:50 174.040 wuweb.dll
09.05.2006 09:50 75.736 cdm.dll
09.05.2006 09:50 18.392 wups2.dll
09.05.2006 09:50 41.432 wups.dll
09.05.2006 09:50 172.504 wuauclt1.exe
09.05.2006 09:50 174.552 wuaucpl.cpl
09.05.2006 09:50 1.347.544 wuaueng.dll
09.05.2006 09:50 194.520 wuaueng1.dll
09.05.2006 09:50 127.448 wucltui.dll
29.04.2006 05:07 5.533.696 wmp.dll
27.04.2006 12:39 3.008 jupdate-1.4.2_02-b03.log
27.04.2006 09:33 207.872 DAAPI.dll
27.04.2006 09:03 243.712 ConnAPI.dll
27.04.2006 09:02 60.416 NclTools.dll
26.04.2006 15:54 16.832 amcompat.tlb
26.04.2006 15:54 23.392 nscompat.tlb
26.04.2006 14:36 22 tmsock.tmp.tag
27.03.2006 13:13 122.880 NclAPI.dll
24.03.2006 05:37 49.152 wdigest.dll
17.03.2006 10:07 679.424 inetcomm.dll
17.03.2006 01:38 28.672 verclsid.exe
01.03.2006 20:42 11.776 xolehlp.dll
01.03.2006 20:42 426.496 msdtcprx.dll
01.03.2006 20:42 91.136 mtxoci.dll
01.03.2006 20:42 66.560 mtxclu.dll
01.03.2006 20:42 956.416 msdtctm.dll
01.03.2006 20:42 161.280 msdtcuiu.dll
04.01.2006 04:35 68.096 webclnt.dll
29.12.2005 03:54 280.064 gdi32.dll
07.12.2005 11:31 202.752 CddbCdda.dll
11.11.2005 04:22 581.632 rpcrt4.dll
20.10.2005 23:20 1.082.368 esent.dll
17.10.2005 22:14 118.272 t2embed.dll
17.10.2005 22:14 80.896 fontsub.dll
06.10.2005 01:05 1.839.488 win32k.sys
23.09.2005 06:28 32.768 netfxperf.dll
23.09.2005 06:28 270.848 mscoree.dll
23.09.2005 06:28 74.240 mscories.dll
23.09.2005 06:28 150.016 mscorier.dll
23.09.2005 06:28 83.456 dfshim.dll
10.09.2005 02:53 2.067.968 cdosys.dll
01.09.2005 02:41 291.840 winsrv.dll
01.09.2005 02:41 19.968 linkinfo.dll
30.08.2005 04:54 1.287.168 quartz.dll
23.08.2005 04:35 123.392 umpnpmgr.dll
22.08.2005 19:29 197.632 netman.dll
11.08.2005 16:09 65.024 nwwks.dll
02.08.2005 22:24 53.299 pthreadVC.dll
02.08.2005 22:18 233.472 wpcap.dll
02.08.2005 22:08 81.920 Packet.dll
02.08.2005 22:08 61.440 WanPacket.dll
26.07.2005 05:39 397.824 rpcss.dll
26.07.2005 05:39 37.888 olecnv32.dll
26.07.2005 05:39 101.376 txflog.dll
26.07.2005 05:39 1.285.120 ole32.dll
26.07.2005 05:39 74.752 olecli32.dll
26.07.2005 05:39 243.200 es.dll
26.07.2005 05:39 540.160 comuid.dll
26.07.2005 05:39 97.792 comrepl.dll
26.07.2005 05:39 1.267.200 comsvcs.dll
26.07.2005 05:39 110.080 clbcatex.dll
26.07.2005 05:39 498.688 clbcatq.dll
26.07.2005 05:39 60.416 colbact.dll
26.07.2005 05:39 625.152 catsrvut.dll
26.07.2005 05:39 225.792 catsrv.dll
08.07.2005 17:27 76.800 remotesp.tsp
08.07.2005 17:27 249.344 tapisrv.dll
29.06.2005 02:46 254.976 icm32.dll
29.06.2005 02:46 74.240 mscms.dll
28.06.2005 09:21 22.752 spupdsvc.exe
28.06.2005 09:20 13.536 spmsg.dll
24.06.2005 15:23 0 h323log.txt
24.06.2005 13:28 2.577 CONFIG.NT
24.06.2005 13:27 488 logonui.exe.manifest
24.06.2005 13:27 488 WindowsLogon.manifest
24.06.2005 13:27 749 sapi.cpl.manifest
24.06.2005 13:27 749 wuaucpl.cpl.manifest
24.06.2005 13:27 749 ncpa.cpl.manifest
24.06.2005 13:27 749 nwc.cpl.manifest
24.06.2005 13:27 749 cdplayer.exe.manifest
24.06.2005 13:25 21.640 emptyregdb.dat
23.06.2005 18:29 71.416 pds.dll
23.06.2005 18:29 83.704 nts.dll
23.06.2005 18:29 46.848 msgsys.dll
23.06.2005 18:29 83.648 loc32vc0.dll
23.06.2005 18:28 34.552 cba.dll
23.06.2005 18:27 43.712 NavLogon.dll
20.06.2005 13:56 462.848 ACDV.dll
20.06.2005 13:42 466.944 w29NCPA.dll
20.06.2005 13:42 1.671.168 W29MLRES.DLL
15.06.2005 18:49 295.936 kerberos.dll
11.06.2005 00:53 57.856 spoolsv.exe
07.06.2005 23:47 299.008 atiiiexx.dll
07.06.2005 23:19 229.376 ATIDEMGR.dll
07.06.2005 22:38 6.680.576 atioglx1.dll
07.06.2005 22:01 5.140.480 Atioglgl.dll
07.06.2005 21:35 4.820.992 atioglxx.dll
07.06.2005 21:20 228.864 ati2dvag.dll
07.06.2005 21:15 25.088 Ati2mdxx.exe
07.06.2005 21:15 39.936 ati2edxx.dll
07.06.2005 21:15 46.080 ati2evxx.dll
07.06.2005 21:14 368.640 ati2evxx.exe
07.06.2005 21:13 53.248 ATIDDC.DLL
07.06.2005 21:07 2.347.520 ati3duag.dll
07.06.2005 21:01 614.912 ativvaxx.dll
07.06.2005 20:51 139.264 atikvmag.dll
07.06.2005 20:50 17.408 atitvo32.dll
07.06.2005 20:45 208.896 ati2cqag.dll
27.05.2005 03:04 155.136 itircl.dll
27.05.2005 03:04 137.216 itss.dll
27.05.2005 03:04 41.472 hhsetup.dll
26.05.2005 03:19 178.408 muweb.dll
13.05.2005 18:50 91.856 S32EVNT1.DLL
11.05.2005 00:45 75.776 telnet.exe
04.05.2005 13:45 884.736 msimsg.dll
04.05.2005 13:45 15.360 msisip.dll
04.05.2005 13:45 78.848 msiexec.exe
04.05.2005 13:45 271.360 msihnd.dll
04.05.2005 13:45 2.890.240 msi.dll
03.05.2005 15:18 93.878 atiicdxx.dat
22.04.2005 11:03 517.848 SymNeti.dll
22.04.2005 11:03 132.824 SymRedir.dll
31.03.2005 16:32 466.944 capicom.dll
22.03.2005 06:23 5.195 atifglpf.xml
17.03.2005 13:39 1.146.320 FM20.DLL
14.03.2005 13:22 81.920 PhilipsDVB_TXT.ax
11.03.2005 07:15 49.152 WSTDEC.dll
02.03.2005 19:09 577.024 user32.dll
02.03.2005 19:09 56.832 authz.dll
02.03.2005 01:59 2.179.328 ntoskrnl.exe
02.03.2005 01:34 2.056.832 ntkrnlpa.exe
22.02.2005 09:00 77.824 PhilipsAnalog_TXT.ax
07.02.2005 16:08 176.128 bcmwlu00.EXE
07.02.2005 16:08 69.632 bcmwlD2K.EXE
28.01.2005 14:23 228.352 wmerror.dll
28.01.2005 14:23 9.216 asferror.dll
28.01.2005 14:23 86.016 wmpshell.dll
28.01.2005 14:23 3.407.872 wmploc.dll
28.01.2005 14:23 316.416 MSWMDM.dll
28.01.2005 14:23 486.400 Audiodev.dll
28.01.2005 12:32 2.370.296 wmvcore.dll
28.01.2005 12:32 895.736 wmvdmod.dll
28.01.2005 12:32 774.904 wmsdmod.dll
28.01.2005 12:32 1.218.808 wmvadvd.dll
28.01.2005 12:32 413.944 wmspdmod.dll
28.01.2005 12:32 364.784 MSSCP.dll
28.01.2005 12:32 396.528 wmadmod.dll
28.01.2005 12:32 258.296 drmclien.dll
28.01.2005 07:53 290.816 WMDRMNet.dll
28.01.2005 07:53 335.872 WMDRMdev.dll
28.01.2005 07:53 502.272 drmv2clt.dll
28.01.2005 07:53 294.912 blackbox.dll
28.01.2005 07:53 142.336 msnetobj.dll
28.01.2005 07:53 96.768 drmstor.dll
28.01.2005 07:53 221.184 qasf.dll
28.01.2005 07:53 173.568 MsPMSP.dll
28.01.2005 07:53 25.088 MsPMSNSv.dll
28.01.2005 07:53 164.864 cewmdm.dll
28.01.2005 07:53 28.160 WMDMLOG.dll
28.01.2005 07:53 33.792 WMDMPS.dll
28.01.2005 07:53 1.512.448 WMVADVE.DLL
28.01.2005 07:53 135.168 wmpasf.dll
28.01.2005 07:53 282.624 wmpdxm.dll
28.01.2005 07:53 940.544 wmspdmoe.dll
28.01.2005 07:53 1.003.008 wmvdmoe2.dll
28.01.2005 07:53 175.104 wmpsrcwp.dll
28.01.2005 07:53 1.119.744 wmsdmoe2.dll
28.01.2005 07:53 716.288 wmadmoe.dll
28.01.2005 07:53 1.594.880 wmpencen.dll
28.01.2005 07:53 1.027.072 wmnetmgr.dll
28.01.2005 07:53 150.016 wmidx.dll
28.01.2005 07:53 224.768 wmasf.dll
28.01.2005 07:53 6.656 laprxy.dll
28.01.2005 07:52 20.480 wmp.ocx
28.01.2005 07:52 20.480 wmpcd.dll
28.01.2005 07:52 20.480 wmpcore.dll
28.01.2005 07:52 20.480 wmpui.dll
28.01.2005 00:36 331.264 wpdsp.dll
28.01.2005 00:36 38.912 wpd_ci.dll
28.01.2005 00:36 331.776 wpdmtpdr.dll
28.01.2005 00:36 114.176 wpdmtp.dll
28.01.2005 00:36 66.560 wpdmtpus.dll
28.01.2005 00:36 61.952 wpdconns.dll
28.01.2005 00:36 10.752 wpdtrace.dll
28.01.2005 00:36 47.104 uwdf.exe
28.01.2005 00:36 38.912 wdfmgr.exe
28.01.2005 00:35 15.872 wdfapi.dll
28.01.2005 00:26 360.448 l3codecp.acm
28.01.2005 00:21 96.768 logagent.exe
07.12.2004 20:32 96.768 srvsvc.dll
17.11.2004 18:41 347.136 hypertrm.dll
28.10.2004 02:21 721.920 lsasrv.dll
26.10.2004 12:25 90.112 BtWiaExt.dll
26.10.2004 12:21 155.648 btbip.dll
26.10.2004 12:21 266.299 btcpl.cpl
26.10.2004 12:17 221.184 btwhidcs.dll
26.10.2004 12:16 819.200 BtWizard.dll
26.10.2004 12:15 1.015.885 BTNeighborhood.dll
26.10.2004 12:12 200.704 btsec.dll
26.10.2004 12:11 385.083 btcss.dll
26.10.2004 12:10 73.728 btsendto_ie.dll
26.10.2004 12:10 65.536 btsendto_wab.dll
26.10.2004 12:09 167.936 btsendto_office.dll
26.10.2004 12:08 49.152 btsendto_notes.dll
26.10.2004 12:07 131.072 btsendto.dll
26.10.2004 12:06 139.264 btosif_olx.dll
26.10.2004 12:06 86.016 btprn2k.dll
26.10.2004 12:05 114.688 bthcrpui.dll
26.10.2004 12:04 102.400 bthcrp.dll
26.10.2004 12:04 45.056 btwpimif.dll
26.10.2004 12:04 200.704 btosif_ol.dll
26.10.2004 12:03 159.744 btosif_notes.dll
26.10.2004 12:03 118.784 btosif.dll
26.10.2004 12:01 552.960 WidcommSdk.dll
26.10.2004 12:00 565.309 wbtapi.dll
26.10.2004 11:58 61.440 BtAudioHelper.dll
26.10.2004 11:58 24.576 BtXpShell.dll
26.10.2004 11:58 110.592 BTXPPanel.dll
26.10.2004 11:58 135.168 btbigbmp.dll
26.10.2004 11:53 3.129.344 btrez.dll
26.10.2004 11:52 32.768 btdev.dll
26.10.2004 11:51 131.137 bt2k_ins.dll
26.10.2004 11:51 421.888 btins.dll
26.10.2004 11:48 65.536 BTNCopy.dll
26.10.2004 11:48 90.112 btrezxp.dll
26.10.2004 11:24 77.824 btw_ci.dll
28.09.2004 19:26 61.555 jpicpl32.cpl
28.09.2004 18:29 45.163 javaw.exe
28.09.2004 18:29 45.161 java.exe
17.09.2004 13:55 50.176 CSH.DLL
27.08.2004 09:34 143.384 CSGina.dll
27.08.2004 09:25 135.168 vpnapi.dll
04.08.2004 13:00 66.082 c_1253.nls
04.08.2004 13:00 66.082 c_1254.nls
04.08.2004 13:00 66.082 c_1255.nls
04.08.2004 13:00 66.082 c_1256.nls
04.08.2004 13:00 66.082 c_1257.nls
04.08.2004 13:00 66.082 c_1258.nls
04.08.2004 13:00 66.082 c_20127.nls
04.08.2004 13:00 139.810 c_20261.nls
04.08.2004 13:00 66.082 c_20866.nls
04.08.2004 13:00 66.082 c_20905.nls
04.08.2004 13:00 66.082 c_21866.nls
04.08.2004 13:00 66.082 c_28591.nls
04.08.2004 13:00 66.082 c_28592.nls
04.08.2004 13:00 66.082 c_28593.nls
04.08.2004 13:00 66.082 C_28594.NLS
04.08.2004 13:00 66.082 C_28595.NLS
04.08.2004 13:00 66.082 C_28597.NLS
04.08.2004 13:00 66.082 c_28598.nls
04.08.2004 13:00 66.082 c_28599.nls
04.08.2004 13:00 66.082 c_28603.nls
04.08.2004 13:00 66.082 c_28605.nls
04.08.2004 13:00 66.594 c_437.nls
04.08.2004 13:00 66.082 c_500.nls
04.08.2004 13:00 66.594 c_737.nls
04.08.2004 13:00 66.594 c_775.nls
04.08.2004 13:00 66.594 c_850.nls
04.08.2004 13:00 66.594 c_852.nls
04.08.2004 13:00 66.594 c_855.nls
04.08.2004 13:00 66.594 c_857.nls
04.08.2004 13:00 66.594 c_860.nls


Volume in drive C has no label.
Volume Serial Number is 001F-C7AB

Directory of C:\DOCUME~1\washiema\LOCALS~1\Temp

09.11.2006 16:40 16.384 Perflib_Perfdata_6e8.dat
09.11.2006 16:29 426 Acr8F24.tmp
09.11.2006 16:29 426 Acr8F23.tmp
09.11.2006 16:23 2.048.000 Acr8F22.tmp
09.11.2006 11:05 16.384 ~WRF0001.tmp
09.11.2006 11:05 653 ~WRD0000.doc
09.11.2006 10:58 512 ~DFF1DB.tmp
09.11.2006 09:13 1.024 ~WRS0001.tmp
09.11.2006 09:13 16.384 ~WRF0000.tmp
09.11.2006 09:13 512 ~DFE324.tmp
09.11.2006 09:08 512 ~DF18D5.tmp
09.11.2006 09:08 28 ExchangePerflog_8484fa3188b53b57a41dcd85.dat
08.11.2006 23:59 16.384 ~DF716.tmp
08.11.2006 23:08 16.384 ~DF340F.tmp
08.11.2006 17:52 127.378 avenger.zip
08.11.2006 17:06 3.175 h2r8.tmp
17.02.2006 16:55 143.360 SSUPDATE.EXE
17 File(s) 2.407.926 bytes
0 Dir(s) 19.096.231.936 bytes free


Volume in drive C has no label.
Volume Serial Number is 001F-C7AB

Directory of C:\WINDOWS

09.11.2006 16:27 892 IE4 Error Log.txt
09.11.2006 10:44 467 SMSCFG.ini
09.11.2006 10:44 2.097.081 WindowsUpdate.log
09.11.2006 10:43 159 wiadebug.log
09.11.2006 10:43 50 wiaservc.log
09.11.2006 10:43 0 0.log
09.11.2006 10:43 2.048 bootstat.dat
09.11.2006 00:46 26.930 SchedLgU.Txt
09.11.2006 00:46 13.282 ModemLog_GlobeTrotter 3G+ Modem Interface.txt
08.11.2006 19:01 0 YOURAPP.EXE
08.11.2006 17:55 2.326 jqgrokff.txt
08.11.2006 10:15 2.866.701 setupapi.log
08.11.2006 00:30 1.409 QTFont.for
08.11.2006 00:30 54.156 QTFont.qfn
07.11.2006 23:51 2.212 setupact.log
07.11.2006 23:49 460.636 ntbtlog.txt
07.11.2006 21:40 1.059 win.ini
07.11.2006 21:40 260 system.ini
07.11.2006 21:06 224.907 SetupWLD.log
07.11.2006 20:58 4.950 chipset.log
07.11.2006 01:32 10 popcinfo.dat
02.11.2006 21:19 50.880 wmsetup.log
02.11.2006 14:50 2.877 KB893803v2Uninst.log
02.11.2006 14:50 520.872 iis6.log
02.11.2006 14:50 160.082 comsetup.log
02.11.2006 14:50 23.022 tabletoc.log
02.11.2006 14:50 95.359 ntdtcsetup.log
02.11.2006 14:50 1.374 imsins.log
02.11.2006 14:50 214.757 tsoc.log
02.11.2006 14:50 24.825 ocmsn.log
02.11.2006 14:49 218.852 ocgen.log
02.11.2006 14:49 31.237 MedCtrOC.log
02.11.2006 14:49 78.600 netfxocm.log
02.11.2006 14:49 22.501 msgsocm.log
02.11.2006 14:49 444.368 FaxSetup.log
02.11.2006 14:49 142.752 msmqinst.log
02.11.2006 14:45 0 VPC32.INI
18.10.2006 09:47 3.936 KB924191.log
18.10.2006 09:47 3.849 KB922819.log
18.10.2006 09:47 3.765 KB923414.log
18.10.2006 09:47 3.684 KB920214.log
18.10.2006 09:47 3.602 KB920685.log
18.10.2006 09:47 3.522 KB924496.log
18.10.2006 09:47 3.824 KB920872.log
18.10.2006 09:47 3.351 KB919007.log
18.10.2006 09:46 3.352 KB923191.log
18.10.2006 09:46 3.656 KB925486.log
18.10.2006 09:28 1.760.623 setupapi.log.0.old
13.10.2006 19:23 4.777 LVEventLog.log
12.10.2006 12:25 1.588 DirectX.log
11.10.2006 15:50 894 idmviewer.log
10.10.2006 17:49 334 GEARInstall.log
09.10.2006 17:56 1.448 COM+.log
04.10.2006 20:16 205 my.ini
04.10.2006 20:12 64 Crypkey.ini
04.10.2006 16:55 72 init.ini
04.10.2006 08:27 904 EventSystem.log
03.10.2006 11:06 4.348 DPINST.LOG
02.10.2006 23:21 459 wmsetup10.log
02.10.2006 18:32 3.469 mozver.dat
02.10.2006 16:27 0 nsreg.dat
02.10.2006 16:14 2.038 OEWABLog.txt
02.10.2006 15:19 2.191 vminst.log
02.10.2006 15:19 520 ODBC.INI
02.10.2006 15:19 4.512 ODBCINST.INI
02.10.2006 15:17 218 ORAODBC.INI
02.10.2006 10:41 2.736 spupdsvc.log
29.09.2006 11:11 1.374 imsins.BAK
29.09.2006 11:11 16.812 KB917734.log
29.09.2006 11:09 15.688 KB921883.log
29.09.2006 11:09 24.759 updspapi.log
29.09.2006 11:09 14.856 KB922616.log
29.09.2006 11:08 14.954 KB911280.log
29.09.2006 11:06 15.180 KB917159.log
29.09.2006 11:05 15.237 KB921398.log
29.09.2006 11:05 17.932 KB918899.log
29.09.2006 11:04 10.688 KB920670.log
29.09.2006 11:04 10.885 KB918439.log
29.09.2006 11:02 10.680 KB914388.log
29.09.2006 11:02 9.368 KB917344.log
29.09.2006 11:02 9.511 KB917953.log
29.09.2006 11:02 9.327 KB917422.log
29.09.2006 11:01 8.819 KB916595.log
29.09.2006 11:01 10.053 KB913580.log
29.09.2006 11:01 8.683 KB920683.log
29.09.2006 11:01 8.307 KB914389.log
29.09.2006 10:13 18.922 setuplog.txt
29.09.2006 10:13 509 setuperr.log
29.09.2006 09:35 7.890 sessmgr.setup.log
29.09.2006 09:35 2.165 DtcInstall.log
29.09.2006 09:35 6.840 regopt.log
27.04.2006 12:26 8.293 KB908521.log
27.04.2006 12:22 7.165 KB904942.log
27.04.2006 12:20 63 vbaddin.ini
27.04.2006 12:19 60.926 KB911565.log
26.04.2006 15:53 316.640 WMSysPr9.prx
26.04.2006 14:34 55.703 ofcscan.ini
26.04.2006 14:21 24.801 KB911927.log
26.04.2006 14:21 24.313 KB901017.log
26.04.2006 14:20 24.752 KB896424.log
26.04.2006 14:20 23.912 KB911562.log
26.04.2006 14:20 31.972 KB900485.log
26.04.2006 14:19 18.582 KB910437.log
26.04.2006 14:19 45.479 KB911564.log
26.04.2006 14:19 26.806 KB912812.log
26.04.2006 14:18 23.601 KB902400.log
26.04.2006 14:17 14.512 KB899589.log
26.04.2006 14:17 14.832 KB905414.log
26.04.2006 14:17 14.950 KB900725.log
26.04.2006 14:17 12.970 KB912919.log
26.04.2006 14:16 12.170 KB904706.log
26.04.2006 14:16 12.734 KB908531.log
26.04.2006 14:16 12.210 KB905749.log
26.04.2006 14:16 11.584 KB911567.log
26.04.2006 14:15 11.157 KB908519.log
26.04.2006 14:15 7.945 KB913446.log
26.04.2006 14:03 2.918 cfgall.ini
25.08.2005 09:00 522 TMFilter.log
24.08.2005 17:14 18.253 KB899587.log
24.08.2005 17:14 17.746 KB899591.log
24.08.2005 17:13 17.986 KB893756.log
24.08.2005 17:13 16.861 KB896423.log
24.08.2005 17:13 18.658 KB896727.log
24.08.2005 17:13 13.147 KB901214.log
24.08.2005 17:12 13.643 KB899588.log
24.08.2005 17:12 13.411 KB894391.log
24.08.2005 10:03 25.833.424 SP29344.exe
01.07.2005 14:34 6.871 KB898461.log
28.06.2005 11:31 25.186 KB896422.log
28.06.2005 11:31 24.295 KB885835.log
28.06.2005 11:31 23.186 KB885836.log
28.06.2005 11:30 23.997 KB885250.log
28.06.2005 11:30 23.123 KB890175.log
28.06.2005 11:30 23.173 KB873339.log
28.06.2005 11:30 23.238 KB888113.log
28.06.2005 11:30 23.786 KB887742.log
28.06.2005 11:30 23.190 KB887472.log
28.06.2005 11:30 17.238 KB893803v2.log
28.06.2005 11:29 27.033 KB883939.log
28.06.2005 11:29 22.330 KB896358.log
28.06.2005 11:29 19.970 KB891781.log
28.06.2005 11:29 20.880 KB890046.log
28.06.2005 11:29 21.044 KB893066.log
28.06.2005 11:29 20.701 KB873333.log
28.06.2005 11:28 18.256 KB888302.log
28.06.2005 11:28 11.250 KB886185.log
28.06.2005 11:28 19.206 KB893086.log
28.06.2005 11:28 20.700 KB890859.log
28.06.2005 11:28 16.456 KB896428.log
24.06.2005 15:07 0 Sti_Trace.log
24.06.2005 13:33 52 oobeact.log
24.06.2005 13:32 8.192 REGLOCS.OLD
24.06.2005 13:28 0 control.ini
24.06.2005 13:27 749 WindowsShell.Manifest
24.06.2005 13:25 36 vb.ini
24.06.2005 13:24 200 cmsetacl.log
20.06.2005 13:42 32.768 iwlandrvxpver.dll
20.06.2005 13:40 32.768 iwlanver.dll
27.05.2005 00:22 10.752 hh.exe
05.05.2005 16:11 3.440 undo.reg
27.04.2005 16:56 2.598 drei_38x38.bmp
27.04.2005 16:55 1.606 drei_22x22.bmp
17.10.2004 20:41 60.416 CDILLA64.EXE
17.10.2004 20:41 7.056 CDILLA16.EXE
17.10.2004 20:41 260.608 CDILLA32.DLL
17.10.2004 20:41 55.376 CDILLA40.DLL
17.10.2004 20:41 44.544 CDILLA13.DLL
17.10.2004 20:41 23.856 CDILLA10.EXE
17.10.2004 20:41 63.344 CDILLA05.DLL
24.08.2004 10:20 88.363 AGRSMMSG.exe
24.08.2004 10:20 64.512 agrsmdel.exe
04.08.2004 13:00 2 desktop.ini
04.08.2004 13:00 283.648 winhlp32.exe
04.08.2004 13:00 48.680 winnt.bmp
04.08.2004 13:00 17.062 Coffee Bean.bmp
04.08.2004 13:00 1.032.192 explorer.exe



Volume in drive C has no label.
Volume Serial Number is 001F-C7AB

Directory of C:\WINDOWS\TEMP



Volume in drive C has no label.
Volume Serial Number is 001F-C7AB

Directory of C:\WINDOWS\Downloaded Program Files

24.06.2005 13:27 65 desktop.ini
20.01.2000 14:25 1.162 Microsoft XML Parser for Java.osd
2 File(s) 1.227 bytes
0 Dir(s) 19.096.186.880 bytes free


Volume in drive C has no label.
Volume Serial Number is 001F-C7AB

Directory of C:\

09.11.2006 16:44 0 sys.txt
09.11.2006 16:44 344 down.txt
09.11.2006 16:43 105 tmp.txt
09.11.2006 16:43 10.871 system.txt
09.11.2006 16:43 1.103 systemtemp.txt
09.11.2006 16:42 108.867 system32.txt
09.11.2006 10:42 805.306.368 pagefile.sys
08.11.2006 18:01 121.180 backup.zip
08.11.2006 18:00 1.565 backup.reg
08.11.2006 17:58 6.866 avenger.txt
08.11.2006 17:56 1.601 avexport.bat
08.11.2006 16:17 16.516 ComboFix.txt
08.11.2006 01:09 0 AUTOEXEC.BAT
08.11.2006 00:46 55 AUTOEXEC.SOL
07.11.2006 21:40 211 boot.ini
07.11.2006 20:13 192 BcBtRmv.log
24.06.2005 13:28 0 CONFIG.SYS
24.06.2005 13:28 0 IO.SYS
24.06.2005 13:28 0 MSDOS.SYS
04.08.2004 13:00 250.032 ntldr
04.08.2004 13:00 47.564 NTDETECT.COM
21 File(s) 805.873.440 bytes
0 Dir(s) 19.096.182.784 bytes free
Seitenanfang Seitenende
10.11.2006, 01:14
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#14 Avenger

Zitat

Files to delete:
C:\WINDOWS\system32\Fxxplfnt.tmp
C:\WINDOWS\YOURAPP.EXE
scanne mit panda und poste den scanreport
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
10.11.2006, 14:37
Member

Themenstarter

Beiträge: 11
#15

Zitat

Sabina postete
Avenger

Zitat

Files to delete:
C:\WINDOWS\system32\Fxxplfnt.tmp
C:\WINDOWS\YOURAPP.EXE
scanne mit panda und poste den scanreport
http://virus-protect.org/onlinescan.html
Incident Status Location

Potentially unwanted tool:Application/VSToolbar Not disinfected C:\backup.zip[avenger/vcvvccht.dll]
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\backup.zip[avenger/VSAdd-in/VSAdd-in.dll]
Dialer;)ialer.IFU Not disinfected C:\backup.zip[avenger/winrkq32.VIR]
Spyware:Cookie/Adverserve Not disinfected C:\Documents and Settings\washiema\Application Data\Mozilla\Firefox\Profiles\dfqcmlrb.default\cookies.txt[.adverserve.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\washiema\Application Data\Mozilla\Firefox\Profiles\dfqcmlrb.default\cookies.txt[as1.falkag.de/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\washiema\Application Data\Mozilla\Firefox\Profiles\dfqcmlrb.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\washiema\Application Data\Mozilla\Firefox\Profiles\dfqcmlrb.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\washiema\Application Data\Mozilla\Firefox\Profiles\dfqcmlrb.default\cookies.txt[.atdmt.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\smitfraud\SmitfraudFix\Process.exe
Possible Virus. Not disinfected C:\smitfraud\SmitfraudFix\swsc.exe
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: